Skip Navigation

Security @lemmy.ml

BlanK0 @lemmy.ml

1y ago

Root access vulnerability in glibc library impacts many Linux distros

securityaffairs.com Root access vulnerability in glibc library impacts many Linux distros

Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in GNU Library C (glibc) affecting multiple Linux distributions.

Root access vulnerability in glibc library impacts many Linux distros

Linux @lemmy.ml

Root access vulnerability in glibc library impacts many Linux distros

securityaffairs.com /158369/security/gnu-library-c-glibc-cve-2023-6246-flaw.html

Root access vulnerability in glibc library impacts many Linux distros

357 85

3 comments

@BlanK0 @security the fix commit says the problem occurs when the program name is very long - so probably not very exploitable, as the program name is usually set in stone.
- Thx for pointing that out 🤙
- Symlink or copy/rename could trigger it, as long as there is a user writable area with execute perms? /home usually allows exec?
  Also some of the exec* functions allow manipulating the argv[0], so possibly another vector there.