automatic module_metadata_base.json update

Author: jenkins-metasploit

db/modules_metadata_base.json

@@ -92185,6 +92185,65 @@
 
     ]
   },
+  "exploit_linux/local/ubuntu_needrestart_lpe": {
+    "name": "Ubuntu needrestart Privilege Escalation",
+    "fullname": "exploit/linux/local/ubuntu_needrestart_lpe",
+    "aliases": [
+
+    ],
+    "rank": 500,
+    "disclosure_date": "2024-11-19",
+    "type": "exploit",
+    "author": [
+      "h00die",
+      "makuga01",
+      "qualys"
+    ],
+    "description": "Local attackers can execute arbitrary code as root by\n          tricking needrestart into running the Python interpreter with an\n          attacker-controlled PYTHONPATH environment variable.\n\n          Verified against Ubuntu 22.04 with needrestart 3.5-5ubuntu2.1\n          Attempted exploitation against Debian 12, expliotation failed",
+    "references": [
+      "URL-https://github.com/makuga01/CVE-2024-48990-PoC",
+      "URL-https://www.qualys.com/2024/11/19/needrestart/needrestart.txt",
+      "CVE-2024-48990"
+    ],
+    "platform": "Linux",
+    "arch": "x86, x64",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": [
+      "Auto"
+    ],
+    "mod_time": "2025-01-09 16:23:09 +0000",
+    "path": "/modules/exploits/linux/local/ubuntu_needrestart_lpe.rb",
+    "is_install_path": true,
+    "ref_name": "linux/local/ubuntu_needrestart_lpe",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ]
+    },
+    "session_types": [
+      "shell",
+      "meterpreter"
+    ],
+    "needs_cleanup": true,
+    "actions": [
+
+    ]
+  },
   "exploit_linux/local/udev_netlink": {
     "name": "Linux udev Netlink Local Privilege Escalation",
     "fullname": "exploit/linux/local/udev_netlink",