logo
DATABASE RESOURCES PRICING ABOUT US

Tenable SecurityCenter PHP < 5.6.30 Multiple Vulnerabilities (TNS-2017-04)

Description

The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP : - A seg fault when loading hostile phar could be used to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c. (CVE-2017-11147) - A floating pointer exception flaw exists in the exif_convert_any_to_int() function in exif.c that is triggered when handling TIFF and JPEG image tags. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10158) - An integer overflow condition exists in the phar_parse_pharfile() function in phar.c due to improper validation when handling phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10159) - An off-by-one overflow condition exists in the phar_parse_pharfile() function in phar.c due to improper parsing of phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10160) - An out-of-bounds read error exists in the finish_nested_data() function in var_unserializer.c due to improper validation of unserialized data. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition or the disclosure of memory contents. (CVE-2016-10161) - An out-of-bounds read error exists in the phar_parse_pharfile() function in phar.c due to improper parsing of phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. - A denial of service vulnerability exists in the bundled GD Graphics Library (LibGD) in the gdImageCreateFromGd2Ctx() function in gd_gd2.c due to improper validation of images. An unauthenticated, remote attacker can exploit this, via a specially crafted image, to crash the process. - The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library could allow a remote attacker to cause a denial of service via a crafted image file. (CVE-2016-10167) - An integer overflow in gd_io.c in the GD Graphics Library before could allow a remote attacker to have an unspecified impact on PHP. (CVE-2016-10168) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Related