GNU C Library Vulnerability Allows Full Root Access


Researchers at Qualys have issued a warning on a vulnerability in Linux’s GNU C Library (glibc) that might allow attackers to get complete root access.

The bug, tracked as CVE-2023-6246 and described as a heap-based buffer overflow, was discovered in glibc’s __vsyslog_internal () function, which is used by the popular syslog () and vsyslog () logging routines. An unprivileged attacker might exploit the weakness by passing an argv [0] or openlog () ident argument that is longer than 1024 bytes. This would cause the __vsyslog_internal() buffer to overflow and overwrite the name[] field of a heap-based struct nss_module with a string of characters containing slashes.

Furthermore, the Qualys researchers raised another problem in glibc that could lead to memory corruption.

Read more: GNU C Library Vulnerability Leads to Full Root Access

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.