CVE-2023-4911

Vulnerability updated 7 months ago (2024-05-04T19:11:29.028Z)

Download STIX

Preview STIX

CVE-2023-4911, also known as the "Looney Tunables" vulnerability, is a significant software flaw found in the GNU C Library (glibc), specifically within its dynamic loader ld.so. This buffer overflow issue occurs when processing the GLIBC_TUNABLES environment variable, enabling threat actors to execute arbitrary code and escalate privileges on major Linux distributions such as Debian, Gentoo, Red Hat, and Ubuntu. The vulnerability has a CVSS score of 7.8, indicating its high severity. The first known instance of active exploitation of this vulnerability was by the threat actor Kinsing, marking an inaugural shift in their tactics to include this exploit. They used a rudimentary PHPUnit vulnerability exploit to manipulate the Looney Tunables vulnerability. The exploit is a Linux local privilege escalation exploit, which they executed by downloading a script named gnu-acme.py. This script allowed for local privilege escalation by exploiting a buffer overflow in the handling of the GLIBC_TUNABLES environment variable by ld.so. The successful exploitation of this vulnerability provides root access to many popular Linux distributions, making it a critical concern for system administrators and security professionals. Researchers from Aqua Nautilus have flagged Kinsing's experimental incursions into cloud environments using this bug, highlighting the potential widespread impact of this vulnerability. As such, it's crucial that affected systems are patched promptly to mitigate the risk of exploitation.

Description last updated: 2024-03-17T13:16:17.500Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Looney Tunables is a possible alias for CVE-2023-4911. Looney Tunables is a significant vulnerability in Linux software design and implementation, which has been exploited by various threat actors. This flaw allows for local privilege escalation, providing unauthorized users with elevated access rights within a Linux environment. Multiple experts have r	5

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Linux

Exploit

Debian

Loader

Ubuntu

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Kinsing Malware is associated with CVE-2023-4911. Kinsing is a malicious software, or malware, that has been recently observed exploiting vulnerabilities in systems. It operates by infiltrating computers or devices, often undetected, through suspicious downloads, emails, or websites. Once inside, Kinsing can wreak havoc by stealing personal informa	Unspecified	4

Source Document References

Information about the CVE-2023-4911 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	4 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	4 months ago	security-affairs-malware-newsletter-round-5
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	5 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	5 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	8 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 463 by Pierluigi Paganini
Securityaffairs	9 months ago	Security Affairs newsletter Round 462 by Pierluigi Paganini
Securityaffairs	9 months ago	Security Affairs newsletter Round 461 by Pierluigi Paganini
Securityaffairs	9 months ago	Security Affairs newsletter Round 460 by Pierluigi Paganini