New Glibc flaw gives attackers root access on major Linux distributions

Linux Hacking

Malicious local attackers can gain full root access on Linux machines by exploiting a newly disclosed vulnerability in the GNU C library (also known as glibc).

The heap-based buffer overflow vulnerability, tracked as CVE-2023-6246, is rooted in glibc’s __vsyslog_internal() function, which is used by syslog() and vsyslog() for system registration purposes. It is said to have been accidentally introduced in August 2022 with the release of glibc 2.37.

“This flaw allows local privilege escalation, allowing an unprivileged user to gain full root access,” said Saeed Abbasi, product manager of the Threat Research Unit at Qualys, saidand adding it affects major Linux distributions such as Debian, Ubuntu and Fedora.

A threat actor could exploit the flaw to gain elevated privileges via specially crafted input to applications that use these logging functions.

“Although the vulnerability requires taking advantage of specific circumstances (such as an unusually long argv[0] or openlog() ident argument), its impact is significant due to the widespread use of the affected library,” Abbasi noted.

The cybersecurity firm said further analysis of glibc exposed two more flaws in the __vsyslog_internal() function (CVE-2023-6779 and CVE-2023-6780) and a third bug in the library’s qsort() function that led to memory corruption can lead.

The vulnerability found in qsort() has affected all glibc versions released since 1992.

The development comes almost four months after Qualys described another serious flaw in the same library called Looney Tunables (CVE-2023-4911, CVSS score: 7.8) that could result in privilege escalation.

“These shortcomings highlight the critical need for strict security measures in software development, especially for core libraries that are widely used in many systems and applications,” Abbasi said.

#Glibc #flaw #attackers #root #access #major #Linux #distributions

Notify of
Inline Feedbacks
View all comments
Previous Post
Grandoreiro Banking Trojan

Brazilian FBI dismantles Grandoreiro banking trojan and arrests top officials

Next Post
Chinese Hackers

Hackers exploit Ivanti VPN flaws to deploy KrustyLoader malware

Related Posts