← voltar
CVE-2023-4911

Glibc: buffer overflow in ld.so leading to privilege escalation

CVSS 7.8 HIGHEPSS 78.6%● KEVCWE-122
Em resumo

Uma falha na biblioteca principal do Linux permite que atacantes locais preencham um buffer com dados maliciosos através de uma variável de ambiente especial, podendo executar código com privilégios de administrador.

Detalhe técnico

Um estouro de buffer ocorre no carregador dinâmico ld.so da glibc durante o processamento da variável de ambiente GLIBC_TUNABLES. Atacantes locais podem explorar isso criando variáveis de ambiente maliciosas em binários SUID para obter execução arbitrária de código com privilégios elevados; requer acesso local e um binário SUID vulnerável.

Resumo gerado e traduzido por IA a partir da descrição oficial.
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
glibcRed Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.0 Extended Update SupportRed Hat · Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
PoCs públicas encontradas22
githubgithub.com/leesh3288/CVE-2023-4911392githubgithub.com/RickdeJager/CVE-2023-4911167githubgithub.com/chaudharyarjun/LooneyPwner42githubgithub.com/hadrian3689/looney-tunables-CVE-2023-491129githubgithub.com/ruycr4ft/CVE-2023-491118githubgithub.com/KernelKrise/CVE-2023-491117githubgithub.com/Green-Avocado/CVE-2023-491115githubgithub.com/Diego-AltF4/CVE-2023-49119githubgithub.com/NishanthAnand21/CVE-2023-4911-PoC7githubgithub.com/puckiestyle/CVE-2023-49112githubgithub.com/xiaoQ1z/CVE-2023-49111githubgithub.com/teraGL/looneyCVE1githubgithub.com/KillReal01/CVE-2023-49110githubgithub.com/0xMOGA/CVE-2023-4911-Lab0githubgithub.com/silent6trinity/looney-tuneables0githubgithub.com/guffre/CVE-2023-49110githubgithub.com/snurkeburk/Looney-Tunables0githubgithub.com/Billar42/CVE-2023-49110githubgithub.com/Aryan20057/CVE-2023-49110cve_referencewww.exploit-db.com/exploits/52479não verificadocve_referencepacketstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.htmlnão verificadocve_referencepacketstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.htmlhttps://access.redhat.com/errata/RHSA-2023:5453https://access.redhat.com/errata/RHSA-2023:5454https://access.redhat.com/errata/RHSA-2023:5455https://access.redhat.com/errata/RHSA-2023:5476https://access.redhat.com/errata/RHSA-2024:0033https://access.redhat.com/security/cve/CVE-2023-4911https://bugzilla.redhat.com/show_bug.cgi?id=2238352https://cert-portal.siemens.com/productcert/html/ssa-082556.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-794697.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-831302.html