Fixing documentation, adds more reliable cmd_exec

Author: msutovsky-r7

documentation/modules/exploit/linux/local/ndsudo_cve_2024_32019.md

@@ -1,6 +1,6 @@
 ## Vulnerable Application
 
-The `ndsudo` is a tool shipped with Netdata Agent. The version v1.45.0 and below contain vulnerability, which allows an attacker to gain privilege escalation using `ndsudo` binary. The vulnerability is untrusted search path, when searching for additional binary files, such as `nvme`. An attacker can create malicious binary with same name and add the directory of this binary into `$PATH` variable. The `ndsudo` will trust the first occurence of this binary and execute it.
+The `ndsudo` is a tool shipped with Netdata Agent. Versions v1.45.0 and below contain a vulnerability, which allows an attacker to gain privilege escalation using the `ndsudo` binary. The vulnerability is an untrusted search path. When searching for additional binary files, such as `nvme`, an attacker can create a malicious binary with same name and add the directory of this binary into the `$PATH` variable. The `ndsudo` will trust the first occurrence of this binary and execute it.
 
 Installation steps:
 
@@ -30,7 +30,7 @@ A path where malicious `nvme` binary will be stored. This path will be later pre
 
 ### NdsudoPath
 
-A path to `ndsudo` binary.
+The path to the `ndsudo` binary.
 
 
 ## Scenarios

modules/exploits/linux/local/ndsudo_cve_2024_32019.rb

@@ -76,6 +76,6 @@ def exploit
 
     vprint_status('Executing..')
 
-    cmd_exec("PATH=#{base_dir}:$PATH #{datastore['NdsudoPath']} nvme-list")
+    cmd_exec("PATH=#{base_dir}:$PATH '#{datastore['NdsudoPath']}' nvme-list")
   end
 end