Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2019-1686.NASL
HistoryJul 02, 2019 - 12:00 a.m.

EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1686)

2019-07-0200:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
JSON

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.(CVE-2019-11034)

  • When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.(CVE-2019-11035)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(126427);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2019-11034",
    "CVE-2019-11035"
  );

  script_name(english:"EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1686)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the php packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerabilities :

  - When processing certain files, PHP EXIF extension in
    versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and
    7.3.x below 7.3.4 can be caused to read past allocated
    buffer in exif_process_IFD_TAG function. This may lead
    to information disclosure or crash.(CVE-2019-11034)

  - When processing certain files, PHP EXIF extension in
    versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and
    7.3.x below 7.3.4 can be caused to read past allocated
    buffer in exif_iif_add_value function. This may lead to
    information disclosure or crash.(CVE-2019-11035)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1686
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0a19f140");
  script_set_attribute(attribute:"solution", value:
"Update the affected php packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["php-5.4.16-45.h10.eulerosv2r7",
        "php-cli-5.4.16-45.h10.eulerosv2r7",
        "php-common-5.4.16-45.h10.eulerosv2r7",
        "php-gd-5.4.16-45.h10.eulerosv2r7",
        "php-ldap-5.4.16-45.h10.eulerosv2r7",
        "php-mysql-5.4.16-45.h10.eulerosv2r7",
        "php-odbc-5.4.16-45.h10.eulerosv2r7",
        "php-pdo-5.4.16-45.h10.eulerosv2r7",
        "php-pgsql-5.4.16-45.h10.eulerosv2r7",
        "php-process-5.4.16-45.h10.eulerosv2r7",
        "php-recode-5.4.16-45.h10.eulerosv2r7",
        "php-soap-5.4.16-45.h10.eulerosv2r7",
        "php-xml-5.4.16-45.h10.eulerosv2r7",
        "php-xmlrpc-5.4.16-45.h10.eulerosv2r7"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
}
VendorProductVersionCPE
huaweieulerosphpp-cpe:/a:huawei:euleros:php
huaweieulerosphp-clip-cpe:/a:huawei:euleros:php-cli
huaweieulerosphp-commonp-cpe:/a:huawei:euleros:php-common
huaweieulerosphp-gdp-cpe:/a:huawei:euleros:php-gd
huaweieulerosphp-ldapp-cpe:/a:huawei:euleros:php-ldap
huaweieulerosphp-mysqlp-cpe:/a:huawei:euleros:php-mysql
huaweieulerosphp-odbcp-cpe:/a:huawei:euleros:php-odbc
huaweieulerosphp-pdop-cpe:/a:huawei:euleros:php-pdo
huaweieulerosphp-pgsqlp-cpe:/a:huawei:euleros:php-pgsql
huaweieulerosphp-processp-cpe:/a:huawei:euleros:php-process
Rows per page:
1-10 of 151

Related

nessus 24
openvas 19
f5 1
freebsd 1
ubuntu 2
ibm 2
osv 6
suse 4
amazon 1
debian 2
alpinelinux 2
veracode 2
debiancve 2
cve 2
prion 2
ubuntucve 2
redhatcve 2
rocky 1
redhat 3
almalinux 1
oraclelinux 1
nessus
nessus
FreeBSD : PHP -- Multiple vulnerabilities in EXIF module (c2d1693b-73cb-11e9-a1c7-b499baebfeaf)
2019-05-13 00:00:00
EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2019-1705)
2019-07-09 00:00:00
PHP 7.2.x < 7.2.17 Multiple vulnerabilities.
2019-04-04 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-1686)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-1723)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-1705)
2020-01-23 00:00:00
f5
f5
K44590877 : PHP vulnerabilities CVE-2019-11034 and CVE-2019-11035
2019-05-14 00:00:00
freebsd
freebsd
PHP -- Multiple vulnerabilities in EXIF module
2019-04-04 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2019-05-01 00:00:00
PHP vulnerabilities
2019-04-23 00:00:00
ibm
ibm
Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in PHP (CVE-2019-11035 CVE-2019-11034)
2019-05-23 00:15:01
Security Bulletin: API Connect's Developer Portal is impacted by vulnerabilities in PHP
2020-03-03 02:43:43
osv
osv
php5 - security update
2019-05-25 00:00:00
CVE-2019-11034
2019-04-18 17:29:00
CVE-2019-11035
2019-04-18 17:29:00
suse
suse
Security update for php7 (moderate)
2019-06-03 00:00:00
Security update for php5 (moderate)
2019-06-03 00:00:00
Security update for php7 (moderate)
2019-06-18 00:00:00
amazon
amazon
Low: php71, php72, php73
2019-06-11 23:00:00
debian
debian
[SECURITY] [DLA 1803-1] php5 security update
2019-05-25 10:53:33
[SECURITY] [DSA 4529-1] php7.0 security update
2019-09-20 17:58:44
alpinelinux
alpinelinux
CVE-2019-11035
2019-04-18 17:29:00
CVE-2019-11034
2019-04-18 17:29:00
veracode
veracode
Denial Of Service (Dos)
2019-08-20 00:10:42
Denial Of Service (Dos)
2019-08-20 00:10:42
debiancve
debiancve
CVE-2019-11034
2019-04-18 17:29:00
CVE-2019-11035
2019-04-18 17:29:00
cve
cve
CVE-2019-11034
2019-04-18 17:29:00
CVE-2019-11035
2019-04-18 17:29:00
prion
prion
Information disclosure
2019-04-18 17:29:00
Information disclosure
2019-04-18 17:29:00
ubuntucve
ubuntucve
CVE-2019-11034
2019-04-17 00:00:00
CVE-2019-11035
2019-04-17 00:00:00
redhatcve
redhatcve
CVE-2019-11035
2020-04-07 17:04:12
CVE-2019-11034
2020-04-08 21:40:55
rocky
rocky
php:7.2 security, bug fix, and enhancement update
2020-04-28 08:57:54
redhat
redhat
(RHSA-2020:1624) Moderate: php:7.2 security, bug fix, and enhancement update
2020-04-28 08:57:54
(RHSA-2019:3299) Critical: rh-php72-php security update
2019-11-01 12:22:19
(RHSA-2019:2519) Moderate: rh-php71-php security, bug fix, and enhancement update
2019-08-19 08:09:18
almalinux
almalinux
Moderate: php:7.2 security, bug fix, and enhancement update
2020-04-28 08:57:54
oraclelinux
oraclelinux
php:7.2 security, bug fix, and enhancement update
2020-05-05 00:00:00
JSON
Related for EULEROS_SA-2019-1686.NASL
nessus24openvas19f51freebsd1ubuntu2ibm2osv6suse4amazon1debian2alpinelinux2veracode2debiancve2cve2prion2ubuntucve2redhatcve2rocky1redhat3almalinux1oraclelinux1