this is a warning to anyone using php
VloĆŸit
- Äas pĆidĂĄn 5. 05. 2024
- An 8/10 vulnerability has been found in glibc, that could lead to the compromise of PHP around the world. Check it out in this video.
nvd.nist.gov/vuln/detail/CVE-...
đ« COURSES đ« Learn to code in C at lowlevel.academy
đ GREAT BOOKS FOR THE LOWEST LEVELđ
Blue Fox: Arm Assembly Internals and Reverse Engineering: amzn.to/4394t87
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation : amzn.to/3C1z4sk
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software : amzn.to/3C1daFy
The Ghidra Book: The Definitive Guide: amzn.to/3WC2Vkg
đ„đ„đ„ SOCIALS đ„đ„đ„
Low Level Merch!: lowlevel.store/
Follow me on Twitter: / lowleveltweets
Follow me on Twitch: / lowlevellearning
Join me on Discord!: / discord - VÄda a technologie
learn to code in C correctly so this stops happening lowlevel.academy theres a sale đ„
actually the white house said C is unsafe so I will use Rust đ€
UTF-8 and UTF-16 are actually full Unicode.
Any course on programming Rust safe? While interoperability with other languages like C/C++
Have âPHPâ in the title
Open cve link
A glibc bug
If this is not a bad faith argument and clickbaiting I don't know what it is.
Unsubbed, disliked, and blocked this đ€Ą from ever showing up on my feed again.
I suggest you all do the same.
@@jongxina3595 I don't trust the White House. Rust is probably a trojan created by the FBI
1:25 âmay overflow the output bufferâ
Everybody drink!
"...that basically lives on every Linux distribution" and another!
*whiny voice* You guys... drinking this much is how these C programming bugs happen...
@@jim0_o vicious circle eh?
php = personal heap overflow program
@@monad_tcp more like phop :P
Is it me, CZcams's algorithm, or have there been quite a few big vulnerabilities lately? Don't get me wrong, it's good we're catching them, but they're a good reason for good update/patch management.
its a little bit of both. ive been making videos about bugs im hearing about, so you're definitely seeing more because of me. but also my feeds have been blowing up with articles about bugs recently.
@@LowLevelLearning And thanks for that! I've been enjoying the breakdowns you've been making
Someone commented that April is month of exploits
it is recursive. Articles about bugs drives people to find bugs to create more articles, which drives people to find bugs to create articles.
@@LowLevelLearning Where do you get these news?
Bro the NSA is getting all of their exploits leaked đ
proot
yes, the NSA and their international ally. In the case of xz, they tried to blame the Chineses.
ââ@@eng3dMossad, aka 'is real'
Proot
The ain't using php anymore, they switched to Asp
sending chills down my spine with "SET THE CHARSET TO RCE" đđ„đ„
It sounds like some Star Trek technobabble that some writer came up with
What is charset and what is RCE?
@@TheJackal917 Charset: character set, think ASCII or UTF-8
RCE: Remote code execution, where an attacker can execute arbitrary code on a system
@@treevor1 thamks.
that phrase rolls like an epic dis from a nerd rap track
As a php dev, this does not surprise me at all. *Continues to code in php 5.6*
Man, I wish I could upgrade all my clients to 5.6.
@@Betacak3 feels good to be the admin too. I switched all that stuff to 7 and then 8 years ago lol
*lol* To be fair: update politics have changed to the better with webspace providers / managed servers. In fact were making a lot of money atm migrating systems to PHP 8.2/8.3 because many providers are charging extra money for "legacy" 7.4 support.
Rip đđ
@@prima_ballerina my current projects: upgrade two websites from php 5.6 to 8.3. Easiest money for my boss in the world
Wow, another vulnerability
Someone left the nsa lately? đ€
Availability bias, CZcamsrs saw that the XZ vulnerability (yes an actual crucial and scary one) did well among viewers, so now every vulnerability under the sun is being posted about. I would bet on it being a trend in posting, rather than a trend in actual vulnerabilities. Just something I see, I could easily be wrong
â@@-Ldcould also relate to more people being sceptical of the software they use and thus looking for vulnerabilities
@@plaintext7288 the most insane vulnerability I've ever seen in my life (look up operation triangulation) came shortly before (what I consider) this recent trend, and it was not well known. The best documentation was by the firm who found it themselves, which had around 1k views. Basically the attacker could send a text to someone (unopened), and instantly get kernel access to their iPhone, so if you have an iPhone, you were 100% compromised unless iMessages were disabled. If this happened a week ago, I would speculate that it would be more well known
@-Ld I don't know why vulnerabilities wouldn't always be posted because a lot of people want to be hackers and the well-paying cybersecurity field is continuing to grow massively.
There could be an uptick in vulnerabilities because people were inspired to look for more of them. The collective power of humanity is wild.
"Update glibc" could use some clarification. If a distribution has an official update available (and many distros will incorporate the patch into their supported versions), then by all means, but be prepared for serious complications when installing a version of glibc your distribution doesn't support.
Hopefully people already know their systems well enough to know how to install updates, but yes, realistically in most cases it'll be a backported fix to whatever glibc version you already had.
If all the dependent packages are not ready for an updated glib and itâs not listed by your package manager when you check for updates AND you force an update on glib, couldnât that essentially break your disto?
UTF-8 and UTF-16 are NOT just the english character sets. They're literally all character sets, cause it's you know...unicode. English characters would be ASCII which UTF-8 is backwards compatible with.
Came here to say the same thing.
brb, writing a middleware that removes the charset header from the requests LOL
Heros don't always wear capes
so happy I never really did much complicated stuff with PHP in all projects I still have out there. I essentially just went `php index.php => index.html` and replaced the files on the production server for every project still using PHP and that basically saved me from having to look into 99% of CVEs for php. I mean I am still running PHP on an apache host, but since it's managed by the hosting provider it's their job to fix what's left.
this should affect every web request system, not just php that can accept and react to that http header, including node , it uses glibc too , and does accept http headers
Thatâs my understanding too, this does not seem isolated to PHP whatsoever.
That all depends on how those other systems implement functionality for character sets and HTTP headers. The bug in PHP is specifically related to PHP's use of glibc's iconv() function. While it's possible that other systems use iconv() in a similar manner, and have similar vulnerabilities, it isn't guaranteed that a web request sytem that depends on glibc is vulnerable. Other systems could be using character encoding conversion mechanisms other than iconv().
This affects every binary that links to the iconv() function. However not all implementations will have an RCE exploit, just a possibility of one. So they fall under the lower rating of 8.8 until one is found.
Also I would guess this exploit makes heavy use of the way PHP makes use of path-variables for passing data. Not all request systems are as liberal nor straightforward in the way they do this.
I think the point is that in the case of PHP the researchers managed to find an exploit chain that started with this bug. Until their research is published we don't know where else they tried or how hard they tried.
0:43 you should say "most Linux distributions". for example alpine runs on musl and also gentoo has a musl option.
However, the code for the exploited function is most likely the same in musl.
@@tripplefives1402 No, the code in musl isn't most likely the exact same. glibc includes many non-standard optimisations and extensions, while the principles of the musl codebase are simplicity, correctness, standards compliance, and security. musl has had only six CVEs to date, while glibc has had over one hundred. This vulnerability is due to a logic error in glibc's implementation, and it would be unlikely the exact same logic error exists in musl. I would be quite surprised if musl's iconv() implementation was affected by this.
@@shrootskyi815musl has had 8, not 6, CVEs. Check MITRE.
How much of musl's CVE track record is due to its limited visibility and exposure? Younger age? Going simply by the number of CVEs is misleading. I recommend examining the fixes made to address this in glibc commit e1135387deded5d73924f6ca20c72a35dc8e1bda and comparing to musl libc's iconv rather than operating off of assumptions.
@@tripplefives1402 Nope. Musl says "The iconv implementation musl is very small and oriented towards being unobtrusive to static link. Its character set/encoding coverage is very strong for its size, but not comprehensive like glibcâs." plus a few more paragraphs with details.
@@shrootskyi815 6 cve's in 13 years : 100 cve's in 37 years is pretty damn good. Glibc is almost 5 times worse even taking into account how much older it is.
Why it is reported as php bug?
It is glibc bug, but I get it more now... it is just php bad luck... or unfortaunte decision of placing buffer
For the same reason xz was tried to get attributed to systemd: People, rightly or wrongly, dislike PHP and any reason to attack it is valid.
â@@videocommenter235And despite their attacks, it ain't going anywhere
No kidding, glibc is used by a lot of other languages too. Itâs good to point out that php is impacted, but to say itâs a php bug is weird
It's same as eval in exiftool that lead to an rce in gitlab.
Looks like because it is easier to exploit the bug on PHP.
"Hellow my name is Oliverlearning"
is what my brain heard for some reason xD
i cant unhear it now! đ€Łđ
I had to watch this video with closed captions and no sound. The captions printed Oliv Learning, so it heard that too! đ
Me too. Before reading comments
00:25 Oliver Earning
It's weird name, tbh
These videos are a great way to be notified of things like this, and appreciate you taking the time to explain the bugs too!
I work for a web hosting company as a developer, not as security - but I alerted our security team to this thanks to you.
In ancient times burned once by external library wich theoretically has versioning but forgot about it i started round external structures or buffers with 256 or 512 bytes of "spares", which saved me ours of debugging strange errors or showed very beneficial to stability (additionaly i zeroed those spares before and after call)
This title is so misleading. The vulnerability is not in PHP and it can only be exploited if you use user supplied inputs when calling the iconv-function and not filtering on allowed values for the conversion.
A tech talker explaining that UTF-8 is English encoded, is like a car mechanic explaining that oil goes into the inlet for the heating system.
Also utf-8 is not just 8 bits, but 8 to 32.
april be a crazy month
This, putty... was the apple sidechannel key extraction (gofetch) this month? I'm honestly having trouble keeping up. What have I missed? What have I forgotten that I'll still need to act on (or at least discuss with IT) when I go back in to work?
@Relkond the few I can recall of the top of my head are as follows:
linux (networking code?) giving ring 0 access
xz & liblzma backdoor
poorly escaped strings in windows allowing for "script execution" (shouldnt be a 10.0/10 exploit)
firewall having exploit
putty (as you mentioned)
this
and others I forgotten about
Yes, major vulnerability. Everyone zip your projects hide them and start running.
Fake news, they just want to take our lambos!
đ
đ
đ€Łđ€Łđ€Łđ€Łđ€Łđ€Ł
Lol đ
Anyone else think it's weird when a CZcamsr says, "Hi, my name is ..."
I personally don't. With these depth and quality of content he can call himself a talking teapot if he pleases. I'd still watch every single video he releases.
His mother just had a premonition of what he would become
This impacts basically everything, not just php lol
Only if they use glibcâs iconv implementation. There are at least two functional replacements for iconv if I donât count wholesale alternatives to glibc.
Two notes, this isn't a Linux only bug, GCC is used for windows PHP deployments as well.
Chinese uses double or even quad byte characters depending on the encoding. Since it seems to require installation of Chinese support and requires chaining that limits the vulnerability substantially.
Hi ! I have a few sites in PHP and now I code in Go. Do you think Go is better itself in regards to security and buffer-overflow proof choice or this is rather skill issue? Cheers!
You're most likely won't encounter such vulv anyway if you're not dealing with encoding conversion. Most likely you're using mbstring because of its multibyte-safe character encoding. Even then it's best to check the requirements or soft deps your packages might be using.
So that's how I find good vulv... đđđ
I love these kinds of videos! I have hardly any experience or knowledge with security and am unsure how to start. These videos make the concepts more understandable. Thank you!
Go for it!
I know Iâm asking you for content that the algorithm is not kind to, but could you make some more videos that hit hard in the bare metal embedded world?
Iâd love to see you do some stuff with RTOS, sensors, sensor fusion, bootloaders and other nifty. Even just building some neat little project would be great. Cheers!
With a lot of these vulnerabilities require a particular level of access to be exploited which he noted but didnât really expand upon.
Also a lot of php frameworks probably have expanded or limited access to request methods. Also these vulnerabilities would probably be more in development projects where people are not putting security infront of requests or not whitelist ips, or blacklisting IPs.
Also this would probably only apply to public facing php apps, websites .. with very little security or poorly written code. So your local environment or a docker container is outside of this ..
Saying rust would have fixed that bug is kinda misleading since any language that employs bounds checking would have
Yeah, I guess... If you also embed the whole GC just to run that code module. Only Rust could be used to write something that could be embedded without forcing you to run a GC
The reason this is always asked rust and not other memory safe languages is that rust has the right features to replace c, while most others do not.
If you were to rewrite iconv in Rust, no other software would even notice. If you rewrote it in (insert GC language here) a lot of software would have new and interesting performance problems from having GC heaps stuck in them
@@antoniong4380 you have bounds checking in C++. if you write an inline function/macro e.g. array_get_checked(), then you also have bounds checking in C
Most other languages that do bounds checking are garbage collected and not suitable for tasks like this as a result. C++ does not do bounds checking, that's a common misconception. I do know that Ada does however. There's also ATS, although that's a research language. I can't really think of anything else, perhaps D-lang might do it?
A few weeks ago I played a CTF with a challenge that had this kind of bug. It was written in rust, but it was all wrapped in an unsafe block
Another alternative fix would be to run on Alpine Linux, which uses musl instead of glibc. If you're using a container just add -alpine to the base image.
It would be great to have an in depth video on why just 4 extra bytes are such a thread. I never dealt with low level code so I have no idea, itâs a complete mystery to me.
I probably don't understand it well enough to explain it but basically a program allocates a very specific amount of bytes for a task, if said task overflows it overwrites memory allocated for something else, even if it's 4 bytes that can do a lot of harm and escalate to arbitrary code execution
Simply put, the compiler doesn't waste memory if it can avoid it. If you have a bunch of variables, it usually puts them right next to each other.
Now imagine that you've got a variable that's supposed to be 20 bytes long. Right after it in memory is another variable - let's say it's the address the code should jump to at the end of the current function. If you write 24 bytes into that first variable, you're really writing 20 bytes into the first variable and 4 bytes into the second. You've just changed where the program jumps to at the end of the function.
Normally that sort of thing would cause a hard-to-debug crash in the best case and memory corruption in the worst. However, if things are arranged just right, you might be able to use something like this to intentionally specify the jump location to something that invokes a shell or otherwise opens the program up to more manipulation.
This sort of thing works because the computer doesn't really understand the concept of a "variable." It just sees memory addresses. It's up to the compiler and the programmer to make sure that the correct memory addresses are used and that you don't write to addresses you aren't supposed to.
Languages like C don't give the compiler enough information to pick up on this sort of thing, so it's up to the programmer to make sure it doesn't happen. They're only concerned with the raw mechanics of what the computer should be doing, so if the programmer wants to copy bytes from one location to another they have to write out exactly how that happens. Programmers make mistakes. Well-written libraries help a lot, but C will happily let you shoot yourself in the foot if you tell it to.
Languages like Rust and Ada require the programmer to provide more information about the intent of the program, so the compiler is able to do more checks to find programmer mistakes. There's a cost though - either in runtime (bounds checking) or loss of flexibility (i.e. sometimes you really do want to shoot yourself in the foot). Good languages offer the programmer usable tools to overcome the loss of flexibility, and bad languages are just a pain to use.
I've never written any Rust or Ada, but from what I hear they're pretty good languages.
4 bytes can easily be a return address...
The operating system gives certain access to memory. When memory is in use, that space is protected from being read and wrote. When you overflow without crashing the program, you are essentially corrupting this entire model.
Often times, this simply leads to data corrupting which usually results in a runtime crash. The way this can be exploited however is somewhat program dependent. If you overflow in just the right place at the right time, you may call a system function or server function with arbitrary arguments. Note that attackers are often smart and patient. They will do this for months and even years to get access to a system and exploit it.
The feeling when you switched to static html after a wordpress plugin allowed attacker to do their things (for example: delete all on-site backups). Since that there has been at least 10 more plugins that are vulnerable and now this sort of thing pops up.
He got his hairs cut! Really wanna see you try out Go, just seems like such a good fit for how you operate
If you're running Ubuntu LTS with unattended-upgrades your system was updated last Friday (19th).
wow.. cant wait to see how the vulnerabilty work explain by the researcher
It doesn't affect my Lamborghini, won't fix.
the glibc website says "The current development version of glibc is 2.40, releasing on or around August 1st, 2024." so it's not something that we can do about upgrading it
Yeah, this part stuck with me to. Most youtubers casually says "just upgrade you glibc or linux distro" but glibc 2.40 is not released and current LTS distros are don't have a patch for this. Is there an actual viable fix for this?
I wonder if it has been used previously and how many times.
wordpress is typing.......
glibc v2.25 Coverity report
Defects by status for current build
539 Total defects
400 Outstanding
138 Fixed
đą
Looney tunes
ssh
Os injection ( Palo Alto)
Iot hotel door encryption flaws
And now this !! Oh God , 2024 is haywire for cyber security Professional's .đ€đ„
C really needs to make every pointer a fat pointer by default...
(fat pointers include the address, as well as a _length_ that can be checked against to prevent out of bounds indexing.)
Seems weird not to comment on php on musl in this context. Is running on musl an effective mitigation?
Yes
I was under the impression that UTF-16 wasn't English specific, but simply required multiple subsequent 16-bit values for codepoints over a certain value.
driving and I'm swerving and i violently conv (iconv!)
Could this bug be used as a basis for an SQL injection attack? If you have complex Chinese characters that decompose into quotes, wouldnât that be bad to put into text fields of a web page that expect western languages? I suppose in the software that I write, I use prepared queries!
Also, could this be used to write and execute code with the same privileges as Apache (depending on how the memory immediately following the buffer is treated)?
I wish this was more accurate so it was more easy to understand the scope.
Please can you do a video on how to use LwIP Stack on Linux for begginers? I'm trying to learn it to write some firmware with it but the documentation isn't explicit on how to use the BSD-like Socket API of LwIP. I would appreciate it if you do it :)
Hey man can you a beginner guide to get into cybersecurity related to web developement?
could this cause a glibc error when attempting a shutdown? Could that be a result of or indicative of an overflowed buffer?
Bro, for PHP this is so specific, that only applies to 3 webpages in the whole world if not -1. For anything else only applies if you mess with that exact specific Chinese character set in HTTP headers a very specific way. OMG quick we f.n need to panic coz another mind blowing huge bug is here... What do you think why does this one was discovered after 24 years? Because it is so frequently used technique? No, because that one person who found it was trying to break a system. This concept was the example he came up with, but in reality nobody is coding like that, if so, than they deserve a good hacking.
thank god void and alpine are safe
Would disabling the iconv extension for php be another way to mitigate the bug?
Maybe, but only if your application doesn't depend on it.
I am forcing UTF8 in headers, and in php itself in my applications so I doubt in my case users can spoof to the Chinese char set on page submissions.
I found something weird af on the htb academy last month. (Could be my computer) but havenât had a serious answer from their team.
Setting up a server listening on port 5555 was expecting a reverse shell but instead got a load of file paths and file names and ip addresses of some Asian dude running from Vietnam.
First on me, dunno wtf happened
We have to be scratching world record territory st this point. How are all of these massive vulnerabilities being found just days apart?
Gonna exploit this right now. Thanks!
these drums sound great with new heads
Watching this while running many instances of wordpress on Linux Serverđ€ [Edit] is this the same as GHOST vulnerability that came out in 2015?
If I don't use ICONV to translate to that character set, should I worry too? I use it specially to convert between and from UTF-8 to WINDOWS-1252.
We don't know yet....
@@autohmae how about if I don't use iconv() at all?
@@ThomPorter74 We do NOT know YET.
@@autohmae ok, I WASN'T sure.
@@ThomPorter74 we got to wait till May 10
Only if you use unwrap
Dawg is feasting this month
Thanks for informing the 4 php dev out there
Wow, that's very cool!
So really dumb question incoming. If I have a fresh install of Linux mint, with nothing extra installed except for steam and discord. Is my system in the clear or do I need to do something? Im sort of new to this whole thing.
how can you take over a device with 4 bytes?
should have static analysis uncover something like this?
At this point we better start testing all buffers everywhere for overflow đ
What's up with all the kinds of vulnerabilities suddenly appearing this month?
// Check if the charset header is set and its value is ISO-2022-CN-EXT
if ($request->header('charset') === 'ISO-2022-CN-EXT') {
// Remove the charset header
$request->headers->remove('charset');
}
Where would you put this? at the top of every php page?
bro you can simply remove the charset for glibc
php itself or php derivatives (like hack?)
Thanks Buddha I've never touched PHP.
good moment to let the ansible update playbok run ^^
do you have to have the chinese char set installed ? would you by default
It's actually about encodings. iconv converts between encodings (i.e., representations of characters in memory). It doesn't have anything to do with what's installed on the system because knowledge about the different encoding schemes is built in to iconv (the glibc implementation of it in this video) directly.
lmao what a pike matchbox moment
The nice thing about open source is that everyone can read it, find security holes, and close them. The downside is that it takes 24 years before somebody actually does that. No, just kidding, there are plenty of bad actors who find those vulnerabilities and abuse them for years before anyone else finds them.
closed source is not different, while you may get paid to fix issues you first have to find it in the first place also resulting into someone abusing it.
@@JustPlayerDE "closed source is not different" - as long as you understand open source does not offer better security, all is good.
â@@momoanddudufinally a reasonable opinion on this lol
The good actors have names that rhyme with "Mia Fan"... đ
@@momoanddudu Open source does not offer better security inherently, but it offers better transparency. Said transparency is important to finding issues and ensuring they get fixed. It's for this reason that 24 year old bugs like this are few and far between.
First i heard of this i read 4 bits. And thought, yea that's enough you just need to find the right place and, since i'm more familiar with GBA hacking, real applications are bound to be quite difficult to find.
It's 4 BYTES. Yea. That does not change things that much in my viewpoint. Just. Makes the exploit have a lot more places to be used. I have no idea how much more situations, but if i get a four byte overflow in a GBA game oh dang i can do anything
Okay, challenge - because I am curious: Illustrate the theoretical methodology behind using a 4byte buffer all the way towards implementing a potentially system-controlling payload.
I can't quite imagine how just four bites is enough to do that o.o
We'll know for sure in a month when the talk comes out, but usually this kind of thing is one piece that gets "chained" with other exploits as "part of this complete breakfast." 4 bytes is 32 bits - which can overwrite an instruction pointer, etc
I imagine that in the exploitable PHP context, you can overwrite an important pointer without hitting a stack cookie or similar. Letâs say you overwrite f, and f somehow is php pointer to your own php code. It could also just be a traditional byte overflow where attacker needs to overcome ASLR etc, but the. Exploitation is harder (if nothing else is known). Target being php is also interesting as other interpreters (like JavaScript) has allowed hacks like âHeap Feng Shuiâ has enabled nuking ASLR from orbit using scripts. So thatâs my guess - itâs php related and something in php model makes the exploitation much easier than it normally would be, something in the memory is known to attacker. If thatâs not the case, then my second guess is that some variant of Feng Shui attacks makes attacker able to bypass ASLR without much of prior knowledge.
Basically; we have a 4 byte write primitive. And potentially a huge payload attacker controlled in memory. And we we can do thousands of these operations again and again. We donât know if it is a single 4 byte overwrite or if it in php is multiple. And we donât know which 4 byte is being overwritten. Many local code execution bugs loops until they win over ASLR⊠But in theory the entire memory could be filled up by x86 machine code exploit or php exploit code⊠it would be fun if there an exploit chain that is novel that doesnât rely much on traditional memory hacks but actually does something with php code to be executed by the interpreter. Once the research is published explaining which memory is overwritten from the php exploit it will be easier making sense of it.
it depends on what's in those four bytes
if it happens to contain a permission flag or be a function pointer (the return address is a likely target if working on the stack), then you can use it to elevate your privileges or run arbitrary code respectively
Is "would Rust have fixed it" the new bar everything gets measured to? lol
These types of bugs (memory related ones caused by the language deficiencies) are the biggest problem with software safety, maybe that's why.
@@antagonista8122 I certainly wouldn't mind having strict types and the borrow system in PHP. Would be an insane break with its roots though.
This is actually political, the reason he mentioned it is to stave off the Rustacean vultures from the comments... if you look into it, it won't take long to discover what end of the horseshoe they belong at... (hint: they have "mallocophobia")
its just common question
I think it's just a new meme.
1:05 No. UTF-8/UTF-16 is not the "English character set". UTF-8/16 is a huge collection of all characters in all the languages used around the world, it even includes all the emojies, like this one đ© is UTF-16 0xD83D 0xDCA9.
Will this affect my InfinityFree website?
Ironically today was the first time i used iconv because of some shift-jis textfiles
Japan and China not very far from each other đ
I guess php should CNA this CVE to 10.0, to indicate that in their context it is an unauthâed RCE for many installs. Rating vulnerabilities on library level always is a bit âgarbageâ due to âgarbage in, garbage outâ. If you donât know the application context, you basically yolo guess all parameters around exposure/likelihood.
All the gov backed exploits
Rust mentioned?
Ahhh, good, still not as bad as the Rust one marked as 10
Eek given how popular WordPress is and it uses PHP it sounds like this could be a pretty widespread issue!
Sounds like this exploit would need to receive input, the module would need to be enabled, and specific calls to parse characters through incorrect coding practices.
I would say everyone who use node.js should fear because of Server-Side Request Forgery (SSRF) affecting libuv package.
I would really like to see the security stuff split off into a separate channel, I love the embedded stuff but just donât care about the security stuff which has been coming out more recently
This year like a cve covid
HOW MANY MORE VULNERABILITIES ARE GONNA GET DISCOVERED?
yes
Some of them
Your channel is everything I'm hoping for at the moment. I am literally learning cybersecurity and programming. I only know Python though. I got certified in CSS, HTML, JS, and SQL but I don't use them. I can inspect them pretty well now which helps for basic cybersecurity. Im hoping to get a job in the field in a year or so once im actually sure of the basics
Mr LLL is great even if you are old in the game. Much easier to remember an explainer than all the tech news that flies by. Also love to reference LLL and LiveOverflow videos when Iâm explaining this quickly/badly. So I know people can spend time to learn at their own pace from someone who explains things clearly.
Huh, what about php linked with musl libc ?
I want to get Mr. glibc wild ride đ
Everytime such a video goes online I check my system only to find out that the securitiy issue is already resolved. I use Arch, btw. ;-)
php will never die
- love wordpress