security #cve-2018-11407 [Ldap] cast to string when checking empty passwords
security #cve-2018-11408 [SecurityBundle] Fail if security.http_utils cannot be configured
security #cve-2018-11406 clear CSRF tokens when the user is logged out
security #cve-2018-11385 migrating session for UsernamePasswordJsonAuthenticationListener
security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2018-c8ddc44bbb.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(110952);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2017-16652");
script_xref(name:"FEDORA", value:"2018-c8ddc44bbb");
script_name(english:"Fedora 27 : php-symfony3 (2018-c8ddc44bbb)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"## 3.3.17 (2018-05-25)
- security #cve-2018-11407 [Ldap] cast to string when
checking empty passwords
- security #cve-2018-11408 [SecurityBundle] Fail if
security.http_utils cannot be configured
- security #cve-2018-11406 clear CSRF tokens when the user
is logged out
- security #cve-2018-11385 migrating session for
UsernamePasswordJsonAuthenticationListener
- security #cve-2018-11386 [HttpFoundation] Break infinite
loop in PdoSessionHandler when MySQL is in loose mode
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-c8ddc44bbb"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected php-symfony3 package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-symfony3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/13");
script_set_attribute(attribute:"patch_publication_date", value:"2018/07/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/09");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC27", reference:"php-symfony3-3.3.17-1.fc27")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php-symfony3");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | php-symfony3 | p-cpe:/a:fedoraproject:fedora:php-symfony3 |
fedoraproject | fedora | 27 | cpe:/o:fedoraproject:fedora:27 |