Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2022-1935.NASLHistoryMay 18, 2022 - 12:00 a.m.
Oracle Linux 8 : php:7.4 (ELSA-2022-1935)
2022-05-1800:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
50
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1935 advisory.
-
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower- privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
(CVE-2021-21703) -
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.
(CVE-2021-21705)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2022-1935.
##
include('compat.inc');
if (description)
{
script_id(161295);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/27");
script_cve_id("CVE-2021-21703", "CVE-2021-21705");
script_xref(name:"IAVA", value:"2021-A-0503-S");
script_name(english:"Oracle Linux 8 : php:7.4 (ELSA-2022-1935)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2022-1935 advisory.
- In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running
PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-
privileged users, it is possible for the child processes to access memory shared with the main process and
write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and
writes, which can be used to escalate privileges from local unprivileged user to the root user.
(CVE-2021-21703)
- In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation
functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password
field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially
leading to other security implications - like contacting a wrong server or making a wrong access decision.
(CVE-2021-21705)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2022-1935.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-21703");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/22");
script_set_attribute(attribute:"patch_publication_date", value:"2022/05/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:apcu-panel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libzip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libzip-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libzip-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-bcmath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-cli");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-dba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-embedded");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-enchant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-ffi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-fpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-gmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-intl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-json");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mbstring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mysqlnd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-opcache");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pdo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pear");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pecl-apcu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pecl-apcu-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pecl-rrd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pecl-xdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pecl-zip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-process");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-soap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-xml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-xmlrpc");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
var os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
var module_ver = get_kb_item('Host/RedHat/appstream/php');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:7.4');
if ('7.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module php:' + module_ver);
var appstreams = {
'php:7.4': [
{'reference':'apcu-panel-5.1.18-1.module+el8.3.0+7685+72d70b58', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libzip-1.6.1-1.module+el8.3.0+7685+72d70b58', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libzip-1.6.1-1.module+el8.3.0+7685+72d70b58', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libzip-devel-1.6.1-1.module+el8.3.0+7685+72d70b58', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libzip-devel-1.6.1-1.module+el8.3.0+7685+72d70b58', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libzip-tools-1.6.1-1.module+el8.3.0+7685+72d70b58', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libzip-tools-1.6.1-1.module+el8.3.0+7685+72d70b58', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-bcmath-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-bcmath-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-cli-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-cli-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-common-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-common-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-dba-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-dba-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-dbg-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-dbg-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-devel-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-devel-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-embedded-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-embedded-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-enchant-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-enchant-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-ffi-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-ffi-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-fpm-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-fpm-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-gd-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-gd-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-gmp-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-gmp-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-intl-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-intl-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-json-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-json-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-ldap-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-ldap-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-mbstring-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-mbstring-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-mysqlnd-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-mysqlnd-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-odbc-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-odbc-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-opcache-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-opcache-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-pdo-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-pdo-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-pear-1.10.12-1.module+el8.3.0+7685+72d70b58', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'php-pecl-apcu-5.1.18-1.module+el8.3.0+7685+72d70b58', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-pecl-apcu-5.1.18-1.module+el8.3.0+7685+72d70b58', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-pecl-apcu-devel-5.1.18-1.module+el8.3.0+7685+72d70b58', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-pecl-apcu-devel-5.1.18-1.module+el8.3.0+7685+72d70b58', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-pecl-rrd-2.0.1-1.module+el8.3.0+7685+72d70b58', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-pecl-rrd-2.0.1-1.module+el8.3.0+7685+72d70b58', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-pecl-xdebug-2.9.5-1.module+el8.3.0+7685+72d70b58', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-pecl-xdebug-2.9.5-1.module+el8.3.0+7685+72d70b58', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-pecl-zip-1.18.2-1.module+el8.3.0+7685+72d70b58', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-pecl-zip-1.18.2-1.module+el8.3.0+7685+72d70b58', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-pgsql-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-pgsql-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-process-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-process-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-snmp-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-snmp-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-soap-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-soap-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-xml-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-xml-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-xmlrpc-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'php-xmlrpc-7.4.19-2.module+el8.6.0+20552+0a59ce9f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
};
var flag = 0;
var appstreams_found = 0;
foreach var module (keys(appstreams)) {
var appstream = NULL;
var appstream_name = NULL;
var appstream_version = NULL;
var appstream_split = split(module, sep:':', keep:FALSE);
if (!empty_or_null(appstream_split)) {
appstream_name = appstream_split[0];
appstream_version = appstream_split[1];
if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);
}
if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
appstreams_found++;
foreach var package_array ( appstreams[module] ) {
var reference = NULL;
var release = NULL;
var sp = NULL;
var cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && release) {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
}
if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:7.4');
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apcu-panel / libzip / libzip-devel / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | linux | 8 | cpe:/o:oracle:linux:8 |
| oracle | linux | apcu-panel | p-cpe:/a:oracle:linux:apcu-panel |
| oracle | linux | libzip | p-cpe:/a:oracle:linux:libzip |
| oracle | linux | libzip-devel | p-cpe:/a:oracle:linux:libzip-devel |
| oracle | linux | libzip-tools | p-cpe:/a:oracle:linux:libzip-tools |
| oracle | linux | php | p-cpe:/a:oracle:linux:php |
| oracle | linux | php-bcmath | p-cpe:/a:oracle:linux:php-bcmath |
| oracle | linux | php-cli | p-cpe:/a:oracle:linux:php-cli |
| oracle | linux | php-common | p-cpe:/a:oracle:linux:php-common |
| oracle | linux | php-dba | p-cpe:/a:oracle:linux:php-dba |
Related
nessus
nessus
Rocky Linux 8 : php:7.4 (RLSA-2022:1935)
2023-11-07 00:00:00
AlmaLinux 8 : php:7.4 (ALSA-2022:1935)
2022-05-12 00:00:00
CentOS 8 : php:7.4 (CESA-2022:1935)
2022-05-10 00:00:00
rocky
rocky
php:7.4 security update
2022-05-10 06:39:36
redhat
redhat
(RHSA-2022:1935) Moderate: php:7.4 security update
2022-05-10 06:39:36
(RHSA-2022:5491) Important: rh-php73-php security and bug fix update
2022-07-04 07:07:16
osv
osv
Moderate: php:7.4 security update
2022-05-10 00:00:00
Moderate: php:7.4 security update
2022-05-10 06:39:36
BIT-php-2021-21705
2024-03-06 11:05:02
oraclelinux
oraclelinux
php:7.4 security update
2022-05-17 00:00:00
almalinux
almalinux
Moderate: php:7.4 security update
2022-05-10 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-21704, CVE-2021-21703, CVE-2021-21705
2021-11-23 13:13:13
Fix of CVE: CVE-2021-21705, CVE-2021-21704, CVE-2021-21703
2021-11-10 18:27:35
suse
suse
Security update for php7 (moderate)
2021-07-30 00:00:00
Security update for php7 (important)
2021-08-06 00:00:00
Recommended update for php7 (moderate)
2021-12-06 00:00:00
redhatcve
redhatcve
CVE-2021-21705
2021-07-02 16:45:56
CVE-2021-21703
2021-10-21 21:02:35
ubuntucve
ubuntucve
CVE-2021-21705
2021-07-02 00:00:00
CVE-2021-21703
2021-10-21 00:00:00
debian
debian
[SECURITY] [DLA 2794-1] php7.0 security update
2021-10-27 10:46:54
[SECURITY] [DSA 4992-1] php7.4 security update
2021-10-25 20:20:43
[SECURITY] [DSA 4993-1] php7.3 security update
2021-10-25 20:25:37
openvas
openvas
Fedora: Security Advisory for php (FEDORA-2021-9f68f5f752)
2021-10-30 00:00:00
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2021-2810)
2021-12-26 00:00:00
Debian: Security Advisory (DSA-4992-1)
2021-10-27 00:00:00
debiancve
debiancve
CVE-2021-21703
2021-10-25 06:15:00
CVE-2021-21705
2021-10-04 04:15:00
fedora
fedora
[SECURITY] Fedora 34 Update: php-7.4.25-1.fc34
2021-10-28 19:32:00
[SECURITY] Fedora 33 Update: php-7.4.25-1.fc33
2021-10-28 19:31:32
[SECURITY] Fedora 35 Update: php-8.0.12-2.fc35
2021-11-03 01:12:32
altlinux
altlinux
Security fix for the ALT Linux 10 package php8.1 version 8.0.12-alt1
2021-10-28 00:00:00
Security fix for the ALT Linux 10 package php8.0 version 8.0.12-alt1
2021-11-02 00:00:00
Security fix for the ALT Linux 10 package php8.2 version 8.0.12-alt1
2021-10-28 00:00:00
f5
f5
K17839423 : PHP vulnerability CVE-2021-21703
2021-11-09 00:00:00
cve
cve
CVE-2021-21703
2021-10-25 06:15:00
CVE-2021-21705
2021-10-04 04:15:00
cbl_mariner
cbl_mariner
CVE-2021-21703 affecting package php 7.4.14-3
2024-04-25 09:08:18
CVE-2021-21705 affecting package php 7.4.14-3
2024-04-25 09:08:18
veracode
veracode
SSRF Bypass
2021-07-01 17:36:07
Privilege Escalation
2021-10-22 03:13:17
prion
prion
Design/Logic Flaw
2021-10-04 04:15:00
Code injection
2021-10-25 06:15:00
alpinelinux
alpinelinux
CVE-2021-21705
2021-10-04 04:15:00
CVE-2021-21703
2021-10-25 06:15:00
ubuntu
ubuntu
PHP vulnerability
2021-10-27 00:00:00
PHP vulnerabilities
2021-07-07 00:00:00
PHP vulnerabilities
2021-07-13 00:00:00
mageia
mageia
Updated php packages fix security vulnerability
2021-10-31 14:12:48
Updated php packages fix security vulnerabilities
2021-07-04 05:13:55
Updated php packages fix security vulnerabilities
2021-07-10 15:56:54
gentoo
gentoo
PHP: Multiple Vulnerabilities
2022-09-29 00:00:00
amazon
amazon
Medium: php73
2021-09-02 22:54:00
redos
redos
ROS-20220826-01
2022-08-26 00:00:00
archlinux
archlinux
[ASA-202107-16] php7: multiple issues
2021-07-06 00:00:00
[ASA-202107-15] php: multiple issues
2021-07-06 00:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00
Related for ORACLELINUX_ELSA-2022-1935.NASL