Last week, a critical vulnerability known as CVE-2024-2961 was uncovered, posing a potential risk to systems utilizing glibc and serving PHP content. This vulnerability stems from the ISO-2022-CN-EXT character set, putting systems at risk of exploitation.

As of now, there isn’t a glibc package available with a fix for this vulnerability at the time of writing this article. However, there’s a straightforward workaround to mitigate the risk by disabling the compromised character set.

To begin, let’s ascertain if your system is affected by running the following command:

iconv -l | grep -E 'CN-?EXT'

If the command returns no output, your system is safe from this vulnerability. However, if you receive output similar to the example below, your system is vulnerable, and it’s crucial to follow the steps outlined below to address it:

[bambi@pogo]$ iconv -l | grep -E 'CN-?EXT'
ISO-2022-CN-EXT//
ISO2022CNEXT//

Here’s how you can fix it:

  1. Browse to the directory /usr/lib64/gconv/gconv-modules.d.
  2. Edit the file gconv-modules-extra.conf.
  3. Locate line 1254 and comment out the following entries:
# alias ISO2022CNEXT// ISO-2022-CN-EXT//
# module ISO-2022-CN-EXT// INTERNAL ISO-2022-CN-EXT 1
# module INTERNAL ISO-2022-CN-EXT// ISO-2022-CN-EXT 1
  1. After making the changes, execute the command sudo iconvconfig to regenerate the cache.

Now, when you run iconv -l | grep -E 'CN-?EXT', you should receive no output, indicating that the compromised character set has been successfully disabled.

By taking these proactive measures, you can safeguard your website against potential threats posed by CVE-2024-2961. Remember to stay vigilant and keep your systems updated to ensure optimal security.

This post is inspired by the original article available at Rocky Linux News.