Hey
Allegedly there is a bug in GLIBC that impacts PHP which impacts any Dolibarr installation on Linux, and there are hints that it might be remotely exploitable just by sending an HTTP header which you can do even before logging in.
If you can upgrade GLIBC (to something new enough) you should do that, but there is also another method which might be worth doing anyway because the mitigation probably does not cause any trouble for most of you.
It is all related to CN-EXT which is an extension to Chinese character set ISO-2022-CN, so my guess is that the mitigation has no impact for most of you.
On your Dolibarr installation on Linux, any Linux, any Dolibarr, run these commands:
- iconv -l | grep -i CN | grep -i EXT
and you should get a line like this: ISO-2022-CN-EXT//
- find / -iname gconv
I got this output: /usr/lib/x86_64-linux-gnu/gconv
-
cd /usr/lib/x86_64-linux-gnu/gconv
-
ls -la gconv-modules
-
cp gconv-modules backup.gconv-modules
-
edit gconv-modules and put # infront of the lines with CN EXT which in my case is this result
#alias ISO2022CNEXT// ISO-2022-CN-EXT//
#module ISO-2022-CN-EXT// INTERNAL ISO-2022-CN-EXT 1
#module INTERNAL ISO-2022-CN-EXT// ISO-2022-CN-EXT
-
run the command iconvconfig
-
check that the change was made by running the command from #1 again
iconv -l | grep -i CN | grep -i EXT
and you should get NO output -
that should be it, I got the mitigation from “thenickdude” here https://www.reddit.com/r/PHP/comments/1c9lslg/comment/l0o3tp2/?rdt=35527
10, maybe watch this less than 9 minute video
