Red Hat Releases Security Updates for "Looney Tunables" Vulnerability in Linux Distributions

The vulnerability CVE-2023-4911 allows local attackers to gain root privileges in Linux distributions

Threat ID:: CC-4391
Threat Severity:: Medium
Published:: 9 October 2023 4:24 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

The vulnerability CVE-2023-4911 allows local attackers to gain root privileges in Linux distributions

Affected platforms

The following platforms are known to be affected:

Red Hat Enterprise Linux

The glibc packages are affected in versions:

Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.6 Extended Update Support
Red Hat Enterprise Linux 9
Red Hat Enterprise Linux 9.0 Extended Update Support
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Threat details

Introduction

Red Hat have released a security update to address a vulnerability in the GNU C Library's dynamic loader ld.so.

The high severity buffer overflow vulnerability, known as CVE-2023-4911, could allow a local attacker to craft malicious GLIBC_TUNABLES environment variables when launching binaries with SUID permissions to execute code with elevated privileges.

Proof-of-concept released for CVE-2023-4911

Proof-of-concept code has been developed for CVE-2023-4911, but exploitation has not yet been observed in the wild.

Remediation advice

Affected organisations are encouraged to review the following Red Hat security advisory and apply any relevant updates or workarounds.

Definitive source of threat updates

https://access.redhat.com/security/cve/cve-2023-4911

CVE Vulnerabilities

Status Published

CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Last edited: 9 October 2023 4:25 pm