Security vulnerability in Linux
Linux: Vulnerability in glibc gives attackers root privileges
Almost all current Linux versions are affected by the security vulnerability, but it cannot be attacked remotely. Updates are available.
Three new gaps in the central Linux library glibc are currently keeping the developers and distributors of the open source operating system busy. The security leaks allow users to extend their own privileges and - after a few attempts - execute code with the privileges of the admin user "root". The major Linux distributions have already reacted and released updated packages.
As the discoverers at Qualys Labs report, they came across the bug in the __vsyslog_internal() helper function, which is called by glibc logging functions and has apparently been dormant in the library's code since August 2022. Ironically, the bug arose due to a bug fix for another security issue in the same function.
The problem, which the researchers were able to reproduce on Debian 12 and 13, Ubuntu 23.04 and 23.10 and Fedora 37 to 39, is based on a buffer overflow and can be used to execute custom commands as "root" with some tinkering. Fortunately, according to the experts, the vulnerability cannot be exploited remotely; a local user account is a necessary prerequisite.
This condition also influences the risk assessment for CVE-2023-6246, which results in a high risk. Although no official CVSS value is known, the known details result in a score of 7.8/10 (CVSS vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C).
Vulnerability testing with 128,000 zeros
Admins can use a bash one-liner to test whether their system is still affected or has already been repaired. However, as with any "proof of concept", caution is advised: Undesirable side effects cannot always be ruled out.
(exec -a "`printf '%0128000x' 1`" /usr/bin/su < /dev/null)
After entering this line as a normal user on a vulnerable system, the su-typical password prompt appears briefly and then the message "Segmentation fault (core dumped)" suddenly appears.
The major Linux distributions Debian and Fedora have responded with their own security advisories and provided updated glibc packages. These generally also fix two minor security vulnerabilities in glibc, which have the CVE IDs CVE-2023-6779 and CVE-2023-6780. No current package has yet been released by Ubuntu; a current virtual machine in the heise-security editorial office is still vulnerable.
Alongside the kernel, the Linux library glibc is considered one of the central elements of the operating system, which makes security vulnerabilities very important. Last year, for example, Qualys discovered the"Looney Tunables", which also made it possible to extend the rights of a local user.
NOTE RPTU:
Supplementary information: only from glibc 2.37 - EL8 (HPC and Linux terminal servers are not affected).