There has been a very serious flaw in many Linux endpoints for two years now, potentially allowing threat actors to execute malicious code with elevated privileges.
This is what cybersecurity researchers from Qualys’ Threat Research Unit said in their report write down, that the flaw is being tracked as CVE-2023-4911. This is a buffer overflow weakness in the GNU C Library (glibc) dynamic loader Id.so, first introduced with glibc 2.34, in April 2021.
“Our successful exploitation, which resulted in full root privileges on major distributions such as Fedora, Ubuntu and Debian, underlines the severity and widespread nature of this vulnerability,” said Saeed Abbasi, Product Manager at Qualys’ Threat Research Unit. “While we are withholding our exploit code for the time being, the ease with which the buffer overflow can be turned into a data-only attack implies that other research teams may soon produce and release exploits.”
Looney Tunables
“This could compromise countless systems, especially given the extensive use of glibc in Linux distributions,” Abbasi concluded.
The error rears its ugly head, the researcher further explained, when handling the GLIBC_TUNABLES environment variable on default installations of Debian 12 and 13, Ubuntu 22.04 and 23.04, and Fedora 37 and 38. Alpine Linux is home-free because it uses musl libc, it was also added.
As a result, low-privilege attackers can perform low-complexity attacks without requiring the victim to communicate in any way.
“With the ability to provide full root access on popular platforms such as Fedora, Ubuntu and Debian, it is imperative that system administrators act quickly,” the researcher warned. “While Alpine Linux users can breathe a sigh of relief, others should prioritize patching to ensure system integrity and security.”
Qualys called the vulnerability “Looney Tunables”.
Through BleepingComputer