Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/exfil0/test_iconv

This repository contains a C program to test for CVE-2024-2961, a buffer overflow vulnerability in the iconv() function of glibc.
https://github.com/exfil0/test_iconv

buffer cve cve-202402961 glibc iconv overflow pentest test vulnerability

Last synced: 5 days ago
JSON representation

This repository contains a C program to test for CVE-2024-2961, a buffer overflow vulnerability in the iconv() function of glibc.

Host: GitHub
URL: https://github.com/exfil0/test_iconv
Owner: exfil0
Created: 2024-06-03T23:53:43.000Z (5 months ago)
Default Branch: main
Last Pushed: 2024-06-04T00:22:13.000Z (5 months ago)
Last Synced: 2024-06-04T02:02:43.076Z (5 months ago)
Topics: buffer, cve, cve-202402961, glibc, iconv, overflow, pentest, test, vulnerability
Language: C
Homepage: https://karimjaber.net
Size: 7.81 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Testing CVE-2024-2961 (V1 - Under Analysis)

This repository contains a C program to test for CVE-2024-2961, which involves a buffer overflow vulnerability in the `iconv()` function of the GNU C Library (glibc). Due to the structure of PHP’s heap, this overflow can be exploited to modify part of a free list pointer, ultimately providing an arbitrary write primitive within the program’s memory. Consequently, any attacker with a file read vulnerability and a controlled prefix on a PHP application can achieve RCE. Similarly, forcing PHP to call iconv() with controlled parameters grants the attacker the same capability.

## Prerequisites

- A system with glibc version 2.39 or older.
- GCC (GNU Compiler Collection) installed.
- `iconv` library installed.

## Steps to Test

### 1. Check glibc Version

Ensure that your system has glibc version 2.39 or older:

```bash
ldd --version
```

### 2. Clone the Repository

Clone this repository to your local machine:

```bash
git clone https://github.com/exfil0/test_iconv.git
cd test_iconv
```

### 3. Compile the Program

Use GCC to compile the C program:

```bash
gcc -o test_iconv test_iconv.c -liconv
```

### 4. Run the Program

Execute the compiled program:

```bash
./test_iconv
```

### 5. Analyze the Results

- If the program crashes or behaves unexpectedly, it might be an indication of the buffer overflow.
- Use debugging tools like `gdb` to analyze the crash and confirm if it is related to the vulnerability.

### Optional: Debugging with GDB

If you encounter a crash, you can use `gdb` to get more details:

```bash
gdb ./test_iconv
```

Within GDB, run the program:

```gdb
run
```

If the program crashes, you can inspect the state of the program:

```gdb
bt
```

This will give you a backtrace of the crash, which can help in diagnosing if the overflow is due to the CVE.

### Optional: Using Sanitizers

Compile the program with AddressSanitizer to catch the overflow:

```bash
gcc -fsanitize=address -o test_iconv test_iconv.c -liconv
./test_iconv
```

AddressSanitizer will provide detailed information if there is a buffer overflow.

## Mitigation

If the vulnerability is confirmed, consider updating glibc to a version where this issue is patched. You can download and install the latest version from the GNU project's website or your distribution's package manager.

## Research

For more details on this vulnerability, you can read the following research article:
[GLIBC Flaw CVE-2024-2961 Opens Door to RCE, PoC Exploit Published](https://securityonline.info/glibc-flaw-cve-2024-2961-opens-door-to-rce-poc-exploit-published/)

## Disclaimer

This code is for educational and testing purposes only. Do not use it on systems without proper authorization.