CVE-2009-1185

This exploit leverages CVE-2009-1185, a vulnerability in udev versions < 1.4.1 that fails to verify netlink messages, allowing local privilege escalation by sending crafted netlink messages from userland. The exploit writes a payload and a malicious binary to a writable directory, then triggers the vulnerability to execute the payload with elevated privileges.

This exploit leverages a NETLINK message verification flaw in udev before 1.4.1 to trigger arbitrary command execution via the 95-udev-late.rules file, allowing local privilege escalation by sending a crafted NETLINK message from user space.

This exploit leverages a vulnerability in the Linux kernel's netlink socket handling (CVE-2009-1185) to achieve local privilege escalation by injecting a malicious LD_PRELOAD library into a privileged process (udevd). The exploit crafts a netlink message to trigger the vulnerability and spawns a root shell.

This Metasploit module exploits CVE-2009-1185 in udev versions < 1.4.1 by sending spoofed netlink messages to gain root privileges. It writes a payload executable and an exploit binary to a writable directory, then executes them to achieve local privilege escalation.