EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1069)

🗓️ 08 Mar 2019 00:00:00Reported by TenableType

EulerOS 2.0 SP5 php vulnerabilitie

Reporter	Title	Published	Views	Family All 242
0day.today	PHP 7.2 - imagecolormatch() Out of Band Heap Write Exploit	9 Apr 201900:00	–	zdt
IBM Security Bulletins	Security Bulletin: API Connect Developer Portal is affected by multiple PHP vulnerabilities	1 Aug 201813:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM API Connect Developer Portal is impacted by PHP vulnerabilities (CVE-2018-10548, CVE-2018-10546)	23 Jun 201802:54	–	ibm
IBM Security Bulletins	Security Bulletin: API Connect's Developer Portal is impacted by vulnerabilities in PHP	3 Mar 202002:43	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP (CVE-2019-6978, CVE-2019-6977)	7 Dec 202322:45	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in PHP affect IBM BladeCenter Advanced Management Module (AMM)	3 Oct 201818:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in PHP (CVE-2019-6977) (CVE-2019-6978)	9 Jan 202018:44	–	ibm
GithubExploit	Exploit for Out-of-bounds Write in Libgd	5 Mar 201910:25	–	githubexploit
GithubExploit	Exploit for Use After Free in Apache Http_Server	12 May 201910:08	–	githubexploit
Amazon	Medium: php56, php70, php71	10 May 201800:00	–	amazon

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(122692);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/14");

  script_cve_id("CVE-2018-10546", "CVE-2019-6977");

  script_name(english:"EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1069)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the php packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerabilities :

  - An infinite loop vulnerability was found in
    ext/iconv/iconv.c in PHP due to the iconv stream not
    rejecting invalid multibyte sequences. A remote
    attacker could use this vulnerability to hang the php
    process and consume resources.(CVE-2018-10546)

  - gdImageColorMatch in gd_color_match.c in the GD
    Graphics Library (aka LibGD) 2.2.5, as used in the
    imagecolormatch function in PHP before 5.6.40, 7.x
    before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before
    7.3.1, has a heap-based buffer overflow. This can be
    exploited by an attacker who is able to trigger
    imagecolormatch calls with crafted image
    data.(CVE-2019-6977)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1069
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4051dce7");
  script_set_attribute(attribute:"solution", value:
"Update the affected php packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-6977");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["php-5.4.16-45.h4.eulerosv2r7",
        "php-cli-5.4.16-45.h4.eulerosv2r7",
        "php-common-5.4.16-45.h4.eulerosv2r7",
        "php-gd-5.4.16-45.h4.eulerosv2r7",
        "php-ldap-5.4.16-45.h4.eulerosv2r7",
        "php-mysql-5.4.16-45.h4.eulerosv2r7",
        "php-odbc-5.4.16-45.h4.eulerosv2r7",
        "php-pdo-5.4.16-45.h4.eulerosv2r7",
        "php-pgsql-5.4.16-45.h4.eulerosv2r7",
        "php-process-5.4.16-45.h4.eulerosv2r7",
        "php-recode-5.4.16-45.h4.eulerosv2r7",
        "php-soap-5.4.16-45.h4.eulerosv2r7",
        "php-xml-5.4.16-45.h4.eulerosv2r7",
        "php-xmlrpc-5.4.16-45.h4.eulerosv2r7"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
}

14 Jun 2024 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 26.8

CVSS 38.8

EPSS0.87883