Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2023-2506.NASL
HistoryJul 31, 2023 - 12:00 a.m.

EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2023-2506)

2023-07-3100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
JSON

According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  • In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)

  • In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568)

  • In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)

  • When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. (CVE-2023-28708)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(179098);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/18");

  script_cve_id(
    "CVE-2023-0567",
    "CVE-2023-0568",
    "CVE-2023-0662",
    "CVE-2023-28708"
  );
  script_xref(name:"IAVA", value:"2023-A-0105-S");
  script_xref(name:"IAVA", value:"2023-A-0423");

  script_name(english:"EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2023-2506)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is
affected by the following vulnerabilities :

  - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may
    accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database,
    it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567)

  - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function
    allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting,
    this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to
    unauthorized data access or modification. (CVE-2023-0568)

  - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP
    form upload can cause high resource consumption and excessive number of log entries. This can cause denial
    of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)

  - When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the
    X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2,
    10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This
    could result in the user agent transmitting the session cookie over an insecure channel. (CVE-2023-28708)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-2506
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fed2c14a");
  script_set_attribute(attribute:"solution", value:
"Update the affected php packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-0568");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/08/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "php-7.2.10-1.h34.eulerosv2r8",
  "php-cli-7.2.10-1.h34.eulerosv2r8",
  "php-common-7.2.10-1.h34.eulerosv2r8",
  "php-fpm-7.2.10-1.h34.eulerosv2r8",
  "php-gd-7.2.10-1.h34.eulerosv2r8",
  "php-ldap-7.2.10-1.h34.eulerosv2r8",
  "php-odbc-7.2.10-1.h34.eulerosv2r8",
  "php-pdo-7.2.10-1.h34.eulerosv2r8",
  "php-process-7.2.10-1.h34.eulerosv2r8",
  "php-recode-7.2.10-1.h34.eulerosv2r8",
  "php-soap-7.2.10-1.h34.eulerosv2r8",
  "php-xml-7.2.10-1.h34.eulerosv2r8",
  "php-xmlrpc-7.2.10-1.h34.eulerosv2r8"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
}
VendorProductVersionCPE
huaweieulerosphpp-cpe:/a:huawei:euleros:php
huaweieulerosphp-clip-cpe:/a:huawei:euleros:php-cli
huaweieulerosphp-commonp-cpe:/a:huawei:euleros:php-common
huaweieulerosphp-fpmp-cpe:/a:huawei:euleros:php-fpm
huaweieulerosphp-gdp-cpe:/a:huawei:euleros:php-gd
huaweieulerosphp-ldapp-cpe:/a:huawei:euleros:php-ldap
huaweieulerosphp-odbcp-cpe:/a:huawei:euleros:php-odbc
huaweieulerosphp-pdop-cpe:/a:huawei:euleros:php-pdo
huaweieulerosphp-processp-cpe:/a:huawei:euleros:php-process
huaweieulerosphp-recodep-cpe:/a:huawei:euleros:php-recode
Rows per page:
1-10 of 141

Related

openvas 21
nessus 65
slackware 1
fedora 2
altlinux 3
ubuntu 3
osv 23
cloudlinux 1
mageia 1
debian 3
redos 1
redhat 5
rocky 3
almalinux 5
oraclelinux 5
prion 4
atlassian 2
ibm 8
kaspersky 2
debiancve 4
ubuntucve 4
tomcat 4
cve 4
veracode 4
github 2
f5 3
redhatcve 4
alpinelinux 3
cbl_mariner 3
amazon 3
photon 2
friendsofphp 1
openvas
openvas
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2023-2196)
2023-06-09 00:00:00
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2023-2506)
2023-08-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0514-1)
2023-03-28 00:00:00
nessus
nessus
EulerOS 2.0 SP8 : php (EulerOS-SA-2023-2196)
2023-06-09 00:00:00
SUSE SLES12 Security Update : php74 (SUSE-SU-2023:0515-1)
2023-02-25 00:00:00
Fedora 37 : php (2023-452714dbc6)
2023-02-24 00:00:00
slackware
slackware
[slackware-security] php
2023-02-15 03:06:12
fedora
fedora
[SECURITY] Fedora 37 Update: php-8.1.16-1.fc37
2023-02-24 04:47:32
[SECURITY] Fedora 36 Update: php-8.1.16-1.fc36
2023-02-24 03:47:37
altlinux
altlinux
Security fix for the ALT Linux 10 package php8.0 version 8.0.28-alt1
2023-02-21 00:00:00
Security fix for the ALT Linux 10 package php8.2 version 8.2.3-alt1
2023-02-21 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 8.1.16-alt1
2023-02-17 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2023-02-28 00:00:00
PHP vulnerabilities
2023-03-02 00:00:00
PHP vulnerability
2023-05-02 00:00:00
osv
osv
php7.2, php7.4, php8.1 vulnerabilities
2023-02-28 14:18:17
php7.4 - security update
2023-02-24 00:00:00
php7.3 - security update
2023-02-26 00:00:00
cloudlinux
cloudlinux
php: Fix of 3 CVEs
2023-03-09 21:01:01
mageia
mageia
Updated php packages fix security vulnerability
2023-02-27 23:27:16
debian
debian
[SECURITY] [DLA 3345-1] php7.3 security update
2023-02-26 22:00:42
[SECURITY] [DSA 5363-1] php7.4 security update
2023-02-24 19:21:41
[SECURITY] [DLA 3384-1] tomcat9 security update
2023-04-05 19:47:31
redos
redos
ROS-20230418-02
2023-04-18 00:00:00
redhat
redhat
(RHSA-2024:0387) Moderate: php:8.1 security update
2024-01-24 09:41:37
(RHSA-2023:5926) Important: php security update
2023-10-19 12:43:29
(RHSA-2023:5927) Important: php:8.0 security update
2023-10-19 12:45:04
rocky
rocky
php:8.0 security update
2023-10-24 18:35:47
php:8.1 security update
2024-02-12 20:17:50
php security update
2023-10-24 18:36:55
almalinux
almalinux
Moderate: php:8.1 security update
2024-01-24 00:00:00
Important: php:8.0 security update
2023-10-19 00:00:00
Important: php security update
2023-10-19 00:00:00
oraclelinux
oraclelinux
php security update
2023-10-22 00:00:00
php:8.0 security update
2023-10-23 00:00:00
php:8.1 security update
2024-01-25 00:00:00
prion
prion
Authentication flaw
2023-03-22 11:15:00
Design/Logic Flaw
2023-02-16 07:15:00
Design/Logic Flaw
2023-02-16 07:15:00
atlassian
atlassian
Upgrade Tomcat for CVE-2023-28708
2023-03-27 12:10:30
Upgrade Tomcat for CVE-2023-28708
2023-03-23 22:22:39
ibm
ibm
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Apache Tomcat sensitive information disclosure vulnerability( CVE-2023-28708)
2023-07-05 22:17:33
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an information exposure in Apache Tomcat (CVE-2023-28708)
2023-06-28 19:56:06
Security Bulletin: Vulnerability in Apache Tomcat affects App Connect Professional.
2023-04-06 05:58:30
kaspersky
kaspersky
KLA48635 OSI vulnerability in Apache Tomcat
2023-02-24 00:00:00
KLA48634 OSI vulnerability in Apache Tomcat
2023-02-23 00:00:00
debiancve
debiancve
CVE-2023-28708
2023-03-22 11:15:10
CVE-2023-0662
2023-02-16 07:15:10
CVE-2023-0567
2023-03-01 08:15:11
ubuntucve
ubuntucve
CVE-2023-28708
2023-03-22 00:00:00
CVE-2023-0568
2023-02-16 00:00:00
CVE-2023-0662
2023-02-16 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 8.5.86
2023-02-24 00:00:00
Fixed in Apache Tomcat 9.0.72
2023-02-23 00:00:00
Fixed in Apache Tomcat 10.1.6
2023-02-24 00:00:00
cve
cve
CVE-2023-28708
2023-03-22 11:15:10
CVE-2023-0662
2023-02-16 07:15:10
CVE-2023-0568
2023-02-16 07:15:10
veracode
veracode
Information Disclosure
2023-03-24 01:12:16
Denial Of Service (DoS)
2023-02-18 00:53:19
Authentication Bypass
2023-02-17 10:36:14
github
github
Apache Tomcat vulnerable to Unprotected Transport of Credentials
2023-03-22 12:30:16
ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits
2023-05-17 17:07:57
f5
f5
K000133402 : Apache Tomcat vulnerability CVE-2023-28708
2023-04-05 00:00:00
K000133753 : PHP vulnerability CVE-2023-0662
2023-05-01 00:00:00
K000134747 : PHP vulnerability CVE-2023-0568
2023-05-23 00:00:00
redhatcve
redhatcve
CVE-2023-28708
2023-03-24 13:07:53
CVE-2023-0662
2023-02-17 12:00:27
CVE-2023-0568
2023-02-17 12:00:27
alpinelinux
alpinelinux
CVE-2023-0568
2023-02-16 07:15:10
CVE-2023-0662
2023-02-16 07:15:10
CVE-2023-0567
2023-03-01 08:15:11
cbl_mariner
cbl_mariner
CVE-2023-0568 affecting package php for versions less than 8.1.16-1
2023-03-09 00:25:04
CVE-2023-0567 affecting package php for versions less than 8.1.16-1
2023-03-09 00:25:04
CVE-2023-0662 affecting package php for versions less than 8.1.16-1
2023-03-09 00:25:04
amazon
amazon
Important: php56
2023-10-30 23:31:00
Important: tomcat
2023-04-27 18:36:00
Important: tomcat8
2023-04-13 19:01:00
photon
photon
Moderate Photon OS Security Update - PHSA-2023-4.0-0393
2023-05-17 00:00:00
Moderate Photon OS Security Update - PHSA-2023-3.0-0581
2023-05-17 00:00:00
friendsofphp
friendsofphp
ReactPHP's HTTP server continues parsing unused multipart parts after reaching limits
2023-02-27 15:05:00
JSON
Related for EULEROS_SA-2023-2506.NASL
openvas21nessus65slackware1fedora2altlinux3ubuntu3osv23cloudlinux1mageia1debian3redos1redhat5rocky3almalinux5oraclelinux5prion4atlassian2ibm8kaspersky2debiancve4ubuntucve4tomcat4cve4veracode4github2f53redhatcve4alpinelinux3cbl_mariner3amazon3photon2friendsofphp1