Skip to content

Latest commit

 

History

History
96 lines (59 loc) · 2.67 KB

README.md

File metadata and controls

96 lines (59 loc) · 2.67 KB

Testing CVE-2024-2961 (V1 - Under Analysis)

This repository contains a C program to test for CVE-2024-2961, which involves a buffer overflow vulnerability in the iconv() function of the GNU C Library (glibc). Due to the structure of PHP’s heap, this overflow can be exploited to modify part of a free list pointer, ultimately providing an arbitrary write primitive within the program’s memory. Consequently, any attacker with a file read vulnerability and a controlled prefix on a PHP application can achieve RCE. Similarly, forcing PHP to call iconv() with controlled parameters grants the attacker the same capability.

Prerequisites

  • A system with glibc version 2.39 or older.
  • GCC (GNU Compiler Collection) installed.
  • iconv library installed.

Steps to Test

1. Check glibc Version

Ensure that your system has glibc version 2.39 or older:

ldd --version

2. Clone the Repository

Clone this repository to your local machine:

git clone https://github.com/exfil0/test_iconv.git
cd test_iconv

3. Compile the Program

Use GCC to compile the C program:

gcc -o test_iconv test_iconv.c -liconv

4. Run the Program

Execute the compiled program:

./test_iconv

5. Analyze the Results

  • If the program crashes or behaves unexpectedly, it might be an indication of the buffer overflow.
  • Use debugging tools like gdb to analyze the crash and confirm if it is related to the vulnerability.

Optional: Debugging with GDB

If you encounter a crash, you can use gdb to get more details:

gdb ./test_iconv

Within GDB, run the program:

run

If the program crashes, you can inspect the state of the program:

bt

This will give you a backtrace of the crash, which can help in diagnosing if the overflow is due to the CVE.

Optional: Using Sanitizers

Compile the program with AddressSanitizer to catch the overflow:

gcc -fsanitize=address -o test_iconv test_iconv.c -liconv
./test_iconv

AddressSanitizer will provide detailed information if there is a buffer overflow.

Mitigation

If the vulnerability is confirmed, consider updating glibc to a version where this issue is patched. You can download and install the latest version from the GNU project's website or your distribution's package manager.

Research

For more details on this vulnerability, you can read the following research article: GLIBC Flaw CVE-2024-2961 Opens Door to RCE, PoC Exploit Published

Disclaimer

This code is for educational and testing purposes only. Do not use it on systems without proper authorization.