Exploits released for Linux flaw
Named ‘Looney Tunables’ and identified as CVE-2023-4911, this security flaw results from a buffer overflow weakness, impacting default installations of Debian 12 and 13, Ubuntu 22.04 and 23.04, and Fedora 37 and 38.
Malicious actors can initiate this by manipulating the GLIBC_TUNABLES environment variable, which is processed by the ld.so dynamic loader, allowing them to execute arbitrary code with root privileges when running binaries with SUID permission.
After Qualys’ Threat Research Unit revealed it on Tuesday, multiple security researchers have promptly released proof-of-concept (PoC) exploit code tailored for specific system configurations.
One of these PoC exploits, validated as effective by vulnerability and exploit expert Will Dormann, was disseminated by independent security researcher Peter Geissler (blasty) today.
Although his exploit has a limited scope, the PoC also offers guidance on extending its applicability by identifying the applicable offset for the ld.so dynamic loader on each system.
Additional researchers are actively creating and promptly sharing their CVE-2023-4911 exploits on GitHub and other platforms. However, it remains unverified by BleepingComputer whether these exploits are functional.
Administrators must take swift action in response to this critical security vulnerability. It provides attackers with full root access to systems using the latest versions of popular Linux distributions like Fedora, Ubuntu, and Debian.
For those using Alpine Linux, which remains unaffected by this vulnerability, patching is unnecessary. However, administrators on other affected systems must prioritize patching to protect the integrity and security of their systems.