Jump to content

Vulnerability in glibc allowing root access on the system

or1k

By or1k
in Security

 Share

Recommended Posts

or1k Collaborator

or1k

Posted
Posted

Vulnerability in glibc allowing root access on the system

A vulnerability (CVE-2023-6246) in the standard C library Glibc allows to get its code executed with elevated privileges through manipulation of running SUID applications. Researchers were able to develop a working exploit that allows to gain root privileges by manipulating command line arguments when running the su utility.

The vulnerability has been confirmed in Debian 12/13, Ubuntu 23.04/23.10 and Fedora 37-39. The vulnerability can only be exploited locally.

A fix for the vulnerability is included in the Glibc code base and will be included in tomorrow's Glibc 2.39 update, along with fixes for two other vulnerabilities (CVE-2023-6779, CVE-2023-6780).

You can test your system's exposure to the vulnerability with the following command: 

$ (exec -a "printf '%0128000x' 1" /usr/bin/su < /dev/null)

 

Link to comment
Share on other sites
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site you automatically agree to the Privacy Policy | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.