A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Active Exploitation of High Severity Vulnerability in GNU C Library (CVE-2023-4911)

Active Exploitation of High Severity Vulnerability in GNU C Library (CVE-2023-4911)

Advisory No: TZCERT/SA/2023/11/08

Date of First Release: 8th November 2023

Source: NIST, CSA

Software Affected:  Linux kernel-based systems running v.2.34 of the GNU C Library.

Overview:

A high-severity buffer overflow vulnerability which is also known as Looney Tunables affecting Linux kernel-based systems has been discovered. The vulnerability affected GNU C library which is a foundational component of most UNIX operating systems. The vulnerability could allow a local attacker to gain root privileges on the system.

Description:

GNU Library also known as glibc provides system API, system calls, and basic routines for programs written in C and C++ to interact with the underlying operating system. The glibc uses environmental variables that can influence everything the computer does from localization, debugging and performance tuning.

GLIBC_TUNABLES is one of the variables responsible for controlling the behavior of glibc in certain aspects, allowing users to set tunables that influence runtime behavior of glibc without having to recompile the application or library.

The way dynamic loader handles the GLIBC_TUNABLES environment variable is ineffective as it allows more data to be copied inside the allocated buffer than the allowed amount leading to buffer overflow vulnerability.

As a result of buffer overflow in the GNU C Library’s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable, the local attacker may modify the LD_LIBRARY_PATH for a given SUID  binary or make a copy, allowing processes to load untrusted shared objects from an attacker-controlled directory to execute code with elevated privileges.

Impact:

Successful exploitation of these vulnerabilities may allow the attacker to take control of affected system.

Solution:

Multiple Linux distributions have released patches for this vulnerability. Users and administrators are encouraged to apply all necessary updates.

References:

  1. https://nvd.nist.gov/vuln/detail/CVE-2023-4911
  2. https://www.csa.gov.sg/alerts-advisories/alerts/2023/al-2023-145
  3. https://sysdig.com/blog/cve-2023-4911/#:~:text=The%20flaw%2C%20assigned%20CVE%2D2023,for%20accurate%20information%20on%20status
  4. https://www.bleepingcomputer.com/news/security/hackers-exploit-looney-tunables-linux-bug-steal-cloud-creds/

Best free WordPress theme

Check Also

HPE Superdome Flex, Superdome Flex 280 and Compute Scale-up Server 3200 Servers Arbitrary Code Execution (CVE-2021-38578)

Advisory No: TZCERT/SA/2024/04/19 Date of First Release: 19th April 2024 Source: Hewlett Packard Enterprise (HPE) …

DISCLAIMER |FAQ |CONTACT US
Tanzania Computer Emergency Response Team © Copyright 2024, All Rights Reserved.