CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()
-
LWN ☛ [oss-security] CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()
We discovered a heap-based buffer overflow in the GNU C Library's __vsyslog_internal() function, which is called by both syslog() and vsyslog(). This vulnerability was introduced in glibc 2.37 (in August 2022) by the following commit:
https://sourceware.org/git?p=glibc.git;a=commit;h=52a5be0...
and was also backported to glibc 2.36 because this commit was a fix for another, minor vulnerability in __vsyslog_internal() (CVE-2022-39046, an "uninitialized memory [read] from the heap"):
https://sourceware.org/bugzilla/show_bug.cgi?id=29536
For example, we confirmed that Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora 37 to 39 are vulnerable to this buffer overflow. Furthermore, we successfully exploited an up-to-date, default installation of Fedora 38 (on amd64): a Local Privilege Escalation, from any unprivileged user to full root. Other distributions are probably also exploitable.
To the best of our knowledge, this vulnerability cannot be triggered remotely in any likely scenario (because it requires an argv[0], or an openlog() ident argument, longer than 1024 bytes to be triggered).
Last-minute note: in December 1997 Solar Designer published information about a very similar vulnerability in the vsyslog() of the old Linux libc (https://insecure.org/sploits/linux.libc.5.4.38.vsyslog.html). -
LWN ☛ A locally exploitable glibc vulnerability
Qualys has disclosed a vulnerability in the GNU C Library that can be exploited by a local attacker for root access. It was introduced in the 2.37 release, and also backported to 2.36.
-
Bleeping Computer ☛ New Linux glibc flaw lets attackers get root on major distros [Ed: glibc is not Linux. Old FUD style is back again.]
Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).
-
New Glibc Library Flaw Grants Root Access to Major Linux Distros
Disclosed as CVE-2023-6246, the issue is a heap-based buffer overflow in glibc's __vsyslog_internal() function, called by the commonly used syslog() and vsyslog() functions for logging messages. The flaw was introduced accidentally in glibc version 2.37 released in August 2022 and later backported to version 2.36.
-
Gray Dot Media Group ☛ Critical Flaws Found in GNU C Library, Major Linux Distros at Risk [Ed: They make it sound a lot more severe than it actually is; in most environments the threat is inapplicable]
Millions of Linux systems are at risk due to four critical vulnerabilities found in the GNU C Library (glibc), a fundamental component of most Linux distributions.
The Qualys Threat Research Unit (TRU) has discovered four significant vulnerabilities in the GNU C Library, a crucial component of Linux-based systems. Researchers have discovered multiple vulnerabilities in the library’s syslog and qsort functions, raising significant security concerns.
-
TechRadar ☛ Linux users beware — this security flaw could allow attackers to get root on major distros, so take extra care [Ed: This is nowhere as severe as the typical Windows flaws]
A local privilege escalation flaw within the GNU C (glibc) has been disclosed, opening up the possibility of cyberattacks on endpoints with the library installed - quite a large pool, as the library enables critical kernel features across several major Linux distributions.
-
Security Affairs ☛ Root access vulnerability in GNU Library C (glibc) impacts many Linux distros
Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in GNU Library C (glibc) affecting multiple Linux distributions.
-
Hacker News ☛ New Glibc Flaw Grants Attackers Root Access on Major Linux Distros
Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc).