CarderPlanet
Professional
The vulnerability in glibc puts most Linux systems at risk.
The Qualys Threat Research Unit (TRU) has discovered a new vulnerability in Linux systems that can give an attacker full control over the affected systems. The error is called "Looney Tunables" and is related to the handling of the GLIBC_TUNABLES environment variable in the GNU C Library Dynamic Loader (glibc).
Vulnerability CVE-2023-4911 (CVSS: 7.8) is classified as a buffer overflow and can allow a cybercriminal to locally increase privileges by gaining access at the root level. Qualys TRU specialists demonstrated successful exploitation of the vulnerability on standard installations of some Linux distributions, including Fedora 37 and 38, Ubuntu 22.04 and 23.04, as well as Debian 12 and 13. Since the flaw appeared in April 2021, many systems are under threat.
It is worth noting that, despite the identification of vulnerabilities in specific Linux distributions, it is possible that other distributions are also affected. However, Alpine Linux remains an exception due to the use of musl libc instead of glibc.
The GNU C library, often referred to as glibc, is a fundamental component of Linux systems, providing basic functions and system calls for proper program operation. In glibc, the dynamic loader plays a critical role in preparing and executing programs.
According to Qualys, the vulnerability is centered around the GLIBC_TUNABLES environment variable, introduced to allow users to change the library's runtime behavior without recompiling.
Buffer overflow in GLIBC_TUNABLES processing by the dynamic loader is a serious threat to Linux distributions. Improper use or exploitation of the environment variable can seriously affect the performance, reliability, and security of systems.
The Qualys Threat Research Unit (TRU) has discovered a new vulnerability in Linux systems that can give an attacker full control over the affected systems. The error is called "Looney Tunables" and is related to the handling of the GLIBC_TUNABLES environment variable in the GNU C Library Dynamic Loader (glibc).
Vulnerability CVE-2023-4911 (CVSS: 7.8) is classified as a buffer overflow and can allow a cybercriminal to locally increase privileges by gaining access at the root level. Qualys TRU specialists demonstrated successful exploitation of the vulnerability on standard installations of some Linux distributions, including Fedora 37 and 38, Ubuntu 22.04 and 23.04, as well as Debian 12 and 13. Since the flaw appeared in April 2021, many systems are under threat.
It is worth noting that, despite the identification of vulnerabilities in specific Linux distributions, it is possible that other distributions are also affected. However, Alpine Linux remains an exception due to the use of musl libc instead of glibc.
The GNU C library, often referred to as glibc, is a fundamental component of Linux systems, providing basic functions and system calls for proper program operation. In glibc, the dynamic loader plays a critical role in preparing and executing programs.
According to Qualys, the vulnerability is centered around the GLIBC_TUNABLES environment variable, introduced to allow users to change the library's runtime behavior without recompiling.
Buffer overflow in GLIBC_TUNABLES processing by the dynamic loader is a serious threat to Linux distributions. Improper use or exploitation of the environment variable can seriously affect the performance, reliability, and security of systems.
