https://www.phoronix.com/news/Glibc-LD-Nasty-Root-Bug Phoronix * Articles & Reviews * News Archive * Forums * Premium * Categories * Computers * Display Drivers * Graphics Cards * Linux Gaming * Memory * Motherboards * Processors * Software * Storage * Operating Systems * Peripherals * Close * * Articles & Reviews * News Archive * Forums * Premium * Contact * Categories Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals * [ ] [Search] Show Your Support: Did you know that you can get Phoronix Premium for under $4 per month? Try it today to view our site ad-free, multi-page articles on a single page, and more while the proceeds allow us to write more Linux hardware reviews. At the very least, please disable your ad-blocker. Glibc Dynamic Loader Hit By A Nasty Local Privilege Escalation Vulnerability Written by Michael Larabel in GNU on 3 October 2023 at 03:05 PM EDT. 5 Comments GNU A nasty vulnerability has been made public today concerning Glibc's dynamic loader that can lead to full root privileges being obtained by local users. This affects Linux distributions of the past two years with the likes of Ubuntu 22.04 LTS, 23.04, Fedora 38, and others vulnerable to this local privilege escalation issue. Qualys announced this vulnerability a few minutes ago: "The GNU C Library's dynamic loader "find[s] and load[s] the shared objects (shared libraries) needed by a program, prepare[s] the program to run, and then run[s] it" (man ld.so). The dynamic loader is extremely security sensitive, because its code runs with elevated privileges when a local user executes a set-user-ID program, a set-group-ID program, or a program with capabilities. Historically, the processing of environment variables such as LD_PRELOAD, LD_AUDIT, and LD_LIBRARY_PATH has been a fertile source of vulnerabilities in the dynamic loader. Recently, we discovered a vulnerability (a buffer overflow) in the dynamic loader's processing of the GLIBC_TUNABLES environment variable. This vulnerability was introduced in April 2021 (glibc 2.34) by commit 2ed18c ("Fix SXID_ERASE behavior in setuid programs (BZ #27471)"). We successfully exploited this vulnerability and obtained full root privileges on the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, Debian 12 and 13; other distributions are probably also vulnerable and exploitable (one notable exception is Alpine Linux, which uses musl libc, not the glibc). We will not publish our exploit for now; however, this buffer overflow is easily exploitable (by transforming it into a data-only attack), and other researchers might publish working exploits shortly after this coordinated disclosure." See the oss-security mailing list for more details on this high profile vulnerability. A bad day for computers... This glibc dynamic loader vulnerability comes just hours after new X.Org/X11 vulnerabilities that date back as far as 1988 were disclosed. A rough day for computers and a long day for Linux administrators." Glibc updates to the major Linux distributions should begin rolling out imminently. In the interim we are already seeing actions take place such as Debian temporarily restricting access to some of their systems until they are patched against this local privilege escalation vulnerability. 5 Comments Tweet [INS::INS] Related News GNU Binutils Lands Support For ARCv3 32-bit & 64-bit Architecture Glibc Lands HWCAPs Support For LoongArch GCC Preparing To Introduce "-fhardened" Security Hardening Option GNU Assembler Starts Getting Ready For Intel AVX10.1 GNU Boot 0.1 RC1 Released For This Coreboot/Libreboot Fork uutils 0.0.21 Released With More Improvements For GNU Coreutils Written In Rust About The Author Michael Larabel Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com. Popular News This Week PipeWire 1.0 Planned For Release Later This Year "Open-Source Windows" ReactOS To See Improved GUI Setup/Installation Linux 6.7 Adding New Feature To Btrfs For The Steam Deck Firefox 118 Available With Performance Improvements, Automated Translations Reminder: The 2023 Phoronix Premium Oktoberfest/Autumn Special Counter-Strike 2 Now Available With An Initial Linux Build The Servo Browser Engine Has Been Making Great Progress In 2023 System76's COSMIC Desktop Adds New Window-Swapping Mode, Dynamic Settings Latest Linux News Glibc Dynamic Loader Hit By A Nasty Local Privilege Escalation Vulnerability Intel Comes Up With A Way For Vulkan Sparse Support On Their Existing Linux Driver X.Org Hit By New Security Vulnerabilities - Two Date Back To 1988 With X11R2 AMD Ryzen Powered Framework Laptop Linux Testing Held Up By BIOS Issue Rust Bindings For Kernel Workqueues Coming To Linux 6.7 Mesa 23.3 Will Enable More Efficient MSAA Anti-Aliasing Use With Radeon RDNA3 GPUs Linux Will Finally Indicate Via /proc/cpuinfo If AMD SVM Virtualization Is Disabled Python 3.12 Released With Linux Perf Integration, Performance Improvements Linux 6.7 To Boast Better Performance For FQ Packet Scheduling Algorithm Linux Mint 21.2 Edge ISO Brings Linux 6.2 Kernel Show Your Support, Go Premium Phoronix Premium allows ad-free access to the site, multi-page articles on a single page, and other features while supporting this site's continued operations. Latest Featured Articles Tweaking SteamOS For Better Steam Deck Performance Raspberry Pi 5 Graphics Continue With Open-Source Driver & Crazy Fast Compared To RPi 4 Raspberry Pi 5 Benchmarks: Significantly Better Performance, Improved I/O Windows 11 vs. Ubuntu 23.10 Performance On The Lenovo ThinkPad P14s Gen 4 Lenovo ThinkPad P14s Gen 4 w/ AMD Ryzen 7 PRO 7840U Running Nicely On Linux Support Phoronix The mission at Phoronix since 2004 has centered around enriching the Linux hardware experience. In addition to supporting our site through advertisements, you can help by subscribing to Phoronix Premium. You can also contribute to Phoronix through a PayPal tip or tip via Stripe. Phoronix Media --------------------------------------------------------------------- * Contact * Michael Larabel * OpenBenchmarking.org Phoronix Premium --------------------------------------------------------------------- * Support Phoronix * While Having Ad-Free Browsing, * Single-Page Article Viewing Share --------------------------------------------------------------------- * Facebook * Twitter * Legal Disclaimer, Privacy Policy, Cookies | Contact * Copyright (c) 2004 - 2023 by Phoronix Media. * All trademarks used are properties of their respective owners. All rights reserved.