Unprivileged attackers can get root entry on a number of main Linux distributions in default configurations by exploiting a newly disclosed native privilege escalation (LPE) vulnerability within the GNU C Library (glibc).
Tracked as CVE-2023-6246, this safety flaw was present in glibc’s __vsyslog_internal() perform, known as by the widely-used syslog and vsyslog capabilities for writing messages to the system message logger.
The bug is because of a heap-based buffer overflow weak spot unintentionally launched in glibc 2.37 in August 2022 and later backported to glibc 2.36 when addressing a much less extreme vulnerability tracked as CVE-2022-39046.
“The buffer overflow subject poses a big menace because it might permit native privilege escalation, enabling an unprivileged person to realize full root entry by crafted inputs to functions that make use of these logging capabilities,” Qualys safety researchers mentioned.
“Although the vulnerability requires particular situations to be exploited (resembling an unusually lengthy argv(0) or openlog() ident argument), its impression is important because of the widespread use of the affected library.”
Impacts Debian, Ubuntu, and Fedora methods
While testing their findings, Qualys confirmed that Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora 37 to 39 had been all susceptible to CVE-2023-6246 exploits, permitting any unprivileged person to escalate privileges to full root entry on default installations.
Although their assessments had been restricted to a handful of distros, the researchers added that “different distributions are most likely additionally exploitable.”
While analyzing glibc for different potential safety points, the researchers additionally discovered three different vulnerabilities, two of them—tougher to take advantage of— within the __vsyslog_internal() perform (CVE-2023-6779 and CVE-2023-6780) and a 3rd one (a reminiscence corruption subject nonetheless ready for a CVEID) in glibc’s qsort() perform.
“These flaws spotlight the essential want for strict safety measures in software program improvement, particularly for core libraries extensively used throughout many methods and functions,” mentioned Saeed Abbasi, Product Manager at Qualys’ Threat Research Unit.
Other Linux root escalation flaws discovered by Qualys
Over the previous few years, researchers at Qualys have discovered a number of different Linux safety vulnerabilities that may let attackers acquire full management over unpatched Linux methods, even in default configurations.
Vulnerabilities they found embody a flaw in glibc’s ld.so dynamic loader (Looney Tunables), one in Polkit’s pkexec element (dubbed PwnKit), one other within the Kernel’s filesystem layer (dubbed Sequoia), and within the Sudo Unix program (aka Baron Samedit). .
Days after the Looney Tunables flaw (CVE-2023-4911) was disclosed, proof-of-concept (PoC) exploits had been printed on-line, and menace actors began exploiting it one month later to steal cloud service supplier (CSP) credentials in Kinsing malware assaults.
The Kinsing gang is thought for deploying cryptocurrency mining malware on compromised cloud-based methods, together with Kubernetes, Docker APIs, Redis, and Jenkins servers.
CISA later ordered US federal companies to safe their Linux methods in opposition to CVE-2023-4911 assaults after including it to its catalog of actively exploited bugs and tagging it as posing “vital dangers to the federal enterprise.”