Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <e53ec98ef43fa137db9a626e5148ae1c00ea7c7e.camel@fiasko-nw.net>
Date: Tue, 17 May 2022 20:35:37 +0200
From: Thomas Liske <thomas@...sko-nw.net>
To: oss-security@...ts.openwall.com
Subject: CVE-2022-30688: needrestart 0.8+ local privilege escalation

# needrestart: local privilege escalation

https://github.com/liske/needrestart


## Description

A local privilege escalation has been found in needrestart. CVE-2022-
30688 has been assigned to this issue.

The interpreter heuristic contains unanchored regexs allowing local
users to execute arbitrary code in the context of the user running
needrestart. Needrestart might be run as root by package manager hooks
on package installations or upgrades.


## Affected

Affected: needrestart >= 0.8
Fixed in: needrestart >= 3.6


## Mitigation

Disabling the interpreter heuristic in neederstart's config prevents
this attack:

 # Disable interpreter scanners.
 $nrconf{interpscan} = 0;


## Credit

Reported by Jakub Wilk.



Regards,
Thomas Liske


View attachment "anchor-interp-re.patch" of type "text/x-patch" (1244 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (863 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.