Jump to content
  • Linux users beware — this security flaw could allow attackers to get root on major distros, so take extra care

    aum

    • 565 views
    • 3 minutes
     Share


    • 565 views
    • 3 minutes

    Alocal privilege escalation flaw within the GNU C (glibc) has been disclosed, opening up the possibility of cyberattacks on endpoints with the library installed - quite a large pool, as the library enables critical kernel features across several major Linux distributions.

     

    Per BleepingComputer, the flaw, disclosed as CVE-2023-6246, was found in glibc’s __vsyslog_internal() function, called by the syslog and vyslog functions for logging messages to the system.

     

    The flaw allows, via a buffer overflow, unauthorised users to gain root access - full read, write and execute permissions - across a distribution instance, which is, to use the correct computing term, terrifying.

     

    The technical stuff

     

    In its disclosure published on January 30 2024, researchers from security company Qualys wrote that even up to date Fedora installations were exploitable. That’s concerning, but disclosure should expedite a fix.


    Making things worse is the fact that, per the disclosure again this vulnerability was backported to 2.36 via another code commit fixing a different flaw in __vsyslog_internal(), stemming from an uninitialized memory read, tracked as CVE-2022-39046.

     

    Buffer overflow, or more data being written to a part of a computer program than it has allocated, allowing for the execution of arbitrary, potentially nefarious code, has always been a serious problem for the decades-old glibc library, to the point where Qualys found that a very similar bug in its code has occurred before, in 1997.

     

    The common solution is to add functions to code that check memory bounds, so that, if an allocation to a buffer would cause an overflow, it’s refused.

     

    The implications


    Even if you’re not a programmer, this news should trouble anyone who’s given into the hype and is now running Debian (versions 12 to 13) or a Debian-based Linux distribution, which includes Raspberry Pi OS, as well as other major Linux variants like Fedora (37 to 39) and Ubuntu (23.04 and 23.10) and their offshoots, including the established and popular Linux Mint.

     

    Qualys also pointed out that ‘other distributions are probably also exploitable’, so even though we’ve named some of the popular distributions affected, you may wish to investigate further.

     

    The one saving grace from all of this is that Qualys don’t believe the exploit can be triggered remotely, writing in its disclosure that “to the best of our knowledge, this vulnerability cannot be triggered remotely in any likely scenario (because it requires an argv[0], or an openlog() ident argument, longer than 1024 bytes to be triggered)”.

     

    Source

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...