A new Linux vulnerability, known as “Looney Tunables,” may allow local attackers to gain root privileges by exploiting a weakness in the GNU C Library's dynamic loader, reports Sergiu Gatlan.
The GNU C Library (glibc) is in most Linux-based systems, Gatlan explains. “It provides essential functionality, including system calls like open, malloc, printf, exit, and others, necessary for typical program execution.”
According to an advisory from Red Hat, this vulnerability “could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.” Users are advised to patch now.
Read more at Bleeping Computer.
Contact FOSSlife to learn about partnership and sponsorship opportunities.
Comments