This vulnerability takes advantage of the way in which needrestart manages the environment variable, to be more precise, PYTHONPATH can be hijacked by modifying the PYTHONPATH variable to a directory that contains a malicious library, thus executing and gaining access, we can have suid problems in some directories, so define in evil.c the following structure "sudo mount -o remount,suid /tmp" so we will be able to obtain root when executing /tmp/nullbyte -p.
bash sysadmin_F.shnow, wait sysadmin update system or execute needrestart version 3.7, remember target need have version 3.7 needrestart