7.8

CVE-2023-4911

Warnung
Exploit

Glibc: buffer overflow in ld.so leading to privilege escalation

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetappBootstrap Os Version-
   NetappHci Compute Node Version-
GnuGlibc Version >= 2.34 < 2.39
FedoraprojectFedora Version37
FedoraprojectFedora Version38
FedoraprojectFedora Version39
RedhatCodeready Linux Builder For Arm64 Version9.0_aarch64
RedhatVirtualization Version4.0
RedhatVirtualization Host Version4.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Eus Version8.6
RedhatEnterprise Linux Eus Version9.2
RedhatEnterprise Linux Eus Version9.4
RedhatEnterprise Linux Eus Version9.6
RedhatEnterprise Linux For Arm 64 Version9.0_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version8.6_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.2_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.4_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.6_aarch64
CanonicalUbuntu Linux Version22.04 SwEditionlts
CanonicalUbuntu Linux Version23.04
DebianDebian Linux Version11.0
DebianDebian Linux Version12.0
NetappH410c Firmware Version-
   NetappH410c Version-
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH410s Firmware Version-
   NetappH410s Version-

21.11.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

GNU C Library Buffer Overflow Vulnerability

Schwachstelle

GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 81.42% 0.996
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html
Third Party Advisory
Exploit
VDB Entry
http://seclists.org/fulldisclosure/2023/Oct/11
Third Party Advisory
Exploit
Mailing List
http://www.openwall.com/lists/oss-security/2023/10/03/2
Exploit
Mailing List
https://security.gentoo.org/glsa/202310-03
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5453
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5455
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
Mailing List
https://access.redhat.com/errata/RHSA-2023:5454
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5476
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0033
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4911
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2238352
Patch
Issue Tracking
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
Third Party Advisory
Exploit
https://www.qualys.com/cve-2023-4911/
Third Party Advisory
http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html
Third Party Advisory
Exploit
VDB Entry
http://www.openwall.com/lists/oss-security/2023/10/03/3
Mailing List
http://www.openwall.com/lists/oss-security/2023/10/05/1
Mailing List
http://www.openwall.com/lists/oss-security/2023/10/13/11
Mailing List
http://www.openwall.com/lists/oss-security/2023/10/14/3
Mailing List
http://www.openwall.com/lists/oss-security/2023/10/14/5
Mailing List
http://www.openwall.com/lists/oss-security/2023/10/14/6
Mailing List
https://security.netapp.com/advisory/ntap-20231013-0006/
Third Party Advisory
https://www.debian.org/security/2023/dsa-5514
Mailing List
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4911
US Government Resource
https://www.exploit-db.com/exploits/52479
Third Party Advisory
Exploit
VDB Entry
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-831302.html
Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-794697.html
Third Party Advisory