[Security-Discuss] HUGE new RCE vulnerability (using php + old-glibc-bug) on most LAMP web-exposed sites
Weeks, Thomas "Tweeks"
t.weeks at vt.edu
Wed Apr 24 09:06:48 EST 2024
HUGE newly discovered glibc+PHP RCE vulnerability that basically makes ALL Linux PHP (LAMP) implementations vulnerable to RCE (using a 24yr old, known, glibc bug (now more clearly documented in CVE-2024-2961) exists on glibc 2.39 and older (all distros.. except maybe Alpine)).
This is a big one.. Probably bigger than log4j since most LAMP sites on the planet are running PHP.
https://youtu.be/u8jLUjpCWrs?si=E6WkXSJwPFWSLUcZ
more info -https://securityonline.info/cve-2024-2961-glibc-vulnerability-opens-door-to-php-attacks-patch-immediately/?expand_article=1
Get'em patched folks!
--
T.Weeks
Thomas "Tweeks" Weeks
Director, Technology Futures and Community Advocacy
Division of Information Technology, Virginia Tech
Cyber Range Engineer, VirginiaCyberRange.org<http://www.virginiacyberrange.org/>
(e) t.weeks at vt.edu<mailto:t.weeks at vt.edu> / tweeks at VirginiaCyberRange.org<mailto:tweeks at VirginiaCyberRange.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rbtc.tech/pipermail/security-discuss/attachments/20240424/8f0acfb6/attachment.html>
More information about the Security-Discuss
mailing list