A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library’s ld.so dynamic loader that, if successfully exploited, could lead to a local privilege escalation and allow a threat actor to gain root privileges.
Tracked as CVE-2023-4911 (CVSS score: 7.8), the issue is a buffer overflow that resides in the dynamic loader’s processing of the GLIBC_TUNABLES environment variable. Cybersecurity firm Qualys, which disclosed details of the bug, said it was introduced as part of a code commit made in April 2021.
The vulnerability impacts major Linux distributions like Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13, although other distributions are likely to be vulnerable and exploitable. One notable exception is Alpine Linux, which uses the musl libc library instead of glibc.
An advisory issued by Red Hat states that a local attacker could exploit the shortcoming to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
It has also provided temporary mitigation that, when enabled, terminates any setuid program invoked with GLIBC_TUNABLES in the environment.
Looney Tunables is the latest addition to a growing list of privilege escalation flaws that have been discovered in Linux in recent years, counting CVE-2021-3156 (Baron Samedit), CVE-2021-3560, CVE-2021-33909 (Sequoia), and CVE-2021-4034 (PwnKit), that could be weaponized to obtain elevated permissions.
Source: https://thehackernews.com/