Local Privilege Escalation in glibc ld.so (CVE-2023-4911)

[Fleury, Terry]

CI Operators:

A vulnerability in glibc's ld.so dynamic loader has been discovered [1]. Dubbed "Looney Tunables" [2] due to the use of the GLIBC_TUNABLES environment variable, the vulnerability enables a local user to become root. The vulnerability has a CVSSv3 score of 7.8 and is tracked as CVE-2023-4911 [3].

 

Impact:

A local attacker could exploit a vulnerability in glibc's ld.so library to use a malicious GLIBC_TUNABLES environment variable when launching binaries with SUID permission to execute code with elevated privileges. 

 

Affected Software: 

glibc in RedHat 8 & 9 [4] , Debian bullseye & bookworm [5], Ubuntu jammy & lunar [6], and other Linux distributions which rely on glibc. Note that Alpine Linux is not affected since it uses the musl libc library instead of glibc.

 

Recommendation:

Update glibc for your distribution when available. RedHat has provided a temporary mitigation [4] which terminates any setuid program invoked with GLIBC_TUNABLES in the environment.

 

References:

[1] https://seclists.org/oss-sec/2023/q4/18

[2] https://thehackernews.com/2023/10/looney-tunables-new-linux-flaw-enables.html

[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911 

[4] https://access.redhat.com/security/cve/cve-2023-4911 

[5] https://security-tracker.debian.org/tracker/CVE-2023-4911 

[6] https://ubuntu.com/security/CVE-2023-4911 

 

How Trusted CI can help:

The potential impact of any vulnerability, and therefore the appropriate response, depends in part on operational conditions that are unique to each cyberinfrastructure deployment. Trusted CI cannot provide a one-size-fits-all severity rating and response recommendation for all NSF cyberinfrastructure. Please contact us (https://trustedci.org/help/) if you need assistance with assessing the potential impact of this vulnerability in your environment and/or you have additional information about this issue that should be shared with the community.