Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-4353.NASL
HistoryDec 11, 2018 - 12:00 a.m.

Debian DSA-4353-1 : php7.0 - security update

2018-12-1100:00:00
This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
JSON

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a ‘Transfer-Encoding: chunked’ request and the IMAP extension performed insufficient input validation which can result in the execution of arbitrary shell commands in the imap_open() function and denial of service in the imap_mail() function.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-4353. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(119561);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/28");

  script_cve_id("CVE-2018-14851", "CVE-2018-14883", "CVE-2018-17082", "CVE-2018-19518", "CVE-2018-19935");
  script_xref(name:"DSA", value:"4353");

  script_name(english:"Debian DSA-4353-1 : php7.0 - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language: The EXIF module was susceptible to
denial of service/information disclosure when parsing malformed
images, the Apache module allowed cross-site-scripting via the body of
a 'Transfer-Encoding: chunked' request and the IMAP extension
performed insufficient input validation which can result in the
execution of arbitrary shell commands in the imap_open() function and
denial of service in the imap_mail() function."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/source-package/php7.0"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/stretch/php7.0"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2018/dsa-4353"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the php7.0 packages.

For the stable distribution (stretch), these problems have been fixed
in version 7.0.33-0+deb9u1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-19518");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'php imap_open Remote Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/12/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/11");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"9.0", prefix:"libapache2-mod-php7.0", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libphp7.0-embed", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-bcmath", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-bz2", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-cgi", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-cli", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-common", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-curl", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-dba", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-dev", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-enchant", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-fpm", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-gd", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-gmp", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-imap", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-interbase", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-intl", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-json", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-ldap", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-mbstring", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-mcrypt", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-mysql", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-odbc", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-opcache", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-pgsql", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-phpdbg", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-pspell", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-readline", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-recode", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-snmp", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-soap", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-sqlite3", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-sybase", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-tidy", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-xml", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-xmlrpc", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-xsl", reference:"7.0.33-0+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"php7.0-zip", reference:"7.0.33-0+deb9u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linux9.0cpe:/o:debian:debian_linux:9.0
debiandebian_linuxphp7.0p-cpe:/a:debian:debian_linux:php7.0

Related

debian 6
openvas 47
osv 11
ibm 5
nessus 52
fedora 15
f5 2
amazon 4
ubuntu 3
mageia 2
suse 6
alpinelinux 5
prion 5
redhatcve 5
wallarmlab 1
cve 6
debiancve 5
hackerone 4
ubuntucve 5
attackerkb 1
veracode 4
altlinux 3
checkpoint_advisories 2
debian
debian
[SECURITY] [DSA 4353-1] php7.0 security update
2018-12-10 21:40:39
[SECURITY] [DLA 1608-1] php5 security update
2018-12-17 01:56:08
[SECURITY] [DLA 1490-1] php5 security update
2018-09-01 13:12:11
openvas
openvas
Debian: Security Advisory (DSA-4353-1)
2018-12-09 00:00:00
Mageia: Security Advisory (MGASA-2018-0390)
2022-01-28 00:00:00
Fedora Update for php FEDORA-2018-7ebfe1e6f2
2019-05-07 00:00:00
osv
osv
php7.0 - security update
2018-12-10 00:00:00
php5 - security update
2018-08-31 00:00:00
php5 - security update
2018-12-16 00:00:00
ibm
ibm
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP (CVE-2018-17082 CVE-2018-14883 CVE-2018-14851 CVE-2017-9118)
2023-12-07 22:45:03
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in PHP (CVE-2018-17082)
2019-04-11 22:50:01
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in PHP.
2023-12-07 22:45:07
nessus
nessus
Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-1066)
2018-08-24 00:00:00
Debian DLA-1608-1 : php5 security update
2018-12-17 00:00:00
Fedora 29 : php (2018-7ebfe1e6f2)
2019-01-03 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: php-7.2.13-2.fc28
2018-12-17 02:28:09
[SECURITY] Fedora 29 Update: php-7.2.13-2.fc29
2018-12-17 19:12:53
[SECURITY] Fedora 28 Update: php-7.2.17-1.fc28
2019-04-13 01:31:20
f5
f5
K03544225 : PHP vulnerabilities CVE-2018-19518 and CVE-2018-19935
2019-01-08 00:00:00
K89095152 : PHP vulnerability CVE-2018-17082
2018-11-12 00:00:00
amazon
amazon
Medium: php56, php70, php71, php72
2019-01-09 22:58:00
Low: php56, php70, php71
2018-08-22 19:30:00
Medium: php72
2018-08-22 19:31:00
ubuntu
ubuntu
PHP vulnerabilities
2018-09-19 00:00:00
PHP vulnerabilities
2018-09-18 00:00:00
UW IMAP vulnerability
2019-10-21 00:00:00
mageia
mageia
Updated php packages fix security vulnerability
2018-09-21 19:26:22
Updated php packages fix security vulnerability
2018-12-20 23:17:27
suse
suse
Security update for php7 (moderate)
2018-10-06 18:16:05
Security update for php5 (moderate)
2018-10-06 18:11:29
Recommended update for php7 (moderate)
2018-12-08 00:11:09
alpinelinux
alpinelinux
CVE-2018-17082
2018-09-16 15:29:00
CVE-2018-14883
2018-08-03 13:29:00
CVE-2018-19518
2018-11-25 10:29:00
prion
prion
Input validation
2018-11-25 10:29:00
Integer overflow
2018-08-03 13:29:00
Design/Logic Flaw
2018-09-16 15:29:00
redhatcve
redhatcve
CVE-2018-14883
2018-08-03 19:18:50
CVE-2018-17082
2019-10-09 11:43:46
CVE-2018-19935
2020-03-30 14:17:07
wallarmlab
wallarmlab
RCE in PHP or how to bypass disable_functions in PHP installations
2018-12-06 17:32:24
cve
cve
CVE-2018-19518
2018-11-25 10:29:00
CVE-2018-17082
2018-09-16 15:29:00
CVE-2018-19935
2018-12-07 09:29:00
debiancve
debiancve
CVE-2018-19518
2018-11-25 10:29:00
CVE-2018-17082
2018-09-16 15:29:00
CVE-2018-19935
2018-12-07 09:29:00
hackerone
hackerone
Internet Bug Bounty: Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c
2018-07-20 07:20:20
Internet Bug Bounty: Improper handling of Chunked data request in sapi_apache2.c leads to Reflected XSS
2018-09-15 04:40:29
Internet Bug Bounty: heap-buffer-overflow (READ of size 48) in exif_read_data()
2018-07-19 15:51:41
ubuntucve
ubuntucve
CVE-2018-19935
2018-12-07 00:00:00
CVE-2018-17082
2018-09-16 00:00:00
CVE-2018-19518
2018-11-25 00:00:00
attackerkb
attackerkb
CVE-2018-19518
2018-11-25 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2019-08-20 00:10:41
Denial Of Service (DoS)
2019-08-20 00:10:41
Denial Of Service (DoS)
2020-08-06 21:29:42
altlinux
altlinux
Security fix for the ALT Linux 8 package php7 version 7.2.14-alt1
2019-01-23 00:00:00
Security fix for the ALT Linux 10 package php8.0 version Jan.
2019-01-15 00:00:00
Security fix for the ALT Linux 10 package php8.1 version Jan.
2019-01-15 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP IMAP imap_open Command Injection (CVE-2018-19518)
2022-11-17 00:00:00
Apache2 PHP Component Chunked Transfer Encoding Policy Bypass (CVE-2013-5705; CVE-2018-17082)
2014-10-01 00:00:00
JSON
Related for DEBIAN_DSA-4353.NASL
debian6openvas47osv11ibm5nessus52fedora15f52amazon4ubuntu3mageia2suse6alpinelinux5prion5redhatcve5wallarmlab1cve6debiancve5hackerone4ubuntucve5attackerkb1veracode4altlinux3checkpoint_advisories2