U.S. federal agencies were given an order by CISA today to protect their systems against a vulnerability that is actively exploited and allows attackers to take root access on several popular Linux variants. The security weakness concerns systems running the newest editions of widely used Linux platforms, including Fedora, Ubuntu, and Debian in their default configurations.
Dubbed ‘Looney Tunables’ by Qualys’ Threat Research Unit (which found the problem), this security vulnerability is caused by a buffer overflow vulnerability in the ld.so dynamic loader of the GNU C Library and is tracked as CVE-2023-4911. Given that the vulnerability is currently being actively exploited and that multiple proof-of-concept (PoC) exploits have been made public since it was first disclosed in early October, administrators are advised to fix their systems as soon as feasible.