Hackers and Vampires Agree: Every Byte Counts
Headlining the release today is a new exploit module by jheysel-r7 that chains two vulnerabilities to target Magento/Adobe Commerce systems: the first, CVE-2024-34102 is an arbitrary file read used to determine the version and layout of the glibc library, and the second, CVE-2024-2961 is a single-byte buffer overflow, and it is impressive what can be done with a single byte. By creating an intricate heap layout though specific memory allocation calls in php, an attacker can groom the heap contents in such a way that they can use the single-byte overflow to change a flag in the custom_heap structure, which then results in a system call containing arbitrary data.
New module content (1)
CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961)
Authors: Charles Fol, Heyder, Sergey Temnikov, and jheysel-r7
Type: Exploit
Pull request: #19544 contributed by jheysel-r7
Path: linux/http/magento_xxe_to_glibc_buf_overflow
AttackerKB reference: CVE-2024-34102
Description: Adds a new module exploit/linux/http/magento_xxe_to_glibc_buf_overflow which uses a combination of an Arbitrary File Read (CVE-2024-34102) and a Buffer Overflow in glibc (CVE-2024-2961) to gain unauthenticated Remote Code Execution on multiple versions of Magento and Adobe Commerce, including versions less than 2.4.6-p5.
Enhancements and features (2)
< ..
Support the originator by clicking the read the rest link below.
