According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(140339);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/21");
script_cve_id("CVE-2016-4073", "CVE-2016-5772", "CVE-2019-9641");
script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2020-1969)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing multiple security
updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the php packages installed, the EulerOS
Virtualization for ARM 64 installation on the remote host is affected
by the following vulnerabilities :
- PHP is an HTML-embedded scripting language. PHP
attempts to make it easy for developers to write
dynamically generated web pages. PHP also offers
built-in database integration for several commercial
and non-commercial database management systems, so
writing a database-enabled webpage with PHP is fairly
simple. The most common use of PHP coding is probably
as a replacement for CGI scripts. The php package
contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP
Server. Security Fix(es):An issue was discovered in the
EXIF component in PHP before 7.1.27, 7.2.x before
7.2.16, and 7.3.x before 7.3.3. There is an
uninitialized read in
exif_process_IFD_in_TIFF.(CVE-2019-9641)Double free
vulnerability in the php_wddx_process_data function in
wddx.c in the WDDX extension in PHP before 5.5.37,
5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote
attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via crafted
XML data that is mishandled in a wddx_deserialize
call.(CVE-2016-5772)Multiple integer overflows in the
mbfl_strcut function in
ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before
5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow
remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code
via a crafted mb_strcut call.(CVE-2016-4073)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1969
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ff3c4cd8");
script_set_attribute(attribute:"solution", value:
"Update the affected php packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9641");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/09/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/09/08");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["php-5.4.16-45.h30",
"php-cli-5.4.16-45.h30",
"php-common-5.4.16-45.h30"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
}