Last Tuesday, researchers from the Threat Research Unit Of Qualys revealed the existence of a high-severity security flaw that would affect all the major ones Linux distributions In circulation.
This one, nicknamed Looney Tunables (tracking code CVE-2023-4911) is due to a buffer overflow issue and affects standard installations of Debian 12 e 13, Ubuntu 22.04 e 23.04 beyond Fedora 37 e 38.
Attackers can exploit this vulnerability via a variable GLIBC_TUNABLES linked to the dynamic loader ld.sothrough which they achieve code execution with root privileges.
The researchers who discovered the flaw have already released exploit code proof-of-concept (PoC) works on some system configurations.
Fedora, Ubuntu and Debian at risk, Alpine Linux safe
Due to the high severity level of Looney Tunables, administrators of at-risk machines should act promptly. This is because, through such a flaw, attackers can potentially gain full root access of Fedora, Ubuntu and Debian systems. However, it should be underlined that this vulnerability does not concern administrators Alpine Linuxwho therefore do not run any risk.
He spoke out about this exploit Saeed AbbasiProduct Manager at the Threat Research Unit at Qualys, stating how “Our test was successful and resulted in full root privileges on major distributions such as Fedora, Ubuntu and Debian, highlighting the severity and widespread nature of this vulnerability“.
Qualys researchers have found and revealed other serious Linux security bugs in recent years, including a flaw in the component pkexec Of Polkit (nicknamed PwnKit), one in the Kernel file system layer (nicknamed Sequoia) and another in the program Sudo Unix (also known as Baron Samedit).
All this demonstrates, once again, that Linux is no longer a danger-free operating system. Between bug, malware ed exploiteven the dear penguin has now become dangerous as well as the other main OS on the market.