this is a warning to anyone using php

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

this video is a warning for anybody that uses PHP in particular on Linux a researcher recently found a 24-year-old bug hiding in GBC that may affect every PHP application in existence in this video we're going to talk about the nature of the bug what you can do right now if you're using PHP and what this kind of bug means for future web code also if you're new here hi my name is oliv learning I make videos about cyber security and programming topics if you like that or just want hang out with me hit that sub button I really appreciate it what sparked this entire conversation was a recent disclosure of a 24-year-old bug hiding in GBC GBC being the gnu library for C that basically lives on every Linux distribution it's a bug in versions that are older than 239 so basically every version that exists right now and it's in the iom function if you don't know what Icom Vives icon is internationalization conversion basically it's a function in the library that allows you to convert between different character sets right so for example you have traditional data in GC it's in either utf8 or utf16 which is the English character set in either eight or 16 bit encodings what iom does is allows you to take the utf8 encoding and translated into other encoding sets for different languages that have different character sets like maybe Chinese or Arabic or Japanese or Korean those kinds of things now the bug is in particular the icon function in the gnu library May overflow the output buffer pass to it by up to four bytes when converting strings to the iso 2022 Chinese extension character set which may be used to crash an application or overwrite a neighboring value so what this is is you know the traditional buffer overflow where because of the way that data is expanded when going to this Chinese character set it allows a remote user to expand a buffer outside of its bounds by up to four bytes and if you're not aware a 4 by buffer overflow is definitely enough to take control of Heap metadata and use that to give a hacker remote access now in particular in the Chinese character set again I I don't speak Chinese but I'm making a general assumption about how the language Works um when you want to change between different kinds of character sets you use these Escape sequences to tell the processor for the language to change into a particular kind of character set now what this bug is is when you use these Escape sequences to change in that of character sets something about the logic is flawed where you're allowed to write three to four bytes outside of the buffer so this is a pretty standard case of logic errors in memory management that allow you to create a buffer overflow very common stuff for languages like C you're probably asking this is a bug in C not necessarily a bug in PHP so how why does this matter for PHP well unfortunately we don't know the details of how this is going to play out but enter Charles fall who I believe is a French researcher who has a talk at upcoming offensive Con in May and this is the nature of the talk iom set the care set to rce exploiting GBC to hack the PHP engine and this is his abstract of it a few months ago as we're talking about he stumbled Upon A 24-year-old buffer overflow that is rarely exploitable however on PHP it led to amazing results a new exploitation technique that affects the entire PHP ecosystem and the compromise of several applications so it's important to remember that when you're coding in a language like PHP an interpreted web language at the end of the day the code is running in a binary that binary has to read the user data it has to read the PHP code and it processes it in a systems level language that could have memory corruption vulnerabilities so while the PHP code is not necessarily a place where you can do buffer overflows if the memory is mismanaged within PHP itself you could exploit a remote server so the details of how this bug Works have not come out yet the talk is actually May 10th to 11th but what he's implying here I believe based on the title of the talk and the patches that'll come out for PHP there is a way in PHP to specify via HTTP headers the character set of the session that you're talking if you're able to change the character set from utf8 encoding to this Chinese extension character set the iso 2022 Chinese extension and using these Escape characters you're able to overflow the memory of the PHP runtime in a potentially exploit GBC inside of your PHP installation truly an amazing bug if this is a able to happen and I think it's pretty scary because this cve got rated an 8.8 which is not great obviously it's fairly high but it's not a 10 out of 10 I think this bug didn't get a 10 out of 10 because it and of itself is not remotely exploitable this this code does not attached to a socket you can't just go and exploit every libc that exists but when you attach a library like this that has a vulnerability that processes text to a PHP instance that is literally processing data in and out from a user you get a really interesting case for you tie a lower scale vulnerability to another lower scale vulnerability and together they make a 10 out of 10 I would argue vulnerability so what can you do right now if you're using PHP and maybe even have this Chinese character set installed well there's a few things that you can do uh first you can patch GBC this bug does go away in GBC 240 so if you can update your version of GBC this Icom buffer overflow will go away and not leave you potentially vulnerable to the attack that will be disclosed in May of this year stay on top of updates from PHP they'll be giving out more information about this bug as more details come out and three make sure you're watching your networks right if you see unusual traffic if you see people going in and out of your network that normally don't IP addresses kinds of traffic Etc um I would keep on high alert until you figure out if you're patched or not and the question we're all waiting for the answer to would rust have fixed a bug like this the answer is kind of I don't think this kind of bug would have been caught in compile time checking like the B Checker or bounce checking uh that the rust compiler does do at compile time but at runtime Time by accessing outside of the bounds of an array rust would have gracefully killed the process as to make it not exploitable so this bug would have been just a Dos condition or a denial of service condition that would allow us to crash a server as opposed to what could be an entire compromise by hacker so would rusta fix this bug little bit not completely little bit so that's it for now guys I appreciate it thanks for watching the video If you like this video hit the like button hit subscribe and we'll see you in the next one now while you're waiting for the next video to come out go check out this one I think you like it see there

Info

Channel: Low Level Learning

Views: 208,089

Rating: undefined out of 5

Keywords: apple, apple m1, m1 bug, cpu bug, hackers, vulnerability, cache

Id: kQdRT2odUIk

Channel Id: undefined

Length: 6min 31sec (391 seconds)

Published: Sun Apr 21 2024