needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Needrestart | Needrestart_project | 0.8 (including) | 3.6 (excluding) |
Needrestart | Ubuntu | bionic | * |
Needrestart | Ubuntu | focal | * |
Needrestart | Ubuntu | impish | * |
Needrestart | Ubuntu | jammy | * |