A locally exploitable glibc vulnerability

by
corbet
from LWN.net on (#6J964)
Qualys has discloseda vulnerability in the GNU C Library that can be exploited by a localattacker for root access. It was introduced in the 2.37 release, and alsobackported to 2.36.

For example, we confirmed that Debian 12 and 13, Ubuntu 23.04 and23.10, and Fedora 37 to 39 are vulnerable to this bufferoverflow. Furthermore, we successfully exploited an up-to-date,default installation of Fedora 38 (on amd64): a Local PrivilegeEscalation, from any unprivileged user to full root. Otherdistributions are probably also exploitable.

Vulnerable systems with untrusted users should probably be updated in atimely manner.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments