来源

关联漏洞

描述

This repository contains a C program to test for CVE-2024-2961, a buffer overflow vulnerability in the iconv() function of glibc.

介绍

# Testing CVE-2024-2961 (V1 - Under Analysis)

This repository contains a C program to test for CVE-2024-2961, which involves a buffer overflow vulnerability in the `iconv()` function of the GNU C Library (glibc). Due to the structure of PHP’s heap, this overflow can be exploited to modify part of a free list pointer, ultimately providing an arbitrary write primitive within the program’s memory. Consequently, any attacker with a file read vulnerability and a controlled prefix on a PHP application can achieve RCE. Similarly, forcing PHP to call iconv() with controlled parameters grants the attacker the same capability.

## Prerequisites

- A system with glibc version 2.39 or older.
- GCC (GNU Compiler Collection) installed.
- `iconv` library installed.

## Steps to Test

### 1. Check glibc Version

Ensure that your system has glibc version 2.39 or older:

```bash
ldd --version
```

### 2. Clone the Repository

Clone this repository to your local machine:

```bash
git clone https://github.com/exfil0/test_iconv.git
cd test_iconv
```

### 3. Compile the Program

Use GCC to compile the C program:

```bash
gcc -o test_iconv test_iconv.c -liconv
```

### 4. Run the Program

Execute the compiled program:

```bash
./test_iconv
```

### 5. Analyze the Results

- If the program crashes or behaves unexpectedly, it might be an indication of the buffer overflow.
- Use debugging tools like `gdb` to analyze the crash and confirm if it is related to the vulnerability.

### Optional: Debugging with GDB

If you encounter a crash, you can use `gdb` to get more details:

```bash
gdb ./test_iconv
```

Within GDB, run the program:

```gdb
run
```

If the program crashes, you can inspect the state of the program:

```gdb
bt
```

This will give you a backtrace of the crash, which can help in diagnosing if the overflow is due to the CVE.

### Optional: Using Sanitizers

Compile the program with AddressSanitizer to catch the overflow:

```bash
gcc -fsanitize=address -o test_iconv test_iconv.c -liconv
./test_iconv
```

AddressSanitizer will provide detailed information if there is a buffer overflow.

## Mitigation

If the vulnerability is confirmed, consider updating glibc to a version where this issue is patched. You can download and install the latest version from the GNU project's website or your distribution's package manager.

## Research

For more details on this vulnerability, you can read the following research article:
[GLIBC Flaw CVE-2024-2961 Opens Door to RCE, PoC Exploit Published](https://securityonline.info/glibc-flaw-cve-2024-2961-opens-door-to-rce-poc-exploit-published/)

## Disclaimer

This code is for educational and testing purposes only. Do not use it on systems without proper authorization.

文件快照

 [4.0K]  /data/pocs/b366ffb7fe31d5fd247083d089b5d5a3fc42c13c
├── [2.7K]  README.md
└── [ 733]  test_iconv.c

0 directories, 2 files

备注