There is a flaw in Linux that allows you to gain root privileges

There is a flaw in Linux that allows you to gain root privileges

It’s not the first time that researchers from Qualys they discover a flaw that allows them to acquire privileges root in a Linux environment. This time, the newly identified gap concerns GNU C Library (glibc) and is capable of jeopardizing the security of several Linux distributions, in default configurations. The vulnerability in question, classified with the identifier CVE-2023-6246allows the acquisition of higher privileges (therefore root rights) on machines affected by the problem.

glibc is an essential support library for programs written in C language. It plays a fundamental role in providing a standard interface between programs and the operating system on which they run. The flaw in privilege escalation affects an internal function of syslog e vsyslogtwo important components in the context of system logging on Unix systems and Unix-likeincluding GNU/Linux-based operating systems.

syslog is a protocol and application for the log recording system; vsyslog is an advanced version that offers virtual logging capabilities for more specific log management in complex environments. They are widely used to ensure traceability and troubleshooting by recording significant events.

Gain root privileges on vulnerable Linux systems

Qualys experts underlined the extent of the risk: the problem of buffer overflow poses a significant threat as it could allow an attacker to gainfull access to the system as root, through artfully crafted input sent to applications that use logging functions syslog e vsyslog.

During testing, researchers confirmed that Debian 12 e 13, Ubuntu 23.04 and 23.10 e Fedora (from releases 37 to 39 inclusive) are vulnerable. Although the checks were carried out on a handful of distributions, the researchers stressed that there are likely other Linux distributions affected by the same security problem.

To resolve the problem, it is essential to install the latest updated packages on the Linux distributions in use, using the reference package manager. We talk about it in the article on how to create a Linux server.

The following command, however, helps to establish the library version glibc present on the system:

ldd --version

It should be borne in mind that the only ones vulnerable versions I am glibc 2.36 and 2.37: The subsequent ones integrate the fix that resolves the vulnerability.

As we mentioned in the introduction, this is not the first alarm raised by Qualys regarding Linux security. Over the years, researchers have identified several vulnerabilities that allow attackers to take complete control of systems Unpatched Linuxeven in default configurations.

Previous discoveries include a flaw in the dynamic loader by glibc (Looney Tunables), one in Polkit’s pkexec (called PwnKit), another at the file system management level in the kernel (Sequoia) and one in the Unix Sudo program.

After the vulnerability was disclosed Looney Tunables (CVE-2023-4911), attacker groups have begun using modified versions of proof-of-concept (PoC) codes shared online to steal login credentials from cloud providers and implant malware.

Credit immagine in apertura: Microsoft Bing Image Creator.

Leave a Reply

Your email address will not be published. Required fields are marked *