Malicious code execution likely with high-severity Linux bug

Numerous Linux distributions for the past two years have been impacted by a high-severity buffer overflow vulnerability involving the GLIBC_TUNABLES environment variable dubbed "Looney Tunables," which could be exploited to enable malicious code execution with elevated privileges, reports SiliconAngle. Such a vulnerability, which is apparent in Debian 12 and 13, Fedora 37 and 38, Ubuntu 22.04 and 23.04, could be leveraged by attackers to obtain full root privileges, and further exploits could allow data-only attacks, according to a report from Qualys Threat Research Unit researchers. "Exploiting this easily exploitable buffer overflow allows attackers to gain critical root privileges, resulting in substantial risks such as unauthorized data access, alterations, and potential data theft. This tangible threat to system and data security, coupled with the possible incorporation of the vulnerability into automated malicious tools or software such as exploit kits and bots, escalates the risk of widespread exploitation and service disruptions," said Qualys Manager of Vulnerability and Threat Research Saeed Abbasi.