A high-severity vulnerability has been discovered in GNU C Library’s dynamic loader that allows local attackers to gain root privileges on major Linux distributions. The vulnerability, named ‘Looney Tunables’ and identified as CVE-2023-4911, is a buffer overflow weakness that affects default installations of Debian 12 and 13, Ubuntu 22.04 and 23.04, and Fedora 37 and 38.
By exploiting the vulnerability using a specially crafted GLIBC_TUNABLES environment variable, attackers can execute arbitrary code with root privileges when launching binaries with SUID permission. Proof-of-concept exploit codes have already been shared online by security researchers, confirming the effectiveness of the vulnerability on certain system configurations.
Independent security researcher Peter Geissler (blasty) has released one of the PoC exploits, which can be used against a limited number of targets. Instructions on adding additional targets by identifying the offset for each system’s ld.so dynamic loader are also included in the PoC. Other researchers are actively developing and sharing their own CVE-2023-4911 exploits.
System administrators should take immediate action to address this critical security flaw, as it grants complete root access to Linux systems running the latest versions of Fedora, Ubuntu, and Debian. While Alpine Linux is unaffected, users of other affected systems must prioritize patching to ensure system integrity and security.
“Our successful exploitation of this vulnerability on major distributions like Fedora, Ubuntu, and Debian underscores its severity and wide-ranging impact,” said Saeed Abbasi, Product Manager at Qualys’ Threat Research Unit. “Other research teams could soon produce and release exploits, putting countless systems at risk given the widespread use of glibc across Linux distributions.”
Qualys’ Threat Research Unit has previously discovered and disclosed other severe Linux security vulnerabilities, such as those in Polkit’s pkexec component (PwnKit), the Kernel’s filesystem layer (Sequoia), and the Sudo Unix program (Baron Samedit).