cve/2023/CVE-2023-4911.md

### [CVE-2023-4911](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911)
![](https://img.shields.io/static/v1?label=Product&message=Fedora&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.6%20Extended%20Update%20Support&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.0%20Extended%20Update%20Support&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Virtualization%204%20for%20Red%20Hat%20Enterprise%20Linux%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=glibc&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Heap-based%20Buffer%20Overflow&color=brighgreen)

### Description

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

### POC

#### Reference
- http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html
- http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2023/Oct/11
- http://www.openwall.com/lists/oss-security/2023/10/03/2
- https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

#### Github
- https://github.com/0xsyr0/OSCP
- https://github.com/20142995/sectool
- https://github.com/BlessedRebuS/OSCP-Pentesting-Cheatsheet
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/Dalifo/wik-dvs-tp02
- https://github.com/Diego-AltF4/CVE-2023-4911
- https://github.com/EGI-Federation/SVG-advisories
- https://github.com/GhostTroops/TOP
- https://github.com/Ghostasky/ALLStarRepo
- https://github.com/Green-Avocado/CVE-2023-4911
- https://github.com/Ha0-Y/LinuxKernelExploits
- https://github.com/Ha0-Y/kernel-exploit-cve
- https://github.com/KernelKrise/CVE-2023-4911
- https://github.com/MuelNova/MuelNova
- https://github.com/NishanthAnand21/CVE-2023-4911-PoC
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/RickdeJager/CVE-2023-4911
- https://github.com/SirElmard/ethical_hacking
- https://github.com/ZonghaoLi777/githubTrending
- https://github.com/abylinjohnson/linux-kernel-exploits
- https://github.com/aneasystone/github-trending
- https://github.com/b4k3d/POC_CVE4911
- https://github.com/beruangsalju/LocalPrivilegeEscalation
- https://github.com/chaudharyarjun/LooneyPwner
- https://github.com/feereel/wb_soc
- https://github.com/fiksn/security-nix
- https://github.com/flex0geek/cves-exploits
- https://github.com/giterlizzi/secdb-feeds
- https://github.com/guffre/CVE-2023-4911
- https://github.com/hadrian3689/looney-tunables-CVE-2023-4911
- https://github.com/hilbix/suid
- https://github.com/hktalent/TOP
- https://github.com/jafshare/GithubTrending
- https://github.com/johe123qwe/github-trending
- https://github.com/kgwanjala/oscp-cheatsheet
- https://github.com/kherrick/lobsters
- https://github.com/kun-g/Scraping-Github-trending
- https://github.com/leesh3288/CVE-2023-4911
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/oscpname/OSCP_cheat
- https://github.com/puckiestyle/CVE-2023-4911
- https://github.com/revanmalang/OSCP
- https://github.com/richardjennings/scand
- https://github.com/ruycr4ft/CVE-2023-4911
- https://github.com/silent6trinity/looney-tuneables
- https://github.com/silentEAG/awesome-stars
- https://github.com/snurkeburk/Looney-Tunables
- https://github.com/tanjiti/sec_profile
- https://github.com/teraGL/looneyCVE
- https://github.com/txuswashere/OSCP
- https://github.com/windware1203/InfoSec_study
- https://github.com/xhref/OSCP
- https://github.com/xiaoQ1z/CVE-2023-4911
- https://github.com/yanfernandess/Looney-Tunables-CVE-2023-4911
- https://github.com/zengzzzzz/golang-trending-archive
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-4911](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911)`
			`![](https://img.shields.io/static/v1?label=Product&message=Fedora&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.6%20Extended%20Update%20Support&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.0%20Extended%20Update%20Support&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Virtualization%204%20for%20Red%20Hat%20Enterprise%20Linux%208&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=glibc&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Heap-based%20Buffer%20Overflow&color=brighgreen)`

			`### Description`

			`A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html`
			`- http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html`
			`- http://seclists.org/fulldisclosure/2023/Oct/11`
			`- http://www.openwall.com/lists/oss-security/2023/10/03/2`
			`- https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt`

			`#### Github`
			`- https://github.com/0xsyr0/OSCP`
			`- https://github.com/20142995/sectool`
			`- https://github.com/BlessedRebuS/OSCP-Pentesting-Cheatsheet`
			`- https://github.com/CVEDB/awesome-cve-repo`
			`- https://github.com/CVEDB/top`
			`- https://github.com/Dalifo/wik-dvs-tp02`
			`- https://github.com/Diego-AltF4/CVE-2023-4911`
			`- https://github.com/EGI-Federation/SVG-advisories`
			`- https://github.com/GhostTroops/TOP`
			`- https://github.com/Ghostasky/ALLStarRepo`
			`- https://github.com/Green-Avocado/CVE-2023-4911`
			`- https://github.com/Ha0-Y/LinuxKernelExploits`
			`- https://github.com/Ha0-Y/kernel-exploit-cve`
			`- https://github.com/KernelKrise/CVE-2023-4911`
			`- https://github.com/MuelNova/MuelNova`
			`- https://github.com/NishanthAnand21/CVE-2023-4911-PoC`
			`- https://github.com/Ostorlab/KEV`
			`- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors`
			`- https://github.com/RickdeJager/CVE-2023-4911`
			`- https://github.com/SirElmard/ethical_hacking`
			`- https://github.com/ZonghaoLi777/githubTrending`
			`- https://github.com/abylinjohnson/linux-kernel-exploits`
			`- https://github.com/aneasystone/github-trending`
			`- https://github.com/b4k3d/POC_CVE4911`
			`- https://github.com/beruangsalju/LocalPrivilegeEscalation`
			`- https://github.com/chaudharyarjun/LooneyPwner`
			`- https://github.com/feereel/wb_soc`
			`- https://github.com/fiksn/security-nix`
			`- https://github.com/flex0geek/cves-exploits`
			`- https://github.com/giterlizzi/secdb-feeds`
			`- https://github.com/guffre/CVE-2023-4911`
			`- https://github.com/hadrian3689/looney-tunables-CVE-2023-4911`
			`- https://github.com/hilbix/suid`
			`- https://github.com/hktalent/TOP`
			`- https://github.com/jafshare/GithubTrending`
			`- https://github.com/johe123qwe/github-trending`
			`- https://github.com/kgwanjala/oscp-cheatsheet`
			`- https://github.com/kherrick/lobsters`
			`- https://github.com/kun-g/Scraping-Github-trending`
			`- https://github.com/leesh3288/CVE-2023-4911`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/oscpname/OSCP_cheat`
			`- https://github.com/puckiestyle/CVE-2023-4911`
			`- https://github.com/revanmalang/OSCP`
			`- https://github.com/richardjennings/scand`
			`- https://github.com/ruycr4ft/CVE-2023-4911`
			`- https://github.com/silent6trinity/looney-tuneables`
			`- https://github.com/silentEAG/awesome-stars`
			`- https://github.com/snurkeburk/Looney-Tunables`
			`- https://github.com/tanjiti/sec_profile`
			`- https://github.com/teraGL/looneyCVE`
			`- https://github.com/txuswashere/OSCP`
			`- https://github.com/windware1203/InfoSec_study`
			`- https://github.com/xhref/OSCP`
			`- https://github.com/xiaoQ1z/CVE-2023-4911`
			`- https://github.com/yanfernandess/Looney-Tunables-CVE-2023-4911`
			`- https://github.com/zengzzzzz/golang-trending-archive`