"New Linux glibc Flaw Lets Attackers Get Root on Major Distros"

Attackers can gain root access on multiple major Linux distributions in their default configurations by exploiting a Local Privilege Escalation (LPE) vulnerability in the GNU C Library (glibc). This security flaw, tracked as CVE-2023-6246, was discovered in a glibc function called by the syslog and vsyslog functions to write messages to the system message logger. The flaw stems from a heap-based buffer overflow vulnerability that was accidentally introduced in glibc 2.37 and later backported to glibc 2.36. According to Qualys security researchers, the buffer overflow vulnerability poses a major threat because it could enable LPE, thus allowing an unprivileged user to gain full root access via specially crafted inputs to applications that use these logging functions. This article continues to discuss the potential exploitation and impact of the LPE vulnerability in the glibc.

Bleeping Computer reports "New Linux glibc Flaw Lets Attackers Get Root on Major Distros"

Submitted by grigby1