Security News > 2024 > January > New Glibc Flaw Grants Attackers Root Access on Major Linux Distros
2024-01-31 05:44
Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246, the heap-based buffer overflow vulnerability is rooted in glibc's __vsyslog_internal() function, which is used by syslog() and vsyslog() for system logging purposes. It's said to have been accidentally
News URL
https://thehackernews.com/2024/01/new-glibc-flaw-grants-attackers-root.html
Related news
- Critical Kubernetes Image Builder flaw gives SSH root access to VMs (source)
- Critical default credential in Kubernetes Image Builder allows SSH root access (source)
- Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk (source)
- Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2023-6246 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. | 7.8 |