Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.SECURITYCENTER_PHP_5_6_18.NASL
HistorySep 06, 2016 - 12:00 a.m.

Tenable SecurityCenter < 5.3.0 Multiple Vulnerabilities (TNS-2016-04)

2016-09-0600:00:00
This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24
JSON

The Tenable SecurityCenter application installed on the remote host is either prior to version 5.3.0 or is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the Perl-Compatible Regular Expressions (PCRE) library bundled with PHP :

  • An overflow condition exists in the PCRE library due to improper validation of user-supplied input when handling repeated conditional groups. An attacker can exploit this, via a specially crafted regular expression, to cause a buffer overflow, resulting in a denial of service condition. (CVE-2015-8383)

  • An overflow condition exists in the PCRE library due to improper validation of user-supplied input when handling mutual recursions within a ‘lookbehind’ assertion. An attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition.
    (CVE-2015-8386)

  • An integer overflow condition exists in the PCRE library due to improper validation of user-supplied input when handling subroutine calls. An attacker can exploit this, via a specially crafted regular expression, to cause a denial of service condition. (CVE-2015-8387)

  • A flaw exists in the PCRE library due to improper handling of the /(?:|a|){100}x/ pattern or other related patterns. An attacker can exploit this, via a specially crafted regular expression, to cause an infinite recursion, resulting in a denial of service condition.
    (CVE-2015-8389)

  • A flaw exists in the PCRE library due to improper handling of the [: and \ substrings in character classes. An attacker can exploit this, via a specially crafted regular expression, to cause an uninitialized memory read, resulting in a denial of service condition.
    (CVE-2015-8390)

  • A flaw exists in the PCRE library in the pcre_compile() function in pcre_compile.c due to improper handling of [: nesting. An attacker can exploit this, via a specially crafted regular expression, to cause an excessive consumption of CPU resources, resulting in a denial of service condition. (CVE-2015-8391)

  • A flaw exists in the PCRE library due to improper handling of the ‘-q’ option for binary files. An attacker can exploit this, via a specially crafted file, to disclose sensitive information. (CVE-2015-8393)

  • An integer overflow condition exists in the PCRE library due to improper validation of user-supplied input when handling the (?(<digits>) and (?(R<digits>) conditions.
    An attacker can exploit this, via a specially crafted regular expression, to cause a denial of service condition. (CVE-2015-8394)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(93343);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/10/09");

  script_cve_id(
    "CVE-2015-8383",
    "CVE-2015-8386",
    "CVE-2015-8387",
    "CVE-2015-8389",
    "CVE-2015-8390",
    "CVE-2015-8391",
    "CVE-2015-8393",
    "CVE-2015-8394"
  );
  script_bugtraq_id(
    79810,
    82990
  );

  script_name(english:"Tenable SecurityCenter < 5.3.0 Multiple Vulnerabilities (TNS-2016-04)");
  script_summary(english:"Checks the version of PHP in SecurityCenter.");

  script_set_attribute(attribute:"synopsis", value:
"The Tenable SecurityCenter application installed on the remote host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The Tenable SecurityCenter application installed on the remote host is
either prior to version 5.3.0 or is missing a security patch. It is,
therefore, affected by multiple vulnerabilities in the Perl-Compatible
Regular Expressions (PCRE) library bundled with PHP :

  - An overflow condition exists in the PCRE library due to
    improper validation of user-supplied input when handling
    repeated conditional groups. An attacker can exploit
    this, via a specially crafted regular expression, to
    cause a buffer overflow, resulting in a denial of
    service condition. (CVE-2015-8383)

  - An overflow condition exists in the PCRE library due to
    improper validation of user-supplied input when handling
    mutual recursions within a 'lookbehind' assertion. An
    attacker can exploit this to cause a stack-based buffer
    overflow, resulting in a denial of service condition.
    (CVE-2015-8386)

  - An integer overflow condition exists in the PCRE library
    due to improper validation of user-supplied input when
    handling subroutine calls. An attacker can exploit this,
    via a specially crafted regular expression, to cause a
    denial of service condition. (CVE-2015-8387)

  - A flaw exists in the PCRE library due to improper
    handling of the /(?:|a|){100}x/ pattern or other related
    patterns. An attacker can exploit this, via a specially
    crafted regular expression, to cause an infinite
    recursion, resulting in a denial of service condition.
    (CVE-2015-8389)

  - A flaw exists in the PCRE library due to improper
    handling of the [: and \\ substrings in character
    classes. An attacker can exploit this, via a specially
    crafted regular expression, to cause an uninitialized
    memory read, resulting in a denial of service condition.
    (CVE-2015-8390)

  - A flaw exists in the PCRE library in the pcre_compile()
    function in pcre_compile.c due to improper handling of
    [: nesting. An attacker can exploit this, via a
    specially crafted regular expression, to cause an
    excessive consumption of CPU resources, resulting in a
    denial of service condition. (CVE-2015-8391)

  - A flaw exists in the PCRE library due to improper
    handling of the '-q' option for binary files. An
    attacker can exploit this, via a specially crafted file,
    to disclose sensitive information. (CVE-2015-8393)

  - An integer overflow condition exists in the PCRE library
    due to improper validation of user-supplied input when
    handling the (?(<digits>) and (?(R<digits>) conditions.
    An attacker can exploit this, via a specially crafted
    regular expression, to cause a denial of service
    condition. (CVE-2015-8394)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/tns-2016-04");
  script_set_attribute(attribute:"see_also", value:"https://secure.php.net/ChangeLog-5.php#5.6.18");
  script_set_attribute(attribute:"solution", value:
"Upgrade to SecurityCenter version 5.3.0 or later. Alternatively, apply
patch SC-201603.1-5.x-rh5-64.tgz / SC-201603.1-5.x-rh6-64.tgz.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"manual");
  script_set_attribute(attribute:"cvss_score_rationale", value:"Score based on analysis of the vendor advisory.");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/03/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/06");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tenable:securitycenter");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("securitycenter_installed.nbin", "securitycenter_detect.nbin");
  script_require_keys("Host/SecurityCenter/Version", "installed_sw/SecurityCenter", "Host/SecurityCenter/support/php/version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

sc_ver  = get_kb_item("Host/SecurityCenter/Version");
port = 0;
if(empty_or_null(sc_ver))
{
  port = 443;
  install = get_single_install(app_name:"SecurityCenter", combined:TRUE, exit_if_unknown_ver:TRUE);
  sc_ver = install["version"];
}
version = get_kb_item_or_exit("Host/SecurityCenter/support/php/version");

fix = "5.6.18"; # default to known php release branch used in advisory
if (version =~ "^5\.4\.") fix = "5.4.45";

if (ver_compare(ver:sc_ver, fix:"4.8.2", strict:FALSE) < 0)
  fix = FALSE;

if (!fix || ver_compare(ver:version, fix:fix, strict:FALSE) < 0)
{
  # If there is a patch available report it, otherwise the fix as SC 5.3.0
  if (fix)
  {
    order  = make_list("SecurityCenter version", "SecurityCenter PHP version", "Fixed PHP version");
    report = make_array(order[0], sc_ver, order[1], version, order[2], fix);
  }
  else
  {
    order  = make_list("Installed version", "Fixed version");
    report = make_array(order[0], sc_ver, order[1], "5.3.0");
  }
  report = report_items_str(report_items:report, ordered_fields:order);
  security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);
  exit(0);
}
else audit(AUDIT_INST_VER_NOT_VULN, "PHP (within SecurityCenter)", version);
VendorProductVersionCPE
tenablesecuritycentercpe:/a:tenable:securitycenter

Related

nessus 35
fedora 3
freebsd 1
ibm 12
openvas 17
amazon 6
symantec 1
openwrt 1
gentoo 1
f5 4
ubuntu 1
rosalinux 1
prion 8
debiancve 8
ubuntucve 8
cve 8
veracode 60
centos 1
redhat 3
oraclelinux 1
suse 2
nessus
nessus
PHP 5.6.x < 5.6.18 Multiple Vulnerabilities
2019-01-09 00:00:00
Fedora 22 : pcre-8.38-1.fc22 (2015-eb896290d3)
2016-03-04 00:00:00
FreeBSD : php -- multiple vulnerabilities (85eb4e46-cf16-11e5-840f-485d605f4717)
2016-02-10 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: pcre-8.38-1.fc22
2016-01-04 19:59:47
[SECURITY] Fedora 22 Update: mingw-pcre-8.38-1.fc22
2016-02-17 04:25:54
[SECURITY] Fedora 23 Update: mingw-pcre-8.38-1.fc23
2016-02-17 04:01:55
freebsd
freebsd
php -- multiple vulnerabilities
2016-02-04 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities Perl Compatible Regular Expression (PCRE) libraries - IBM Aspera Shares Application
2019-07-10 10:10:01
Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application
2018-06-15 07:08:32
Security Bulletin:Multiple vulnerabilities in PCRE affect IBM Tivoli Network Manager IP Edition.
2018-06-17 15:15:49
openvas
openvas
Huawei EulerOS: Security Advisory for pcre (EulerOS-SA-2019-1733)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for pcre (EulerOS-SA-2018-1167)
2020-01-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:3161-1)
2021-04-19 00:00:00
amazon
amazon
Medium: pcre
2023-06-05 16:39:00
Medium: glib2
2023-06-21 19:11:00
Medium: glib2
2023-06-21 19:11:00
symantec
symantec
SA128 : Multiple PCRE Vulnerabilities
2016-07-07 08:00:00
openwrt
openwrt
pcre: Security update (18 CVEs)
2016-01-28 12:40:02
gentoo
gentoo
libpcre: Multiple Vulnerabilities
2016-07-09 00:00:00
f5
f5
SOL20225390 - Multiple PCRE vulnerabilities
2016-02-04 00:00:00
K20225390 : Multiple PCRE vulnerabilities
2016-02-04 00:00:00
K05428062 : pcregrep in PCRE vulnerability CVE-2015-8393
2016-02-08 00:00:00
ubuntu
ubuntu
PCRE vulnerabilities
2016-03-29 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1947
2021-07-02 17:40:57
prion
prion
Integer overflow
2015-12-02 01:59:00
Buffer overflow
2015-12-02 01:59:00
Code injection
2015-12-02 01:59:00
debiancve
debiancve
CVE-2015-8387
2015-12-02 01:59:00
CVE-2015-8389
2015-12-02 01:59:00
CVE-2015-8393
2015-12-02 01:59:00
ubuntucve
ubuntucve
CVE-2015-8387
2015-12-01 00:00:00
CVE-2015-8386
2015-12-01 00:00:00
CVE-2015-8390
2015-12-01 00:00:00
cve
cve
CVE-2015-8389
2015-12-02 01:59:00
CVE-2015-8391
2015-12-02 01:59:00
CVE-2015-8387
2015-12-02 01:59:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:34:19
Denial Of Service (DoS)
2019-05-02 05:34:18
Denial Of Service (DoS)
2019-05-02 05:34:18
centos
centos
pcre security update
2016-05-13 00:44:08
redhat
redhat
(RHSA-2016:1025) Important: pcre security update
2016-05-11 11:17:05
(RHSA-2016:1132) Important: rh-mariadb100-mariadb security update
2016-05-26 08:10:09
(RHSA-2016:2750) Moderate: rh-php56 security, bug fix, and enhancement update
2016-11-15 11:13:31
oraclelinux
oraclelinux
pcre security update
2016-05-11 00:00:00
suse
suse
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
JSON
Related for SECURITYCENTER_PHP_5_6_18.NASL
nessus35fedora3freebsd1ibm12openvas17amazon6symantec1openwrt1gentoo1f54ubuntu1rosalinux1prion8debiancve8ubuntucve8cve8veracode60centos1redhat3oraclelinux1suse2