Linux vulnerability Looney Tunables

[German]A buffer overflow vulnerability CVE-2023-4911 exists in the Gnu-C library (glibc) in the dynamic loader used to execute programs. The vulnerability, discovered by Qualys' Threat Research Unit (TRU), is called Looney Tunables and has probably existed since 2021. In the worst case, attackers could gain root privileges on the Linux system via the vulnerability. In the meantime, however, most Linux distributions ship a patch for the affected systems.


Advertising

The vulnerability was documented as of October 3, 2023 by Qualys' Threat Research Unit (TRU) in the blog post CVE-2023-4911: Looney Tunables – Local Privilege Escalation in the glibc's ld.so.

Linux Looney Tunables vulnerability

Their security researchers have discovered a buffer overflow vulnerability in the processing of the environment variable GLIBC_TUNABLES by the GNU C Library dynamic loader. The GNU C Library (glibc), is the C library in the GNU system and in most systems running the Linux kernel. It defines the system calls and other basic functions, such as open, malloc, printf, exit, etc., that a typical program needs.

Due to its role, the dynamic loader is highly security relevant, since its code is executed with elevated privileges when a local user starts a program with user ID or group ID set. The environment variable GLIBC_TUNABLES was introduced in glibc to allow users to change the behavior of the library at runtime, so that neither the application nor the library needs to be recompiled. By setting GLIBC_TUNABLES, users can set various performance and behavior parameters that are then applied when the application starts.

The presence of a buffer overflow vulnerability in the dynamic loader's handling of the GLIBC_TUNABLES environment variable poses a significant risk to many Linux distributions. Misuse or exploitation of the environment variable has far-reaching implications for system performance, reliability, and security. Security researchers were able to gain root privileges on various Linux distributions via the CVE-2023-4911 vulnerability. This vulnerability has probably existed since April 2021.


Advertising

Security researchers have successfully identified and exploited this vulnerability (a local privilege escalation granting full root privileges) in the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13. It is likely that other distributions are similarly vulnerable. The exception is Alpine Linux, which uses the musl libc instead of glibc.

The leading Linux distributions should now provide an update to close the vulnerability. In addition, I have seen hints of fixes and countermeasures on various distributions such as Redhat and Debian.


Advertising

This entry was posted in Linux, Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).