In GNU libc, a buffer overflow leads to escalation of privileges for local users. The bug has been fixed and updated packages for major Linux distributions are available.
The libc library is one of the central components of every Linux system and, among other things, provides the functions for dynamically loading other software components. A buffer overflow discovered by security company Qualys now allows attackers to escalate their own privileges and take over a vulnerable Linux system.
Environment variables are popular targets
The buffer overflow can occur when processing the GLIBC_TUNABLES environment variable – as Qualys notes in a detailed analysis, there have been security issues in a similar place in glibc in the past. Using the buffer overflow, the researchers were able to gain root privileges on current Debian, Ubuntu and Fedora systems. The vulnerability is listed as CVE-2023-4911 with a CVSS score of 7.8 and therefore the risk is “high”; Qualys named them “Looney Tunables.”
The dynamic loader ld.so processes data passed by the user, for example from the environment variable GLIBC_TUNABLES, every time it is called. The program code expects parameters in the form tuneable1=wert1:tuneable2=wert2. However, by specifying tuneable1=tuneable2=value, malicious actors can cause a buffer overflow. As a result, they can manipulate the stack, cause SUID programs such as mount to execute code with root privileges and thus take over the system.
The developers of glibc and the affected distributions have already reacted: Updated packages are available for Ubuntu, Debian and RedHat-based Linuxes that fix the gap in the dynamic loader.
To the home page
#Privilege #escalation #due #buffer #overflow #glibc