A brand new Linux vulnerability often called ‘Looney Tunables‘ permits native attackers to achieve root privileges by exploiting a buffer overflow weak spot within the GNU C Library’s ld.so dynamic loader.
The GNU C Library (glibc) is the GNU system’s C library and is in most Linux kernel-based techniques. It gives important performance, together with system calls like open, malloc, printf, exit, and others, obligatory for typical program execution.
The dynamic loader inside glibc is of utmost significance, as it’s chargeable for program preparation and execution on Linux techniques that use glibc.
Found by the Qualys Menace Analysis Unit, the flaw (CVE-2023-4911) was launched in April 2021, with the discharge of glibc 2.34, by way of a commit described as fixing SXID_ERASE conduct in setuid packages.
“Our profitable exploitation, resulting in full root privileges on main distributions like Fedora, Ubuntu, and Debian, highlights this vulnerability’s severity and widespread nature,” stated Saeed Abbasi, Product Supervisor at Qualys’ Menace Analysis Unit.
“Though we’re withholding our exploit code for now, the convenience with which the buffer overflow will be remodeled right into a data-only assault implies that different analysis groups might quickly produce and launch exploits.
“This might put numerous techniques in danger, particularly given the in depth use of glibc throughout Linux distributions.”
Admins urged to prioritize patching
The vulnerability is triggered when processing GLIBC_TUNABLES surroundings variable on default installations of Debian 12 and 13, Ubuntu 22.04 and 23.04, and Fedora 37 and 38 (Alpine Linux, which makes use of musl libc, is just not affected).
“A buffer overflow was found within the GNU C Library’s dynamic loader ld.so whereas processing the GLIBC_TUNABLES surroundings variable,” a Crimson Hat advisory explains.
“This challenge might enable a neighborhood attacker to make use of maliciously crafted GLIBC_TUNABLES surroundings variables when launching binaries with SUID permission to execute code with elevated privileges.”
Attackers with low privileges can exploit this high-severity vulnerability in low-complexity assaults that do not require person interplay.
“With the potential to offer full root entry on common platforms like Fedora, Ubuntu, and Debian, it’s crucial for system directors to behave swiftly,” Abbasi added.
“Whereas Alpine Linux customers can breathe a sigh of aid, others ought to prioritize patching to make sure system integrity and safety.”
Lately, Qualys researchers have found different high-severity Linux safety flaws that allow attackers to achieve root privileges in default configurations of many Linux distributions.
The record features a flaw in Polkit’s pkexec element (dubbed PwnKit), one other within the Kernel’s filesystem layer (dubbed Sequoia), and within the Sudo Unix program (aka Baron Samedit).