This is a PoC of CVE-2023-4911 (a.k.a. "Looney Tunables") exploiting a bug in glibc dynamic loader's GLIBC_TUNABLES
environment variable parsing function parse_tunables()
.
Code has been tested on Ubuntu 22.04.3 with glibc version 2.35-0ubuntu3.3
. No attempts have been made to generalize the PoC so your mileage may vary.
kudos to [Qualys Threat Research Unit]
Written by b4k3d
| _ ) | || ||__ / \ | _ _ | / /| \ |) | |/ |||__/_/