Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-5363.NASLHistoryFeb 26, 2023 - 12:00 a.m.
Debian DSA-5363-1 : php7.4 - security update
2023-02-2600:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5363 advisory.
-
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)
-
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)
-
php: PDO::quote() may return unquoted string due to an integer overflow (CVE-2022-31631)
-
Password_verify() always return true with some hash [fedora-36] (CVE-2023-0567)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dsa-5363. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(171921);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/01");
script_cve_id(
"CVE-2022-31631",
"CVE-2023-0567",
"CVE-2023-0568",
"CVE-2023-0662"
);
script_xref(name:"IAVA", value:"2023-A-0105-S");
script_name(english:"Debian DSA-5363-1 : php7.4 - security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
script_set_attribute(attribute:"description", value:
"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dsa-5363 advisory.
- In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function
allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting,
this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to
unauthorized data access or modification. (CVE-2023-0568)
- In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP
form upload can cause high resource consumption and excessive number of log entries. This can cause denial
of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)
- php: PDO::quote() may return unquoted string due to an integer overflow (CVE-2022-31631)
- Password_verify() always return true with some hash [fedora-36] (CVE-2023-0567)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/php7.4");
script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2023/dsa-5363");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-31631");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-0567");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-0568");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-0662");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/php7.4");
script_set_attribute(attribute:"solution", value:
"Upgrade the php7.4 packages.
For the stable distribution (bullseye), these problems have been fixed in version 7.4.33-1+deb11u3.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-0568");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/01/04");
script_set_attribute(attribute:"patch_publication_date", value:"2023/02/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache2-mod-php7.4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libphp7.4-embed");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-bcmath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-bz2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-cgi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-cli");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-dba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-enchant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-fpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-gmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-imap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-interbase");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-intl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-json");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-mbstring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-opcache");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-phpdbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-pspell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-readline");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-soap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-sqlite3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-sybase");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-tidy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-xml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-xmlrpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-xsl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php7.4-zip");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);
var pkgs = [
{'release': '11.0', 'prefix': 'libapache2-mod-php7.4', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'libphp7.4-embed', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-bcmath', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-bz2', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-cgi', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-cli', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-common', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-curl', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-dba', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-dev', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-enchant', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-fpm', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-gd', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-gmp', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-imap', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-interbase', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-intl', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-json', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-ldap', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-mbstring', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-mysql', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-odbc', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-opcache', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-pgsql', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-phpdbg', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-pspell', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-readline', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-snmp', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-soap', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-sqlite3', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-sybase', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-tidy', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-xml', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-xmlrpc', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-xsl', 'reference': '7.4.33-1+deb11u3'},
{'release': '11.0', 'prefix': 'php7.4-zip', 'reference': '7.4.33-1+deb11u3'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var _release = NULL;
var prefix = NULL;
var reference = NULL;
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (_release && prefix && reference) {
if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : deb_report_get()
);
exit(0);
}
else
{
var tested = deb_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libapache2-mod-php7.4 / libphp7.4-embed / php7.4 / php7.4-bcmath / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | libapache2-mod-php7.4 | p-cpe:/a:debian:debian_linux:libapache2-mod-php7.4 |
| debian | debian_linux | libphp7.4-embed | p-cpe:/a:debian:debian_linux:libphp7.4-embed |
| debian | debian_linux | php7.4 | p-cpe:/a:debian:debian_linux:php7.4 |
| debian | debian_linux | php7.4-bcmath | p-cpe:/a:debian:debian_linux:php7.4-bcmath |
| debian | debian_linux | php7.4-bz2 | p-cpe:/a:debian:debian_linux:php7.4-bz2 |
| debian | debian_linux | php7.4-cgi | p-cpe:/a:debian:debian_linux:php7.4-cgi |
| debian | debian_linux | php7.4-cli | p-cpe:/a:debian:debian_linux:php7.4-cli |
| debian | debian_linux | php7.4-common | p-cpe:/a:debian:debian_linux:php7.4-common |
| debian | debian_linux | php7.4-curl | p-cpe:/a:debian:debian_linux:php7.4-curl |
| debian | debian_linux | php7.4-dba | p-cpe:/a:debian:debian_linux:php7.4-dba |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662
packages.debian.org/source/bullseye/php7.4
security-tracker.debian.org/tracker/CVE-2022-31631
security-tracker.debian.org/tracker/CVE-2023-0567
security-tracker.debian.org/tracker/CVE-2023-0568
security-tracker.debian.org/tracker/CVE-2023-0662
security-tracker.debian.org/tracker/source-package/php7.4
www.debian.org/security/2023/dsa-5363
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:0476-1)
2023-03-28 00:00:00
Debian: Security Advisory (DLA-3345-1)
2023-02-27 00:00:00
Debian: Security Advisory (DSA-5363-1)
2023-02-28 00:00:00
osv
osv
php7.4 - security update
2023-02-24 00:00:00
php7.3 - security update
2023-02-26 00:00:00
php7.2, php7.4, php8.1 vulnerabilities
2023-02-28 14:18:17
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2023:0476-1)
2023-02-23 00:00:00
Debian DLA-3345-1 : php7.3 - LTS security update
2023-02-26 00:00:00
Fedora 37 : php (2023-452714dbc6)
2023-02-24 00:00:00
debian
debian
[SECURITY] [DLA 3345-1] php7.3 security update
2023-02-26 22:00:18
[SECURITY] [DSA 5363-1] php7.4 security update
2023-02-24 19:21:10
fedora
fedora
[SECURITY] Fedora 37 Update: php-8.1.16-1.fc37
2023-02-24 04:47:32
[SECURITY] Fedora 36 Update: php-8.1.16-1.fc36
2023-02-24 03:47:37
[SECURITY] Fedora 36 Update: php-8.1.14-1.fc36
2023-01-13 01:21:41
slackware
slackware
[slackware-security] php
2023-02-15 03:06:12
[slackware-security] php
2023-01-07 02:09:30
altlinux
altlinux
Security fix for the ALT Linux 10 package php8.0 version 8.0.28-alt1
2023-02-21 00:00:00
Security fix for the ALT Linux 10 package php8.2 version 8.2.3-alt1
2023-02-21 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 8.1.16-alt1
2023-02-17 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2023-02-28 00:00:00
PHP vulnerabilities
2023-03-02 00:00:00
PHP vulnerability
2023-01-23 00:00:00
cloudlinux
cloudlinux
php: Fix of 3 CVEs
2023-03-09 21:01:01
mageia
mageia
Updated php packages fix security vulnerability
2023-02-27 23:27:16
Updated php packages fix security vulnerability
2023-01-24 10:58:24
redos
redos
ROS-20230418-02
2023-04-18 00:00:00
rocky
rocky
php:8.0 security update
2023-10-24 18:35:47
php:8.1 security update
2024-02-12 20:17:50
php security update
2023-10-24 18:36:55
almalinux
almalinux
Moderate: php:8.1 security update
2024-01-24 00:00:00
Important: php security update
2023-10-19 00:00:00
Important: php:8.0 security update
2023-10-19 00:00:00
redhat
redhat
(RHSA-2023:5926) Important: php security update
2023-10-19 12:43:29
(RHSA-2024:0387) Moderate: php:8.1 security update
2024-01-24 09:41:37
(RHSA-2023:5927) Important: php:8.0 security update
2023-10-19 12:45:04
oraclelinux
oraclelinux
php:8.1 security update
2024-01-25 00:00:00
php security update
2023-10-22 00:00:00
php:8.0 security update
2023-10-23 00:00:00
f5
f5
K000136109 : PHP SQLite vulnerability CVE-2022-31631
2023-09-06 00:00:00
K000134747 : PHP vulnerability CVE-2023-0568
2023-05-23 00:00:00
K000133753 : PHP vulnerability CVE-2023-0662
2023-05-01 00:00:00
redhatcve
redhatcve
cve
cve
alpinelinux
alpinelinux
debiancve
debiancve
ubuntucve
ubuntucve
veracode
veracode
SQL Injection
2023-01-08 13:03:34
Incorrect Calculation Of Buffer Size
2023-02-17 10:23:44
Authentication Bypass
2023-02-17 10:36:14
prion
prion
Design/Logic Flaw
2023-02-16 07:15:00
Design/Logic Flaw
2023-02-16 07:15:00
Default credentials
2023-03-01 08:15:00
cbl_mariner
cbl_mariner
CVE-2023-0568 affecting package php 8.1.12-1
2023-03-09 00:25:04
CVE-2023-0662 affecting package php 8.1.12-1
2023-03-09 00:25:04
CVE-2023-0567 affecting package php 8.1.12-1
2023-03-09 00:25:04
amazon
amazon
Important: php56
2023-10-30 23:31:00
Important: php
2023-11-29 22:20:00
github
github
Related for DEBIAN_DSA-5363.NASL