Some unidentified malicious people, it seems, can gain full root access on Linux machines by exploiting a new security vulnerability revealed in the GNU C library (also known as glibc).
This case is very interesting because over the years the myth of “impenetrable Linux” begins to fall more and more, also causes the fact that, not only in the world are systems based on the aforementioned Kernel used by more people, but because vulnerability checks by cybersecurity companies have increased.
What do we know about this issue related to the well-known Linux GNuC (glibc) library
Tracked as CVE-2023-6246, the heap-based buffer overflow vulnerability originates in glibc's __vsyslog_internal() function, which is used by syslog() and vsyslog() for system logging purposes; It is believed to have been accidentally introduced in August 2022 with the release of glibc 2.37.
“This flaw allows local privilege escalation [tra i quali root e quelli di amministratore]allowing an unprivileged user to gain full root access“, has said Saeed Abbasi, product manager of the Threat Research Unit at Qualys, adding that it affects major Linux distributions such as Debian, Ubuntu and Fedora.
A cybercriminal could exploit the flaw to gain elevated permissions via specially crafted inputs for applications that use these logging functions.
“Although the vulnerability requires specific conditions to be exploited (like an argv[0] or an unusually long openlog() ident argument), its impact is significant due to the widespread use of the affected library,” Abbasi noted.
The cybersecurity firm said further analysis of glibc uncovered two more flaws in the __vsyslog_internal() function (CVE-2023-6779 and CVE-2023-6780) and a third bug in the library's qsort() function that can lead to memory corruption.
The very interesting thing about all this is that The vulnerability found in qsort() has affected all versions of glibc released since 1992.
The development comes nearly four months after Qualys detailed another high-severity flaw in the same library called Looney Tunables (CVE-2023-4911, CVSS score: 7.8) which may result in an intensification of root and administrator privileges.
“These flaws highlight the critical need for rigorous security measures in software development, especially for central libraries widely used in many systems and applications,” Abbasi said.
A security issue on Linux operating systems
While it is true that open source, see Linux-based operating systems in this case, allows immediate solutions, on the other hand, many open source programs, including libraries like Glibc, can escape a series of checks, either due to lack of popularity and use only in particular cases, or for other reasons, by professionals.
While there are tools that can detect threats, However, not everyone is able to read the code and modify it, indeed, very few people, also because they go and find the affected side of code it's anything but a walk in the park; It is no coincidence that this library has a problem that has continued since 1992.
In cases like this there are no antivirus or antimalware that care, you simply have to wait for the experts modify the affected lines of code and solve the problem once and for all.
#Linux #Glibc #library #hackers #root #access
