Security Alert (A23-10-04): Vulnerability in Linux Operating Systems


 

Published on: 04 October 2023

  
  

Description:

A local privilege escalation vulnerability is found in the Linux GNU C Library (glibc) version 2.34 while processing an environment variable called GLIBC_TUNABLES. A local authenticated attacker may leverage the vulnerability to escalate its privilege on a vulnerable system.

 

Affected Systems:

  • Linux operating systems with GNU C Library (glibc) 2.34 installed and the GLIBC_TUNABLES environment variable being used

It is strongly recommended to consult the product vendors if the used Linux systems are affected.

 

Impact:

Successful exploitation could lead to privilege escalation on an affected system.

 

Recommendation:

The vulnerability is fixed in some of the affected Linux distributions such as RedHat and Ubuntu. The following is only a sample list of Linux distributions that are affected. The list is not exhaustive and it is strongly recommended to consult the product vendors if the used Linux systems are affected. System administrators should check with their product vendors to confirm if their Linux systems are affected and the availability of patches, and if so, apply the patches or follow the recommendations provided by the product vendors to mitigate the risk.

  • Debian
    https://www.debian.org/security/2023/dsa-5514
  • Fedora
    https://bodhi.fedoraproject.org/updates/FEDORA-2023-028062484e
  • RedHat
    https://access.redhat.com/security/cve/CVE-2023-4911
  • Ubuntu
    https://ubuntu.com/security/CVE-2023-4911

 

More Information:

  • https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911


Tag: GNU C , Debian , Fedora , RedHat , Ubuntu , Linux
Tags