Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    [mc4wp_form id=3515]
    What's Hot

    Name That Toon: Last Line of Defense

    April 16, 2024

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Home»Cyber Security»‘Looney Tunables’ Bug Opens Millions of Linux Systems to Root Takeover
    Cyber Security

    ‘Looney Tunables’ Bug Opens Millions of Linux Systems to Root Takeover

    justmattgBy justmattgOctober 4, 2023No Comments4 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    [ad_1]

    Attackers can now gain root privileges on millions of Linux systems — by exploiting an easy-to-exploit, newly discovered buffer overflow flaw in a common library used on most major distributions of the open source OS. Dubbed “Looney Tunables,” the bug could mean “that’s all, folks” for sensitive data, and could lead to even worse ramifications.

    Fedora, Ubuntu, and Debian are the systems most at risk from the bug (CVE-2023-4911 CVSS 7.8), Qualys researchers revealed in a blog post late on Oct. 3. It’s found in the GNU C Library (glibc) in the GNU system, which is found in most systems running the Linux kernel, according to the firm.

    Glibc is a library that defines the system calls and other basic functionalities, such as open, malloc, printf, exit, etc., that a typical program requires. The vulnerability occurs in how the dynamic loader of glibc processes the GLIBC_TUNABLES environment variable, the researchers said, thus giving the bug its name.

    IoT devices running in a Linux environment in particular are extremely vulnerable to an exploit of the flaw, “due to their extensive use of the Linux kernel within custom operating systems,” warns John Gallagher, vice president of Viakoo Labs at Viakoo. That means that embedded environments such as smart factories, connected equipment like drones and robots, and a range of consumer gear are at particular risk.

    Researchers have successfully exploited the flaw — introduced to the code in April 2021 — to gain full root privileges on default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13. However, it’s likely that other distributions are similarly susceptible, with the exception of Alpine Linux “due to its use of musl libc instead of glibc,” Saeed Abbasi, product manager of the Threat Research Unit at Qualys, wrote in the post.  

    Exploiting the flaw — which isn’t difficult to do — results in considerable risks to vulnerable Linux systems, such as unauthorized data access, system alterations, and potential data theft, he tells Dark Reading.

    “This tangible threat to system and data security, coupled with the possible incorporation of the vulnerability into automated malicious tools or software such as exploit kits and bots, escalates the risk of widespread exploitation and service disruptions,” Abbasi says.

    Researchers disclosed the flaw to Red Hat on Sept. 4, and an advisory and patch was sent to the OpenWall open source security project on Sept. 19. The patch was subsequently released on Oct. 3, with various Linux distributions — including Red Hat, Ubuntu, Upstream, Debian, and Gentoo all releasing their own updates.

    Why the glibc Security Bug Is So Dangerous

    To understand the flaw, it’s important to know the importance of glibc’s dynamic loader, the part of the library responsible for preparing and running programs — duties that include determining and allocating shared libraries as well as linking them with the executable at runtime. In the process, the dynamic loader also resolves symbol references, such as function and variable references, ensuring that everything is set for the program’s execution.

    “Given its role, the dynamic loader is highly security-sensitive, as its code runs with elevated privileges when a local user launches a set-user-ID or set-group-ID program,” Abbasi explained in the post. That’s why if this component of the library is compromised, an attacker also has the benefit of those privileges on a system.

    The GLIBC_TUNABLES environment variable allows users to modify the lbrary’s behavior at runtime, eliminating the need to recompile either the application or the library. By setting GLIBC_TUNABLES, users can adjust various performance and behavior parameters, which are then applied upon application startup.

    Having a buffer overflow flaw in how the dynamic loader handles the GLIBC_TUNABLES environment variable — an essential tool for developers and system administrators — poses significant ramifications in terms of system performance, reliability, and security, Abbasi says.

    Patch Now, Patch Often

    These potential ramifications amplify the urgency of immediate patching, even though the researchers chose not to release their exploit. They did, however, release a technical breakdown of the vulnerability.

    “Even in the absence of evident exploitation in the wild, grasping a thorough understanding of the vulnerability and preemptively preparing defenses becomes paramount, particularly given the high stakes that come into play once it is exploited,” Abbasi says.

    In fact, given the ease with which the buffer overflow can be transformed into a data-only attack, Qualys anticipates that other research teams could soon produce and release exploits for Looney Tunables. This means that “organizations must act with utmost diligence to shield their systems and data from potential compromise through this vulnerability in glibc,” he advised.

    “Not only will different IoT device manufacturers have different schedules for producing patches, there will be a lengthy process to ensure that all devices are remediated,” says Viakoo Labs’ Gallagher. “To effectively deal with this, organizations must have a detailed inventory of all their assets, IT, IoT, and applications.”

    [ad_2]

    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleMicrosoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance
    Next Article Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Demo
    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Cyber Security

    Name That Toon: Last Line of Defense

    justmattgApril 16, 2024

    [ad_1] The enemies are always getting closer, using the same advanced technologies as security pros…

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024

    Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks

    April 16, 2024

    Subscribe to Updates

    Get the latest creative news from SmartMag about art & design.

    [mc4wp_form id=3515]
    Demo
    Top Posts

    Name That Toon: Last Line of Defense

    April 16, 2024

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Latest Reviews
    Cyber Security

    Name That Toon: Last Line of Defense

    justmattgApril 16, 2024

    [ad_1] The enemies are always getting closer, using the same advanced technologies as security pros…

    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    justmattgApril 16, 2024

    [ad_1] Apr 16, 2024NewsroomSupply Chain / Software Security Security researchers have uncovered a “credible” takeover…

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    [mc4wp_form id=3515]
    Demo
    MOST POPULAR

    Name That Toon: Last Line of Defense

    April 16, 2024

    California mountain lion P-22 left mark on wildlife conservation

    January 1, 2023

    Congress Again Writes To Home Minister Amit Shah Over Rahul Gandhi’s Security

    January 1, 2023
    OUR PICKS

    Name That Toon: Last Line of Defense

    April 16, 2024

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    [mc4wp_form id=3515]
    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑