Published: 03/10/2023 Updated: 22/02/2024

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

A buffer overflow exists in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local malicious user to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc
fedoraproject fedora 37
fedoraproject fedora 38
fedoraproject fedora 39
redhat virtualization host 4.0
redhat virtualization 4.0
redhat enterprise linux 8.0
redhat enterprise linux server aus 8.6
redhat enterprise linux server tus 8.6
redhat enterprise linux eus 8.6
redhat codeready linux builder for power little endian eus 8.6
redhat codeready linux builder eus 8.6
redhat enterprise linux 9.0
redhat codeready linux builder for ibm z systems eus 8.6
redhat codeready linux builder for arm64 eus 8.6
redhat enterprise linux for arm 64 eus 8.6_aarch64
redhat enterprise linux for ibm z systems eus s390x 8.6
redhat enterprise linux for power big endian eus 8.6_ppc64le

The Qualys Research Labs discovered a buffer overflow in the dynamic loader's processing of the GLIBC_TUNABLES environment variable An attacker can exploit this flaw for privilege escalation Details can be found in the Qualys advisory at wwwqualyscom/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-sotxt For ...

DescriptionA buffer overflow was discovered in the GNU C Library's dynamic loader ldso while processing the GLIBC_TUNABLES environment variable This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privilegesA buffe ...

Synopsis Important: Cryostat security update Type/Severity Security Advisory: Important Topic An update is now available for Cryostat 2 on RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available ...

概要 Important: OpenShift Container Platform 41317 bug fix and security update タイプ/重大度 Security Advisory: Important トピック Red Hat OpenShift Container Platform release 41317 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Ha ...

Synopsis Important: Fence Agents Remediation Operator 021 security update Type/Severity Security Advisory: Important Topic This is an updated version for the fence-agents-remediation-operator-bundle-container and the fence-agents-remediation-operator-container It is now available for Fence Agents Remediation 02 for RHEL 8Red Hat Product ...

Synopsis Important: OpenShift Virtualization 4128 Images security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 4128 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact o ...

概要 Important: Updated IBM Business Automation Manager Open Editions 804 SP1 Images タイプ/重大度 Security Advisory: Important トピック An update is now available for IBM Business Automation Manager Open Editions including images for Red Hat OpenShift Container Platform 説明 IBM Business Automation Manager Open Editions is ...

Synopsis Moderate: Red Hat Virtualization Host 44z SP 1 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for ...

Synopsis Important: glibc security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for glibc is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a secu ...

Synopsis Important: Migration Toolkit for Runtimes security update Type/Severity Security Advisory: Important Topic Migration Toolkit for Runtimes 121 releaseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating ...

Synopsis Important: Migration Toolkit for Applications security update Type/Severity Security Advisory: Important Topic An update is now available for MTA-61-RHEL-8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity ...

Synopsis Important: Release of OpenShift Serverless 1302 Type/Severity Security Advisory: Important Topic Red Hat OpenShift Serverless version 1302 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severit ...

Synopsis Important: Migration Toolkit for Applications security and bug fix update Type/Severity Security Advisory: Important Topic Migration Toolkit for Applications 621 releaseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a deta ...

Synopsis Important: glibc security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for glibc is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a secu ...

Synopsis Important: OpenShift Container Platform 41241 security and extras update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41241 is now available with updates to packages and images that fix several bugsThis release includes a security update for Red Hat OpenShift Container Platform 4 ...

Synopsis Important: OpenShift Virtualization 4117 Images security and bug fix update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 4117 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a secur ...

Synopsis Important: Network Observability security update Type/Severity Security Advisory: Important Topic An update for network-observability-console-plugin-container, network-observability-ebpf-agent-container, network-observability-flowlogs-pipeline-container, network-observability-operator-bundle-container, and network-observability-opera ...

Synopsis Important: Logging Subsystem 577 - Red Hat OpenShift security update Type/Severity Security Advisory: Important Topic Logging Subsystem 577 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sev ...

Synopsis Important: Logging Subsystem 5612 - Red Hat OpenShift security update Type/Severity Security Advisory: Important Topic Logging Subsystem 5612 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed s ...

Synopsis Important: Red Hat OpenShift Service Mesh for 238 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Service Mesh 23 for RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...

Synopsis Important: Red Hat OpenShift Service Mesh for 2211 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Service Mesh 22 for RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base s ...

概述 Important: Red Hat OpenStack Platform 1625 security update 类型/严重性 Security Advisory: Important 标题 An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 1625Red Hat Produ ...

Synopsis Important: RHACS 41 enhancement and security update Type/Severity Security Advisory: Important Topic Updated images are now available for Red Hat Advanced Cluster Security (RHACS) The updated image includes new features and bug fixesRed Hat Product Security has rated this update as having a security impact of Important A Common V ...

Synopsis Important: Self Node Remediation Operator 051 security update Type/Severity Security Advisory: Important Topic This is an updated version of the Self Node Remediation Operator This Operator is delivered by Red Hat Workload AvailabilityRed Hat Product Security has rated this update as having a security impact of Important A Commo ...

Synopsis Important: Red Hat OpenShift Service Mesh for 244 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Service Mesh 24 for RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...

Synopsis Important: Node Health Check Operator 041 Type/Severity Security Advisory: Important Topic This is an updated version of the Node Health Check Operator This Operator is delivered by Red Hat Workload AvailabilityRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...

Synopsis Important: Node Maintenance Operator 521 security update Type/Severity Security Advisory: Important Topic This is an updated version of the Node Maintenance Operator This Operator is delivered by Red Hat Workload AvailabilityRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerab ...

Synopsis Important: Node Maintenance Operator 501 security update Type/Severity Security Advisory: Important Topic This is an updated version of the Node Maintenance Operator This Operator is delivered by Red Hat Workload AvailabilityRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerab ...

Synopsis Important: Red Hat OpenStack Platform 1711 (director-operator) security update Type/Severity Security Advisory: Important Topic An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 17 ...

Synopsis Important: OpenShift Container Platform 41152 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41152 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...

Synopsis Important: OpenShift Container Platform 41239 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41239 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...

Synopsis Important: glibc security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for glibc is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has rated th ...

Synopsis Important: Red Hat OpenShift Pipelines Operator security update Type/Severity Security Advisory: Important Topic An update is now available for OpenShift-Pipelines-111-RHEL-8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...

Synopsis Important: OpenShift Virtualization 4135 Images security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 4135 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact o ...

Synopsis Important: Self Node Remediation Operator 071 security update Type/Severity Security Advisory: Important Topic This is an updated version of the Self Node Remediation Operator This Operator is delivered by Red Hat Workload AvailabilityRed Hat Product Security has rated this update as having a security impact of Important A Commo ...

概要 Important: OpenShift Container Platform 411 low-latency extras update タイプ/重大度 Security Advisory: Important トピック An update for cnf-tests-container, dpdk-base-container and performance-addon-operator-must-gather-rhel8-container is now available for Red Hat OpenShift Container Platform 411 Secondary scheduler builds ...

Synopsis Important: cert-manager Operator for Red Hat OpenShift 1121 Type/Severity Security Advisory: Important Topic cert-manager Operator for Red Hat OpenShift 1121Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...

Synopsis Important: glibc security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for glibc is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has rated th ...

Synopsis Important: Red Hat OpenShift Pipelines 1106 release and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Pipelines 1106 has been releasedRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...

Synopsis Important: Node Health Check Operator 061 security update Type/Severity Security Advisory: Important Topic This is an updated version for the node-healthcheck-must-gather-container, the node-healthcheck-operator-bundle-container, the node-healthcheck-operator-container, and the node-remediation-console-container It is now availabl ...

Synopsis Important: OpenShift Container Platform 413 low-latency extras security update Type/Severity Security Advisory: Important Topic An update for cnf-tests-container, dpdk-base-container, performance-addon-operator-must-gather NUMA-aware secondary scheduler and numaresources-operator is now available for Red Hat OpenShift Container Plat ...

Synopsis Important: Red Hat OpenShift Enterprise security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform low-latency extras release 412, which provides an update for cnf-tests-container, performance-addon-operator-must-gather-rhel8-container, NUMA-aware secondary scheduler and numaresources-opera ...

Synopsis Important: Secondary Scheduler Operator for Red Hat OpenShift 120 Type/Severity Security Advisory: Important Topic Secondary Scheduler Operator for Red Hat OpenShift 120 Description The Secondary Scheduler Operator for Red Hat OpenShift is an optionaloperator that makes it possible to deploy a secondary scheduler byproviding a ...

Synopsis Important: Kernel Module Management security update Type/Severity Security Advisory: Important Topic This is an update for the Red Hat OpenShift Kernel Module Management 11 operator and images to address CVE-2023-44487 which Red Hat has assessed as being Important (sees accessredhatcom/security/cve/CVE-2023-44487 for detai ...

Menu Log in ...

Critical Infrastructure Sectors: Critical Manufacturing

Dubbed Looney Tunables, Qualys discovered a buffer overflow vulnerability in the glibc dynamic loader's processing of the GLIBC_TUNABLES environment variable This vulnerability was introduced in April 2021 (glibc 234) by commit 2ed18c ...

A buffer overflow exists in the GNU C Library's dynamic loader ldso while processing the GLIBC_TUNABLES environment variable It has been dubbed Looney Tunables This issue allows an local attacker to use maliciously crafted GLIBC_TUNABLES when launching binaries with SUID permission to execute code in the context of the root user This Metasploit ...

CVE-2023-4911 使用 docker build -t CVE-2023-4911 -f Dockerfile docker run -it CVE-2023-4911 /exp 参考 githubcom/leesh3288/CVE-2023-4911 githubcom/Green-Avocado/CVE-2023-4911 wwwqualyscom/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-sotxt

PoC for CVE-2023-4911 LooneyTuneables

CVE-2023-4911 This is a PoC for CVE-2023-4911 ("Looney Tunables") that exploits a bug in the glibc dynamic loader's GLIBC_TUNABLES environment variable parsing function parse_tunables() This is a rewrite of the C PoC's into a pure python approach I did this to make it easier to customize the exploit for other platforms The only requirement is pwntools, wh

PoC for CVE-2023-4911

PoC of CVE-2023-4911 "Looney Tunables" This is a PoC of CVE-2023-4911 (aka "Looney Tunables") exploiting a bug in glibc dynamic loader's GLIBC_TUNABLES environment variable parsing function parse_tunables() Code has been tested on Ubuntu 22043 with glibc version 235-0ubuntu33 No attempts have been made to generalize the PoC (read: "Works O

PoC exploits are not meant to cause harm, but to show security weaknesses within software. Identifying issues allows companies to patch vulnerabilities and protect itself against attacks

Collection of Linux Kernel exploits for CTF.

Linux kernal Exploits This repo is a collection of kernal exploits Sources githubcom/briskets/CVE-2021-3493 githubcom/UncleJ4ck/CVE-2021-41091 githubcom/xkaneiki/CVE-2023-0386 githubcom/leesh3288/CVE-2023-4911 Disclaimer I am not the author of any of this exploit

CVE-2023-4911

CVE-2023-4911 This is a PoC (Proof Of Concept) for the Looney Tunables Linux Privilege Escalation vulnerability This is based on this PoC Great thanks to leesh3288 Here you can find a very detailed writeup, and here you can see a very cool video by IppSec Usage Check if it's vulnerable env -i "GLIBC_TUNABLES=glibcmallocmxfast=glibcmallocmxfast=A" "Z=

PoC of CVE-2023-4911 Looney Tunables This is a PoC of CVE-2023-4911 (aka "Looney Tunables") exploiting a bug in glibc dynamic loader's GLIBC_TUNABLES environment variable parsing function parse_tunables() Getting Started Executing program We can check if target is vulnerable env -i "GLIBC_TUNABLES=glibcmallocmxfast=glibcmallocmxfast=A" "Z

https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

CVE-2023-4911 wwwqualyscom/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-sotxt Proof-of-Concept Developed for: Ubuntu 2204 Ubuntu GLIBC 235-0ubuntu31 su from util-linux 2372 ASLR ON Dockerfile included Debug Disable ASLR $ echo 0 | sudo tee /proc/sys/kernel/randomize_va_space Compile with

A collection of nix modules for running a secure NixOS server

security-nix A collection of nix modules for running a secure NixOS server You might want to import: <nixpkgs/nixos/modules/profiles/hardenednix> Hostfw Hostfw is a module for managing the firewall Using this simple abstraction you can open a certain UDP or TCP port for a list of trusted IPs instead of having to call low

CVE-2023-4911 proof of concept

CVE-2023-4911 - Looney Tunables This is a (atm very rough) proof of concept for CVE-2023-4911 So far I've only verified it works on Ubuntu 2210 kinetic Current version of the exploit contains a fair amount of "magic" offsets If you have suggestions on how to improve the heap shaping, feel free to send a PR my way :) This exploit is basically an implementatio

https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

Exploit tool for CVE-2023-4911, targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.

LooneyPwner Exploit tool for CVE-2023-4911, targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions LooneyPwner is a proof-of-concept (PoC) exploit tool targeting the critical buffer overflow vulnerability, nicknamed "Looney Tunables," found in the GNU C Library (glibc) This flaw, officially tracked as CVE-2023-4911, is present i

CVE-2023-4911

looney-tuneables CVE-2023-4911 Install pwntools: githubcom/Gallopsled/pwntools apt-get update apt-get install python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential python3 -m pip install --upgrade pip python3 -m pip install --upgrade pwntools

PoC for CVE-2023-4911

CVE-2023-4911 PoC for CVE-2023-4911

My Awesome List

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Assembly Batchfile C C# C++ CSS Clojure Dart Dockerfile Elixir Go HTML Java JavaScript Jinja Jupyter Notebook Kotlin LLVM Lua Markdown Nim OCaml Others PHP Perl PowerShell Python Ren'Py Rich Text Format Ruby Rust Scala Shell Solidity Starlark Stylus Svelte TeX TypeScript Typst V VBScript Vi

Repository containing a Proof of Concept (PoC) demonstrating the impact of CVE-2023-4911, a vulnerability in glibc's ld.so dynamic loader, exposing risks related to Looney Tunables.

GNU C Library's Dynamic Loader Vulnerability (CVE-2023-4911) Overview The GNU C Library (glibc) serves as the C library in the GNU system and is integral to Linux-based systems At its core, glibc defines essential functionalities for programs, including system calls and common functions like open, malloc, printf, and exit The dynamic loader, a vital component of glibc, p

Looney Tunables CVE-2023-4911

Step 1 Check the glibc version ldd --version Check if a machine is vulnerable to Looney Tunables CVE-2023-4911 env -i "GLIBC_TUNABLES=glibcmallocmxfast=glibcmallocmxfast=A" "Z=`printf '%08192x' 1`" /usr/bin/su --help If we get a Segmentation fault (core dumped), the

Looney Tunables Local privilege escalation (CVE-2023-4911) workshop

CVE-2023-4911-Looney-Tunables Looney Tunables Local privilege escalation (CVE-2023-4911) workshop (for educational purposes only) Links: IPPSEC video Qualsys Blog Post Qualsys Tech Details Exploit POC python script GLIBC sources GLIBC tunables documentation Description What is ldso? In computing, a dynamic linker is the part of an operating system that loads and links the sh

ScanD About ScanD runs a Container Image Security Vulnerability scan against all images running in a cluster and exposes the results as a prometheus guage metric /metrics example: scand_result{id="CVE-2023-4911-libc6",image="registryk8sio/kube-proxy@sha256:4bcb707da9898d2625f5d4edc6d0c96519a24f16db914fc673aa8f97e41dbabf",security_severity="78"}

Proof of concept for CVE-2023-4911 (Looney Tunables) discovered by Qualys Threat Research Unit

Proof of concept for CVE-2023-4911 (Looney Tunables) This vulnerability has been discovered by Qualys Threat Research Here you can read the advisory they published, it explains in depth the vulnerability The exploit has been tested on Ubuntu 22042 LTS with GLIBC 235-0ubuntu31 Testing the exploit The makefile allows testing the exploit in the following scenarios: With AS

Looney-Tunables-CVE-2023-4911 Os arquivos utilizados estão anexados neste repositório #TASK 5 Primeiro, você deve executar o script Python para gerar o malware libcso6 Você precisará então compilar o exploit usando gcc: E por último podemos explorar e encontrar a flag roottxt What's the value of the flag in /root/root

CVEs Exploits I'm adding exploits for some CVEs that I wrote 2023 CVE-2023-4911 Buffer Overflow in glibc's ldso CVE-2021-3156 Heap-Based Buffer Overflow in Sudo 2021 CVE-2015-6967 Nibbleblog 403 CVE-2020-28038 WordPress before 552

run programs and scripts suid

Warning! See "Security" section at the end SUID Somewhat an inverse to sudo but with security first Usage git clone githubcom/hilbix/suidgit cd suid make sudo make install Afterwards you can run something as suid command args suid is inverse to sudo in the sense, that sudo

Study Project : Linux 資訊安全檢測與漏洞分析 Linux Information Security Scanning And Vulnerability Assessment

Linux 資訊安全檢測與漏洞分析【Linux Information Security Auditing And Exploitation Analysis】 :::info Study: Linux資訊安全檢測與漏洞分析 Author: [name=張呈顥(武田奈々)]$_{link}$ Advisor: [name=盧東華]$_{link}$ GitHub ::: ⭐ Keypoint 資安弱點掃描與檢測自動化腳本撰寫 Linux kernel and applications 漏洞利用與原理(CVE-2

Make-me-root 'Looney Tunables' security hole on Linux needs your attention

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources What's up, Doc? Try elevated permissions

Grab security updates for your Linux distributions: there's a security hole that can be fairly easily exploited by rogue users, intruders, and malicious software to gain root access and take over the box. Specifically, a buffer overflow vulnerability in the GNU C Library's handling of an environmental variable was spotted by security firm Qualys, which has gone public with some of the details now that patches are being emitted. The flaw, dubbed Looney Tunables, arises from the GNU C Library's dy...

CVE-2023-4911

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect