Linux Vulnerability 'Looney Tunables' Allows Getting Root Priveleges

A recent Linux vulnerability, dubbed 'Looney Tunables' (CVE-2023-4911), allows local attackers to obtain root privileges by exploiting a buffer overflow in the GNU C Library's ld.so dynamic loader. The GNU C Library (glibc) is a critical component found in most Linux-based systems, providing essential functions like open, malloc, printf, and more. The dynamic loader in glibc plays a pivotal role in program execution on these systems. This flaw, discovered by Qualys Threat Research Unit, was introduced in April 2021 with the release of glibc 2.34 as part of a commit addressing SXID_ERASE behavior in setuid programs. Read more...