This one is sneaky!
Successful exploits grant root privileges and the bug affects very popular Linux distros, like Debian, Ubuntu, Fedora, or Red Hat Enterprise Linux.
This buffer overflow targets the GNU C Library's dynamic loader
ld.so and the environment variable
GLIBC_TUNABLES (hence the name Looney Tunables).
Most UNIX systems rely on this component, and various programs use it to allocate memory or handle files.
Hackers use it to inject arbitrary code that will execute a SetUID binary and ultimately get a shell (in this case, a root shell!).
env -i "GLIBC_TUNABLES=glibc.malloc.mxfast=glibc.malloc.mxfast=A" "Z=`printf '%08192x' 1`" /usr/bin/su --help
You're vulnerable if you get something like "Segmentation fault (core dumped)."
Note that there might be simpler POCs that include ready-to-use Python scripts to reproduce the bug.
As usual, be careful, and run those scripts on a VM before (virtual machine), if possible.
Exploited systems should have some traces in the system logs, as most POCs I've seen use the trial-and-error approach.
Final note: the exploitation method described in this advisory works against almost all of the SUID-root programs that are installed by default on Linux
(Except a few exceptions)
This is a high-severity flaw, so patching
glibc makes sense.
However, unlike what I've read in many blog posts, this is neither super easy to exploit nor "straightforward" (trial and error).
Besides, you need a local user to escalate privileges.
However, such attacks are still neglected (post-exploitation) by most users and organizations, so this CVE is a good reminder.