admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-12-30 04:49:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-4911.md
0xMarcio 992ed5df2f Update CVE sources 2024-08-22 18:33
2024-08-22 18:33:16 +00:00

92 lines
4.7 KiB
Markdown
Raw Blame History

### [CVE-2023-4911](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.6%20Extended%20Update%20Support&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.0%20Extended%20Update%20Support&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Virtualization%204%20for%20Red%20Hat%20Enterprise%20Linux%208&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Heap-based%20Buffer%20Overflow&color=brighgreen)
### Description
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
### POC
#### Reference
- http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html
- http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2023/Oct/11
- http://www.openwall.com/lists/oss-security/2023/10/03/2
- https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
#### Github
- https://github.com/0xMarcio/cve
- https://github.com/0xsyr0/OSCP
- https://github.com/20142995/sectool
- https://github.com/BlessedRebuS/OSCP-Pentesting-Cheatsheet
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/Dalifo/wik-dvs-tp02
- https://github.com/Diego-AltF4/CVE-2023-4911
- https://github.com/EGI-Federation/SVG-advisories
- https://github.com/GhostTroops/TOP
- https://github.com/Ghostasky/ALLStarRepo
- https://github.com/Green-Avocado/CVE-2023-4911
- https://github.com/Ha0-Y/LinuxKernelExploits
- https://github.com/Ha0-Y/kernel-exploit-cve
- https://github.com/KernelKrise/CVE-2023-4911
- https://github.com/MuelNova/MuelNova
- https://github.com/NishanthAnand21/CVE-2023-4911-PoC
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/RickdeJager/CVE-2023-4911
- https://github.com/SenukDias/OSCP_cheat
- https://github.com/SirElmard/ethical_hacking
- https://github.com/ZonghaoLi777/githubTrending
- https://github.com/abylinjohnson/linux-kernel-exploits
- https://github.com/aneasystone/github-trending
- https://github.com/b4k3d/POC_CVE4911
- https://github.com/beruangsalju/LocalPrivilegeEscalation
- https://github.com/chaudharyarjun/LooneyPwner
- https://github.com/ecomtech-oss/pisc
- https://github.com/exfilt/CheatSheet
- https://github.com/feereel/wb_soc
- https://github.com/fiksn/security-nix
- https://github.com/flex0geek/cves-exploits
- https://github.com/giterlizzi/secdb-feeds
- https://github.com/guffre/CVE-2023-4911
- https://github.com/hadrian3689/looney-tunables-CVE-2023-4911
- https://github.com/hilbix/suid
- https://github.com/hktalent/TOP
- https://github.com/jafshare/GithubTrending
- https://github.com/johe123qwe/github-trending
- https://github.com/kgwanjala/oscp-cheatsheet
- https://github.com/kherrick/lobsters
- https://github.com/kun-g/Scraping-Github-trending
- https://github.com/leesh3288/CVE-2023-4911
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/oscpname/OSCP_cheat
- https://github.com/parth45/cheatsheet
- https://github.com/puckiestyle/CVE-2023-4911
- https://github.com/revanmalang/OSCP
- https://github.com/richardjennings/scand
- https://github.com/ruycr4ft/CVE-2023-4911
- https://github.com/samokat-oss/pisc
- https://github.com/sarthakpriyadarshi/Obsidian-OSCP-Notes
- https://github.com/silent6trinity/looney-tuneables
- https://github.com/silentEAG/awesome-stars
- https://github.com/snurkeburk/Looney-Tunables
- https://github.com/tanjiti/sec_profile
- https://github.com/teraGL/looneyCVE
- https://github.com/testing-felickz/docker-scout-demo
- https://github.com/txuswashere/OSCP
- https://github.com/windware1203/InfoSec_study
- https://github.com/xhref/OSCP
- https://github.com/xiaoQ1z/CVE-2023-4911
- https://github.com/yanfernandess/Looney-Tunables-CVE-2023-4911
- https://github.com/zengzzzzz/golang-trending-archive
Reference in New Issue View Git Blame Copy Permalink