Main Linux distributions corresponding to Debian, Fedora, and Ubuntu are affected by a GNU C Library (glibc) vulnerability that might present an attacker with full root privileges.
The C library current in GNU and most programs operating the Linux kernel, glibc defines system calls and different performance {that a} program usually requires.
The recognized situation, named ‘Looney Tunables’ and tracked as CVE-2023-4911 (CVSS rating of seven.8), impacts glibc’s dynamic loader, which is chargeable for loading into reminiscence the libraries {that a} program wants, linking them with the executable at runtime.
When performing these operations, the dynamic loader resolves image references, making ready all the things for this system’s execution.
CVE-2023-4911 impacts the dynamic loader’s processing of GLIBC_TUNABLES atmosphere variables (additionally known as ‘tunables’), which permit customers to alter the library’s conduct at runtime, by adjusting completely different parameters.
“The dynamic loader is extraordinarily security delicate, as a result of its code runs with elevated privileges when a neighborhood person executes a set-user-ID program, a set-group-ID program, or a program with capabilities,” security agency Qualys, which recognized the vulnerability, notes.
In keeping with Qualys, the glibc dynamic loader’s processing of the tunables variables is prone to a buffer overflow that may be exploited to acquire full root privileges on an impacted system.
The problem was launched in April 2021, with the discharge of glibc 2.34, and has been efficiently examined on Debian 12 and 13, Fedora 37 and 38, and Ubuntu 22.04 and 23.04. Different Linux distributions is likely to be impacted as effectively, apart from Alpine Linux, which makes use of musl libc, as a substitute of glibc.
The problem resides in the way in which the dynamic loader’s processing operate sanitizes tunables. As a result of the operate removes all harmful tunables however retains particular ones, supplying a particularly crafted atmosphere variable (within the type title=title=val) leads to the tunable being processed twice, overflowing the buffer.
As a result of the vulnerability can result in full root privileges and is comparatively straightforward to use, Qualys just isn’t sharing its proof-of-concept (PoC) code, though it has offered an in depth technical evaluation.
“Our profitable exploitation, resulting in full root privileges on main distributions like Fedora, Ubuntu, and Debian, highlights this vulnerability’s severity and widespread nature. Though we’re withholding our exploit code for now, the benefit with which the buffer overflow may be reworked right into a data-only assault implies that different analysis groups may quickly produce and launch exploits,” Qualys notes.
The vulnerability was resolved in upstream glibc, with Debian, Gentoo Linux, Crimson Hat, and Ubuntu already releasing patches as effectively.
