Security News > 2023 > November > Hackers exploit Looney Tunables Linux bug, steal cloud creds

Hackers exploit Looney Tunables Linux bug, steal cloud creds
2023-11-06 20:26

The operators of the Kinsing malware are targeting cloud environments with systems vulnerable to "Looney Tunables," a Linux security issue identified as CVE-2023-4911 that allows a local attacker to gain root privileges on the system.

In a report from cloud security company Aqua Nautilus, researchers describe a Kinsing malware attack where the threat actor exploited CVE-2023-4911 to elevate permissions on a compromised machine.

"Utilizing a rudimentary yet typical PHPUnit vulnerability exploit attack, a component of Kinsing's ongoing campaign, we have uncovered the threat actor's manual efforts to manipulate the Looney Tunables vulnerability," reads the Aqua Nautilus report.

The exploit for Looney Tunables is fetched directly from the repository of the researcher who released a PoC, likely to hide their tracks.

The researchers believe that this campaign was an experiment since the threat actor relied on a different tactics and expanded the scope of the attack to collecting Cloud Service Providers credentials.

New 'Looney Tunables' Linux bug gives root on major distros.


News URL

https://www.bleepingcomputer.com/news/security/hackers-exploit-looney-tunables-linux-bug-steal-cloud-creds/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-03 CVE-2023-4911 Out-of-bounds Write vulnerability in multiple products
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable.
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2312 1489 67 3932