Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2023-4911

Description

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

POC

Reference

- http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html

- http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html

- http://seclists.org/fulldisclosure/2023/Oct/11

- http://www.openwall.com/lists/oss-security/2023/10/03/2

- https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

Github

- https://github.com/0xMarcio/cve

- https://github.com/0xsyr0/OSCP

- https://github.com/20142995/sectool

- https://github.com/AMatheusFeitosaM/OSCP-Cheat

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/Alb-310/RavenThief

- https://github.com/AlienTec1908/Pipy_HackMyVM_Easy

- https://github.com/Andromeda254/cve

- https://github.com/Atamik03/API-calc-dz

- https://github.com/Billar42/CVE-2023-4911

- https://github.com/BlessedRebuS/OSCP-Pentesting-Cheatsheet

- https://github.com/CHDevSec/RedPhaton

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/Dalifo/wik-dvs-tp02

- https://github.com/Diego-AltF4/CVE-2023-4911

- https://github.com/Disturbante/Linux-Pentest

- https://github.com/EGI-Federation/SVG-advisories

- https://github.com/EnriqueSanchezdelVillar/NotesHck

- https://github.com/FROST8ytes/UMCS-CTF-2025

- https://github.com/Faizan-Khanx/OSCP

- https://github.com/GhostTroops/TOP

- https://github.com/Ghostasky/ALLStarRepo

- https://github.com/Green-Avocado/CVE-2023-4911

- https://github.com/Ha0-Y/LinuxKernelExploits

- https://github.com/Ha0-Y/kernel-exploit-cve

- https://github.com/IndieMinimalist/awesome-stars

- https://github.com/KernelKrise/CVE-2023-4911

- https://github.com/KillReal01/CVE-2023-4911

- https://github.com/Lennoxgonz/Docker-Container-Security-Hardening

- https://github.com/Maikefee/linux-exploit-hunter

- https://github.com/MuelNova/MuelNova

- https://github.com/NishanthAnand21/CVE-2023-4911-PoC

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/RRespxwnss/Looney-Tunables-CVE-2023-4911

- https://github.com/ReflectedThanatos/OSCP-cheatsheet

- https://github.com/RickdeJager/CVE-2023-4911

- https://github.com/SantoriuHen/NotesHck

- https://github.com/SenukDias/OSCP_cheat

- https://github.com/SirElmard/ethical_hacking

- https://github.com/VishuGahlyan/OSCP

- https://github.com/ZonghaoLi777/githubTrending

- https://github.com/abylinjohnson/linux-kernel-exploits

- https://github.com/adnan-kutay-yuksel/tryhackme-all-rooms-database

- https://github.com/akyuksel/tryhackme-all-rooms-database

- https://github.com/aneasystone/github-trending

- https://github.com/b4k3d/POC_CVE4911

- https://github.com/beruangsalju/LocalPrivilegeEscalation

- https://github.com/chaudharyarjun/LooneyPwner

- https://github.com/ecomtech-oss/pisc

- https://github.com/exfilt/CheatSheet

- https://github.com/fazilbaig1/oscp

- https://github.com/feereel/wb_soc

- https://github.com/fiksn/security-nix

- https://github.com/flex0geek/cves-exploits

- https://github.com/giterlizzi/secdb-feeds

- https://github.com/guffre/CVE-2023-4911

- https://github.com/hadrian3689/looney-tunables-CVE-2023-4911

- https://github.com/hilbix/suid

- https://github.com/hktalent/TOP

- https://github.com/jafshare/GithubTrending

- https://github.com/jitmondal1/OSCP

- https://github.com/johe123qwe/github-trending

- https://github.com/kgwanjala/oscp-cheatsheet

- https://github.com/kherrick/lobsters

- https://github.com/kun-g/Scraping-Github-trending

- https://github.com/ldrx30/LinuxKernelExploits

- https://github.com/leesh3288/CVE-2023-4911

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/oscpname/OSCP_cheat

- https://github.com/parth45/cheatsheet

- https://github.com/pawan-shivarkar/List-of-CVE-s-

- https://github.com/pawan-shivarkar/pawan-shivarkar

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/puckiestyle/CVE-2023-4911

- https://github.com/raqqaaaa/WRITEUP_ORAL

- https://github.com/revanmalang/OSCP

- https://github.com/richardjennings/scand

- https://github.com/ruycr4ft/CVE-2023-4911

- https://github.com/samokat-oss/pisc

- https://github.com/sarthakpriyadarshi/Obsidian-OSCP-Notes

- https://github.com/shacojx/CVE-2023-4911-Exploit

- https://github.com/silent6trinity/looney-tuneables

- https://github.com/silentEAG/awesome-stars

- https://github.com/smartcow99/docker-security-check-using-trivy

- https://github.com/snurkeburk/Looney-Tunables

- https://github.com/tanjiti/sec_profile

- https://github.com/teraGL/looneyCVE

- https://github.com/testing-felickz/docker-scout-demo

- https://github.com/txuswashere/OSCP

- https://github.com/vscvetkov/code

- https://github.com/windware1203/InfoSec_study

- https://github.com/xhref/OSCP

- https://github.com/xiaoQ1z/CVE-2023-4911

- https://github.com/yanfernandess/Looney-Tunables-CVE-2023-4911

- https://github.com/zengzzzzz/golang-trending-archive

- https://github.com/zulloper/cve-poc