<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div class="elementToProof" style="font-family: Slack-Lato, Slack-Fractions, appleLogo, sans-serif; font-size: 15px; color: rgb(29, 28, 29);">
<span style="background-color: rgb(248, 248, 248);">HUGE newly discovered glibc+PHP RCE vulnerability that basically makes ALL Linux PHP (LAMP) implementations vulnerable to RCE (using a 24yr old, known, glibc bug (now more clearly documented in CVE-2024-2961)
exists on glibc 2.39 and older (all distros.. except maybe Alpine)).</span></div>
<div class="elementToProof" style="font-family: Slack-Lato, Slack-Fractions, appleLogo, sans-serif; font-size: 15px; color: rgb(29, 28, 29);">
<span style="background-color: rgb(248, 248, 248);"><br>
</span></div>
<div class="elementToProof" style="font-family: Slack-Lato, Slack-Fractions, appleLogo, sans-serif; font-size: 15px; color: rgb(29, 28, 29);">
<span style="background-color: rgb(248, 248, 248);">This is a big one.. Probably bigger than log4j since most LAMP sites on the planet are running PHP. </span></div>
<div class="elementToProof" style="font-family: Slack-Lato, Slack-Fractions, appleLogo, sans-serif; font-size: 15px; color: rgba(var(--sk_highlight,18,100,163),1);">
<span style="background-color: rgb(248, 248, 248);"><a href="https://youtu.be/u8jLUjpCWrs?si=E6WkXSJwPFWSLUcZ" target="_blank" id="OWA74bbddb2-406a-35d5-b195-31ba994eb2f5" class="c-link OWAAutoLink" rel="noopener noreferrer" data-stringify-link="https://youtu.be/u8jLUjpCWrs?si=E6WkXSJwPFWSLUcZ" data-sk="tooltip_parent" data-loopstyle="linkonly" style="text-decoration: none; background-color: rgb(248, 248, 248); text-align: left;">https://youtu.be/u8jLUjpCWrs?si=E6WkXSJwPFWSLUcZ</a></span></div>
<div class="elementToProof" style="font-family: Slack-Lato, Slack-Fractions, appleLogo, sans-serif;">
<span style="font-size: 15px; color: rgb(29, 28, 29); background-color: rgb(248, 248, 248);">more info -</span><span style="font-size: 15px; color: rgba(var(--sk_highlight,18,100,163),1); background-color: rgb(248, 248, 248);"><a href="https://securityonline.info/cve-2024-2961-glibc-vulnerability-opens-door-to-php-attacks-patch-immediately/?expand_article=1" target="_blank" id="OWAbee68928-10e9-3fdc-5800-8670d7bf3819" class="c-link OWAAutoLink" rel="noopener noreferrer" data-stringify-link="https://securityonline.info/cve-2024-2961-glibc-vulnerability-opens-door-to-php-attacks-patch-immediately/?expand_article=1" data-sk="tooltip_parent" data-loopstyle="linkonly" style="color: rgba(var(--sk_highlight,18,100,163),1); text-decoration: none; background-color: rgb(248, 248, 248); text-align: left;">https://securityonline.info/cve-2024-2961-glibc-vulnerability-opens-door-to-php-attacks-patch-immediately/?expand_article=1</a></span><span style="font-size: 13px; color: rgba(var(--sk_foreground_high_solid,134,134,134),1); background-color: rgb(248, 248, 248);"> </span></div>
<div class="elementToProof" style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: Slack-Lato, Slack-Fractions, appleLogo, sans-serif; font-size: 15px; color: rgb(29, 28, 29);">
<span style="background-color: rgb(248, 248, 248);">Get'em patched folks!</span></div>
<div class="elementToProof" style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="Signature" style="color: inherit; background-color: inherit;">
<div style="margin: 0px; font-family: Consolas, Courier, monospace;">-- </div>
<div style="margin: 0px; font-family: Calibri, Arial, Helvetica, sans-serif;"><span style="font-family: Consolas, Courier, monospace;"><b>T.Weeks</b></span><b><br>
</b><span style="font-family: Consolas, Courier, monospace;"><b>Thomas "Tweeks" Weeks</b></span><b><br>
</b><span style="font-family: Consolas, Courier, monospace; color: black;"><b>Director, Technology Futures and Community Advocacy</b></span></div>
<div style="margin: 0px;"><span style="font-family: Consolas, Courier, monospace; color: black;"><b>Division of Information Technology,</b></span><span style="font-family: Consolas, Courier, monospace; color: rgb(0, 0, 0);"><b> Virginia Tech</b></span><span style="font-family: Calibri, Arial, Helvetica, sans-serif; color: rgb(0, 0, 0);"><b><br>
</b></span><span style="font-family: Consolas, Courier, monospace; font-size: 14px; color: black; background-color: rgb(255, 255, 255);"><b>Cyber Range Engineer,
<a href="http://www.virginiacyberrange.org/" style="margin: 0px;">VirginiaCyberRange.org</a> <br>
</b></span><span style="font-family: Consolas, Courier, monospace; font-size: 14px; background-color: rgb(255, 255, 255);"><b>(e)
<a href="mailto:t.weeks@vt.edu" title="mailto:t.weeks@vt.edu" style="margin: 0px;">
t.weeks@vt.edu</a></b></span><span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 14px; background-color: rgb(255, 255, 255);"><b> </b></span><span style="font-family: Consolas, Courier, monospace; font-size: 14px; background-color: rgb(255, 255, 255);"><b> /
<a href="mailto:tweeks@VirginiaCyberRange.org" title="mailto:tweeks@VirginiaCyberRange.org" style="margin: 0px;">
tweeks@VirginiaCyberRange.org</a> </b></span></div>
</div>
</body>
</html>