New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Glibc vulnerability "Looney Tunables" CVE-2023-4911
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Comments
Is this theoretically exploitable or in real world?
From what I've read/my understanding, it seems trivial for a local attacker to gain root privileges and manipulate data.
So I guess it depends on your threat model, and if your machines have several users or just administrators.
The main concern with this one I think is glibc's prevalence on so many Linux based systems.
It's extremely easily exploitable for any executable that is SUID, so it's LPE
At least only new executions are affected so no need to reboot
The beauty of C99 keeps on giving.
Is this the correct way to fix it on Debian?
apt-get install libc-bin=2.36-9+deb12u3.https://security-tracker.debian.org/tracker/source-package/glibc
Usually just apt-get depends on your debian version.
Buster seems still be unpatched.