Share
## https://sploitus.com/exploit?id=CEA5473D-B1FC-5140-B470-D658C9CBA22A
# CVE-2024-48990

# introdution

This vulnerability takes advantage of the way in which needrestart manages the environment variable, to be more precise, PYTHONPATH can be hijacked by modifying the PYTHONPATH variable to a directory that contains a malicious library, thus executing and gaining access, we can have suid problems in some directories, so define in evil.c the following structure "sudo mount -o remount,suid /tmp" so we will be able to obtain root when executing /tmp/nullbyte -p.


# Execution Exploit

```bash
bash sysadmin_F.sh
```
now, wait sysadmin update system or execute needrestart version 3.7, remember target need have version 3.7 needrestart

# POC


https://github.com/user-attachments/assets/f2fc821d-261f-484f-8e8f-3e53e43f3432