Looney Tunables (CVE-2023-4911)
What is Looney Tunables (CVE-2023-4911)?
Looney Tunables (CVE-2023-4911)A buffer overflow in glibc's dynamic loader triggered by the GLIBC_TUNABLES environment variable that yields local root on many Linux distributions.
Looney Tunables is a vulnerability in the GNU C Library (glibc) dynamic loader ld.so disclosed by Qualys in October 2023 and tracked as CVE-2023-4911. It is a buffer overflow in parsing the GLIBC_TUNABLES environment variable, introduced in glibc 2.34. Because ld.so runs with elevated privileges when launching SUID binaries, an unprivileged local attacker can craft a malicious GLIBC_TUNABLES value, execute any SUID program (such as su), and gain root. Affected systems include default installations of Fedora 37/38, Ubuntu 22.04/23.04 and Debian 12 and 13. Mitigation is upgrading glibc to a patched version.
● Examples
- 01
An attacker with a local account launches a crafted su via GLIBC_TUNABLES and gains root.
- 02
Post-exploitation tooling chains Looney Tunables with a remote web shell to fully compromise the host.
● Frequently asked questions
What is Looney Tunables (CVE-2023-4911)?
A buffer overflow in glibc's dynamic loader triggered by the GLIBC_TUNABLES environment variable that yields local root on many Linux distributions. It belongs to the Vulnerabilities category of cybersecurity.
What does Looney Tunables (CVE-2023-4911) mean?
A buffer overflow in glibc's dynamic loader triggered by the GLIBC_TUNABLES environment variable that yields local root on many Linux distributions.
How does Looney Tunables (CVE-2023-4911) work?
Looney Tunables is a vulnerability in the GNU C Library (glibc) dynamic loader ld.so disclosed by Qualys in October 2023 and tracked as CVE-2023-4911. It is a buffer overflow in parsing the GLIBC_TUNABLES environment variable, introduced in glibc 2.34. Because ld.so runs with elevated privileges when launching SUID binaries, an unprivileged local attacker can craft a malicious GLIBC_TUNABLES value, execute any SUID program (such as su), and gain root. Affected systems include default installations of Fedora 37/38, Ubuntu 22.04/23.04 and Debian 12 and 13. Mitigation is upgrading glibc to a patched version.
How do you defend against Looney Tunables (CVE-2023-4911)?
Defences for Looney Tunables (CVE-2023-4911) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Looney Tunables (CVE-2023-4911)?
Common alternative names include: CVE-2023-4911, GLIBC_TUNABLES overflow.
● Related terms
- vulnerabilities№ 860
Privilege Escalation
A class of vulnerabilities that lets an attacker gain rights beyond those originally granted, such as moving from a normal user to administrator.
- vulnerabilities№ 885
PwnKit (CVE-2021-4034)
A local privilege-escalation vulnerability in the Polkit pkexec utility that lets any unprivileged user gain root on most Linux distributions.
- vulnerabilities№ 324
Dirty Pipe (CVE-2022-0847)
A Linux kernel flaw that lets an unprivileged process overwrite the contents of arbitrary read-only files, including SUID binaries, leading to root.
- vulnerabilities№ 131
Buffer Overflow
A memory-safety flaw where a program writes past the end of an allocated buffer, corrupting adjacent memory and often enabling code execution.