<https://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/>

​Unprivileged attackers can get root access on multiple major Linux
distributions in default configurations by exploiting a newly disclosed
local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).

Tracked as CVE-2023-6246, this security flaw was found in glibc's
__vsyslog_internal() function, called by the widely-used syslog and
vsyslog functions for writing messages to the system message logger.

The bug is due to a heap-based buffer overflow weakness accidentally
introduced in glibc 2.37 in August 2022 and later backported to glibc
2.36 when addressing a less severe vulnerability tracked as CVE-2022-39046.

"The buffer overflow issue poses a significant threat as it could allow
local privilege escalation, enabling an unprivileged user to gain full
root access through crafted inputs to applications that employ these
logging functions," Qualys security researchers said.

"Although the vulnerability requires specific conditions to be exploited
(such as an unusually long argv[0] or openlog() ident argument), its
impact is significant due to the widespread use of the affected library."

Impacts Debian, Ubuntu, and Fedora systems
While testing their findings, Qualys confirmed that Debian 12 and 13,
Ubuntu 23.04 and 23.10, and Fedora 37 to 39 were all vulnerable to
CVE-2023-6246 exploits, allowing any unprivileged user to escalate
privileges to full root access on default installations.

Although their tests were limited to a handful of distros, the
researchers added that "other distributions are probably also exploitable."

While analyzing glibc for other potential security issues, the
researchers also found three other vulnerabilities, two of them—harder
to exploit— in the __vsyslog_internal() function (CVE-2023-6779 and
CVE-2023-6780) and a third one (a memory corruption issue still waiting
for a CVEID) in glibc's qsort () function.

"These flaws highlight the critical need for strict security measures in
software development, especially for core libraries widely used across
many systems and applications," said Saeed Abbasi, Product Manager at
Qualys' Threat Research Unit.

Other Linux root escalation flaws found by Qualys
Over the past few years, researchers at Qualys have found several other
Linux security vulnerabilities that can let attackers gain complete
control over unpatched Linux systems, even in default configurations.

Vulnerabilities they discovered include a flaw in glibc's ld.so dynamic
loader (Looney Tunables), one in Polkit's pkexec component (dubbed
PwnKit), another in the Kernel's filesystem layer (dubbed Sequoia), and
in the Sudo Unix program (aka Baron Samedit).

Days after the Looney Tunables flaw (CVE-2023-4911) was disclosed,
proof-of-concept (PoC) exploits were published online, and threat actors
started exploiting it one month later to steal cloud service provider
(CSP) credentials in Kinsing malware attacks.

The Kinsing gang is known for deploying cryptocurrency mining malware on
compromised cloud-based systems, including Kubernetes, Docker APIs,
Redis, and Jenkins servers.

CISA later ordered U.S. federal agencies to secure their Linux systems
against CVE-2023-4911 attacks after adding it to its catalog of actively
exploited bugs and tagging it as posing "significant risks to the
federal enterprise."

--
RabidPedagog
Catholic paleoconservative
Linux Mint patron

RabidPedagog wrote this copyrighted missive and expects royalties:

> <https://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/>
>
> ​Unprivileged attackers can get root access on multiple major Linux
> distributions in default configurations by exploiting a newly disclosed
> local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).
>
> Tracked as CVE-2023-6246, this security flaw was found in glibc's
> __vsyslog_internal() function, called by the widely-used syslog and
> vsyslog functions for writing messages to the system message logger.
>
> The bug is due to a heap-based buffer overflow weakness accidentally
> introduced in glibc 2.37 in August 2022 and later backported to glibc
> 2.36 when addressing a less severe vulnerability tracked as CVE-2022-39046.
>
> "The buffer overflow issue poses a significant threat as it could allow
> local privilege escalation, enabling an unprivileged user to gain full
> root access through crafted inputs to applications that employ these
> logging functions," Qualys security researchers said.
>
> "Although the vulnerability requires specific conditions to be exploited
> (such as an unusually long argv[0] or openlog() ident argument), its
> impact is significant due to the widespread use of the affected library."
>
> Impacts Debian, Ubuntu, and Fedora systems
> While testing their findings, Qualys confirmed that Debian 12 and 13,
> Ubuntu 23.04 and 23.10, and Fedora 37 to 39 were all vulnerable to
> CVE-2023-6246 exploits, allowing any unprivileged user to escalate
> privileges to full root access on default installations.
>
> Although their tests were limited to a handful of distros, the
> researchers added that "other distributions are probably also exploitable."
>
> While analyzing glibc for other potential security issues, the
> researchers also found three other vulnerabilities, two of them—harder
> to exploit— in the __vsyslog_internal() function (CVE-2023-6779 and
> CVE-2023-6780) and a third one (a memory corruption issue still waiting
> for a CVEID) in glibc's qsort () function.
>
> "These flaws highlight the critical need for strict security measures in
> software development, especially for core libraries widely used across
> many systems and applications," said Saeed Abbasi, Product Manager at
> Qualys' Threat Research Unit.
>
> Other Linux root escalation flaws found by Qualys
> Over the past few years, researchers at Qualys have found several other
> Linux security vulnerabilities that can let attackers gain complete
> control over unpatched Linux systems, even in default configurations.
>
> Vulnerabilities they discovered include a flaw in glibc's ld.so dynamic
> loader (Looney Tunables), one in Polkit's pkexec component (dubbed
> PwnKit), another in the Kernel's filesystem layer (dubbed Sequoia), and
> in the Sudo Unix program (aka Baron Samedit).
>
> Days after the Looney Tunables flaw (CVE-2023-4911) was disclosed,
> proof-of-concept (PoC) exploits were published online, and threat actors
> started exploiting it one month later to steal cloud service provider
> (CSP) credentials in Kinsing malware attacks.
>
> The Kinsing gang is known for deploying cryptocurrency mining malware on
> compromised cloud-based systems, including Kubernetes, Docker APIs,
> Redis, and Jenkins servers.
>
> CISA later ordered U.S. federal agencies to secure their Linux systems
> against CVE-2023-4911 attacks after adding it to its catalog of actively
> exploited bugs and tagging it as posing "significant risks to the
> federal enterprise."

Thanks for the heads-up. My Arch is 2.38-7 and Ubuntu is 2.31; but they're not
exposed to the public (since I work at home these days).

--
You need more time; and you probably always will.