## https://sploitus.com/exploit?id=554C239D-FD5B-52FE-9001-6BA731A176FF
# needrestart Privilege Escalation (CVE-2024-48990)
This repository contains a minimal local privilege escalation exploit
targeting a vulnerability in `needrestart` (CVE-2024-48990).
The vulnerability allows arbitrary Perl code execution as root by
abusing the `-c` configuration option, which is parsed and executed
in a privileged context.
## Rationale
Many existing privilege escalation exploits require compiling custom
binaries, spawning additional shells, or relying on interactive command
chains.
This exploit was developed to avoid those requirements by providing a
straightforward local privilege escalation technique that does not
require compilation, additional tooling, or interactive editor or pager
abuse. Privilege escalation is achieved by creating a SUID-root shell
through `needrestart`'s privileged configuration execution.
## How it works
`needrestart` is implemented in Perl and executes configuration files
passed via the `-c` option as Perl code with root privileges.
By supplying a crafted configuration file containing a `system()` call,
arbitrary commands can be executed as root, leading to local privilege
escalation.
## Usage
Run the exploit:
```bash
python3 needrestart_privesc.py
```
If the user is permitted to execute `needrestart` via sudo, the script
will invoke it and create a SUID-root shell at `/tmp/bash`. If sudo
requires a password, it will be prompted normally.
Upon successful execution, a root shell is spawned automatically.
### Optional flags
Disable automatic shell spawning:
```bash
python3 needrestart_privesc.py --no-shell
```
Clean up created artifacts:
```bash
python3 needrestart_privesc.py --cleanup
```
## Notes
- Passwordless sudo is not required.
- The user must be allowed to execute `needrestart` via sudo.
- The payload execution is silent and relies on side effects rather than output.
## Disclaimer
This code is provided for educational and research purposes only.