A vulnerability (CVE-2023-4911) in the GNU C Library (aka “glibc”) can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers.
About CVE-2023-4911
Dubbed “Looney Tunables”, CVE-2023-4911 is a buffer overflow vulnerability in the dynamic loader’s processing of the GLIBC_TUNABLES environment variable. To exploit it, attackers first need to establish access to the system.
“The GNU C Library, commonly known as glibc, is the C library in the GNU system and in most systems running the Linux kernel. It defines the system calls and other basic functionalities, such as open, malloc, printf, exit, etc., that a typical program requires,” Saeed Abbasi, product manager at Qualys’ Threat Research Unit, explained.
