Sensationalist Clickbait Called 'Looney Tunables' to Badmouth Linux (It's Not Even Linux)
-
New 'Looney Tunables' Linux bug gives root on major distros [Ed: Massively overrated issue and not Linux, it's a GNU library]
A new Linux vulnerability known as 'Looney Tunables' enables local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library's ld.so dynamic loader.
The GNU C Library (glibc) is the GNU system's C library and is in most Linux kernel-based systems. It provides essential functionality, including system calls like open, malloc, printf, exit, and others, necessary for typical program execution.
-
Cyber Security Today, Oct. 4, 2023 – Critical vulnerabilities found in Linux and TorchServe [Ed: It's not a Linux issue and it is not severe. This is a Microsoft sponsored site talking nonsense for commercial reasons.]
Linux administrators are being urged to patch their operating systems to close a just-discovered 16-month-old vulnerability. Default installations of Fedora, Ubutu and Debian are open to being exploited, say researchers at Qualys. The hole is a buffer overflow vulnerability which can give an attacker full root privileges. The researchers believe threat actors can easly produce an exploit. It’s imperative system administrators act swiftly, the researchers say. Only those using Alpine Linux are exempt from being hit by this particular hole.
-
Buffer overflow bug gives root on potentially millions of Linux boxes
A severe vulnerability affecting potentially millions of machines lets an attacker elevate limited local privileges to full root on numerous flavours of Linux including default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13, says cybersecurity firm Qualys.
The vulnerability, allocated CVE-2023-4911, affects a widely used feature in the GNU C Library (glibc) called “Tunables” that allows application authors and distribution maintainers to alter the runtime library behaviour to match their workload. It was introduced in April 2021 (glibc 2.34) by commit 2ed18c, the security company said in an October 3 report.
-
“Looney Tunables” Flaw in Linux Allows Root Access
Security researchers at Qualys have disclosed a high severity vulnerability in the GNU C Library (glibc) that could allow local attackers to gain root privileges on affected Linux systems. The vulnerability, tracked as CVE-2023-4911 and dubbed "Looney Tunables" is caused by a buffer overflow issue in glibc's dynamic loader ld.so.
The ld.so loader is responsible for finding and loading shared library dependencies for executables at runtime. The vulnerability specifically exists in ld.so's handling of the GLIBC_TUNABLES environment variable, which configures tuning parameters for glibc. By supplying a malformed GLIBC_TUNABLES value, attackers can trigger a buffer overflow and corrupt memory.
-
Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions
A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library's ld.so dynamic loader that, if successfully exploited, could lead to a local privilege escalation and allow a threat actor to gain root privileges.
-
Linux Vulnerability Exposes Millions of Systems to Attack [Ed: It is not a Linux issue. If it was a Linux issue, Alpine too would be affected.]
While Alpine Linux remains immune to the Linux vulnerability, system administrators are urged to patch other Linux systems.