joojmachine@lemmy.ml to Linux@lemmy.ml · 9 months agoRoot access vulnerability in glibc library impacts many Linux distrossecurityaffairs.comexternal-linkmessage-square41fedilinkarrow-up11arrow-down10
arrow-up11arrow-down1external-linkRoot access vulnerability in glibc library impacts many Linux distrossecurityaffairs.comjoojmachine@lemmy.ml to Linux@lemmy.ml · 9 months agomessage-square41fedilink
minus-squareshadowintheday2@lemmy.worldlinkfedilinkEnglisharrow-up0·9 months ago"A qsort vulnerability is due to a missing bounds check and can lead to memory corruption. It has been present in all versions of glibc since 1992. " This one amazes me. Imagine how many vulnerabilities future researchers will discover in ancient software that persisted/persist for decades.
minus-squarePlexSheep@feddit.delinkfedilinkarrow-up0·edit-29 months agoThat’s not the main part of the article, just a footnote, for anyone wondering. The flaw resides in the glibc’s syslog function, an attacker can exploit the flaw to gain root access through a privilege escalation. The vulnerability was introduced in glibc 2.37 in August 2022.
minus-squarexlash123@sh.itjust.workslinkfedilinkarrow-up0·9 months agoC is just crazy. You accidentally forget to put the bounds in a sorting function, and now you are root.
"A qsort vulnerability is due to a missing bounds check and can lead to memory corruption. It has been present in all versions of glibc since 1992. "
This one amazes me. Imagine how many vulnerabilities future researchers will discover in ancient software that persisted/persist for decades.
That’s not the main part of the article, just a footnote, for anyone wondering.
C is just crazy. You accidentally forget to put the bounds in a sorting function, and now you are root.