On January 30, security researchers published information about a vulnerability they discovered in the glibc (GNU C Library), which could potentially allow attackers to elevate their privileges on Linux systems to root level. The library provides system calls and basic system functions – including syslog and vsyslog, which are used to write messages to the system message log. The vulnerability has received the identifier CVE-2023-6246, and a score of 8.4 on the CVSS v3.1 scale. Despite the fact that the level of this threat is not critical – it’s just high – there’s a high probability of its exploitation in large-scale attacks since glibc is the main system library that’s used by almost all Linux programs.
Which systems are affected by CVE-2023-6246?
The Qualys researchers who discovered the vulnerability tested a number of popular Linux-based system installations, and identified several vulnerable systems: Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora Linux versions 37 through 39. However, experts add that other distributions are probably also affected by this vulnerability. CVE-2023-6246 is present in the library version 2.36 and older. The glibc developers fixed the vulnerability in version 2.39 on January 31 – a day after information about it was published.
What is the CVE-2023-6246 vulnerability and where did it come from?
The vulnerability CVE-2023-6246 is related to a dynamic memory buffer overflow and belongs to the LPE (Local Privilege Escalation) class. In simple terms, an attacker who already has user access to a system can use vulnerable function calls to escalate their privileges to the super-user level.
This vulnerability was first added to the library in version 2.37, in August 2022, in an attempt to close the less dangerous vulnerability CVE-2022-39046. Subsequently, the library developers made the same change in version 2.36.
How to stay safe?
First you need to update the glibc library to version 2.39. Since attackers must already have access to the system to exploit this vulnerability (and all LPE vulnerabilities in general), CVE-2023-6246 will most likely be exploited in complex multi-stage attacks. Therefore, we recommend using solutions that can protect Linux as well. For example, our Kaspersky Endpoint Security solution includes the Kaspersky Endpoint Security for Linux application, which combats modern threats to Linux-based systems.