A high severity flaw has been present in many Linux endpoints for two years, potentially allowing threat actors to execute malicious code with elevated privileges.
According to cybersecurity researchers from the Qualys Threat Research Unit, who shared in their article, the flaw is tracked as CVE-2023-4911. This is a buffer overflow weakness in the Id.so dynamic loader of the GNU C library (glibc), first introduced with glibc 2.34, back in April 2021.
“Our successful exploitation, which led to full root privileges on major distributions such as Fedora, Ubuntu and Debian, highlights the severity and widespread nature of this vulnerability,” said Saeed Abbasi, product manager at the Threat Research Unit at Qualys. “Although we are withholding our exploit code for now, the ease with which a buffer overflow can be transformed into a data-only attack means that other research teams could soon produce and publish vulnerabilities.”
“This could put countless systems at risk, especially given the extensive use of glibc across all Linux distributions,” Abbasi concluded.
The flaw rears its ugly head, the researcher explained, when the GLIBC_TUNABLES environment variable is processed on default installations of Debian 12 and 13, Ubuntu 22.04 and 23.04, and Fedora 37 and 38. Alpine Linux has no home since it uses musl libc, Also added.
As a result, low-privileged attackers can execute low-complexity attacks without requiring the victim to interact in any way.
“With the ability to provide full root access on popular platforms such as Fedora, Ubuntu and Debian, it is imperative that system administrators act quickly,” the researcher warned. “While Alpine Linux users can breathe a sigh of relief, others should prioritize patching to ensure system integrity and security.”
Qualys dubbed the vulnerability “Looney Tunables.”