Security News > 2024 > January > New Linux glibc flaw lets attackers get root on major distros

New Linux glibc flaw lets attackers get root on major distros
2024-01-30 23:06

Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation vulnerability in the GNU C Library.

The bug is due to a heap-based buffer overflow weakness accidentally introduced in glibc 2.37 in August 2022 and later backported to glibc 2.36 when addressing a less severe vulnerability tracked as CVE-2022-39046.

Over the past few years, researchers at Qualys have found several other Linux security vulnerabilities that can let attackers gain complete control over unpatched Linux systems, even in default configurations.

Exploits released for Linux flaw giving root on major distros.

New 'Looney Tunables' Linux bug gives root on major distros.

Cisco says critical Unity Connection bug lets attackers get root.


News URL

https://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-08-31 CVE-2022-39046 Information Exposure Through Log Files vulnerability in multiple products
An issue was discovered in the GNU C Library (glibc) 2.36.
network
low complexity
gnu netapp CWE-532
5.3

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2532 1569 67 4232