New Glibc Flaw Allows Full Root Access on Major Linux Distros

As a fundamental element of nearly every Linux-based system, the GNU C Library, or glibc, acts as a core library connecting applications with the Linux kernel. It provides essential functions for system calls, input/output operations, memory management, and other low-level functionalities that programs need to interact with the operating system. The recent discovery of a glibc flaw poses a significant concern due to its potential impact on millions of systems worldwide.

The vulnerability, tracked as CVE-2023-6246 with a CVSS score of 7.8, was found in the __vsyslog_internal() function, which is used by common logging functions like syslog and vsyslog. It allows attackers with local access to escalate their privileges to root, granting them complete control over the system. This glibc flaw stems from a heap-based buffer overflow inadvertently introduced in glibc version 2.37 in August 2022. This issue was subsequently backported to glibc version 2.36 while addressing a less severe vulnerability tracked as CVE-2022-39046.

Impacts on Major Linux Distributions

The impact of the vulnerability is heightened due to the widespread use of the affected glibc library. Qualys conducted tests of the vulnerability on Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora 37 to 39. These tests revealed that unprivileged users on default installations of these systems could exploit CVE-2023-6246 to escalate privileges to full root access.

In addition to CVE-2023-6246, Qualys researchers discovered three other vulnerabilities during their analysis of glibc. Two of these vulnerabilities, tracked as CVE-2023-6779 and CVE-2023-6780, are present in the __vsyslog_internal() function and are complex to exploit. The third vulnerability, related to a memory corruption issue in glibc’s qsort() function, is still awaiting a CVE identifier.

Qualys has a history of uncovering Linux security vulnerabilities in recent years, including flaws in glibc’s ld.so dynamic loader (Looney Tunables), Polkit’s pkexec component, the Kernel’s filesystem layer, and the Sudo Unix program.

Conclusion

Unpatched systems running major Linux distributions like Debian, Ubuntu, and Fedora are at risk of attackers gaining root access due to a recently discovered vulnerability in the GNU C Library (glibc). This glibc flaw highlights the importance of proactive security measures, especially for core libraries like glibc.

TuxCare offers LibCare which allows you to automate vulnerability patching for shared libraries like glibc and OpenSSL without the need for rebooting systems or scheduling maintenance windows. LibCare is available as an add-on tool for KernelCare Enterprise, a live kernel patching tool provided by TuxCare. With KernelCare and LibCare together, you can ensure the maximum protection of your Linux systems from potential exploits.

Get in touch with TuxCare Linux security expert to get started with TuxCare live patching services.

The sources for this article include a story from Qualys.