Tag Archive for: Folks

Looney Tunables Exploit Gives Hackers Root Access To Linux, That’s All Folks


looney tunables privilege escalation vulnerability discovered linux kernel

If Marvin the Martian makes it onto your computer and does privilege escalation to take it over, we might now know just how they did it. A new Linux local privilege escalation vulnerability, dubbed Looney Tunables. that can bump basic users to root was discovered, affecting a plethora of Linux installations.

Glibc is the GNU C Library project, and it “provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel.” Effectively, any operation you do on a Linux kernel system has ties to this library in some form or fashion. Within this is a dynamic loader, which helps to prep and run programs on the system to see what shared libraries are needed by that program. With this, an environment variable called GLIBC_TUNABLES allows users to change library behavior on the fly to avoid requiring a recompile.

code looney tunables privilege escalation vulnerability discovered linux kernel
Snippet of vulnerable code

On the inside of glibc, a buffer overflow vulnerability was discovered in the function that handles GLIBC_TUNABLES. With exploitation, this would allow for full root privilege to be granted to a local attacker “on the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13,” likely alongside other distributions of the Linux kernel. The researchers at Qualys note that the issue was introduced in April 2021 with glibc version 2.34, which has since been updated four times.

Thankfully, this vulnerability and associated exploit was sent to RedHat early last month, was patched around September 19th, and had a coordinated release date yesterday. Further, as it stands, exploit code is being withheld, but it would not be outside the realm of possibility that another research team or threat actor develops an exploit to integrate into a kill chain. As such, it is recommended that system administrators patch their boxes against this threat to “ensure system integrity and security.”

Source…

Sorry, HTC Folks: You’re Not Getting Monthly Android Security Updates – Tech Times


Tech Times

Sorry, HTC Folks: You're Not Getting Monthly Android Security Updates
Tech Times
Android security has been controversial due to the recent high-risk Stagefright, a bug that tags along with a multimedia file and steals information within the phone. The fault exists in a media playback tool built into the OS. Phishers may send a
HTC says monthly Android security updates are "unrealistic"ZDNet
HTC Says Monthly Android Security Updates Are 'Unrealistic'NDTV
HTC president calls monthly Android security updates 'unrealistic'Digital Trends
MNR Daily –PhoneDog –Hot Hardware
all 35 news articles »

“android security” – read more

TV Review: Scream (1×05) “Exposed” – The Young Folks


The Young Folks

TV Review: Scream (1×05) “Exposed”
The Young Folks
Noah discovers malware attached to their language arts homework, at which point I was more concerned about the fact that their high school teaches a class called “Language Arts” rather than “English” or “Literature.” Anyway, the malware allows the

and more »

flame malware – read more

Pro-privacy folks likened to digital al-Qaida; feds want to ‘blind’ hackers

Cab drivers participating in “Taxis on Patrol” are like a “Neighborhood Watch on Wheels,” on the lookout for potential suspicious behavior and crimes. Recruiting them for See Something Say Something is not surprising because cabbies see and hear a lot.
Ms. Smith’s blog