Уязвимость CVE-2023-4911: Информация

Описание

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Важность: HIGH (7,8) Вектор: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-4911
Опубликовано: 3 октября 2023 г.
Изменено: 22 февраля 2024 г.
Идентификатор типа ошибки: CWE-787

Исправленные пакеты

Имя пакета
Ветка
Исправлено в версии
Версия в репозитории
Errata ID
№ Задания
Состояние
glibcsisyphus2.38.0.27.750a45a783-alt12.38.0.76.e9f05fa1c6-alt1ALT-PU-2023-6087-1330908Исправлено
glibcsisyphus_riscv642.38.0.44.d37c2b20a4-alt12.38.0.66.ge1135387de-alt1ALT-PU-2024-2632-1-Исправлено
glibcp102.32-alt5.p10.22.32-alt5.p10.3ALT-PU-2023-6088-2330909Исправлено
glibcc10f12.32-alt5.p10.22.32-alt5.p10.3ALT-PU-2023-6180-2330911Исправлено
glibcp112.38.0.27.750a45a783-alt12.38.0.76.e9f05fa1c6-alt1ALT-PU-2023-6087-1330908Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
https://www.qualys.com/cve-2023-4911/
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2238352
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
  • Exploit
https://access.redhat.com/security/cve/CVE-2023-4911
  • Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/03/3
  • Mailing List
  • Patch
http://www.openwall.com/lists/oss-security/2023/10/03/2
  • Exploit
  • Mailing List
https://www.debian.org/security/2023/dsa-5514
  • Third Party Advisory
https://security.gentoo.org/glsa/202310-03
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
  • Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
  • Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
  • Exploit
  • Mailing List
http://www.openwall.com/lists/oss-security/2023/10/05/1
  • Mailing List
  • Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5454
  • Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5453
  • Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5455
  • Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5476
  • Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/11
  • Exploit
  • Mailing List
  • Third Party Advisory
http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html
  • Exploit
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20231013-0006/
  • Mailing List
  • Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/13/11
  • Mailing List
http://www.openwall.com/lists/oss-security/2023/10/14/3
  • Mailing List
http://www.openwall.com/lists/oss-security/2023/10/14/5
  • Mailing List
http://www.openwall.com/lists/oss-security/2023/10/14/6
  • Third Party Advisory
http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html
  • Exploit
  • Third Party Advisory
RHSA-2024:0033
  • Third Party Advisory

    1. Конфигурация 1

      cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
      Start including
      2.34
      End excliding
      2.39

      Конфигурация 2

      cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
      cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
      cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

      Конфигурация 3

      cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Версия: v24.5.3
Наверх