Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2022-2477.NASL
HistoryOct 09, 2022 - 12:00 a.m.

EulerOS 2.0 SP8 : php (EulerOS-SA-2022-2477)

2022-10-0900:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
JSON

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script’s use of .= with a long string. (CVE-2017-8923)

  • PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
    (CVE-2017-9118)

  • The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures. (CVE-2017-9119)

  • PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string. (CVE-2017-9120)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(165862);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/10");

  script_cve_id(
    "CVE-2017-8923",
    "CVE-2017-9118",
    "CVE-2017-9119",
    "CVE-2017-9120"
  );
  script_xref(name:"IAVB", value:"2017-B-0060-S");

  script_name(english:"EulerOS 2.0 SP8 : php (EulerOS-SA-2022-2477)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the
following vulnerabilities :

  - The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to
    string objects that result in a negative length, which allows remote attackers to cause a denial of
    service (application crash) or possibly have unspecified other impact by leveraging a script's use of .=
    with a long string. (CVE-2017-8923)

  - PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
    (CVE-2017-9118)

  - The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of
    service (memory consumption and application crash) or possibly have unspecified other impact by triggering
    crafted operations on array data structures. (CVE-2017-9119)

  - PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and
    application crash) or possibly have unspecified other impact via a long string because of an Integer
    overflow in mysqli_real_escape_string. (CVE-2017-9120)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2477
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8e02da27");
  script_set_attribute(attribute:"solution", value:
"Update the affected php packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9120");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/10/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "php-7.2.10-1.h31.eulerosv2r8",
  "php-cli-7.2.10-1.h31.eulerosv2r8",
  "php-common-7.2.10-1.h31.eulerosv2r8",
  "php-fpm-7.2.10-1.h31.eulerosv2r8",
  "php-gd-7.2.10-1.h31.eulerosv2r8",
  "php-ldap-7.2.10-1.h31.eulerosv2r8",
  "php-odbc-7.2.10-1.h31.eulerosv2r8",
  "php-pdo-7.2.10-1.h31.eulerosv2r8",
  "php-process-7.2.10-1.h31.eulerosv2r8",
  "php-recode-7.2.10-1.h31.eulerosv2r8",
  "php-soap-7.2.10-1.h31.eulerosv2r8",
  "php-xml-7.2.10-1.h31.eulerosv2r8",
  "php-xmlrpc-7.2.10-1.h31.eulerosv2r8"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
}
VendorProductVersionCPE
huaweieulerosphpp-cpe:/a:huawei:euleros:php
huaweieulerosphp-clip-cpe:/a:huawei:euleros:php-cli
huaweieulerosphp-commonp-cpe:/a:huawei:euleros:php-common
huaweieulerosphp-fpmp-cpe:/a:huawei:euleros:php-fpm
huaweieulerosphp-gdp-cpe:/a:huawei:euleros:php-gd
huaweieulerosphp-ldapp-cpe:/a:huawei:euleros:php-ldap
huaweieulerosphp-odbcp-cpe:/a:huawei:euleros:php-odbc
huaweieulerosphp-pdop-cpe:/a:huawei:euleros:php-pdo
huaweieulerosphp-processp-cpe:/a:huawei:euleros:php-process
huaweieulerosphp-recodep-cpe:/a:huawei:euleros:php-recode
Rows per page:
1-10 of 141

Related

openvas 32
nessus 27
osv 6
ubuntu 3
veracode 4
debiancve 4
prion 4
attackerkb 1
cve 4
suse 7
redhatcve 4
cbl_mariner 3
ubuntucve 4
mageia 1
ibm 2
redhat 1
rosalinux 1
openvas
openvas
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2022-2477)
2022-10-10 00:00:00
Ubuntu: Security Advisory (USN-5300-1)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-5300-3)
2022-03-08 00:00:00
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : PHP vulnerabilities (USN-5300-2)
2022-03-03 00:00:00
Ubuntu 16.04 ESM : PHP vulnerabilities (USN-5300-1)
2022-02-23 00:00:00
Ubuntu 21.10 : PHP vulnerabilities (USN-5300-3)
2022-03-07 00:00:00
osv
osv
php7.2, php7.4 vulnerabilities
2022-03-03 13:58:39
php7.0 vulnerabilities
2022-02-22 20:26:05
CVE-2017-9119
2017-05-21 19:29:00
ubuntu
ubuntu
PHP vulnerabilities
2022-03-07 00:00:00
PHP vulnerabilities
2022-02-22 00:00:00
PHP vulnerabilities
2022-03-03 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-03-08 17:03:01
Denial Of Service (DoS)
2019-08-20 00:10:40
Denial Of Service (DoS)
2022-03-08 17:02:50
debiancve
debiancve
CVE-2017-9120
2018-08-02 15:29:00
CVE-2017-9119
2017-05-21 19:29:00
CVE-2017-9118
2018-08-02 15:29:00
prion
prion
Design/Logic Flaw
2017-05-21 19:29:00
Integer overflow
2018-08-02 15:29:00
Out-of-bounds
2018-08-02 15:29:00
attackerkb
attackerkb
CVE-2017-9120
2018-08-02 00:00:00
cve
cve
CVE-2017-9119
2017-05-21 19:29:00
CVE-2017-9120
2018-08-02 15:29:00
CVE-2017-8923
2017-05-12 20:29:00
suse
suse
Security update for php7 (moderate)
2018-09-07 15:10:36
Security update for php7 (moderate)
2022-03-04 00:00:00
Security update for php7 (moderate)
2018-08-17 12:31:13
redhatcve
redhatcve
CVE-2017-9120
2018-08-03 02:49:00
CVE-2017-9119
2017-05-30 10:20:59
CVE-2017-9118
2019-10-20 12:03:51
cbl_mariner
cbl_mariner
CVE-2017-9120 affecting package php 7.4.14-3
2024-04-24 21:08:22
CVE-2017-8923 affecting package php 7.4.14-3
2024-04-24 21:08:22
CVE-2017-9118 affecting package php 7.4.14-3
2024-04-24 21:08:22
ubuntucve
ubuntucve
CVE-2017-9119
2017-05-21 00:00:00
CVE-2017-9120
2018-08-02 00:00:00
CVE-2017-8923
2017-05-12 00:00:00
mageia
mageia
Updated php packages fix security vulnerability
2021-12-24 00:01:45
ibm
ibm
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in PHP (CVE-2018-14851 CVE-2017-9118)
2019-04-15 15:25:01
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP (CVE-2018-17082 CVE-2018-14883 CVE-2018-14851 CVE-2017-9118)
2023-12-07 22:45:03
redhat
redhat
(RHSA-2019:2519) Moderate: rh-php71-php security, bug fix, and enhancement update
2019-08-19 08:09:18
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
JSON
Related for EULEROS_SA-2022-2477.NASL
openvas32nessus27osv6ubuntu3veracode4debiancve4prion4attackerkb1cve4suse7redhatcve4cbl_mariner3ubuntucve4mageia1ibm2redhat1rosalinux1