Description Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
CVSS vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Exploitability: 1.8 | Impact: 5.9 Attack Vector: Local
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High
Affected Packages10 packages Show 5 more packages Also affects: Debian Linux 11.0
🔴 Vulnerability Details6 OSV needrestart regression ↗ 2024-12-05 ▶ OSV needrestart regression ↗ 2024-11-26 ▶ OSV CVE-2024-11003: Qualys discovered that needrestart, before version 3 ↗ 2024-11-19 ▶ OSV Several security issues were fixed in needrestart and Module::ScanDeps ↗ 2024-11-19 ▶ GHSA GHSA-9f4h-r2c7-m6w4: Qualys discovered that needrestart, before version 3 ↗ 2024-11-19 ▶ Show 1 more
📋 Vendor Advisories7 Ubuntu needrestart regression ↗ 2024-12-05 ▶ Ubuntu needrestart regression ↗ 2024-11-26 ▶ Red Hat module-scandeps: local privilege escalation via unsanitized input ↗ 2024-11-19 ▶ Ubuntu needrestart and Module::ScanDeps vulnerabilities ↗ 2024-11-19 ▶ Microsoft Qualys discovered that if unsanitized input was used with the library Modules: ScanDeps ↗ 2024-11-12 ▶ Show 2 more
🕵️ Threat Intelligence5 Qualys Mitigate High-Risk Vulnerabilities Using TruRisk | Qualys ↗ 2024-12-04 ▶ Qualys Proactively Managing High-Risk Vulnerabilities with TruRisk Mitigate™ ↗ 2024-12-04 ▶ Bleepingcomputer Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root ↗ 2024-11-20 ▶ Qualys Qualys TRU Uncovers Five Local Privilege Escalation Vulnerabilities in needrestart ↗ 2024-11-19 ▶ Qualys Qualys TRU Uncovers 5 Local Privilege Escalation Flaws | Qualys ↗ 2024-11-19 ▶