Cybersecurity blog header

CVE-2023-4911: The vulnerability Looney Tunables in GlibC is being actively exploited

- S.T.A².R.S Team

According to CISA, the CVE-2023-4911 vulnerability is being actively exploited.

On October 3, 2023, Qualys published information about a high-severity local privilege escalation vulnerability in the GNU C Library (glibc), which is widely used on Linux systems. This vulnerability (CVE-2023-4911) could allow a local attacker to gain root privileges.

Only two days ago, CISA, the Cybersecurity and Infrastructure Security Agency of the United States, reported that this vulnerability CVE-2023-4911 is actively being exploited.

The GNU C Library defines system calls and other basic functionality that all programs that use this language require. Most current Linux distributions use this library to compile their software packages.

Vulnerability CVE-2023-4911 details

The following are the main details of this vulnerability:

  • CVE identifier: CVE-2023-4911.
  • Date published: October 3, 2023.
  • Affected software: glibc.
  • CVSS score: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (7.8 High).
  • Affected versions: GNU Linux distributions that use a version of the library equal to or later than 2.34 (since April 2021) and earlier than 2.37-r7 in their glibc package.
    • Amazon Linux 2023 – Versions earlier than 2023.2.20231002.
    • Debian bookworm – Versions earlier than 2.36-9+deb12u3.
    • Debian bullseye – Versions earlier than 2.31-13+deb11u7.
    • Ubuntu 22.04 – Versions earlier than 2.35-0ubuntu3.4.
    • Ubuntu 23.04 – Versions earlier than 2.37-0ubuntu2.1.
    • Fedora 37 – Versions earlier than glibc-2.36-14.fc37.
    • Fedora 38 – Versions earlier than glibc-2.37-10.fc38.
    • Gentoo – Versions earlier than sys-libs/glibc 2.37-r7.
    • All unsupported Linux distributions may also be affected.
  • Exploitation requirements:
    • Execution of code with limited privileges on the vulnerable system.
Official image published by Qualys with the vulnerability CVE-2023-4911

Imagen oficial publicada por Qualys con la vulnerabilidad

CVE-2023-4911 mitigation

The main solution is to urgently update the glibc package to the new versions available that fix this vulnerability for each distribution.

It is important to note that, for this update to be applied completely, it is necessary to restart the operating system. This ensures that all processes use the updated library.

Vulnerability detection

The best way to identify this vulnerability is based on the glibc package versions. As part of its emerging vulnerabilities service, Tarlogic Security proactively monitors the perimeter of its customers to report, detect, and urgently notify the presence of this vulnerability, as well as other critical threats that could cause a serious impact on the security of their assets.

References: