This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-1350.NASLEulerOS Virtualization for ARM 64 3.0.6.0 : php (EulerOS-SA-2020-1350)
7.5 High
AI Score
Confidence
Low
According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :
-
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11050)
-
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren’t ASCII numbers. This can read to disclosure of the content of some memory locations.(CVE-2019-11046)
-
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.(CVE-2019-11045)
-
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11047)
-
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.(CVE-2017-7272)
-
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.(CVE-2019-16163)
-
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)
-
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND.
This leads to a heap-based buffer over-read.(CVE-2019-19204)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(135137);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/20");
script_cve_id(
"CVE-2017-7272",
"CVE-2019-11045",
"CVE-2019-11046",
"CVE-2019-11047",
"CVE-2019-11050",
"CVE-2019-16163",
"CVE-2019-19204",
"CVE-2019-19246"
);
script_name(english:"EulerOS Virtualization for ARM 64 3.0.6.0 : php (EulerOS-SA-2020-1350)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing multiple security
updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the php packages installed, the EulerOS
Virtualization for ARM 64 installation on the remote host is affected
by the following vulnerabilities :
- When PHP EXIF extension is parsing EXIF information
from an image, e.g. via exif_read_data() function, in
PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and
7.4.0 it is possible to supply it with data what will
cause it to read past the allocated buffer. This may
lead to information disclosure or
crash.(CVE-2019-11050)
- In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13
and 7.4.0, PHP bcmath extension functions on some
systems, including Windows, can be tricked into reading
beyond the allocated space by supplying it with string
containing characters that are identified as numeric by
the OS but aren't ASCII numbers. This can read to
disclosure of the content of some memory
locations.(CVE-2019-11046)
- In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13
and 7.4.0, PHP DirectoryIterator class accepts
filenames with embedded \0 byte and treats them as
terminating at that byte. This could lead to security
vulnerabilities, e.g. in applications checking paths
that the code is allowed to access.(CVE-2019-11045)
- When PHP EXIF extension is parsing EXIF information
from an image, e.g. via exif_read_data() function, in
PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and
7.4.0 it is possible to supply it with data what will
cause it to read past the allocated buffer. This may
lead to information disclosure or
crash.(CVE-2019-11047)
- PHP through 7.1.11 enables potential SSRF in
applications that accept an fsockopen or pfsockopen
hostname argument with an expectation that the port
number is constrained. Because a :port syntax is
recognized, fsockopen will use the port number that is
specified in the hostname argument, instead of the port
number in the second argument of the
function.(CVE-2017-7272)
- Oniguruma before 6.9.3 allows Stack Exhaustion in
regcomp.c because of recursion in
regparse.c.(CVE-2019-16163)
- Oniguruma through 6.9.3, as used in PHP 7.3.x and other
products, has a heap-based buffer over-read in
str_lower_case_match in regexec.c.(CVE-2019-19246)
- An issue was discovered in Oniguruma 6.x before
6.9.4_rc2. In the function fetch_interval_quantifier
(formerly known as fetch_range_quantifier) in
regparse.c, PFETCH is called without checking PEND.
This leads to a heap-based buffer
over-read.(CVE-2019-19204)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1350
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6edb8cba");
script_set_attribute(attribute:"solution", value:
"Update the affected php packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11050");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2017-7272");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["php-7.2.10-1.h13.eulerosv2r8",
"php-cli-7.2.10-1.h13.eulerosv2r8",
"php-common-7.2.10-1.h13.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7272
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11045
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11047
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11050
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16163
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19204
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19246
www.nessus.org/u?6edb8cba
Related
