Introduction
A recently discovered vulnerability in the GNU C Library (glibc) has sent shockwaves through the Linux community, raising concerns about the security of several major Linux distributions. Designated as CVE-2023-6246, this security flaw, found in the __vsyslog_internal() function of the glibc library, potentially enables unauthorized access to the root account.
A Buffer Overflow Vulnerability
The vulnerability arises from an unintended weakness related to a buffer overflow based on the heap, which was introduced in the August 2022 release of glibc version 2.37. It was later backported to version 2.36 glibc while fixing a less severe vulnerability (CVE-2022-39046). This buffer overflow flaw poses a serious threat as it allows users with lower privileges to elevate their privileges and gain full access to the root account by manipulating input data of applications that utilize these logging functions.
The Extent of the Vulnerability
Researchers from Qualys, a renowned cybersecurity firm, have highlighted the severity of this vulnerability due to the widespread use of the affected library. They have confirmed that numerous Linux distributions, including Debian 12 and 13, Ubuntu 23.04 and 23.10, as well as Fedora 37 to 39, are vulnerable to attacks exploiting CVE-2023-6246. It is highly likely that other distributions are also at risk.
Uncovering Additional Vulnerabilities
During their analysis, Qualys researchers discovered three additional vulnerabilities. Two of these vulnerabilities, identified as CVE-2023-6779 and CVE-2023-6780, were found in the __vsyslog_internal() function, while the third vulnerability, related to memory corruption, was identified in the qsort() function of the glibc library and is awaiting a CVEID assignment.
The Importance of Robust Security Measures
These findings underscore the significance of implementing robust security measures in the software development process, especially for core libraries that are widely used across various systems and applications. Saeed Abbasi, a product manager in Qualys’ Threat Research unit, emphasizes this point.
This is not the first time that Qualys has uncovered vulnerabilities that could lead to gaining root access on Linux systems. They previously disclosed vulnerabilities in various components, such as the dynamic loader ld.so of the glibc library (Looney Tunables), the pkexec component in the Polkit library (PwnKit), the kernel filesystem layer (Sequoia), and the Unix program Sudo (Baron Samedit). For instance, the Looney Tunables vulnerability (CVE-2023-4911) resulted in the theft of cloud service provider credentials in malware attacks conducted by Kinsing.
The Response from Cybersecurity Authorities
In response to these discoveries, the Cybersecurity and Infrastructure Security Agency (CISA) has advised US government agencies to secure their Linux systems against attacks exploiting CVE-2023-4911, as they pose significant risks.
Sources:
– GNU C Library: https://www.gnu.org/software/libc/
– Qualys: https://www.qualys.com/
– CISA: https://www.cisa.gov/