|
|
Log in / Subscribe / Register

A locally exploitable glibc vulnerability

[Posted January 31, 2024 by corbet]

Qualys has disclosed a vulnerability in the GNU C Library that can be exploited by a local attacker for root access. It was introduced in the 2.37 release, and also backported to 2.36.

For example, we confirmed that Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora 37 to 39 are vulnerable to this buffer overflow. Furthermore, we successfully exploited an up-to-date, default installation of Fedora 38 (on amd64): a Local Privilege Escalation, from any unprivileged user to full root. Other distributions are probably also exploitable.

Vulnerable systems with untrusted users should probably be updated in a timely manner.

to post comments

A locally exploitable glibc vulnerability

Posted Jan 31, 2024 23:29 UTC (Wed) by mjw (subscriber, #16740) [Link] (1 responses)

Note that glibc 2.39 was just released which contains a fix for this:
https://inbox.sourceware.org/libc-alpha/38790850.J2Yia2Dh...
The fix was also backported to the relevant older release branches:
https://sourceware.org/cgit/glibc/refs/

A locally exploitable glibc vulnerability

Posted Jan 31, 2024 23:33 UTC (Wed) by mjw (subscriber, #16740) [Link]

Also glibc now publishes their own advisories:
https://sourceware.org/cgit/glibc/tree/advisories

A locally exploitable glibc vulnerability

Posted Feb 6, 2024 8:29 UTC (Tue) by eru (subscriber, #2753) [Link] (1 responses)

The problem looks like one a static analyzer should have caught. Also valgrind would have screamed about over-running a malloced buffer, if used with a test that triggers this code path.

A locally exploitable glibc vulnerability

Posted Feb 14, 2024 23:19 UTC (Wed) by DanilaBerezin (guest, #168271) [Link]

It would've screamed if they had just enabled the memory sanitizer too


Copyright © 2024, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds