Security News > 2023 > October > New 'Looney Tunables' Linux bug gives root on major distros
A new Linux vulnerability known as 'Looney Tunables' enables local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library's ld.
The GNU C Library is the GNU system's C library and is in most Linux kernel-based systems.
The dynamic loader within glibc is of utmost importance, as it is responsible for program preparation and execution on Linux systems that use glibc. Discovered by the Qualys Threat Research Unit, the flaw was introduced in April 2021, with the release of glibc 2.34, via a commit described as fixing SXID ERASE behavior in setuid programs.
"Our successful exploitation, leading to full root privileges on major distributions like Fedora, Ubuntu, and Debian, highlights this vulnerability's severity and widespread nature," said Saeed Abbasi, Product Manager at Qualys' Threat Research Unit.
"While Alpine Linux users can breathe a sigh of relief, others should prioritize patching to ensure system integrity and security."
In recent years, Qualys researchers have discovered other high-severity Linux security flaws that enable attackers to gain root privileges in default configurations of many Linux distributions.