From t.weeks at vt.edu  Wed Apr 24 09:06:48 2024
From: t.weeks at vt.edu (Weeks, Thomas "Tweeks")
Date: Wed, 24 Apr 2024 14:06:48 +0000
Subject: [Security-Discuss] HUGE new RCE vulnerability (using php +
 old-glibc-bug) on most LAMP web-exposed sites
Message-ID: <PH7PR05MB96865EF8A3D421B7C16D344D97102@PH7PR05MB9686.namprd05.prod.outlook.com>

HUGE newly discovered glibc+PHP RCE vulnerability that basically makes ALL Linux PHP (LAMP) implementations vulnerable to RCE (using a 24yr old, known, glibc bug (now  more clearly documented in CVE-2024-2961) exists on glibc 2.39 and older (all distros.. except maybe Alpine)).

This is a big one.. Probably bigger than log4j since most LAMP sites on the planet are running PHP.
https://youtu.be/u8jLUjpCWrs?si=E6WkXSJwPFWSLUcZ
more info -https://securityonline.info/cve-2024-2961-glibc-vulnerability-opens-door-to-php-attacks-patch-immediately/?expand_article=1

Get'em patched folks!

--
T.Weeks
Thomas "Tweeks" Weeks
Director, Technology Futures and Community Advocacy
Division of Information Technology, Virginia Tech
Cyber Range Engineer, VirginiaCyberRange.org<http://www.virginiacyberrange.org/>
(e) t.weeks at vt.edu<mailto:t.weeks at vt.edu>  / tweeks at VirginiaCyberRange.org<mailto:tweeks at VirginiaCyberRange.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rbtc.tech/pipermail/security-discuss/attachments/20240424/8f0acfb6/attachment.html>