According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(139977);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/22");
script_cve_id(
"CVE-2019-11039",
"CVE-2019-11040",
"CVE-2019-9025",
"CVE-2019-9675"
);
script_name(english:"EulerOS 2.0 SP8 : php (EulerOS-SA-2020-1874)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the php packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerabilities :
- PHP is an HTML-embedded scripting language. PHP
attempts to make it easy for developers to write
dynamically generated web pages. PHP also offers
built-in database integration for several commercial
and non-commercial database management systems, so
writing a database-enabled webpage with PHP is fairly
simple. The most common use of PHP coding is probably
as a replacement for CGI scripts. The php package
contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP
Server.Security Fix(es):Function
iconv_mime_decode_headers() in PHP versions 7.1.x below
7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may
perform out-of-buffer read due to integer overflow when
parsing MIME headers. This may lead to information
disclosure or crash.(CVE-2019-11039)When PHP EXIF
extension is parsing EXIF information from an image,
e.g. via exif_read_data() function, in PHP versions
7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below
7.3.6 it is possible to supply it with data what will
cause it to read past the allocated buffer. This may
lead to information disclosure or
crash.(CVE-2019-11040)An issue was discovered in PHP
7.3.x before 7.3.1. An invalid multibyte string
supplied as an argument to the mb_split() function in
ext/mbstring/php_mbregex.c can cause PHP to execute
memcpy() with a negative argument, which could read and
write past buffers allocated for the
data.(CVE-2019-9025)An issue was discovered in PHP 7.x
before 7.1.27 and 7.3.x before 7.3.3.
phar_tar_writeheaders_int in ext/phar/tar.c has a
buffer overflow via a long link value. NOTE: The vendor
indicates that the link value is used only when an
archive contains a symlink, which currently cannot
happen: 'This issue allows theoretical compromise of
security, but a practical attack is usually
impossible.'(CVE-2019-9675)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1874
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d10ba658");
script_set_attribute(attribute:"solution", value:
"Update the affected php packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9025");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/08/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/08/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-fpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-pdo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-process");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-recode");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-soap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xmlrpc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["php-7.2.10-1.h17.eulerosv2r8",
"php-cli-7.2.10-1.h17.eulerosv2r8",
"php-common-7.2.10-1.h17.eulerosv2r8",
"php-fpm-7.2.10-1.h17.eulerosv2r8",
"php-gd-7.2.10-1.h17.eulerosv2r8",
"php-ldap-7.2.10-1.h17.eulerosv2r8",
"php-odbc-7.2.10-1.h17.eulerosv2r8",
"php-pdo-7.2.10-1.h17.eulerosv2r8",
"php-process-7.2.10-1.h17.eulerosv2r8",
"php-recode-7.2.10-1.h17.eulerosv2r8",
"php-soap-7.2.10-1.h17.eulerosv2r8",
"php-xml-7.2.10-1.h17.eulerosv2r8",
"php-xmlrpc-7.2.10-1.h17.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
}
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | euleros | php | p-cpe:/a:huawei:euleros:php |
huawei | euleros | php-cli | p-cpe:/a:huawei:euleros:php-cli |
huawei | euleros | php-common | p-cpe:/a:huawei:euleros:php-common |
huawei | euleros | php-fpm | p-cpe:/a:huawei:euleros:php-fpm |
huawei | euleros | php-gd | p-cpe:/a:huawei:euleros:php-gd |
huawei | euleros | php-ldap | p-cpe:/a:huawei:euleros:php-ldap |
huawei | euleros | php-odbc | p-cpe:/a:huawei:euleros:php-odbc |
huawei | euleros | php-pdo | p-cpe:/a:huawei:euleros:php-pdo |
huawei | euleros | php-process | p-cpe:/a:huawei:euleros:php-process |
huawei | euleros | php-recode | p-cpe:/a:huawei:euleros:php-recode |