glibc: buffer overflow in ld.so leading to privilege escalation

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

Glibc Tunables Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 561, '3602eac894717d56555552c84fc6b0e4d6a4af72' = 561, 'a99db3715218b641780b04323e4ae5953d68a927' = 561, 'a8daca28288575ffc8c7641d40901b0148958fb1...

Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)

A buffer overflow exists in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue allows an local attacker to use maliciously crafted GLIBCTUNABLES when launching binaries with SUID permission to execute code in the context of the root user...

VulnCheck KEV: CVE-2023-4911

GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBCTUNABLES environment variable, allowing a local attacker to execute code with elevated privileges...

OESA-2023-1725 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

OESA-2023-1723 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

OESA-2023-1724 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

Mageia: Security Advisory (MGASA-2023-0286)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated glibc packages fix a security vulnerability

The updated packages fix a security vulnerability: A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when...

K000137187: GlibC vulnerability CVE-2023-4911

Security Advisory Description A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with...

Oracle Linux 8 : glibc (ELSA-2023-12853)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12853 advisory. 2.28-225.0.4 - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E. Marchesi Tenable has extracted the preceding...

glibc ld.so Local Privilege Escalation Vulnerability

Dubbed Looney Tunables, Qualys discovered a buffer overflow vulnerability in the glibc dynamic loader's processing of the GLIBCTUNABLES environment variable. This vulnerability was introduced in April 2021 glibc 2.34 by commit 2ed18c. Looney Tunables: Local Privilege Escalation in the glibc's ld....

SUSE CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

glibc ld.so Local Privilege Escalation

Qualys Security Advisory Looney Tunables: Local Privilege Escalation in the glibc's ld.so CVE-2023-4911 ======================================================================== Contents ======================================================================== Summary Analysis Proof of concept...

Oracle Linux 9 : glibc (ELSA-2023-12854)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12854 advisory. 2.34-60.0.3 - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E. Marchesi Tenable has extracted the preceding...

glibc: buffer overflow in ld.so leading to privilege escalation

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

glibc: buffer overflow in ld.so leading to privilege escalation

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

glibc: buffer overflow in ld.so leading to privilege escalation

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

glibc: buffer overflow in ld.so leading to privilege escalation

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

Oracle Linux 9 : glibc (ELSA-2023-12850)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12850 advisory. 2.34-60.0.3 - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E. Marchesi Tenable has extracted the preceding...