Vulnerabilities > CVE-2022-30688
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.
Vulnerable Configurations
References
- https://www.openwall.com/lists/oss-security/2022/05/17/9
- https://github.com/liske/needrestart/releases/tag/v3.6
- https://lists.debian.org/debian-security-announce/2022/msg00105.html
- https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30
- http://www.openwall.com/lists/oss-security/2022/05/17/9
- https://www.debian.org/security/2022/dsa-5137
- https://lists.debian.org/debian-lts-announce/2022/05/msg00024.html