A brand new Linux security vulnerability dubbed Looney Tunables has been found within the GNU C library’s ld.so dynamic loader that, if efficiently exploited, may result in a neighborhood privilege escalation and permit a menace actor to achieve root privileges.
Tracked as CVE-2023-4911 (CVSS rating: 7.8), the difficulty is a buffer overflow that resides within the dynamic loader’s processing of the GLIBC_TUNABLES atmosphere variable. Cybersecurity agency Qualys, which disclosed particulars of the bug, stated it was launched as a code commit made in April 2021.
The GNU C library, additionally known as glibc, is a core library in Linux-based programs that gives foundational options equivalent to open, learn, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt, login, and exit.
glibc’s dynamic loader is a vital element that is chargeable for getting ready and working applications, together with discovering the essentially shared object dependencies required in addition to loading them into reminiscence and linking them at runtime.
The vulnerability impacts main Linux distributions like Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13, though different distributions are more likely to be weak and exploitable. One notable exception is Alpine Linux, which makes use of the musl libc library as a substitute of glibc.
“The presence of a buffer overflow vulnerability within the dynamic loader’s dealing with of the GLIBC_TUNABLES atmosphere variable poses important dangers to quite a few Linux distributions,” Saeed Abbasi, product supervisor at Qualys Menace Analysis Unit, stated.
“This atmosphere variable, meant to fine-tune and optimize purposes linked with glibc, is an important device for builders and system directors. Its misuse or exploitation broadly impacts system efficiency, reliability, and security.”
An advisory issued by Purple Hat states {that a} native attacker may exploit the shortcoming to make use of maliciously crafted GLIBC_TUNABLES atmosphere variables when launching binaries with SUID permission to execute code with elevated privileges.
It has additionally supplied short-term mitigation that, when enabled, terminates any setuid program invoked with GLIBC_TUNABLES within the atmosphere.
Looney Tunables is the most recent addition to a rising checklist of privilege escalation flaws which were found in Linux lately, counting CVE-2021-3156 (Baron Samedit), CVE-2021-3560, CVE-2021-33909 (Sequoia), and CVE-2021-4034 (PwnKit), that might be weaponized to acquire elevated permissions.
