October 10, 2023 at 09:54AM – One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems

October 10, 2023 at 09:54AM

GitHub’s Security Lab warns Linux users about a remote code execution vulnerability in the Libcue library used by GNOME. The flaw, tracked as CVE-2023-43641, can be exploited by getting the user to click on a malicious link, causing the attacker’s code to be executed. The PoC exploit will be released after users have installed the patch. All distributions running GNOME could be vulnerable.

According to meeting notes, GitHub’s Security Lab has issued a warning regarding a serious remote code execution vulnerability affecting the GNOME desktop environment on Linux. The vulnerability is found in Libcue, a library used for parsing ‘cue’ files that describe the layout of tracks on a CD. Tracker Miners, a search engine used by GNOME to index files, relies on Libcue and is also affected by the vulnerability.

The vulnerability, tracked as CVE-2023-43641, can be exploited by tricking the targeted user into clicking on a malicious link. Security researcher Kevin Backhouse from GitHub Security Lab has demonstrated how the attacker can launch the calculator on a Linux system through a cue file download. When the victim’s device scans and processes the downloaded file using the Libcue library, the exploit triggers and executes the attacker’s code.

While Backhouse has shared technical details of the vulnerability, the weaponized proof-of-concept (PoC) exploit for CVE-2023-43641 will only be released after users have had a chance to install the patch. The vulnerability has been tested on Ubuntu and Fedora, but Backhouse believes that all distributions running GNOME could be vulnerable, although some tweaking may be required for each distribution.

A simplified version of the PoC that causes a benign crash has been made public to help users check if their systems are vulnerable to attacks leveraging CVE-2023-43641. Backhouse emphasizes the importance of updating GNOME systems to mitigate the risk of exploitation of this vulnerability.

In related news, there is also mention of severe privilege escalation vulnerabilities impacting major Linux distributions and the exploitability of UAFBR (Use-after-free, Bug Report) bugs in the StackRot Linux Kernel Vulnerability. Additionally, there are references to news articles covering topics such as hacking encrypted Linux computers, Android fuzzing, and Skype leaking IPs.

Full Article – https://ift.tt/Kw7Wdpl