Menu
What's new
By:
Filters Better Search

News New 28 year old Php/gnu c buffer overflow vulnerability.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

DJones

Very Senior Member

NVD - CVE-2024-2961

nvd.nist.gov nvd.nist.gov

Breakdown of vulnerability. (Not sponsored):


Note that php is not in the asuswrt-merlin firmware, but can be installed via entware.
 
coxhaus said:
Sounds like this is Linux based so I assume it does not apply to Pfsense not being Linux based.
Click to expand...

I believe in this instance that is correct. PFsense and OPNsense are FreeBSD based.
 
Note that PHP is only a mean to exploit the issue, the core of the issue is in glibc itself. But I guess since nobody knows what glibc but a lot of people have heard of PHP, it got publicized that way...

That same PHP would probably be safe if your platform used musl.
 
RMerlin said:
Note that PHP is only a mean to exploit the issue, the core of the issue is in glibc itself. But I guess since nobody knows what glibc but a lot of people have heard of PHP, it got publicized that way...

That same PHP would probably be safe if your platform used musl.
Click to expand...

Yeah - this is one of those classic stack-smashing things, and it's not just on glibc or php... it's a common risk.

It could happen on a device that uses MUSL if the binaries statically link to a glibc, libc, or uclibc that doesn't have protection there...

CWE - CWE-787: Out-of-bounds Write (4.14)

Common Weakness Enumeration (CWE) is a list of software weaknesses.
cwe.mitre.org cwe.mitre.org
 
You must log in or register to reply here.

Similar threads

D
News Universal local privilege escalation linux cve-2024-1086
Replies
0
Views
438
DJones
D
Viktor Jaep
TAILMON TAILMON v1.0.20 -July 27, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (Now available in AMTM!)
26 27 28
Replies
556
Views
59K
XIII
XIII
Viktor Jaep
BACKUPMON BACKUPMON v1.5.10 -Mar 1, 2024- Backup/Restore your Router: JFFS + NVRAM + External USB Drive! (**Thread closed due to age**)
48 49 50
Replies
987
Views
133K
Viktor Jaep
Viktor Jaep
ExtremeFiretop
MerlinAU MerlinAU v1.3.4 - The Ultimate Firmware Auto-Updater (GNUTON SUPPORT!)
Replies
18
Views
4K
ExtremeFiretop
ExtremeFiretop
ExtremeFiretop
MerlinAU MerlinAU v1.2.6 - The Ultimate Firmware Auto-Updater (**Thread closed due to age**)
23 24 25
Replies
499
Views
95K
ExtremeFiretop
ExtremeFiretop

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 641 (members: 15, guests: 626)
Top