Replying to Avatar MalwareLab

Recent privilege escalation vulnerabilities in GNU C Library #glibc widely used in many #Linux distributions such as #Debian, #Ubuntu, #Fedora and others.

CVE-2023-6246 #privesc #vuln can be triggered via #syslog by using long program name or ident parameter in openlog().

Another vulnerability is in #qsort function. While real-world affected programs are currently not known, this vulnerability is pretty old - since 1992 until now.

Reference: https://blog.qualys.com/vulnerabilities-threat-research/2024/01/30/qualys-tru-discovers-important-vulnerabilities-in-gnu-c-librarys-syslog

This is just another reason to consider using Linux distribution without glibc, for example #Alpine Linux with #musl

Avatar
Islamic Audiobooks Central 1y ago

Doesn't affect current #Ubuntu LTS 22.04 right?

Reply to this note

Please Login to reply.

Discussion

Avatar
MalwareLab 1y ago

Syslog vulnerability was introduced after Ubuntu 22.04, it affects Ubuntu 23.04 and newer.

Less severe qsort vulnerability is also in Ubuntu 22.04, and it is already patched.