Security Researchers Warn of "Looney Tunables," a Privilege Escalation Vulnerability Affecting Linux
Qualys discloses a vulnerability, introduced in 2021, in the GNU C Library which gives unprivileged users root access.
Security firm Qualys has warned of a security vulnerability in the GNU C Library's dynamic loader, allowing users of common Linux distributions to escalate their privilege levels all the way up to root: Looney Tunables.
"The Qualys Threat Research Unit (TRU) has discovered a buffer overflow vulnerability in GNU C Library's dynamic loader’s processing of the GLIBC_TUNABLES environment variable," says Qualys' Saeed Abbasi. "We have successfully identified and exploited this vulnerability (a local privilege escalation that grants full root privileges) on the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13. It’s likely that other distributions are similarly susceptible, although we've noted that Alpine Linux remains an exception due to its use of musl libc instead of glibc."
Commonly known as glibc, the GNU C Library is used in most, but not all, Linux distributions for defining basic program functionality. In 2021, however, the library received a new function for runtime behavior modification, the GLIBC_TUNABLES environment variable — the addition of which introduced an at-the-time unnoticed buffer overflow vulnerability, the exploitation of which allows for an unprivileged user to gain access equivalent to the root user.
"Although we are withholding our exploit code for now," Abbasi says, "the ease with which the buffer overflow can be transformed into a data-only attack implies that other research teams could soon produce and release exploits. This could put countless systems at risk, especially given the extensive use of glibc across Linux distributions. While certain distributions like Alpine Linux are exempt due to their use of musl libc instead of glibc, many popular distributions are potentially vulnerable and could be exploited in the near future.
Those running a glibc-based Linux distribution — representing the majority of Linux distributions out there — are advised to check for a patch and install it as soon as possible; Red Hat has issued a temporary workaround, which uses the SystemTap utility to automatically terminate programs attempting to exploit the vulnerability, for those unable to patch immediately.
More information is available in the Qualys security advisory.