Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2023-4911 PoC — Glibc: buffer overflow in ld.so leading to privilege escalation

Source
https://github.com/KillReal01/CVE-2023-4911
Associated Vulnerability
Title:Glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911)
Description:A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Readme
# CVE-2023-4911
This is a PoC (Proof Of Concept) for the Looney Tunables Linux Privilege Escalation vulnerability. This is based on [this PoC](https://github.com/leesh3288/CVE-2023-4911). Great thanks to `leesh3288`. [Here](https://seclists.org/oss-sec/2023/q4/18) you can find a very detailed writeup, and [here](https://youtu.be/1iV-CD9Apn8) you can see a very cool video by IppSec.

## Usage
Check if it's vulnerable
```bash
env -i "GLIBC_TUNABLES=glibc.malloc.mxfast=glibc.malloc.mxfast=A" "Z=`printf '%08192x' 1`" /usr/bin/su --help
```
![](vuln.png)

It is worth saying that vulnerable `glibc` versions are, including this one, from `2.35-0ubuntu3.3` and below.

![](version.png)

Run the exploit
```bash
$ make
```
![](poc.png)
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →