On the majority of Linux distributions, proof-of-concept attacks for a high-severity vulnerability in the dynamic loader of the GNU C Library have previously been made public online.

This security flaw, dubbed “Looney Tunables,” is listed as CVE-2023-4911 and affects Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13. It is caused by a buffer overflow problem.

Attackers can use it to start programs with SUID permission and get root privileges by exploiting the GLIBC_TUNABLES environment variable that is processed by the ld.so dynamic loader.

Several security researchers have already released proof-of-concept (PoC) exploit code that is functional for various system configurations since Qualys read more Exploits Released for Linux flaw giving root on major distros.

Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.

The post Exploits released for Linux flaw giving root on major distros appeared first on Recon Bee.