Researchers at safety agency Qualys have warned of a vulnerability within the GNU C Library (glibc) that leaves Linux techniques uncovered to native privilege escalation assaults — giving anybody on the system full root entry.
“We found a heap-based buffer overflow within the GNU C Library’s __vsyslog_internal() perform,” the researchers write of their safety advisory, delivered to our consideration by Bleeping Laptop, “which known as by each syslog() and vsyslog(). This vulnerability was launched in glibc 2.37 (in August 2022) […] and was additionally back-ported to glibc 2.36 as a result of this commit was a repair for one more, minor vulnerability in __vsyslog_internal().”
Qualys researchers have warned of a vulnerability within the GNU C Library which opens Linux techniques as much as assault. (📷: Qualys)
It is a significant issue: in accordance with Qualys, the vulnerability permits for native unprivileged customers to hold out a privilege escalation assault — buying and selling their unprivileged account for full root entry. Because it’s in essentially the most commonly-used C library in Linux distributions, it is also broad in scope: the staff confirmed it may very well be exploited in Debian Linux 12 and 13, Ubuntu Linux 23.04 and 23.10, and Fedora Linux 37 by to 39 inclusive.
“To one of the best of our information,” the staff confirms in a grateful mitigation, “this vulnerability can’t be triggered remotely in any seemingly state of affairs as a result of it requires an argv[0], or an openlog() ident argument, longer than 1024 bytes to be triggered” — that means it might probably solely be exploited by those that have already got entry to an unprivileged account on the system.
A single-line proof-of-concept can present if a system is susceptible to the assault. (📷: Qualys)
“In our assessments,” the researchers add, “it takes a number of 10,000s of tries to efficiently brute pressure the exploit parameters (the size of argv[0], and the whitelist possibility and its related atmosphere variables). Word: this exploit may actually be made way more environment friendly; in concept, it may even be a one-shot exploit, as a result of we don’t must brute pressure the ASLR [Address Space Layout Randomization], solely the heap structure.”
The complete disclosure is obtainable on the Qualys web site, together with a observe that demonstrates that there is little new beneath the solar in software program improvement: “In December 1997,” the researchers observe, “Photo voltaic Designer revealed details about a really related vulnerability within the vsyslog() of the outdated Linux libc.”