Linux: a serious vulnerability affects almost almost all distributions

Estimated read time 3 min read

Linux: a serious vulnerability affects almost almost all distributions

Picture: Qualys.

The security flaw CVE-2023-4911, aka “Looney Tunables”, is not the worst. Its CVSS score (Common Vulnerability Scoring System) is 7.8, which classifies it in the important flaws, but not critical.

On the other hand, this vulnerability of the GNU C library dynamic loader (glibc) is a buffer overflow – which is always a big problem. But above all, it is present in almost all Linux distributions, which makes the problem all the more serious.

After all, its discoverers, the Qualys threat research unit, were able to exploit “this vulnerability (an escalation of privileges that grants local root privileges) on the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13”. Other distributions are most certainly vulnerable to attacks. The only major exception is the very secure Alpine Linux.

A vulnerability that affects almost all systems

By exploiting this vulnerability, an attacker could easily take control of most Linux systems as the root user. As the researchers note, this method of exploitation “works against almost all SUID-root programs, which are installed by default on Linux”.

In summary: this is very bad news for all Linux users.

The vulnerability dates from April 2021, when it arrived with the publication of glibc 2.34. This is a buffer overflow in the dynamic loader ld.so glibc, a crucial component responsible for the preparation and execution of programs on Linux systems. The vulnerability is triggered during the processing of the GLIBC_TUNABLES environment variable, and poses a significant threat to the integrity and security of the system.

“Is it serious, doctor? »

To quote Saeed Abbasi, product manager of Qualys’ threat research unit: “This environment variable, intended to refine and optimize glibc-related applications, is an essential tool for developers and system administrators. Its misuse or exploitation largely affects the performance, reliability and security of the system. The ease with which the buffer overflow can be transformed into a data-only attack could endanger countless systems, especially if we consider the intensive use of glibc in Linux distributions. »

And yes, at least one exploit is already available to take advantage of this flaw.

So, what can you do to protect yourself from it? It is enough to install a patch. As soon as possible. And that’s good, there are some.

Patch quickly

The good news is that Red Hat, Ubuntu, Debian and Gentoo have all released their own updates. In addition, the glibc upstream code has been fixed with the hotfix.

If you can’t fix it, Red Hat has a script that should work on most Linux systems to mitigate the problem by configuring your system to terminate any setuid program invoked with GLIBC_TUNABLES in the environment.

So, a tip: install the patches as soon as possible, run the scripts and, if you have vulnerable IoT devices, lock them behind a firewall until a fix is put in place.

“That’s all Folks! »

Source: ZDNet.com

You May Also Like

More From Author