Share
## https://sploitus.com/exploit?id=5D898371-4813-59FE-A7E8-26DD2DC2192F
# CVE-2024-48990 Exploit


My full writeup for how I came to re-discovering this N-day and creating my own exploit for it can be found on [my blog](https://ally-petitt.com/en/posts/2024-12-25_Rediscovering-CVE-2024-48990-and-Crafting-My-Own-Exploit.md).

Essentially, you can `git clone` this repository into an attacker-controlled directory, `export PYTHONPATH=<attacker_directory>`, and then run `main.py` with that `PYTHONPATH` value set. Then, set up a netcat listener on 127.0.0.1:1337 and wait for a cron job or system administrator to run a `sudo apt install` on the system to see a root shell in your listener.