On January 30, safety researchers printed details about a vulnerability they found within the glibc (GNU C Library), which may doubtlessly permit attackers elevate their privileges on Linux programs to root degree. The library offers system calls and primary system features – together with syslog and vsyslog, that are used to write down messages to the system message log. The vulnerability has obtained the identifier CVE-2023-6246, and a rating of 8.4 on the CVSS v3.1 scale. Even though the extent of this risk just isn’t vital – it’s simply excessive – there’s a excessive likelihood of its exploitation in large-scale assaults since glibc is the principle system library that’s utilized by virtually all Linux applications.
Which programs are affected by CVE-2023-6246?
The Qualys researchers who found the vulnerability examined quite a few common Linux-based system installations, and recognized a number of susceptible programs: Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora Linux variations 37 by 39. Nevertheless, consultants add that different distributions are in all probability additionally affected by this vulnerability. CVE-2023-6246 is current within the library model 2.36 and older. The glibc builders fastened the vulnerability in model 2.39 on January 31 – a day after details about it was printed.
What’s the CVE-2023-6246 vulnerability and the place did it come from?
The vulnerability CVE-2023-6246 is said to a dynamic reminiscence buffer overflow and belongs to the LPE (Native Privilege Escalation) class. In easy phrases, an attacker who already has person entry to a system can use susceptible operate calls to escalate their privileges to the super-user degree.
This vulnerability was first added to the library in model 2.37, in August 2022, in an try to shut the much less harmful vulnerability CVE-2022-39046. Subsequently, the library builders made the identical change in model 2.36.
How you can keep secure?
First it’s worthwhile to replace the glibc library to model 2.39. Since attackers should have already got entry to the system to take advantage of this vulnerability (and all LPE vulnerabilities normally), CVE-2023-6246 will most certainly be exploited in complicated multi-stage assaults. Due to this fact, we suggest utilizing options that may shield Linux as nicely. For instance, our Kaspersky Endpoint Safety answer consists of the Kaspersky Endpoint Safety for Linux utility, which combats trendy threats to Linux-based programs.
