CVE-2023-4911

Vulnerability updated 5 months ago (2024-05-04T19:11:29.028Z)
Download STIX
Preview STIX
CVE-2023-4911, also known as the "Looney Tunables" vulnerability, is a significant software flaw found in the GNU C Library (glibc), specifically within its dynamic loader ld.so. This buffer overflow issue occurs when processing the GLIBC_TUNABLES environment variable, enabling threat actors to execute arbitrary code and escalate privileges on major Linux distributions such as Debian, Gentoo, Red Hat, and Ubuntu. The vulnerability has a CVSS score of 7.8, indicating its high severity. The first known instance of active exploitation of this vulnerability was by the threat actor Kinsing, marking an inaugural shift in their tactics to include this exploit. They used a rudimentary PHPUnit vulnerability exploit to manipulate the Looney Tunables vulnerability. The exploit is a Linux local privilege escalation exploit, which they executed by downloading a script named gnu-acme.py. This script allowed for local privilege escalation by exploiting a buffer overflow in the handling of the GLIBC_TUNABLES environment variable by ld.so. The successful exploitation of this vulnerability provides root access to many popular Linux distributions, making it a critical concern for system administrators and security professionals. Researchers from Aqua Nautilus have flagged Kinsing's experimental incursions into cloud environments using this bug, highlighting the potential widespread impact of this vulnerability. As such, it's crucial that affected systems are patched promptly to mitigate the risk of exploitation.
Description last updated: 2024-03-17T13:16:17.500Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Looney Tunables is a possible alias for CVE-2023-4911. Looney Tunables is a significant vulnerability in Linux software design and implementation, which has been exploited by various threat actors. This flaw allows for local privilege escalation, providing unauthorized users with elevated access rights within a Linux environment. Multiple experts have r
5
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Linux
Exploit
Debian
Loader
Ubuntu
Vulnerability
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Kinsing Malware is associated with CVE-2023-4911. Kinsing is a malicious software, or malware, that has been recently observed exploiting vulnerabilities in systems. It operates by infiltrating computers or devices, often undetected, through suspicious downloads, emails, or websites. Once inside, Kinsing can wreak havoc by stealing personal informaUnspecified
4
Source Document References
Information about the CVE-2023-4911 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
2 months ago
Securityaffairs
2 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago