Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in GNU Library C (glibc) affecting multiple Linux distributions.
  • immibis
    44 months ago

    @BlanK0 @security the fix commit says the problem occurs when the program name is very long - so probably not very exploitable, as the program name is usually set in stone.

    • @BlanK0OP
      34 months ago

      Thx for pointing that out 🤙

    • @CameronDev@programming.dev
      24 months ago

      Symlink or copy/rename could trigger it, as long as there is a user writable area with execute perms? /home usually allows exec?

      Also some of the exec* functions allow manipulating the argv[0], so possibly another vector there.