7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
0.62 Medium
EPSS
Percentile
97.8%
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1296 advisory.
php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field (CVE-2016-7412)
php: Use after free in wddx_deserialize (CVE-2016-7413)
php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile (CVE-2016-7414)
php: Stack based buffer overflow in msgfmt_format_message (CVE-2016-7416)
php: Missing type check when unserializing SplArray (CVE-2016-7417)
php: Null pointer dereference in php_wddx_push_element (CVE-2016-7418)
php: Use-after-free vulnerability when resizing the ‘properties’ hash table of a serialized object (CVE-2016-7479)
php, gd: Stack overflow in gdImageFillToBorder on truecolor images (CVE-2016-9933)
php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow (CVE-2016-9934)
php: Invalid read when wddx decodes empty boolean element (CVE-2016-9935)
php: Use After Free in unserialize() (CVE-2016-9936)
php: Wrong calculation in exif_convert_any_to_int function (CVE-2016-10158)
php: Integer overflow in phar_parse_pharfile (CVE-2016-10159)
php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive (CVE-2016-10160)
php: Out-of-bounds heap read on unserialize in finish_nested_data() (CVE-2016-10161)
php: Null pointer dereference when unserializing PHP object (CVE-2016-10162)
gd: DoS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)
gd: Integer overflow in gd_io.c (CVE-2016-10168)
php: Use of uninitialized memory in unserialize() (CVE-2017-5340)
php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890)
oniguruma: Out-of-bounds stack read in match_at() during regular expression searching (CVE-2017-9224)
oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation (CVE-2017-9226)
oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching (CVE-2017-9227)
oniguruma: Out-of-bounds heap write in bitset_set_range() (CVE-2017-9228)
oniguruma: Invalid pointer dereference in left_adjust_char_head() (CVE-2017-9229)
php: Incorrect WDDX deserialization of boolean parameters leads to DoS (CVE-2017-11143)
php: Incorrect return value check of OpenSSL sealing function leads to crash (CVE-2017-11144)
php: wddx_deserialize() heap out-of-bound read via php_parse_date() (CVE-2017-11145)
php: Out-of-bounds read in phar_parse_pharfile (CVE-2017-11147)
php: Stack-based buffer over-read in msgfmt_parse_message function (CVE-2017-11362)
php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c (CVE-2017-11628)
php: Heap use after free in ext/standard/var_unserializer.re (CVE-2017-12932)
php: buffer over-read in finish_nested_data function (CVE-2017-12933)
php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12934)
php: Out-of-bound read in timelib_meridian() (CVE-2017-16642)
gd: Infinite loop in gdImageCreateFromGifCtx() in gd_gif_in.c (CVE-2018-5711)
php: Reflected XSS on PHAR 404 page (CVE-2018-5712)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2018:1296. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(194027);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/27");
script_cve_id(
"CVE-2016-7412",
"CVE-2016-7413",
"CVE-2016-7414",
"CVE-2016-7416",
"CVE-2016-7417",
"CVE-2016-7418",
"CVE-2016-7479",
"CVE-2016-9933",
"CVE-2016-9934",
"CVE-2016-9935",
"CVE-2016-9936",
"CVE-2016-10158",
"CVE-2016-10159",
"CVE-2016-10160",
"CVE-2016-10161",
"CVE-2016-10162",
"CVE-2016-10167",
"CVE-2016-10168",
"CVE-2017-5340",
"CVE-2017-7890",
"CVE-2017-9224",
"CVE-2017-9226",
"CVE-2017-9227",
"CVE-2017-9228",
"CVE-2017-9229",
"CVE-2017-11143",
"CVE-2017-11144",
"CVE-2017-11145",
"CVE-2017-11147",
"CVE-2017-11362",
"CVE-2017-11628",
"CVE-2017-12932",
"CVE-2017-12933",
"CVE-2017-12934",
"CVE-2017-16642",
"CVE-2018-5711",
"CVE-2018-5712"
);
script_xref(name:"RHSA", value:"2018:1296");
script_name(english:"RHEL 6 / 7 : rh-php70-php (RHSA-2018:1296)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2018:1296 advisory.
- php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field (CVE-2016-7412)
- php: Use after free in wddx_deserialize (CVE-2016-7413)
- php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile (CVE-2016-7414)
- php: Stack based buffer overflow in msgfmt_format_message (CVE-2016-7416)
- php: Missing type check when unserializing SplArray (CVE-2016-7417)
- php: Null pointer dereference in php_wddx_push_element (CVE-2016-7418)
- php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object
(CVE-2016-7479)
- php, gd: Stack overflow in gdImageFillToBorder on truecolor images (CVE-2016-9933)
- php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow (CVE-2016-9934)
- php: Invalid read when wddx decodes empty boolean element (CVE-2016-9935)
- php: Use After Free in unserialize() (CVE-2016-9936)
- php: Wrong calculation in exif_convert_any_to_int function (CVE-2016-10158)
- php: Integer overflow in phar_parse_pharfile (CVE-2016-10159)
- php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive (CVE-2016-10160)
- php: Out-of-bounds heap read on unserialize in finish_nested_data() (CVE-2016-10161)
- php: Null pointer dereference when unserializing PHP object (CVE-2016-10162)
- gd: DoS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)
- gd: Integer overflow in gd_io.c (CVE-2016-10168)
- php: Use of uninitialized memory in unserialize() (CVE-2017-5340)
- php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890)
- oniguruma: Out-of-bounds stack read in match_at() during regular expression searching (CVE-2017-9224)
- oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation (CVE-2017-9226)
- oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching (CVE-2017-9227)
- oniguruma: Out-of-bounds heap write in bitset_set_range() (CVE-2017-9228)
- oniguruma: Invalid pointer dereference in left_adjust_char_head() (CVE-2017-9229)
- php: Incorrect WDDX deserialization of boolean parameters leads to DoS (CVE-2017-11143)
- php: Incorrect return value check of OpenSSL sealing function leads to crash (CVE-2017-11144)
- php: wddx_deserialize() heap out-of-bound read via php_parse_date() (CVE-2017-11145)
- php: Out-of-bounds read in phar_parse_pharfile (CVE-2017-11147)
- php: Stack-based buffer over-read in msgfmt_parse_message function (CVE-2017-11362)
- php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c
(CVE-2017-11628)
- php: Heap use after free in ext/standard/var_unserializer.re (CVE-2017-12932)
- php: buffer over-read in finish_nested_data function (CVE-2017-12933)
- php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12934)
- php: Out-of-bound read in timelib_meridian() (CVE-2017-16642)
- gd: Infinite loop in gdImageCreateFromGifCtx() in gd_gif_in.c (CVE-2018-5711)
- php: Reflected XSS on PHAR 404 page (CVE-2018-5712)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
# https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.1_release_notes/chap-rhscl#sect-RHSCL-Changes-php
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7937c56b");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1377311");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1377314");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1377336");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1377340");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1377344");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1377352");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1404723");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1404726");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1404731");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1404735");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1412631");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1412686");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1418984");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1418986");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1419010");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1419012");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1419015");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1419018");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1419020");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1466730");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1466736");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1466739");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1466740");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1466746");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1471824");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1471827");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1471834");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1471842");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1473822");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1475373");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1475522");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1484837");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1484838");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1484839");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1512057");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1535246");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1535251");
# https://access.redhat.com/security/data/csaf/v2/advisories/2018/rhsa-2018_1296.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0687a912");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:1296");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9228");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(20, 119, 121, 122, 125, 190, 193, 252, 253, 416, 456, 476, 682, 787, 835);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/16");
script_set_attribute(attribute:"patch_publication_date", value:"2018/05/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-bcmath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-cli");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-dba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-embedded");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-enchant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-fpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-gmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-imap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-intl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-json");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-mbstring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-mysqlnd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-opcache");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-pdo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-process");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-pspell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-recode");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-soap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-tidy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-xml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-xmlrpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-php70-php-zip");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['6','7'])) audit(AUDIT_OS_NOT, 'Red Hat 6.x / 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel/server/6/6Server/x86_64/rhscl/1/debug',
'content/dist/rhel/server/6/6Server/x86_64/rhscl/1/os',
'content/dist/rhel/server/6/6Server/x86_64/rhscl/1/source/SRPMS',
'content/dist/rhel/workstation/6/6Workstation/x86_64/rhscl/1/debug',
'content/dist/rhel/workstation/6/6Workstation/x86_64/rhscl/1/os',
'content/dist/rhel/workstation/6/6Workstation/x86_64/rhscl/1/source/SRPMS'
],
'pkgs': [
{'reference':'rh-php70-php-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-bcmath-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-cli-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-common-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-dba-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-dbg-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-devel-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-embedded-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-enchant-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-fpm-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-gd-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-gmp-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-imap-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-intl-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-json-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-ldap-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-mbstring-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-mysqlnd-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-odbc-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-opcache-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-pdo-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-pgsql-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-process-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-pspell-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-recode-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-snmp-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-soap-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-tidy-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-xml-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-xmlrpc-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-zip-7.0.27-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}
]
},
{
'repo_relative_urls': [
'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',
'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',
'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',
'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',
'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',
'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'
],
'pkgs': [
{'reference':'rh-php70-php-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-bcmath-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-cli-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-common-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-dba-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-dbg-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-devel-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-embedded-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-enchant-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-fpm-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-gd-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-gmp-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-intl-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-json-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-ldap-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-mbstring-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-mysqlnd-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-odbc-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-opcache-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-pdo-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-pgsql-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-process-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-pspell-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-recode-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-snmp-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-soap-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-xml-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-xmlrpc-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-php70-php-zip-7.0.27-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-php70-php / rh-php70-php-bcmath / rh-php70-php-cli / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | 6 | cpe:/o:redhat:enterprise_linux:6 |
redhat | enterprise_linux | 7 | cpe:/o:redhat:enterprise_linux:7 |
redhat | enterprise_linux | rh-php70-php | p-cpe:/a:redhat:enterprise_linux:rh-php70-php |
redhat | enterprise_linux | rh-php70-php-bcmath | p-cpe:/a:redhat:enterprise_linux:rh-php70-php-bcmath |
redhat | enterprise_linux | rh-php70-php-cli | p-cpe:/a:redhat:enterprise_linux:rh-php70-php-cli |
redhat | enterprise_linux | rh-php70-php-common | p-cpe:/a:redhat:enterprise_linux:rh-php70-php-common |
redhat | enterprise_linux | rh-php70-php-dba | p-cpe:/a:redhat:enterprise_linux:rh-php70-php-dba |
redhat | enterprise_linux | rh-php70-php-dbg | p-cpe:/a:redhat:enterprise_linux:rh-php70-php-dbg |
redhat | enterprise_linux | rh-php70-php-devel | p-cpe:/a:redhat:enterprise_linux:rh-php70-php-devel |
redhat | enterprise_linux | rh-php70-php-embedded | p-cpe:/a:redhat:enterprise_linux:rh-php70-php-embedded |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10158
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10159
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10160
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10161
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10162
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7479
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9933
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9934
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9935
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9936
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11143
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11144
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11147
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11362
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11628
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12932
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12933
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12934
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16642
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5340
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7890
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9224
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9226
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9227
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9228
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9229
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5711
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5712
www.nessus.org/u?0687a912
www.nessus.org/u?7937c56b
access.redhat.com/errata/RHSA-2018:1296
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1377311
bugzilla.redhat.com/show_bug.cgi?id=1377314
bugzilla.redhat.com/show_bug.cgi?id=1377336
bugzilla.redhat.com/show_bug.cgi?id=1377340
bugzilla.redhat.com/show_bug.cgi?id=1377344
bugzilla.redhat.com/show_bug.cgi?id=1377352
bugzilla.redhat.com/show_bug.cgi?id=1404723
bugzilla.redhat.com/show_bug.cgi?id=1404726
bugzilla.redhat.com/show_bug.cgi?id=1404731
bugzilla.redhat.com/show_bug.cgi?id=1404735
bugzilla.redhat.com/show_bug.cgi?id=1412631
bugzilla.redhat.com/show_bug.cgi?id=1412686
bugzilla.redhat.com/show_bug.cgi?id=1418984
bugzilla.redhat.com/show_bug.cgi?id=1418986
bugzilla.redhat.com/show_bug.cgi?id=1419010
bugzilla.redhat.com/show_bug.cgi?id=1419012
bugzilla.redhat.com/show_bug.cgi?id=1419015
bugzilla.redhat.com/show_bug.cgi?id=1419018
bugzilla.redhat.com/show_bug.cgi?id=1419020
bugzilla.redhat.com/show_bug.cgi?id=1466730
bugzilla.redhat.com/show_bug.cgi?id=1466736
bugzilla.redhat.com/show_bug.cgi?id=1466739
bugzilla.redhat.com/show_bug.cgi?id=1466740
bugzilla.redhat.com/show_bug.cgi?id=1466746
bugzilla.redhat.com/show_bug.cgi?id=1471824
bugzilla.redhat.com/show_bug.cgi?id=1471827
bugzilla.redhat.com/show_bug.cgi?id=1471834
bugzilla.redhat.com/show_bug.cgi?id=1471842
bugzilla.redhat.com/show_bug.cgi?id=1473822
bugzilla.redhat.com/show_bug.cgi?id=1475373
bugzilla.redhat.com/show_bug.cgi?id=1475522
bugzilla.redhat.com/show_bug.cgi?id=1484837
bugzilla.redhat.com/show_bug.cgi?id=1484838
bugzilla.redhat.com/show_bug.cgi?id=1484839
bugzilla.redhat.com/show_bug.cgi?id=1512057
bugzilla.redhat.com/show_bug.cgi?id=1535246
bugzilla.redhat.com/show_bug.cgi?id=1535251
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
0.62 Medium
EPSS
Percentile
97.8%