'[oss-security] CVE-2022-30688: needrestart 0.8+ local privilege escalation'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2022-30688: needrestart 0.8+ local privilege escalation
From:       Thomas Liske <thomas () fiasko-nw ! net>
Date:       2022-05-17 18:35:37
Message-ID: e53ec98ef43fa137db9a626e5148ae1c00ea7c7e.camel () fiasko-nw ! net
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]


# needrestart: local privilege escalation

https://github.com/liske/needrestart


## Description

A local privilege escalation has been found in needrestart. CVE-2022-
30688 has been assigned to this issue.

The interpreter heuristic contains unanchored regexs allowing local
users to execute arbitrary code in the context of the user running
needrestart. Needrestart might be run as root by package manager hooks
on package installations or upgrades.


## Affected

Affected: needrestart >= 0.8
Fixed in: needrestart >= 3.6


## Mitigation

Disabling the interpreter heuristic in neederstart's config prevents
this attack:

  # Disable interpreter scanners.
  $nrconf{interpscan} = 0;


## Credit

Reported by Jakub Wilk.



Regards,
Thomas Liske


["anchor-interp-re.patch" (anchor-interp-re.patch)]

diff --git a/perl/lib/NeedRestart/Interp/Perl.pm b/perl/lib/NeedRestart/Interp/Perl.pm
index 40aabb4..5031679 100644
--- a/perl/lib/NeedRestart/Interp/Perl.pm
+++ b/perl/lib/NeedRestart/Interp/Perl.pm
@@ -43,7 +43,7 @@ sub isa {
     my $pid = shift;
     my $bin = shift;
 
-    return 1 if($bin =~ m@/usr/(local/)?bin/perl@);
+    return 1 if($bin =~ m@^/usr/(local/)?bin/perl(5[.\d]*)?$@);
 
     return 0;
 }
diff --git a/perl/lib/NeedRestart/Interp/Python.pm b/perl/lib/NeedRestart/Interp/Python.pm
index 559666c..a30121d 100644
--- a/perl/lib/NeedRestart/Interp/Python.pm
+++ b/perl/lib/NeedRestart/Interp/Python.pm
@@ -42,7 +42,7 @@ sub isa {
     my $pid = shift;
     my $bin = shift;
 
-    return 1 if($bin =~ m@/usr/(local/)?bin/python@);
+    return 1 if($bin =~ m@^/usr/(local/)?bin/python([23][.\d]*)?$@);
 
     return 0;
 }
diff --git a/perl/lib/NeedRestart/Interp/Ruby.pm b/perl/lib/NeedRestart/Interp/Ruby.pm
index d02973d..72920f3 100644
--- a/perl/lib/NeedRestart/Interp/Ruby.pm
+++ b/perl/lib/NeedRestart/Interp/Ruby.pm
@@ -42,7 +42,7 @@ sub isa {
     my $pid = shift;
     my $bin = shift;
 
-    return 1 if($bin =~ m@/usr/(local/)?bin/ruby@);
+    return 1 if($bin =~ m@^/usr/(local/)?bin/ruby$@);
 
     return 0;
 }

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic