If exploited, these flaws can allow attackers to gain unauthorized access to sensitive information or generally cause problems
The recent vulnerability discovered by Qualys researchers in Glibc (the GNU C library) that Allows root access on Linux-based devices, would have been accidentally introduced in August 2022 with the release of glibc version 2.37.
The vulnerability listed under "CVE-2023-6246" and a CVSS score of 7.8, is due to a buffer overflow and originates from the "vsyslog_internal() function» from glibc, which is used by syslog() and vsyslog() for system logging purposes.
For those who are unaware of Glibc, you should know that this is a fundamental library for programs written in the C language, acting as a standard interface between programs and the operating system on which they run. The privilege escalation flaw affects internal syslog and vsyslog functions, two crucial components in the system registry on Unix and similar systems, including GNU/Linux-based systems.
“This flaw allows for local escalation of privilege, allowing an unprivileged user to gain full root access,” said Saeed Abbasi, product manager at Qualys’ threat research unit, adding that it affects major Linux distributions such as Debian, Ubuntu and Fedora.
A threat actor could exploit the flaw to gain elevated permissions via specially crafted entries for applications that use these registry features. » Although the vulnerability requires specific conditions to be exploited (such as an abnormally long argv[0] or openlog() argument), its impact is significant due to the widespread use of the affected library
Syslog is a protocol and application used to record system logs, while vsyslog offers advanced virtual logging capabilities for more specific log management in complex environments. Both are essential for traceability and troubleshooting when recording important events.
The magnitude of the risk is that a buffer overflow can allow an attacker to gain full system access as root, via crafted input sent to applications that use the vsyslog and syslog logging functions.
During tests carried out by the researchers, it was confirmed that several Linux distributions, including Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora (versions 37 to 39 inclusive), are vulnerable. Although some distributions have been verified, it is likely that other Linux distributions are also affected by this security vulnerability.
Qualys said that further analysis of glibc discovered two more flaws in the vsyslog_internal() function CVE-2023-6779 and CVE-2023-6780. The second vulnerability, CVE-2023-6780, is in the glibc qsort() function. This memory corruption vulnerability arises from a lack of bounds checking when using qsort() with a non-transitive compare function and a large number of elements controlled by an attacker. Although no real examples of vulnerable programs have been identified, their potential impact is significant and affects all versions of glibc since September 1992.
On the vulnerability disclosure part, it is mentioned that the Qualys team contacted the glibc security team regarding the flaws on December 12, 2023, but the team decided not to address the memory corruption in qsort() as a vulnerability. On January 16, 2024, TRU supported the b9390ba commit in all stable glibc releases and the coordinated release date was set for January 30, 2023.
The vulnerabilities identified in glibc's syslog and qsort functions highlight a critical aspect of software security: even the most fundamental and trusted components are not immune to failures.
Importantly only glibc versions 2.36 and 2.37 are vulnerable, and the latest versions already include the patch that solves this vulnerability. Therefore, it is essential to update to the latest versions to protect affected systems. It is recommended to check the version of the glibc library present on the system using the following command:
ldd --version
finally if you are interested in knowing more about it, you can check the details In the following link.