oss-sec mailing list archives
Re: CVE-2023-4911: Local Privilege Escalation in the glibc's ld.so
From: Solar Designer <solar () openwall com>
Date: Thu, 5 Oct 2023 03:27:18 +0200
On Tue, Oct 03, 2023 at 05:50:36PM +0000, Qualys Security Advisory wrote:
We successfully exploited this vulnerability and obtained full root privileges on the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, Debian 12 and 13; other distributions are probably also vulnerable and exploitable (one notable exception is Alpine Linux, which uses musl libc, not the glibc). We will not publish our exploit for now; however, this buffer overflow is easily exploitable (by transforming it into a data-only attack), and other researchers might publish working exploits shortly after this coordinated disclosure.
And they did, here are a couple: https://github.com/leesh3288/CVE-2023-4911 https://github.com/RickdeJager/CVE-2023-4911 Alexander
Current thread:
- CVE-2023-4911: Local Privilege Escalation in the glibc's ld.so Qualys Security Advisory (Oct 03)
- Re: CVE-2023-4911: Local Privilege Escalation in the glibc's ld.so Solar Designer (Oct 03)
- Re: CVE-2023-4911: Local Privilege Escalation in the glibc's ld.so Solar Designer (Oct 04)