Shulou(Shulou.com)11/24 Report--

According to CTOnews.com news on October 6, a vulnerability called Looney Tunables has recently been exposed, tracking number CVE-2023-4911, and major Linux distributions including Debian 12 Ubuntu 13, Ubuntu 22.04 and Fedora 37amp 38 have been affected.

CTOnews.com note: this vulnerability exists in the GNU C library dynamic loader, which can be exploited by a local attacker to create a buffer overflow and gain root privileges.

Attackers can use GLIBC_TUNABLES environment variables created by the ld.so dynamic loader to trigger, and when installing files with SUID privileges, they can execute arbitrary code with root privileges.

Qualys disclosed the vulnerability on Tuesday, and several security researchers have released proof of concept (PoC) exploit code for some system configurations.

Independent security researcher Peter Geissler (blasty) released the PoC code earlier today and confirmed that the Linux distribution can be attacked.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.