Qualys Threat Research Unit (TRU) has discovered a new vulnerability in Linux systems that gives attackers complete control over affected systems. Dubbed “Looney Tunables,” the vulnerability is associated with the processing of the environment variable glibc_tunables in the dynamic loading libraries GNU C (GLIBC).
The vulnerability, CVE-2023-4911, which has a CVSS score of 7.8, is classified as a buffer overflow and allows cybercriminals to locally elevate privileges, granting them access at the root level.
The root user possesses all rights and full access to functions and files. With root access, one can install and delete software, change system settings, create, modify, and delete files anywhere in the system, and more.
Root access can be valuable for experienced users and developers as it provides greater flexibility and control over the device. However, the use of root privileges carries risks, as incorrect changes or the installation of malicious software can damage the device or compromise its security.