New Linux glibc flaw lets attackers get root on major distros

A critical local privilege escalation vulnerability has been identified in the GNU C Library (glibc), affecting multiple major Linux distributions. Designated as CVE-2023-6246, the flaw originates from a heap-based buffer overflow in the __vsyslog_internal() function, introduced in glibc version 2.37 and inadvertently backported to 2.36. This vulnerability enables unprivileged users to gain root access by manipulating applications that use certain logging functions. Security researchers at Qualys have confirmed that default installations of Debian, Ubuntu, and Fedora are susceptible to this exploit.

In addition to CVE-2023-6246, Qualys discovered three other vulnerabilities in glibc, two within the same __vsyslog_internal() function and one in the qsort() function, which are yet to be assigned CVE IDs. These discoveries underscore the importance of robust security in software development, particularly for essential libraries integral to numerous systems and applications.

Qualys has a history of uncovering significant Linux security flaws, including vulnerabilities in glibc’s dynamic loader, Polkit’s pkexec component, the Kernel’s filesystem layer, and the Sudo Unix program. One such vulnerability, CVE-2023-4911, was quickly exploited by attackers to launch Kinsing malware attacks, leading to the theft of cloud service provider credentials. Consequently, the Cybersecurity and Infrastructure Security Agency (CISA) has mandated U.S. federal agencies to fortify their Linux systems against these active threats.
Read more at BleepingComputer…