Linux users beware — this security flaw could allow attackers to get root on major distros, so take extra care

Let’s not be glibc about this

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A local privilege escalation flaw within the GNU C (glibc) has been disclosed, opening up the possibility of cyberattacks onendpointswith the library installed - quite a large pool, as the library enables critical kernel features across several majorLinux distributions.

PerBleepingComputer, the flaw, disclosed asCVE-2023-6246, was found in glibc’s __vsyslog_internal() function, called by the syslog and vyslog functions for logging messages to the system.

The flaw allows, via a buffer overflow, unauthorised users to gain root access - full read, write and execute permissions - across a distribution instance, which is, to use the correct computing term, terrifying.

The technical stuff

In its disclosure published on January 30 2024, researchers from security company Qualys wrote that even up to date Fedora installations were exploitable. That’s concerning, but disclosure should expedite a fix.

Making things worse is the fact that, per the disclosure again this vulnerability was backported to 2.36 via another code commit fixing a different flaw in __vsyslog_internal(), stemming from an uninitialized memory read, tracked as CVE-2022-39046.

Buffer overflow, or more data being written to a part of a computer program than it has allocated, allowing for the execution of arbitrary, potentially nefarious code, has always been a serious problem for the decades-old glibc library, to the point where Qualys found that a very similar bug in its codehas occurred before, in 1997.

The common solution is to add functions to code that check memory bounds, so that, if an allocation to a buffer would cause an overflow, it’s refused.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The implications

Even if you’re not a programmer, this news should trouble anyone who’sgiven into the hypeand is now running Debian (versions 12 to 13) or a Debian-based Linux distribution, which includesRaspberry Pi OS, as well as other major Linux variants like Fedora (37 to 39) and Ubuntu (23.04 and 23.10) and their offshoots, including the established and popular Linux Mint.

Qualys also pointed out that ‘other distributions are probably also exploitable’, so even though we’ve named some of the popular distributions affected, you may wish to investigate further.

The one saving grace from all of this is that Qualys don’t believe the exploit can be triggered remotely, writing in its disclosure that “to the best of our knowledge, this vulnerability cannot be triggered remotely in any likely scenario (because it requires an argv[0], or an openlog() ident argument, longer than 1024 bytes to be triggered)”.

More from TechRadar Pro

Luke Hughes holds the role of Staff Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption