Slackware Linux 15.0 php 7.4.33 Vulnerabilitie
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
ALT Linux | Security fix for the ALT Linux 10 package php8.2 version 8.1.12-alt1 | 31 Oct 202200:00 | – | altlinux |
ALT Linux | Security fix for the ALT Linux 10 package php8.1 version 8.1.12-alt1 | 3 Nov 202200:00 | – | altlinux |
ALT Linux | Security fix for the ALT Linux 10 package php8.0 version 8.0.25-alt1 | 2 Nov 202200:00 | – | altlinux |
ALT Linux | Security fix for the ALT Linux 10 package python3 version 3.9.16-alt1 | 27 Mar 202300:00 | – | altlinux |
Tenable Nessus | PHP 7.4.x < 7.4.33 Multiple Vulnerabilities | 7 Nov 202200:00 | – | nessus |
Tenable Nessus | PHP 8.1.x < 8.1.12 Multiple Vulnerabilities | 29 Oct 202200:00 | – | nessus |
Tenable Nessus | PHP 8.2.x < 8.2.0 Multiple Vulnerabilities | 8 Dec 202200:00 | – | nessus |
Tenable Nessus | PHP 7.4.x < 7.4.33 Multiple Vulnerabilities | 3 Nov 202200:00 | – | nessus |
Tenable Nessus | Slackware Linux 15.0 / current php80 Multiple Vulnerabilities (SSA:2022-304-02) | 1 Nov 202200:00 | – | nessus |
Tenable Nessus | PHP 8.1.x < 8.1.12 Multiple Vulnerabilities | 7 Nov 202200:00 | – | nessus |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
#
# The descriptive text and package checks in this plugin were
# extracted from Slackware Security Advisory SSA:2022-314-01. The text
# itself is copyright (C) Slackware Linux, Inc.
##
include('compat.inc');
if (description)
{
script_id(167280);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/04");
script_cve_id("CVE-2022-31630", "CVE-2022-37454");
script_xref(name:"IAVA", value:"2022-A-0455-S");
script_xref(name:"IAVA", value:"2022-A-0515-S");
script_name(english:"Slackware Linux 15.0 / current php Multiple Vulnerabilities (SSA:2022-314-01)");
script_set_attribute(attribute:"synopsis", value:
"The remote Slackware Linux host is missing a security update to php.");
script_set_attribute(attribute:"description", value:
"The version of php installed on the remote host is prior to 7.4.33. It is, therefore, affected by multiple
vulnerabilities as referenced in the SSA:2022-314-01 advisory.
- The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer
overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.
This occurs in the sponge function interface. (CVE-2022-37454)
- The vulnerability exists due to a boundary condition within the imageloadfont() function. A remote
attacker can pass specially crafted data to the web application, trigger an out-of-bounds read error and
read contents of memory on the system. (CVE-2022-31630)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"solution", value:
"Upgrade the affected php package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-37454");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:php");
script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:15.0");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Slackware Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
exit(0);
}
include("slackware.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
var flag = 0;
var constraints = [
{ 'fixed_version' : '7.4.33', 'product' : 'php', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1_slack15.0', 'arch' : 'i586' },
{ 'fixed_version' : '7.4.33', 'product' : 'php', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1_slack15.0', 'arch' : 'x86_64' },
{ 'fixed_version' : '7.4.33', 'product' : 'php', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'i586' },
{ 'fixed_version' : '7.4.33', 'product' : 'php', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'x86_64' }
];
foreach constraint (constraints) {
var pkg_arch = constraint['arch'];
var arch = NULL;
if (pkg_arch == "x86_64") {
arch = pkg_arch;
}
if (slackware_check(osver:constraint['os_version'],
arch:arch,
pkgname:constraint['product'],
pkgver:constraint['fixed_version'],
pkgarch:pkg_arch,
pkgnum:constraint['service_pack'])) flag++;
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : slackware_report_get()
);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo