New Local Privilege Escalation Vulnerability in GNU C Library (glibc)
New Linux glibc flaw lets attackers get root on major distros 🔗
A new local privilege escalation (LPE) vulnerability in the GNU C Library (glibc) allows unprivileged attackers to gain root access on major Linux distributions in default configurations. Tracked as CVE-2023-6246, the flaw affects glibc's __vsyslog_internal() function and poses a significant threat due to a heap-based buffer overflow weakness. Qualys security researchers confirmed its impact on Debian, Ubuntu, and Fedora systems, and also identified three other vulnerabilities in glibc. This discovery emphasizes the critical need for strict security measures in software development, especially for core libraries widely used across many systems and applications.
- New local privilege escalation (LPE) vulnerability in glibc allows unprivileged attackers to gain root access on major Linux distributions.
- Tracked as CVE-2023-6246, the flaw affects glibc's __vsyslog_internal() function and poses a significant threat due to a heap-based buffer overflow weakness.
- Qualys security researchers confirmed its impact on Debian, Ubuntu, and Fedora systems, and also identified three other vulnerabilities in glibc.
- The discovery emphasizes the critical need for strict security measures in software development, especially for core libraries widely used across many systems and applications.