A brand new Linux vulnerability referred to as ‘Looney Tunables‘ allows native attackers to realize root privileges by exploiting a buffer overflow weak spot within the GNU C Library’s ld.so dynamic loader.
The GNU C Library (glibc) is the GNU system’s C library and is in most Linux kernel-based programs. It gives important performance, together with system calls like open, malloc, printf, exit, and others, mandatory for typical program execution.
The dynamic loader inside glibc is of utmost significance, as it’s liable for program preparation and execution on Linux programs that use glibc.
Found by the Qualys Menace Analysis Unit, the flaw (CVE-2023-4911) was launched in April 2021, with the discharge of glibc 2.34, by way of a commit described as fixing SXID_ERASE conduct in setuid applications.
“Our profitable exploitation, resulting in full root privileges on main distributions like Fedora, Ubuntu, and Debian, highlights this vulnerability’s severity and widespread nature,” mentioned Saeed Abbasi, Product Supervisor at Qualys’ Menace Analysis Unit.
“Though we’re withholding our exploit code for now, the benefit with which the buffer overflow could be reworked right into a data-only assault implies that different analysis groups might quickly produce and launch exploits.
“This might put numerous programs in danger, particularly given the intensive use of glibc throughout Linux distributions.”
Admins urged to prioritize patching
The vulnerability is triggered when processing GLIBC_TUNABLES setting variable on default installations of Debian 12 and 13, Ubuntu 22.04 and 23.04, and Fedora 37 and 38 (Alpine Linux, which makes use of musl libc, will not be affected).
“A buffer overflow was found within the GNU C Library’s dynamic loader ld.so whereas processing the GLIBC_TUNABLES setting variable,” a Pink Hat advisory explains.
“This difficulty might enable a neighborhood attacker to make use of maliciously crafted GLIBC_TUNABLES setting variables when launching binaries with SUID permission to execute code with elevated privileges.”
Attackers with low privileges can exploit this high-severity vulnerability in low-complexity assaults that do not require person interplay.
“With the potential to supply full root entry on in style platforms like Fedora, Ubuntu, and Debian, it’s crucial for system directors to behave swiftly,” Abbasi added.
“Whereas Alpine Linux customers can breathe a sigh of aid, others ought to prioritize patching to make sure system integrity and safety.”
Lately, Qualys researchers have found different high-severity Linux safety flaws that allow attackers to realize root privileges in default configurations of many Linux distributions.
The checklist features a flaw in Polkit’s pkexec part (dubbed PwnKit), one other within the Kernel’s filesystem layer (dubbed Sequoia), and within the Sudo Unix program (aka Baron Samedit).
