Active Exploitation of High Severity Vulnerability in GNU C Library (CVE-2023-4911)

Published On: Nov 08, 2023 18:14

Advisory No: TZCERT/SA/2023/11/08

Source: NIST, CSA

Software Affected:   Linux kernel-based systems running v.2.34 of the GNU C Library.

Overview

Description

Advisory No: TZCERT/SA/2023/11/08

Date of First Release: 8th November 2023

Source: NIST, CSA

Software Affected:  Linux kernel-based systems running v.2.34 of the GNU C Library.

Overview:

A high-severity buffer overflow vulnerability which is also known as Looney Tunables affecting Linux kernel-based systems has been discovered. The vulnerability affected GNU C library which is a foundational component of most UNIX operating systems. The vulnerability could allow a local attacker to gain root privileges on the system.

Description:

GNU Library also known as glibc provides system API, system calls, and basic routines for programs written in C and C++ to interact with the underlying operating system. The glibc uses environmental variables that can influence everything the computer does from localization, debugging and performance tuning.

GLIBC_TUNABLES is one of the variables responsible for controlling the behavior of glibc in certain aspects, allowing users to set tunables that influence runtime behavior of glibc without having to recompile the application or library.

The way dynamic loader handles the GLIBC_TUNABLES environment variable is ineffective as it allows more data to be copied inside the allocated buffer than the allowed amount leading to buffer overflow vulnerability.

As a result of buffer overflow in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable, the local attacker may modify the LD_LIBRARY_PATH for a given SUID  binary or make a copy, allowing processes to load untrusted shared objects from an attacker-controlled directory to execute code with elevated privileges.

Impact:

Successful exploitation of these vulnerabilities may allow the attacker to take control of affected system.

Solution:

Multiple Linux distributions have released patches for this vulnerability. Users and administrators are encouraged to apply all necessary updates.

References:

  1. https://nvd.nist.gov/vuln/detail/CVE-2023-4911
  2. https://www.csa.gov.sg/alerts-advisories/alerts/2023/al-2023-145
  3. https://sysdig.com/blog/cve-2023-4911/#:~:text=The%20flaw%2C%20assigned%20CVE%2D2023,for%20accurate%20information%20on%20status
  4. https://www.bleepingcomputer.com/news/security/hackers-exploit-looney-tunables-linux-bug-steal-cloud-creds/

Impact

Solution

References

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Report Incident