New 'Looney Tunables' Linux bug gives root on major distros

Gandalf_The_Grey

Level 79
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,840
A new Linux vulnerability known as 'Looney Tunables' enables local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library's ld.so dynamic loader.

The GNU C Library (glibc) is the GNU system's C library and is in most Linux kernel-based systems. It provides essential functionality, including system calls like open, malloc, printf, exit, and others, necessary for typical program execution.

The dynamic loader within glibc is of utmost importance, as it is responsible for program preparation and execution on Linux systems that use glibc.

Discovered by the Qualys Threat Research Unit, the flaw (CVE-2023-4911) was introduced in April 2021, with the release of glibc 2.34, via a commit described as fixing SXID_ERASE behavior in setuid programs.

"Our successful exploitation, leading to full root privileges on major distributions like Fedora, Ubuntu, and Debian, highlights this vulnerability’s severity and widespread nature," said Saeed Abbasi, Product Manager at Qualys' Threat Research Unit.

"Although we are withholding our exploit code for now, the ease with which the buffer overflow can be transformed into a data-only attack implies that other research teams could soon produce and release exploits.

"This could put countless systems at risk, especially given the extensive use of glibc across Linux distributions."
 
F

ForgottenSeer 97327

I am on Linux now (temporary or permanently not decided yet), but Linux users (like Apple users) can rest assure: there are no security issues nor virusses for these OS-ses.

At least that is what I am reading on Linux forums. 🤣 🤣🤣
 

nicolaasjan

Level 4
Verified
Well-known
May 29, 2023
188
enables local attackers to gain root privileges
* Searching through my house for attackers *
Phew... Haven't found any.

But my system (Linux Mint 20.3) is based on Ubuntu Focal and that is:
Not vulnerable (code not present)

The vulnerability is triggered when processing GLIBC_TUNABLES environment variable on default installations of Debian 12 and 13, Ubuntu 22.04 and 23.04, and Fedora 37 and 38
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top