A vulnerability known as "Looney Tunables" has been identified in the GNU C Library (glibc), which can be leveraged by malicious actors to attain root privileges on widely used Linux distributions. This vulnerability, tracked as CVE-2023-4911, is a buffer overflow weakness located within the dynamic loader's handling of the GLIBC_TUNABLES environment variable. The dynamic loader from the GNU C Library is present in most Linux distributions.
CVE-2023-4911 was discovered by researchers at Qualys, who successfully exploited it on the default configurations of various Linux distributions, including Fedora 7 and 8, Ubuntu 22.04 and 23.04, and Debian 12 and 13. It is likely that other distributions are also vulnerable to attacks, with the exception being the highly secure Alpine Linux. The researchers noted that this exploitation technique is effective against nearly all SUID-root programs that come pre-installed on Linux systems by default.
Qualys Threat Research Unit Product Manager, Saeed Abbasi, emphasized the significance of an environment variable used for optimizing applications connected to glibc. When misused or exploited, it can have widespread negative impacts on system performance, reliability, and security.
The vulnerability's ease of exploitation, potentially leading to data-only attacks, poses a major risk to numerous systems. Although there are mitigation steps, Avertium recommends that all users patch as soon as possible.
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with CVE-2023-4911. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.