Major Linux distros targeted by hackers exploiting this significant flaw
A high-severity flaw has been sitting in many Linux endpoints for two years now, potentially allowing threat actors to run malicious code with elevated privileges.
This is according to cybersecurity researchers from Qualys’ Threat Research Unit, which shared in its writeup, that the flaw is tracked as CVE-2023-4911. This is a buffer overflow weakness in the GNU C Library’s (glibc) Id.so dynamic loader, first introduced with glibc 2.34, back in April 2021.
“Our successful exploitation, leading to full root privileges on major distributions like Fedora, Ubuntu, and Debian, highlights this vulnerability’s severity and widespread nature,” said Saeed Abbasi, Product Manager at Qualys’ Threat Research Unit. “Although we are withholding our exploit code for now, the ease with which the buffer overflow can be transformed into a data-only attack implies that other research teams could soon produce and release exploits.”
“This could put countless systems at risk, especially given the extensive use of glibc across Linux distributions,” Abbasi concluded.
The flaw rears its ugly head, the researcher further explained, when processing GLIBC_TUNABLES environment variable on default installations of Debian 12 and 13, Ubuntu 22.04 and 23.04, and Fedora 37 and 38. Alpine Linux is home-free as it uses musl libc, it was also added.
As a result, low-privileged attackers can run low-complexity attacks without the need for the victim to interact in any way.
“With the capability to provide full root access on popular platforms like Fedora, Ubuntu, and Debian, it’s imperative for system administrators to act swiftly,” the researcher warned. “While Alpine Linux users can breathe a sigh of relief, others should prioritize patching to ensure system integrity and security.”
Qualys dubbed the vulnerability “Looney Tunables”.
More from TechRadar Pro
- TransUnion’s data stolen in major data breach
- Here’s a list of the best endpoint protection software
- These are the best malware removal tools right now