A new Linux security vulnerability dubbed Looney Tunables has been found in the GNU C library’s ld.so dynamic loader that, if successfully exploited, could direct to a community privilege escalation and allow a risk actor to gain root privileges.
Tracked as CVE-2023-4911 (CVSS score: 7.8), the issue is a buffer overflow that resides in the dynamic loader’s processing of the GLIBC_TUNABLES atmosphere variable. Cybersecurity company Qualys, which disclosed aspects of the bug, explained it was released as a code dedicate made in April 2021.
The GNU C library, also called glibc, is a core library in Linux-based mostly systems that offers foundational features this sort of as open up, browse, compose, malloc, printf, getaddrinfo, dlopen, pthread_make, crypt, login, and exit.
glibc’s dynamic loader is a crucial component that is dependable for making ready and running packages, like locating the essentially shared object dependencies demanded as nicely as loading them into memory and linking them at runtime.
The vulnerability impacts important Linux distributions like Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13, despite the fact that other distributions are likely to be vulnerable and exploitable. 1 noteworthy exception is Alpine Linux, which works by using the musl libc library in its place of glibc.
“The existence of a buffer overflow vulnerability in the dynamic loader’s dealing with of the GLIBC_TUNABLES environment variable poses considerable challenges to several Linux distributions,” Saeed Abbasi, merchandise supervisor at Qualys Menace Study Unit, reported.
“This atmosphere variable, meant to wonderful-tune and optimize apps linked with glibc, is an vital software for developers and method directors. Its misuse or exploitation broadly affects procedure functionality, trustworthiness, and security.”
An advisory issued by Pink Hat states that a neighborhood attacker could exploit the shortcoming to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID authorization to execute code with elevated privileges.
It has also presented non permanent mitigation that, when enabled, terminates any setuid program invoked with GLIBC_TUNABLES in the ecosystem.
Looney Tunables is the most recent addition to a escalating list of privilege escalation flaws that have been uncovered in Linux in new several years, counting CVE-2021-3156 (Baron Samedit), CVE-2021-3560, CVE-2021-33909 (Sequoia), and CVE-2021-4034 (PwnKit), that could be weaponized to get hold of elevated permissions.
Located this write-up attention-grabbing? Comply with us on Twitter and LinkedIn to go through much more unique material we write-up.
Some elements of this post are sourced from: