mastouille.fr est l'un des nombreux serveurs Mastodon indépendants que vous pouvez utiliser pour participer au fédiverse.
Mastouille est une instance Mastodon durable, ouverte, et hébergée en France.

Administré par :

Statistiques du serveur :

596
comptes actifs

#iconv

0 message0 participant0 message aujourd’hui
Marco Ivaldi<p><a href="https://infosec.exchange/tags/Iconv" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Iconv</span></a>, set the charset to <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a>: <a href="https://infosec.exchange/tags/Exploiting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploiting</span></a> the <a href="https://infosec.exchange/tags/glibc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>glibc</span></a> to <a href="https://infosec.exchange/tags/hack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hack</span></a> the <a href="https://infosec.exchange/tags/PHP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PHP</span></a> engine</p><p><a href="https://www.ambionics.io/blog/iconv-cve-2024-2961-p1" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">ambionics.io/blog/iconv-cve-20</span><span class="invisible">24-2961-p1</span></a></p><p><a href="https://www.ambionics.io/blog/iconv-cve-2024-2961-p2" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">ambionics.io/blog/iconv-cve-20</span><span class="invisible">24-2961-p2</span></a></p>
Julio J. 🀲<p>tl;dr: upgrade glibc on your servers!</p><p>Summing it up, there's a vulnerability (CVE-2024-2961) on glibc that, apparently, can be used to get RCE on servers running PHP.<br>It's recommended that you update glibc to a patched version.</p><p><a href="https://security-tracker.debian.org/tracker/CVE-2024-2961" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">security-tracker.debian.org/tr</span><span class="invisible">acker/CVE-2024-2961</span></a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-2961" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">bugzilla.redhat.com/show_bug.c</span><span class="invisible">gi?id=CVE-2024-2961</span></a></p><p>There's an upcoming talk on May 10 where the researcher will explain how it was used to hack PHP servers. </p><p><a href="https://www.offensivecon.org/speakers/2024/charles-fol.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">offensivecon.org/speakers/2024</span><span class="invisible">/charles-fol.html</span></a></p><p><a href="https://hachyderm.io/tags/PHP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PHP</span></a> <a href="https://hachyderm.io/tags/glibc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>glibc</span></a> <a href="https://hachyderm.io/tags/iconv" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iconv</span></a></p>