Looney Tunables (CVE-2023-4911)
What is Looney Tunables (CVE-2023-4911)?
Looney Tunables (CVE-2023-4911)A buffer overflow in glibc's dynamic loader triggered by the GLIBC_TUNABLES environment variable that yields local root on many Linux distributions.
Looney Tunables is a vulnerability in the GNU C Library (glibc) dynamic loader ld.so disclosed by Qualys in October 2023 and tracked as CVE-2023-4911. It is a buffer overflow in parsing the GLIBC_TUNABLES environment variable, introduced in glibc 2.34. Because ld.so runs with elevated privileges when launching SUID binaries, an unprivileged local attacker can craft a malicious GLIBC_TUNABLES value, execute any SUID program (such as su), and gain root. Affected systems include default installations of Fedora 37/38, Ubuntu 22.04/23.04 and Debian 12 and 13. Mitigation is upgrading glibc to a patched version.
● Examples
- 01
An attacker with a local account launches a crafted su via GLIBC_TUNABLES and gains root.
- 02
Post-exploitation tooling chains Looney Tunables with a remote web shell to fully compromise the host.
● Frequently asked questions
What is Looney Tunables (CVE-2023-4911)?
A buffer overflow in glibc's dynamic loader triggered by the GLIBC_TUNABLES environment variable that yields local root on many Linux distributions. It belongs to the Vulnerabilities category of cybersecurity.
What does Looney Tunables (CVE-2023-4911) mean?
A buffer overflow in glibc's dynamic loader triggered by the GLIBC_TUNABLES environment variable that yields local root on many Linux distributions.
How do you defend against Looney Tunables (CVE-2023-4911)?
Defences for Looney Tunables (CVE-2023-4911) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Looney Tunables (CVE-2023-4911)?
Common alternative names include: CVE-2023-4911, GLIBC_TUNABLES overflow.