{"id":22336,"date":"2024-02-01T10:27:52","date_gmt":"2024-02-01T15:27:52","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/cve-2023-6246-glibc-vulnerability\/22336\/"},"modified":"2024-02-14T20:37:02","modified_gmt":"2024-02-14T16:37:02","slug":"cve-2023-6246-glibc-vulnerability","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/cve-2023-6246-glibc-vulnerability\/22336\/","title":{"rendered":"Glibc library vulnerability published"},"content":{"rendered":"<p>On January 30, security researchers published information about a vulnerability they discovered in the glibc (GNU C Library), which could potentially allow attackers to elevate their privileges on Linux systems to root level. The library provides system calls and basic system functions \u2013 including syslog and vsyslog, which are used to write messages to the system message log. The vulnerability has received the identifier <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-6246\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2023-6246<\/a>, and a score of 8.4 on the CVSS v3.1 scale. Despite the fact that the level of this threat is not critical \u2013 it\u2019s just high \u2013 there\u2019s a high probability of its exploitation in large-scale attacks since glibc is the main system library that\u2019s used by almost all Linux programs.<\/p>\n<h2>Which systems are affected by CVE-2023-6246?<\/h2>\n<p>The Qualys researchers who discovered the vulnerability tested a number of popular Linux-based system installations, and identified several vulnerable systems: Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora Linux versions 37 through 39. However, experts add that other <a href=\"https:\/\/en.wikipedia.org\/wiki\/Linux_distribution\" target=\"_blank\" rel=\"nofollow noopener\">distributions<\/a> are probably also affected by this vulnerability. CVE-2023-6246 is present in the library version 2.36 and older. The glibc developers fixed the vulnerability in version 2.39 on January 31 \u2013 a day after information about it was published.<\/p>\n<h2>What is the CVE-2023-6246 vulnerability and where did it come from?<\/h2>\n<p>The vulnerability CVE-2023-6246 is related to a dynamic memory buffer overflow and belongs to the LPE (Local Privilege Escalation) class. In simple terms, an attacker who already has user access to a system can use vulnerable function calls to escalate their privileges to the super-user level.<\/p>\n<p>This vulnerability was first added to the library in version 2.37, in August 2022, in an attempt to close the less dangerous vulnerability <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-39046\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-39046<\/a>. Subsequently, the library developers made the same change in version 2.36.<\/p>\n<h2>How to stay safe?<\/h2>\n<p>First you need to update the glibc library to version 2.39. Since attackers must already have access to the system to exploit this vulnerability (and all LPE vulnerabilities in general), CVE-2023-6246 will most likely be exploited in complex multi-stage attacks. Therefore, we recommend using solutions that can protect Linux as well. For example, our <a href=\"https:\/\/me-en.kaspersky.com\/small-to-medium-business-security?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Kaspersky Endpoint Security<\/a> solution includes the Kaspersky Endpoint Security for Linux application, which combats modern threats to Linux-based systems.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial\">\n","protected":false},"excerpt":{"rendered":"<p>A vulnerability in the glibc library affects most major Linux distributions.<\/p>\n","protected":false},"author":2698,"featured_media":22337,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916,1917],"tags":[2726,533,268],"class_list":{"0":"post-22336","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"category-smb","10":"tag-libraries","11":"tag-linux","12":"tag-vulnerabilities"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/cve-2023-6246-glibc-vulnerability\/22336\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/cve-2023-6246-glibc-vulnerability\/27023\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/cve-2023-6246-glibc-vulnerability\/29693\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/cve-2023-6246-glibc-vulnerability\/27191\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/cve-2023-6246-glibc-vulnerability\/27009\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/cve-2023-6246-glibc-vulnerability\/29602\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/cve-2023-6246-glibc-vulnerability\/28486\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/cve-2023-6246-glibc-vulnerability\/36910\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/cve-2023-6246-glibc-vulnerability\/50369\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/cve-2023-6246-glibc-vulnerability\/21440\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/cve-2023-6246-glibc-vulnerability\/22206\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/cve-2023-6246-glibc-vulnerability\/30874\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/cve-2023-6246-glibc-vulnerability\/27414\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/cve-2023-6246-glibc-vulnerability\/33208\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/cve-2023-6246-glibc-vulnerability\/32832\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/vulnerabilities\/","name":"vulnerabilities"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/22336","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2698"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=22336"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/22336\/revisions"}],"predecessor-version":[{"id":22339,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/22336\/revisions\/22339"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/22337"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=22336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=22336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=22336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}