Jump to content

Vulnerability in glibc allowing root access on the system


or1k

Recommended Posts

Vulnerability in glibc allowing root access on the system

A vulnerability (CVE-2023-6246) in the standard C library Glibc allows to get its code executed with elevated privileges through manipulation of running SUID applications. Researchers were able to develop a working exploit that allows to gain root privileges by manipulating command line arguments when running the su utility.

The vulnerability has been confirmed in Debian 12/13, Ubuntu 23.04/23.10 and Fedora 37-39. The vulnerability can only be exploited locally.

A fix for the vulnerability is included in the Glibc code base and will be included in tomorrow's Glibc 2.39 update, along with fixes for two other vulnerabilities (CVE-2023-6779, CVE-2023-6780).

You can test your system's exposure to the vulnerability with the following command:

$ (exec -a "printf '%0128000x' 1" /usr/bin/su < /dev/null)

 

Link to comment
Share on other sites

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
  • Create New...

Important Information

By using this site you automatically agree to the Privacy Policy | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.