CVE-2023-4911 PoC — Glibc: buffer overflow in ld.so leading to privilege escalation

Source

https://github.com/leesh3288/CVE-2023-4911

Associated Vulnerability

Title:Glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911)
Description:A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Description

PoC for CVE-2023-4911

Readme

# PoC of CVE-2023-4911 "Looney Tunables"

This is a PoC of CVE-2023-4911 (a.k.a. "Looney Tunables") exploiting a bug in glibc dynamic loader's `GLIBC_TUNABLES` environment variable parsing function `parse_tunables()`.

Code has been tested on Ubuntu 22.04.3 with glibc version `2.35-0ubuntu3.3`. No attempts have been made to generalize the PoC (read: "Works On My Machine"), so your mileage may vary.

As always, big kudos to the [Qualys Threat Research Unit](https://www.qualys.com/tru/) for the discovery of the vulnerability and for the [very detailed writeup](https://seclists.org/oss-sec/2023/q4/18).

-----

Written by [Xion](https://twitter.com/0x10n) of [KAIST Hacking Lab](https://kaist-hacking.github.io/)

File Snapshot


 [4.0K]  /data/pocs/b5aad7a0def6b30aa0a6b4cf98ccab4e7539a5e5
├── [3.7K]  exp.c
├── [ 390]  gen_libc.py
├── [ 179]  Makefile
└── [ 717]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!