What is the Looney Tunables exploit?
The Looney Tunables exploit is a buffer overflow vulnerability in the GNU C Library (glibc) dynamic loader. It can be exploited by attackers to gain root privileges on many popular Linux distributions.
The vulnerability was discovered by researchers at Qualys and tracked as CVE-2023-4911. It was introduced in glibc 2.34 in April 2021 and has been fixed in glibc 2.35.
Vulnerable Linux and glibc versions
The following Linux distributions are vulnerable to the Looney Tunables exploit:
- Fedora 37 and 38
- Ubuntu 22.04 and 23.04
- Debian 12 and 13
Other distributions may also be vulnerable, but this has not been confirmed.
The following glibc versions are vulnerable to the Looney Tunables exploit:
- glibc 2.34 and earlier
How to fix the Looney Tunables exploit
To fix the Looney Tunables exploit, you need to update glibc to version 2.35 or later.
On Fedora, you can do this with the following command:
sudo dnf update glibcOn Ubuntu, you can do this with the following command:
sudo apt update && sudo apt upgrade glibcOn Debian, you can do this with the following command:
sudo apt update && sudo apt upgrade glibcOnce you have updated glibc, the Looney Tunables exploit will be fixed.