ROSA LABROSA-SA-2024-2331

HistoryJan 30, 2024 - 8:06 a.m.

Vulners
/
Rosalinux
/
Advisory ROSA-SA-2024-2331

Advisory ROSA-SA-2024-2331

2024-01-3008:06:33

ROSA LAB

abf.rosalinux.ru

glibc 2.17

buffer overflow

elevated privileges

suid permissions

fixed

yum update

rosa-server79

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.014 Low

EPSS

Percentile

86.5%

JSON

Software: glibc 2.17
OS: rosa-server79

package_evr_string: glibc-2.17-326.res7.7

CVE-ID: CVE-2023-4911
BDU-ID: 2023-06269
CVE-Crit: N/A
CVE-DESC.: A vulnerability in the dynamic loader ld.so of the glibc library is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code with elevated privileges by running binaries with SUID permissions and creating the GLIBC_TUNABLES environment variable.
CVE-STATUS: Fixed
CVE-REV: To close, run yum update httpd

OSVersionArchitecturePackageVersionFilename
rosaanynoarchglibc< 2.17UNKNOWN

OS	Version	Architecture	Package	Version	Filename
rosa	any	noarch	glibc	< 2.17	UNKNOWN

ubuntucve 1

prion 1

cgr 1

redhat 69

nessus 31

ibm 8

githubexploit 16

debiancve 1

packetstorm 2

osv 6

redhatcve 1

mageia 1

cbl_mariner 1

oraclelinux 8

broadcom 1

nvd 1

zdt 2

cisa_kev 1

attackerkb 1

openvas 10

wolfi 1

metasploit 1

qualysblog 1

hivepro 2

f5 1

cvelist 1

kitploit 1

cve 1

github 1

ubuntu 1

cloudfoundry 1

thn 3

debian 1

rosalinux 1

fedora 3

rocky 1

gentoo 1

almalinux 2

rapid7blog 1

photon 1

avleonov 1

oracle 2

ics 1

ubuntucve

CVE-2023-4911

2023-10-03 00:00:00

prion

Buffer overflow

2023-10-03 18:15:00

cgr

CVE-2023-4911 vulnerabilities

2024-05-19 03:07:16

redhat

(RHSA-2024:0033) Moderate: Red Hat Virtualization Host 4.4.z SP 1 security update

2024-01-03 14:02:59

(RHSA-2023:5454) Important: glibc security update

2023-10-05 10:06:44

(RHSA-2023:5476) Important: glibc security update

2023-10-05 13:52:32

nessus

RHEL 8 : Red Hat Virtualization Host 4.4.z SP 1 (RHSA-2024:0033)

2024-01-03 00:00:00

RHEL 8 : glibc (RHSA-2023:5476)

2023-10-05 00:00:00

CBL Mariner 2.0 Security Update: glibc (CVE-2023-4911)

2023-10-13 00:00:00

ibm

Security Bulletin: glibc vulnerability affects IBM Elastic Storage System (CVE-2023-4911)

2023-12-04 10:46:37

Security Bulletin: Vulnerability with GNU glibc & libcURL affect IBM Cloud Object Storage Systems (Nov2023v1)

2023-11-14 21:53:56

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, glibc-minimal-langpack, glibc-common, ncurses-libs and Kubernetes

2023-11-16 16:21:31

githubexploit

Exploit for Out-of-bounds Write in Gnu Glibc

2023-10-14 02:24:52

Exploit for Out-of-bounds Write in Gnu Glibc

2023-10-04 14:32:49

Exploit for Out-of-bounds Write in Gnu Glibc

2023-10-11 14:49:22

debiancve

CVE-2023-4911

2023-10-03 18:15:10

packetstorm

Glibc Tunables Privilege Escalation

2023-12-21 00:00:00

glibc ld.so Local Privilege Escalation

2023-10-06 00:00:00

osv

glibc - security update

2023-10-03 00:00:00

CVE-2023-4911

2023-10-03 18:15:10

glibc vulnerabilities

2023-10-03 18:04:23

redhatcve

CVE-2023-4911

2023-10-03 17:24:53

mageia

Updated glibc packages fix a security vulnerability

2023-10-12 00:04:02

cbl_mariner

CVE-2023-4911 affecting package glibc for versions less than 2.35-5

2023-10-11 01:41:59

oraclelinux

glibc security update

2023-10-05 00:00:00

glibc security update

2023-10-09 00:00:00

glibc security update

2023-10-05 00:00:00

broadcom

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so

2024-01-17 00:00:00

nvd

CVE-2023-4911

2023-10-03 18:15:10

zdt

Glibc Tunables Privilege Escalation Exploit

2023-12-21 00:00:00

glibc ld.so Local Privilege Escalation Vulnerability

2023-10-08 00:00:00

cisa_kev

GNU C Library Buffer Overflow Vulnerability

2023-11-21 00:00:00

attackerkb

CVE-2023-4911

2023-10-03 00:00:00

openvas

Mageia: Security Advisory (MGASA-2023-0286)

2023-10-12 00:00:00

Ubuntu: Security Advisory (USN-6409-1)

2023-10-04 00:00:00

Debian: Security Advisory (DSA-5514-1)

2023-10-04 00:00:00

wolfi

CVE-2023-4911 vulnerabilities

2024-07-02 15:14:03

metasploit

Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)

2023-12-14 23:28:43

qualysblog

CVE-2023-4911: Looney Tunables – Local Privilege Escalation in the glibc’s ld.so

2023-10-03 17:21:22

hivepro

Kinsing Exploits Looney Tunables Vulnerability to Breach Cloud Environments

2023-11-07 08:23:12

‘Looney Tunables’ Flaw Enables Local Privilege Escalation in Glibc

2023-10-05 10:18:37

K000137187 : GlibC vulnerability CVE-2023-4911

2023-10-09 00:00:00

cvelist

CVE-2023-4911 Glibc: buffer overflow in ld.so leading to privilege escalation

2023-10-03 17:25:08

kitploit

LooneyPwner - Exploit Tool For CVE-2023-4911, Targeting The 'Looney Tunables' Glibc Vulnerability In Various Linux Distributions

2023-10-27 11:30:00

cve

CVE-2023-4911

2023-10-03 18:15:10

github

Cueing up a calculator: an introduction to exploit development on Linux

2023-12-06 17:30:42

ubuntu

GNU C Library vulnerabilities

2023-10-03 00:00:00

cloudfoundry

USN-6409-1: GNU C Library vulnerabilities | Cloud Foundry

2024-03-18 00:00:00

thn

Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments

2023-11-03 13:12:00

New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

2024-01-31 05:44:00

Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions

2023-10-04 07:21:00

debian

[SECURITY] [DSA 5514-1] glibc security update

2023-10-03 17:26:13

rosalinux

Advisory ROSA-SA-2024-2332

2024-01-30 08:26:13

fedora

[SECURITY] Fedora 37 Update: glibc-2.36-14.fc37

2023-10-04 15:49:21

[SECURITY] Fedora 38 Update: glibc-2.37-10.fc38

2023-10-04 15:52:08

[SECURITY] Fedora 39 Update: glibc-2.38-6.fc39

2023-10-04 17:16:19

rocky

glibc security update

2023-10-06 22:57:06

gentoo

glibc: Multiple vulnerabilities

2023-10-04 00:00:00

almalinux

Important: glibc security update

2023-10-05 00:00:00

Important: glibc security update

2023-10-05 00:00:00

rapid7blog

Metasploit Weekly Wrap-Up

2023-12-22 16:32:56

photon

Critical Photon OS Security Update - PHSA-2023-5.0-0110

2023-10-06 00:00:00

avleonov

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture

2023-11-05 18:39:59

oracle

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Oracle Critical Patch Update Advisory - April 2024

2024-04-16 00:00:00

ics

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.014 Low

EPSS

Percentile

86.5%

JSON

Related for ROSA-SA-2024-2331