A critical vulnerability in the system library raises the question of Linux security once again.
Unprivileged attackers can gain root access to several major Linux distributions in default configurations by exploiting the recently disclosed Local Privilege Escalation (LPE) vulnerability in the GNU C Library (glibc).
This security issue, which is being tracked under the ID CVE-2023-6246, is related to the "__vsyslog_internal()" function in glibc, which is used to write messages to the system log. The bug was accidentally introduced in glibc version 2.37 in August 2022 and then moved to version 2.36 when another vulnerability was fixed ( CVE-2022-39046).
According to researchers from Qualys, the vulnerability is a serious threat, as it allows you to increase privileges to the root level through specially prepared input data for applications that use logging functions.
The vulnerability affects systems such as Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora versions 37 to 39. At the same time, researchers suggest that other distributions may also be susceptible to this threat.
In addition to CVE-2023-6246, other vulnerabilities were discovered in glibc, including two in the same "__vsyslog_internal ()" function (CVE-2023-6779 and CVE-2023-6780), as well as a memory corruption problem in the "qsort ()"function.
The identified flaws highlight the importance of strong security measures in software development, especially for key libraries that are widely used in many systems and applications.
Over the past few years, researchers at Qualys have already discovered several vulnerabilities in the Linux security system that can allow attackers to gain full control over unpatched Linux systems, even in standard configurations.
These vulnerabilities include a bug in the glibc dynamic library loader (Looney Tunables), a vulnerability in Polkit's pkexec component (PwnKit), a problem in the kernel file system (Sequoia), and a vulnerability in the Sudo Unix program (Baron Samedit).
Unprivileged attackers can gain root access to several major Linux distributions in default configurations by exploiting the recently disclosed Local Privilege Escalation (LPE) vulnerability in the GNU C Library (glibc).
This security issue, which is being tracked under the ID CVE-2023-6246, is related to the "__vsyslog_internal()" function in glibc, which is used to write messages to the system log. The bug was accidentally introduced in glibc version 2.37 in August 2022 and then moved to version 2.36 when another vulnerability was fixed ( CVE-2022-39046).
According to researchers from Qualys, the vulnerability is a serious threat, as it allows you to increase privileges to the root level through specially prepared input data for applications that use logging functions.
The vulnerability affects systems such as Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora versions 37 to 39. At the same time, researchers suggest that other distributions may also be susceptible to this threat.
In addition to CVE-2023-6246, other vulnerabilities were discovered in glibc, including two in the same "__vsyslog_internal ()" function (CVE-2023-6779 and CVE-2023-6780), as well as a memory corruption problem in the "qsort ()"function.
The identified flaws highlight the importance of strong security measures in software development, especially for key libraries that are widely used in many systems and applications.
Over the past few years, researchers at Qualys have already discovered several vulnerabilities in the Linux security system that can allow attackers to gain full control over unpatched Linux systems, even in standard configurations.
These vulnerabilities include a bug in the glibc dynamic library loader (Looney Tunables), a vulnerability in Polkit's pkexec component (PwnKit), a problem in the kernel file system (Sequoia), and a vulnerability in the Sudo Unix program (Baron Samedit).
