Share
## https://sploitus.com/exploit?id=554C239D-FD5B-52FE-9001-6BA731A176FF
# needrestart Privilege Escalation (CVE-2024-48990)

This repository contains a minimal local privilege escalation exploit
targeting a vulnerability in `needrestart` (CVE-2024-48990).

The vulnerability allows arbitrary Perl code execution as root by
abusing the `-c` configuration option, which is parsed and executed
in a privileged context.

## Rationale

Many existing privilege escalation exploits require compiling custom
binaries, spawning additional shells, or relying on interactive command
chains.

This exploit was developed to avoid those requirements by providing a
straightforward local privilege escalation technique that does not
require compilation, additional tooling, or interactive editor or pager
abuse. Privilege escalation is achieved by creating a SUID-root shell
through `needrestart`'s privileged configuration execution.

## How it works

`needrestart` is implemented in Perl and executes configuration files
passed via the `-c` option as Perl code with root privileges.

By supplying a crafted configuration file containing a `system()` call,
arbitrary commands can be executed as root, leading to local privilege
escalation.

## Usage

Run the exploit:

```bash
python3 needrestart_privesc.py
```

If the user is permitted to execute `needrestart` via sudo, the script
will invoke it and create a SUID-root shell at `/tmp/bash`. If sudo
requires a password, it will be prompted normally.

Upon successful execution, a root shell is spawned automatically.

### Optional flags

Disable automatic shell spawning:

```bash
python3 needrestart_privesc.py --no-shell
```

Clean up created artifacts:

```bash
python3 needrestart_privesc.py --cleanup
```

## Notes

- Passwordless sudo is not required.
- The user must be allowed to execute `needrestart` via sudo.
- The payload execution is silent and relies on side effects rather than output.

## Disclaimer

This code is provided for educational and research purposes only.