https://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/ BleepingComputer.com logo * * * * [ ] [Login] [Sign up] * * * * [ ] [Login] [Sign up] * News + Featured + Latest + FBI disrupts Chinese botnet by wiping malware from infected routers FBI disrupts Chinese botnet by wiping malware from infected routers + Ivanti warns of new Connect Secure zero-day exploited in attacks Ivanti warns of new Connect Secure zero-day exploited in attacks + Johnson Controls says ransomware attack cost $27 million, data stolen Johnson Controls says ransomware attack cost $27 million, data stolen + CISA warns of patched iPhone kernel bug now exploited in attacks CISA warns of patched iPhone kernel bug now exploited in attacks + Microsoft is bringing the Linux sudo command to Windows Server Microsoft is bringing the Linux sudo command to Windows Server + Leaky Vessels flaws allow hackers to escape Docker, runc containers Leaky Vessels flaws allow hackers to escape Docker, runc containers + Clorox says cyberattack caused $49 million in expenses Clorox says cyberattack caused $49 million in expenses + Check if you're in Google Chrome's third-party cookie phaseout test Check if you're in Google Chrome's third-party cookie phaseout test * Downloads + Latest + Most Downloaded + Qualys BrowserCheck Qualys BrowserCheck + STOPDecrypter STOPDecrypter + AuroraDecrypter AuroraDecrypter + FilesLockerDecrypter FilesLockerDecrypter + AdwCleaner AdwCleaner + ComboFix ComboFix + RKill RKill + Junkware Removal Tool Junkware Removal Tool * VPNs + Popular + Best VPNs Best VPNs + How to change IP address How to change IP address + Access the dark web safely Access the dark web safely + Best VPN for YouTube Best VPN for YouTube * Virus Removal Guides + Latest + Most Viewed + Ransomware + Remove the Theonlinesearch.com Search Redirect Remove the Theonlinesearch.com Search Redirect + Remove the Smartwebfinder.com Search Redirect Remove the Smartwebfinder.com Search Redirect + How to remove the PBlock+ adware browser extension How to remove the PBlock+ adware browser extension + Remove the Toksearches.xyz Search Redirect Remove the Toksearches.xyz Search Redirect + Remove Security Tool and SecurityTool (Uninstall Guide) Remove Security Tool and SecurityTool (Uninstall Guide) + How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo + How to remove Antivirus 2009 (Uninstall Instructions) How to remove Antivirus 2009 (Uninstall Instructions) + How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller + Locky Ransomware Information, Help Guide, and FAQ Locky Ransomware Information, Help Guide, and FAQ + CryptoLocker Ransomware Information Guide and FAQ CryptoLocker Ransomware Information Guide and FAQ + CryptorBit and HowDecrypt Information Guide and FAQ CryptorBit and HowDecrypt Information Guide and FAQ + CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ * Tutorials + Latest + Popular + How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11 How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11 + How to use the Windows Registry Editor How to use the Windows Registry Editor + How to backup and restore the Windows Registry How to backup and restore the Windows Registry + How to open a Windows 11 Command Prompt as Administrator How to open a Windows 11 Command Prompt as Administrator + How to start Windows in Safe Mode How to start Windows in Safe Mode + How to remove a Trojan, Virus, Worm, or other Malware How to remove a Trojan, Virus, Worm, or other Malware + How to show hidden files in Windows 7 How to show hidden files in Windows 7 + How to see hidden files in Windows How to see hidden files in Windows * Deals + Categories + eLearning eLearning + IT Certification Courses IT Certification Courses + Gear & Gadgets Gear + Gadgets + Security Security * Forums * More + Startup Database + Uninstall Database + Glossary + Chat on Discord + Send us a Tip! + Welcome Guide * Home * News * Security * New Linux glibc flaw lets attackers get root on major distros * * New Linux glibc flaw lets attackers get root on major distros By Sergiu Gatlan * January 30, 2024 * 06:06 PM * 3 Linux Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc). Tracked as CVE-2023-6246, this security flaw was found in glibc's __vsyslog_internal() function, called by the widely-used syslog and vsyslog functions for writing messages to the system message logger. The bug is due to a heap-based buffer overflow weakness accidentally introduced in glibc 2.37 in August 2022 and later backported to glibc 2.36 when addressing a less severe vulnerability tracked as CVE-2022-39046. "The buffer overflow issue poses a significant threat as it could allow local privilege escalation, enabling an unprivileged user to gain full root access through crafted inputs to applications that employ these logging functions," Qualys security researchers said. "Although the vulnerability requires specific conditions to be exploited (such as an unusually long argv[0] or openlog() ident argument), its impact is significant due to the widespread use of the affected library." Impacts Debian, Ubuntu, and Fedora systems While testing their findings, Qualys confirmed that Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora 37 to 39 were all vulnerable to CVE-2023-6246 exploits, allowing any unprivileged user to escalate privileges to full root access on default installations. Although their tests were limited to a handful of distros, the researchers added that "other distributions are probably also exploitable." While analyzing glibc for other potential security issues, the researchers also found three other vulnerabilities, two of them--harder to exploit--in the __vsyslog_internal() function (CVE-2023-6779 and CVE-2023-6780) and a third one (a memory corruption issue still waiting for a CVEID) in glibc's qsort () function. "The recent discovery of these vulnerabilities is not just a technical concern but a matter of widespread security implications," said Saeed Abbasi, Product Manager at Qualys' Threat Research Unit. "These flaws highlight the critical need for strict security measures in software development, especially for core libraries widely used across many systems and applications." Other Linux root escalation flaws found by Qualys Over the past few years, researchers at Qualys have found several other Linux security vulnerabilities that can let attackers gain complete control over unpatched Linux systems, even in default configurations. Vulnerabilities they discovered include a flaw in glibc's ld.so dynamic loader (Looney Tunables), one in Polkit's pkexec component ( dubbed PwnKit), another in the Kernel's filesystem layer (dubbed Sequoia), and in the Sudo Unix program (aka Baron Samedit). Days after the Looney Tunables flaw (CVE-2023-4911) was disclosed, proof-of-concept (PoC) exploits were published online, and threat actors started exploiting it one month later to steal cloud service provider (CSP) credentials in Kinsing malware attacks. The Kinsing gang is known for deploying cryptocurrency mining malware on compromised cloud-based systems, including Kubernetes, Docker APIs, Redis, and Jenkins servers. CISA later ordered U.S. federal agencies to secure their Linux systems against CVE-2023-4911 attacks after adding it to its catalog of actively exploited bugs and tagging it as posing "significant risks to the federal enterprise." Related Articles: Exploits released for Linux flaw giving root on major distros New 'Looney Tunables' Linux bug gives root on major distros CISA orders federal agencies to patch Looney Tunables Linux bug Microsoft is bringing the Linux sudo command to Windows Server CISA: Critical Microsoft SharePoint bug now actively exploited * Debian * Fedora * glibc * Linux * Local Privilege Escalation * Privilege Escalation * Root * Ubuntu * * * * * Sergiu Gatlan Sergiu has covered cybersecurity, technology, and other news beats for more than a decade. Email or Twitter DMs for tips. * Previous Article * Next Article Comments * Elastoer Photo Elastoer - 3 days ago + + Isn't the whole idea of Open Source, hat's so many people are looking at the code base at any given time, that critical flaws like this are not supposed to happen? * wpontius Photo wpontius - 3 days ago + + Actually it has been shown that open source does not increase the chances of finding security issues or problems, nor is it more secure than closed source. * electrolite Photo electrolite - 3 days ago + + Qualys test Debian 12 and 13. What about Debian 11? That has a sizable install base whereas Debian 13 is mostly the 12 codebase since 12 was officially released just last year. Post a Comment Community Rules You need to login in order to post a comment [Login] Not a member yet? Register Now You may also like: [INS::INS] Popular Stories * AnyDesk AnyDesk says hackers breached its production servers, reset passwords * Hacker Screens Interpol operation Synergia takes down 1,300 servers used for cybercrime Latest Downloads * Malwarebytes Anti-Malware Logo Malwarebytes Anti-Malware Version: 4.6.8.311 5M+ Downloads * Windows Repair (All In One) Logo Windows Repair (All In One) Version: 4.14.1 2M+ Downloads * McAfee Consumer Products Removal tool Logo McAfee Consumer Products Removal tool Version: NA 441,367 Downloads * AdwCleaner Logo AdwCleaner Version: 8.4.0.0 56M+ Downloads * Everything Desktop Search Logo Everything Desktop Search Version: 1.4.1.1017 24,812 Downloads Follow us: * * * * * Main Sections * News * VPN Buyer Guides * Downloads * Virus Removal Guides * Tutorials * Startup Database * Uninstall Database * Glossary Community * Forums * Forum Rules * Chat Useful Resources * Welcome Guide * Sitemap Company * About BleepingComputer * Contact Us * Send us a Tip! * Advertising * Write for BleepingComputer * Social & Feeds * Changelog Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure Copyright @ 2003 - 2024 Bleeping Computer^(r) LLC - All Rights Reserved Login Username [ ] Password [ ] [*] Remember Me [ ] Sign in anonymously [Login] Sign in with Twitter button Sign in with Twitter --------------------------------------------------------------------- Not a member yet? Register Now Reporter Help us understand the problem. What is going on with this comment? * ( )Spam * ( )Abusive or Harmful * ( )Inappropriate content * ( )Strong language * ( )Other [ ] * [ ] Read our posting guidelinese to learn what content is prohibited. Submitting... SUBMIT