Three critical security vulnerabilities have been discovered in the GNU C library (glibc), which is important for Linux systems. SYSGO's Embedded Linux ELinOS is not affected.
The vulnerabilities found can be used to gain local root rights. The __vsyslog_internal() function is affected. This is part of the syslog API, which allows applications to log messages with different priority levels, which can then be used by system administrators for monitoring and troubleshooting.
The vulnerability can be exploited to cause a heap memory buffer overflow. The following command can be used to check whether systems are affected via Bash: