7.8
CVSSv3

CVE-2023-6246

Published: 31/01/2024 Updated: 21/11/2024

Vulnerability Summary

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu glibc

fedoraproject fedora 38

fedoraproject fedora 39

Vendor Advisories

Description<!---->A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library This function is called by the syslog and vsyslog functions This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 b ...

Exploits

Qualys discovered a heap-based buffer overflow in the GNU C Library's __vsyslog_internal() function, which is called by both syslog() and vsyslog() This vulnerability was introduced in glibc 237 (in August 2022) ...
Qualys discovered a memory corruption in the glibc's qsort() function, due to a missing bounds check To be vulnerable, a program must call qsort() with a nontransitive comparison function (a function cmp(int a, int b) that returns (a - b), for example) and with a large number of attacker-controlled elements (to cause a malloc() failure inside qsor ...

Mailing Lists

Qualys Security Advisory CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() ======================================================================== Contents ======================================================================== Summary Analysis Proof of concept Exploitation Acknowledgments Timeline ========================== ...
Qualys Security Advisory For the algorithm lovers: Nontransitive comparison functions lead to out-of-bounds read &amp; write in glibc's qsort() ======================================================================== Contents ======================================================================== Summary Background Experiments Analysis Patch D ...
Qualys Security Advisory CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() ======================================================================== Contents ======================================================================== Summary Analysis Proof of concept Exploitation Acknowledgments Timeline ========================== ...
FYI, the glibc advisory announcement is here: sourcewareorg/pipermail/libc-announce/2024/000037html and here are the individual advisories: sourcewareorg/git/?p=glibcgit;a=blob_plain;f=advisories/GLIBC-SA-2024-0001;hb=HEAD sourcewareorg/git/?p=glibcgit;a=blob_plain;f=advisories/GLIBC-SA-2024-0002;hb=HEAD sou ...
Qualys Security Advisory For the algorithm lovers: Nontransitive comparison functions lead to out-of-bounds read &amp; write in glibc's qsort() ======================================================================== Contents ======================================================================== Summary Background Experiments Analysis Patch D ...

Github Repositories

ele spawns elevated processes.

ele ele spawns elevated processes To make this work, there are two pieces: ele ele is a command line application You can call it the way you might expect: $ ele id uid=0(root) gid=0(root) groups=0(root) At least for non-interactive applications For applications that need access to the terminal (like a shell), use -i: $ ele --interactive

Recent Articles

SBF likely off the hook for misplaced FTX funds after cops bust SIM swap ring
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources PLUS: more glibc vulns discovered; DraftKings hacker sentenced; and a hefty dose of critical vulnerabilities

Infosec In Brief The recent indictment of a massive SIM-swapping ring may mean convicted crypto conman Sam Bankman-Fried is innocent of at least one allegation still hanging over his head: The theft of more than $400 million in crypto hacked from wallets belonging to his crypto firm, FTX, just before it declared bankruptcy. As reported earlier this week, a trio of individuals, led by Chicago resident Robert Powell, were indicted [PDF] on charges of committing SIM swapping attacks on over 50 vict...