Wednesday, January 31, 2024

New Vulnerability Found in GLIBC - A Critical One!


A critical security vulnerability in the GNU C library (glibc) has been disclosed, posing a significant risk of local privilege escalation on Linux systems. Tracked as CVE-2023-6246, the heap-based buffer overflow flaw is associated with glibc's __vsyslog_internal() function, utilized by syslog() and vsyslog() for system logging. Introduced inadvertently in August 2022 with glibc version 2.37, this flaw could allow local attackers to gain full root access on Linux machines. Notably, major Linux distributions like Debian, Ubuntu, and Fedora are affected.

Qualys' Threat Research Unit highlighted that a threat actor could exploit the vulnerability by providing specially crafted inputs to applications using these logging functions, leading to elevated permissions. While specific conditions, such as an unusually long argv[0] or openlog() ident argument, are required for exploitation, the impact is substantial due to the widespread use of the affected library.

Upon further analysis, Qualys discovered two additional flaws (CVE-2023-6779 and CVE-2023-6780) in the __vsyslog_internal() function and a separate bug in the library's qsort() function, resulting in potential memory corruption. The vulnerability in qsort() affects all glibc versions released since 1992.

This development follows Qualys' disclosure of the Looney Tunables flaw (CVE-2023-4911) in glibc approximately four months ago, emphasizing the critical importance of robust security measures in software development, particularly for core libraries widely employed across various systems and applications.


Post a Comment