Skip to Content

CVE-2023-4911: Looney Tunables – enables local attackers to gain root privileges in Linux

The Qualys Threat Research Unit (TRU) recently uncovered a buffer overflow vulnerability within the GNU C Library’s dynamic loader, specifically in how it handles the GLIBC_TUNABLES environment variable.

Their team has detected and exploited this vulnerability. When exploited, it leads to a local privilege escalation granting full root privileges.

This vulnerability affects default installations of various Linux distributions, including Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13.

It’s possible that other distributions are also vulnerable, although it’s worth noting that Alpine Linux, which utilizes musl libc instead of glibc, remains unaffected. This vulnerability was introduced in April 2021.

Get Your Free Linux training!

Join our free Linux training and discover the power of open-source technology. Enhance your skills and boost your career! Learn Linux for Free!

Given the severity of the GNU C Library’s dynamic loader vulnerability and its potential impact on systems, the Qualys Threat Research Unit strongly recommends that security teams prioritize patching this issue.

Introduction of glibc

The GNU C Library, often referred to as glibc, serves as the primary C library within the GNU system and on many Linux kernel-based systems. Its primary function is to define essential system calls and fundamental functionalities like open, malloc, printf, exit, and more, which are necessary for typical program execution.

An integral component of glibc is its dynamic loader, responsible for the initialization and execution of programs.

When a program is launched, this loader initially examines it to identify any shared libraries required. Subsequently, it actively seeks out these libraries, loads them into memory, and establishes connections with the executable during runtime.

During this process, the dynamic loader resolves symbol references, including function and variable references, to ensure that all prerequisites are in place for the program’s smooth execution.

Due to its critical role, the dynamic loader is highly sensitive to security concerns since its code operates with elevated privileges when a local user initiates a set-user-ID or set-group-ID program.

Technical Details and how to fix

You can find the technical details of these vulnerabilities at:

https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

https://access.redhat.com/security/cve/CVE-2023-4911

How to check your distribution version:

4 Useful Commands to Check Linux Version

how to list installed packages in Linux:

5 ways to list installed packages in Linux

Linux Server Security Best Practices for System Administrators

Conclusion

In summary, the buffer overflow vulnerability found by the Qualys Threat Research Unit in the GNU C Library’s dynamic loader is a significant issue affecting numerous Linux distributions.

This vulnerability has the potential to grant complete root access on widely used platforms such as Fedora, Ubuntu, and Debian. Consequently, it is crucial for system administrators to take immediate action.

While Alpine Linux users are exempt from this threat, users of other distributions should make patching a top priority to safeguard system integrity and security.