A brand new Linux vulnerability referred to as ‘Looney Tunables‘ permits native attackers to achieve root privileges by exploiting a buffer overflow weak spot within the GNU C Library’s ld.so dynamic loader.
The GNU C Library (glibc) is the GNU system’s C library and is in most Linux kernel-based programs. It gives important performance, together with system calls like open, malloc, printf, exit, and others, mandatory for typical program execution.
The dynamic loader inside glibc is of utmost significance, as it’s liable for program preparation and execution on Linux programs that use glibc.
Discovered by the Qualys Threat Research Unit, the flaw (CVE-2023-4911) was launched in April 2021, with the discharge of glibc 2.34, through a commit described as fixing SXID_ERASE habits in setuid applications.
“Our profitable exploitation, resulting in full root privileges on main distributions like Fedora, Ubuntu, and Debian, highlights this vulnerability’s severity and widespread nature,” stated Saeed Abbasi, Product Manager at Qualys’ Threat Research Unit.
“Although we’re withholding our exploit code for now, the convenience with which the buffer overflow may be reworked right into a data-only assault implies that different analysis groups might quickly produce and launch exploits.
“This might put numerous programs in danger, particularly given the intensive use of glibc throughout Linux distributions.”
Admins urged to prioritize patching
The vulnerability is triggered when processing GLIBC_TUNABLES setting variable on default installations of Debian 12 and 13, Ubuntu 22.04 and 23.04, and Fedora 37 and 38 (Alpine Linux, which makes use of musl libc, is just not affected).
“A buffer overflow was found within the GNU C Library’s dynamic loader ld.so whereas processing the GLIBC_TUNABLES setting variable,” a Red Hat advisory explains.
“This problem might enable a neighborhood attacker to make use of maliciously crafted GLIBC_TUNABLES setting variables when launching binaries with SUID permission to execute code with elevated privileges.”
Attackers with low privileges can exploit this high-severity vulnerability in low-complexity assaults that do not require person interplay.
“With the potential to offer full root entry on widespread platforms like Fedora, Ubuntu, and Debian, it’s crucial for system directors to behave swiftly,” Abbasi added.
“While Alpine Linux customers can breathe a sigh of reduction, others ought to prioritize patching to make sure system integrity and safety.”
In latest years, Qualys researchers have found different high-severity Linux safety flaws that allow attackers to achieve root privileges in default configurations of many Linux distributions.
The listing features a flaw in Polkit’s pkexec part (dubbed PwnKit), one other within the Kernel’s filesystem layer (dubbed Sequoia), and within the Sudo Unix program (aka Baron Samedit).