Root access vulnerability in glibc library impacts many Linux distros

joojmachine@lemmy.ml to Linux@lemmy.ml – 353 points –
Root access vulnerability in glibc library impacts many Linux distros
securityaffairs.com
87

You are viewing a single comment

That's not the main part of the article, just a footnote, for anyone wondering.

The flaw resides in the glibc’s syslog function, an attacker can exploit the flaw to gain root access through a privilege escalation.

The vulnerability was introduced in glibc 2.37 in August 2022.

So, it must be with the BSDs too?

Iirc bad does not use glibc, but I'm not very involved with BSD.

It wouldn't make sense. Glibc is LGPL licensed, not really compatible with the BSD license...

Wait, why has a compiler system log functionlity?

You are probably confusing the glibc with gcc and g++. Glibc is an implementation of the C standard library, made by GNU (thats where the g in the name comes from).

If you were to look into it, it uses the syscalls to tell the underlying computer system what to do when you call functions, such as printf.

If you want to read more, see here