CVE-2023-4911
KEV
🔴 Łataj teraz
Przepełnienie bufora w GNU C Library umożliwia lokalnemu atakującemu wykonanie kodu z podwyższonymi uprawnieniami.
CVSS
7.8
EPSS
71.5%
Exploit
weaponized
Vendor
redhat
Opis źródłowy (NVD)
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
buffer-overflow exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 71.5% |
| Opublikowano (NVD) | 2023-10-03 18:15:10 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-12 16:24:45 UTC |
Referencje
- https://access.redhat.com/errata/RHSA-2023:5453 (secalert@redhat.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2023:5454 (secalert@redhat.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2023:5455 (secalert@redhat.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2023:5476 (secalert@redhat.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2024:0033 (secalert@redhat.com) [Third Party Advisory]
- https://access.redhat.com/security/cve/CVE-2023-4911 (secalert@redhat.com) [Third Party Advisory]
- https://bugzilla.redhat.com/show_bug.cgi?id=2238352 (secalert@redhat.com) [Issue Tracking, Patch]
- https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt (secalert@redhat.com) [Exploit, Third Party Advisory]
- https://www.qualys.com/cve-2023-4911/ (secalert@redhat.com) [Third Party Advisory]
- http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html (af854a3a-2127-422b-91ae-364da2661108) [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html (af854a3a-2127-422b-91ae-364da2661108) [Exploit, Third Party Advisory, VDB Entry]
- http://seclists.org/fulldisclosure/2023/Oct/11 (af854a3a-2127-422b-91ae-364da2661108) [Exploit, Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2023/10/03/2 (af854a3a-2127-422b-91ae-364da2661108) [Exploit, Mailing List]
- http://www.openwall.com/lists/oss-security/2023/10/03/3 (af854a3a-2127-422b-91ae-364da2661108) [Mailing List]
- http://www.openwall.com/lists/oss-security/2023/10/05/1 (af854a3a-2127-422b-91ae-364da2661108) [Mailing List]
- http://www.openwall.com/lists/oss-security/2023/10/13/11 (af854a3a-2127-422b-91ae-364da2661108) [Mailing List]
- http://www.openwall.com/lists/oss-security/2023/10/14/3 (af854a3a-2127-422b-91ae-364da2661108) [Mailing List]
- http://www.openwall.com/lists/oss-security/2023/10/14/5 (af854a3a-2127-422b-91ae-364da2661108) [Mailing List]
- http://www.openwall.com/lists/oss-security/2023/10/14/6 (af854a3a-2127-422b-91ae-364da2661108) [Mailing List]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/ (af854a3a-2127-422b-91ae-364da2661108) [Mailing List]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/ (af854a3a-2127-422b-91ae-364da2661108) [Mailing List]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/ (af854a3a-2127-422b-91ae-364da2661108) [Mailing List]
- https://security.gentoo.org/glsa/202310-03 (af854a3a-2127-422b-91ae-364da2661108) [Third Party Advisory]
- https://security.netapp.com/advisory/ntap-20231013-0006/ (af854a3a-2127-422b-91ae-364da2661108) [Third Party Advisory]
- https://www.debian.org/security/2023/dsa-5514 (af854a3a-2127-422b-91ae-364da2661108) [Mailing List]
- https://www.exploit-db.com/exploits/52479 (af854a3a-2127-422b-91ae-364da2661108) [Exploit, Third Party Advisory, VDB Entry]
- https://cert-portal.siemens.com/productcert/html/ssa-082556.html (0b142b55-0307-4c5a-b3c9-f314f3fb7c5e) [Third Party Advisory]
- https://cert-portal.siemens.com/productcert/html/ssa-794697.html (0b142b55-0307-4c5a-b3c9-f314f3fb7c5e) [Third Party Advisory]
- https://cert-portal.siemens.com/productcert/html/ssa-831302.html (0b142b55-0307-4c5a-b3c9-f314f3fb7c5e) [Third Party Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4911 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]