Iconv, set the charset to RCE exploiting glibc to hack the PHP engine
Charles Fox
DEF CON 32 Main Stage · Day 1 · Main Stage
In this DEF CON 32 talk, Charles Fox unveils a critical **buffer overflow vulnerability** discovered within the **glibc `iconv` library**, a fundamental component for character set conversion in most Linux systems. While initially found during an audit of the PHP engine, the bug itself resides not in PHP, but in its underlying dependency, making its implications far-reaching across various applications that rely on `iconv`. Fox demonstrates how this seemingly innocuous character conversion flaw can be leveraged to achieve **Remote Code Execution (RCE)** within PHP applications, presenting two distinct attack vectors: via PHP's powerful `php://filter` stream wrappers and through direct calls to the `iconv` function.
AI review
This talk presents a critical buffer overflow in glibc's `iconv` library, a foundational component, triggered by a highly specific character set conversion. The discovery of this low-level bug, and its clear path to Remote Code Execution within PHP applications via common attack vectors like `php://filter`, demonstrates exceptional technical depth and novelty. It's a prime example of impactful research that exposes vulnerabilities in layers of the stack most people take for granted, providing immediate, actionable intelligence for defenders.