CVE-2024-32019

This repository contains a functional privilege escalation exploit for CVE-2024-32019, targeting the `ndsudo` utility in Netdata. The exploit leverages PATH injection to execute a malicious `nvme` binary with root privileges.

This repository contains a functional exploit for CVE-2024-32019, targeting a PATH-based privilege escalation vulnerability in Netdata's ndsudo. The exploit compiles a malicious binary, transfers it to the target, and manipulates the PATH environment variable to escalate privileges to root.

This PoC exploits CVE-2024-32019, a local privilege escalation vulnerability in Netdata's ndsudo due to an untrusted search path. The exploit manipulates the PATH environment variable to execute a malicious binary named 'nvme' with elevated privileges.

This repository contains a functional privilege escalation PoC for CVE-2024-32019, exploiting an untrusted search path vulnerability in Netdata's ndsudo SUID binary. The exploit manipulates the PATH environment variable to execute a malicious 'nvme' binary as root.

The repository contains a trivial C program that spawns a root shell but lacks any technical details about CVE-2024-32019. The README is vague and does not explain the vulnerability or how the PoC demonstrates it.

The repository contains functional exploit scripts for CVE-2024-32019, which leverages an untrusted search path in the ndsudo tool (part of Netdata Agent) to execute a malicious binary with root privileges. The exploit involves compiling a malicious 'nvme' binary, poisoning the PATH environment variable, and triggering ndsudo to execute it.

This repository contains a functional Python exploit for CVE-2024-32019, a local privilege escalation vulnerability in Netdata's `ndsudo` component. The exploit leverages PATH environment variable manipulation to execute arbitrary commands as root by hijacking allowed binaries.

This repository contains a functional privilege escalation exploit for CVE-2024-32019, leveraging PATH environment variable manipulation in Netdata's 'ndsudo' tool to execute a malicious 'nvme' binary, resulting in a root reverse shell.

This PoC exploits a local privilege escalation vulnerability in Netdata's `ndsudo` utility by injecting a malicious script into the user's PATH, which is then executed as root when `ndsudo` is invoked with an allowed command name.

The repository provides a functional exploit for CVE-2024-32019, a local privilege escalation vulnerability in Netdata's `ndsudo` helper. It includes detailed steps to exploit the PATH resolution flaw, along with diagnostic tools to verify the vulnerability.

This repository contains a functional exploit for CVE-2024-32019, leveraging a vulnerability in Netdata's ndsudo to escalate privileges by setting the SUID bit on /bin/bash. The exploit consists of a Go binary (poc.go) that performs the privilege escalation and a bash script (exploit.sh) to deliver and execute the payload on the target machine.

This repository provides a functional proof-of-concept exploit for CVE-2024-32019, a local privilege escalation vulnerability in Netdata's `ndsudo` plugin. The exploit leverages PATH hijacking to execute a malicious binary with elevated privileges, resulting in a root shell.

This Metasploit module exploits an untrusted search path vulnerability in Netdata's `ndsudo` binary (CVE-2024-32019) to achieve local privilege escalation by uploading a malicious `nvme` binary to a writable directory and manipulating the PATH variable.