MalwareLab on Nostr: Recent privilege escalation vulnerabilities in GNU C Library #glibc widely used in ...

Recent privilege escalation vulnerabilities in GNU C Library #glibc widely used in many #Linux distributions such as #Debian, #Ubuntu, #Fedora and others.

CVE-2023-6246 #privesc #vuln can be triggered via #syslog by using long program name or ident parameter in openlog().

Another vulnerability is in #qsort function. While real-world affected programs are currently not known, this vulnerability is pretty old - since 1992 until now.

Reference: https://blog.qualys.com/vulnerabilities-threat-research/2024/01/30/qualys-tru-discovers-important-vulnerabilities-in-gnu-c-librarys-syslog

This is just another reason to consider using Linux distribution without glibc, for example #Alpine Linux with #musl