A locally exploitable glibc vulnerability

Wednesday January 31, 2024. 05:25 PM , from LWN.net

Qualys has disclosed
a vulnerability in the GNU C Library that can be exploited by a local
attacker for root access. It was introduced in the 2.37 release, and also
backported to 2.36.

For example, we confirmed that Debian 12 and 13, Ubuntu 23.04 and
23.10, and Fedora 37 to 39 are vulnerable to this buffer
overflow. Furthermore, we successfully exploited an up-to-date,
default installation of Fedora 38 (on amd64): a Local Privilege
Escalation, from any unprivileged user to full root. Other
distributions are probably also exploitable.

Vulnerable systems with untrusted users should probably be updated in a
timely manner.

Related News

Critical vulnerability in Mastodon is pounced upon by fast-acting admins

TheRegisterFeb 2

0patch beats Microsoft to the punch and fixes serious EventLogCrasher vulnerability that affects every version of Windows

BetaNewsFeb 1

Bugcrowd sees 30 percent increase in web vulnerability submissions

BetaNewsJan 24

Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers

TheRegisterJan 15

Ivanti Warns of Critical Vulnerability In Its Popular Line of Endpoint Protection Software

SlashdotJan 6

Current Date

May, Fri 3 - 06:20 CEST