HomeVulnerabilityNew 'Looney Tunables' Linux bug provides root on main distros

New ‘Looney Tunables’ Linux bug provides root on main distros

A brand new Linux vulnerability generally known as ‘Looney Tunables‘ permits native attackers to realize root privileges by exploiting a buffer overflow weak point within the GNU C Library’s ld.so dynamic loader.

The GNU C Library (glibc) is the GNU system’s C library and is in most Linux kernel-based programs. It offers important performance, together with system calls like open, malloc, printf, exit, and others, vital for typical program execution. 

The dynamic loader inside glibc is of utmost significance, as it’s chargeable for program preparation and execution on Linux programs that use glibc.

Found by the Qualys Menace Analysis Unit, the flaw (CVE-2023-4911) was launched in April 2021, with the discharge of glibc 2.34, through a commit described as fixing SXID_ERASE habits in setuid packages.

“Our profitable exploitation, resulting in full root privileges on main distributions like Fedora, Ubuntu, and Debian, highlights this vulnerability’s severity and widespread nature,” mentioned Saeed Abbasi, Product Supervisor at Qualys’ Menace Analysis Unit.

See also  White Home urges devs to modify to memory-safe programming languages

“Though we’re withholding our exploit code for now, the convenience with which the buffer overflow will be remodeled right into a data-only assault implies that different analysis groups might quickly produce and launch exploits.

“This might put numerous programs in danger, particularly given the intensive use of glibc throughout Linux distributions.”

Admins urged to prioritize patching

The vulnerability is triggered when processing GLIBC_TUNABLES atmosphere variable on default installations of Debian 12 and 13, Ubuntu 22.04 and 23.04, and Fedora 37 and 38 (Alpine Linux, which makes use of musl libc, shouldn’t be affected).

“A buffer overflow was found within the GNU C Library’s dynamic loader ld.so whereas processing the GLIBC_TUNABLES atmosphere variable,” a Purple Hat advisory explains.

“This subject might enable an area attacker to make use of maliciously crafted GLIBC_TUNABLES atmosphere variables when launching binaries with SUID permission to execute code with elevated privileges.”

Attackers with low privileges can exploit this high-severity vulnerability in low-complexity assaults that do not require person interplay.

See also  HPE Aruba Networking fixes important flaws impacting Entry Factors

“With the potential to supply full root entry on common platforms like Fedora, Ubuntu, and Debian, it’s crucial for system directors to behave swiftly,” Abbasi added.

“Whereas Alpine Linux customers can breathe a sigh of reduction, others ought to prioritize patching to make sure system integrity and security.”

In recent times, Qualys researchers have found different high-severity Linux security flaws that allow attackers to realize root privileges in default configurations of many Linux distributions.

The listing features a flaw in Polkit’s pkexec part (dubbed PwnKit), one other within the Kernel’s filesystem layer (dubbed Sequoia), and within the Sudo Unix program (aka Baron Samedit).

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular