Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2018-1049 PoC — systemd 竞争条件问题漏洞

Source
https://github.com/lukehebe/CVE-2018-1049
Associated Vulnerability
Title:systemd 竞争条件问题漏洞 (CVE-2018-1049)
Description:In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
Readme
This Python script is a custom reimplementation of the Metasploit module exploit for CVE-2018-1049, which targets VyOS (Vyatta) via a privilege escalation vulnerability in a Perl script misused through sudo.
You need valid SSH credentials.
You gain root via command injection in a sudo-permitted script.
Even though it targets a local script, the exploit is launched remotely over SSH.
OHCG 2025 - Volt Typhoon!
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →