Vulnerabilities > CVE-2018-14851 - Out-of-bounds Read vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1066.NASL description exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.(CVE-2018-14883) last seen 2020-06-01 modified 2020-06-02 plugin id 112093 published 2018-08-24 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112093 title Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-1066) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2018-1066. # include("compat.inc"); if (description) { script_id(112093); script_version("1.2"); script_cvs_date("Date: 2018/10/04 9:31:13"); script_cve_id("CVE-2018-14851", "CVE-2018-14883"); script_xref(name:"ALAS", value:"2018-1066"); script_name(english:"Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-1066)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.(CVE-2018-14883)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2018-1066.html" ); script_set_attribute( attribute:"solution", value: "Run 'yum update php56' to update your system. Run 'yum update php70' to update your system. Run 'yum update php71' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo-dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pdo-dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"php56-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-bcmath-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-cli-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-common-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-dba-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-dbg-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-debuginfo-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-devel-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-embedded-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-enchant-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-fpm-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-gd-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-gmp-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-imap-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-intl-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-ldap-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mbstring-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mcrypt-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mssql-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mysqlnd-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-odbc-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-opcache-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pdo-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pgsql-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-process-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pspell-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-recode-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-snmp-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-soap-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-tidy-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-xml-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-xmlrpc-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-bcmath-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-cli-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-common-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-dba-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-dbg-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-debuginfo-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-devel-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-embedded-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-enchant-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-fpm-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-gd-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-gmp-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-imap-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-intl-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-json-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-ldap-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mbstring-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mcrypt-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mysqlnd-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-odbc-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-opcache-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pdo-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pdo-dblib-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pgsql-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-process-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pspell-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-recode-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-snmp-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-soap-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-tidy-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-xml-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-xmlrpc-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-zip-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-bcmath-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-cli-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-common-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-dba-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-dbg-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-debuginfo-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-devel-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-embedded-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-enchant-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-fpm-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-gd-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-gmp-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-imap-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-intl-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-json-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-ldap-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-mbstring-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-mcrypt-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-mysqlnd-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-odbc-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-opcache-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-pdo-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-pdo-dblib-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-pgsql-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-process-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-pspell-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-recode-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-snmp-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-soap-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-tidy-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-xml-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-xmlrpc-7.1.20-1.33.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc"); }NASL family Misc. NASL id SECURITYCENTER_5_7_1_TNS_2018_12.NASL description According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.7.1. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 117672 published 2018-09-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117672 title Tenable SecurityCenter < 5.7.1 Multiple Vulnerabilities (TNS-2018-12) NASL family CGI abuses NASL id PHP_7_1_20.NASL description According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.20. It is, therefore, affected by a denial of service vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 111231 published 2018-07-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111231 title PHP 7.1.x < 7.1.20 exif_thumbnail_extract() DoS NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4353.NASL description Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a last seen 2020-04-30 modified 2018-12-11 plugin id 119561 published 2018-12-11 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119561 title Debian DSA-4353-1 : php7.0 - security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-998.NASL description This update for php5 fixes the following issues : The following security issues were fixed : - CVE-2018-10360: Fixed an out-of-bounds read in the do_core_note function in readelf.c in libmagic.a, which allowed remote attackers to cause a denial of service via a crafted ELF file (bsc#1096984) - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2018-12882: Fixed an use-after-free in exif_read_from_impl in ext/exif/exif.c (bsc#1099098) - CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2018-09-13 plugin id 117477 published 2018-09-13 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117477 title openSUSE Security Update : php5 (openSUSE-2018-998) NASL family CGI abuses NASL id PHP_5_6_37_MULTIPLE.NASL description This plugin has been deprecated due to prior coverage last seen 2018-10-04 modified 2018-09-20 plugin id 117340 published 2018-09-07 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=117340 title PHP < 5.6.37 or 7.2.x < 7.2.8 Multiple Vulnerabilities (Deprecated) NASL family CGI abuses NASL id PHP_5_6_37.NASL description According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.37. It is, therefore, affected by a denial of service vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 111230 published 2018-07-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111230 title PHP 5.6.x < 5.6.37 exif_thumbnail_extract() DoS NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-2682-1.NASL description This update for php5 fixes the following issues : The following security issues were fixed : CVE-2018-10360: Fixed an out-of-bounds read in the do_core_note function in readelf.c in libmagic.a, which allowed remote attackers to cause a denial of service via a crafted ELF file (bsc#1096984) CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) CVE-2018-12882: Fixed an use-after-free in exif_read_from_impl in ext/exif/exif.c (bsc#1099098) CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2019-01-02 plugin id 120095 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120095 title SUSE SLES12 Security Update : php5 (SUSE-SU-2018:2682-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-892.NASL description This update for php7 fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2017-9120: Fixed an buffer overflow in mysqli_real_escape_string, which could be exploited via along string and could result in an application crash or have other unspecified impacts. (bsc#1103661) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2018-08-20 plugin id 112001 published 2018-08-20 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112001 title openSUSE Security Update : php7 (openSUSE-2018-892) NASL family CGI abuses NASL id PHP_7_2_8.NASL description According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.8. It is, therefore, affected by a Use-After-Free Arbitrary Code Execution Vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 111216 published 2018-07-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111216 title PHP 7.2.x < 7.2.8 Use After Free Arbitrary Code Execution in EXIF NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2649.NASL description According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says last seen 2020-05-08 modified 2019-12-18 plugin id 132184 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132184 title EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-2333-1.NASL description This update for php7 fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2017-9120: Fixed an buffer overflow in mysqli_real_escape_string, which could be exploited via along string and could result in an application crash or have other unspecified impacts. (bsc#1103661) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2019-01-02 plugin id 120078 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120078 title SUSE SLES12 Security Update : php7 (SUSE-SU-2018:2333-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-2681-1.NASL description This update for php53 fixes the following issues : The following security issues were fixed : CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) CVE-2018-14883: Fixed an integer overflow leading to a heap-based buffer over-read in exif_thumbnail_extract of exif.c. (bsc#1103836) CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 117449 published 2018-09-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117449 title SUSE SLES11 Security Update : php53 (SUSE-SU-2018:2681-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1490.NASL description Two vulnerabilities have been discovered in php5, a server-side, HTML-embedded scripting language. One (CVE-2018-14851) results in a potential denial of service (out-of-bounds read and application crash) via a crafted JPEG file. The other (CVE-2018-14883) is an Integer Overflow that leads to a heap-based buffer over-read. Additionally, a previously introduced patch for CVE-2017-7272 was found to negatively affect existing PHP applications (#890266). As a result of the negative effects and the fact that the security team has marked the CVE in question as last seen 2020-06-01 modified 2020-06-02 plugin id 112229 published 2018-09-04 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112229 title Debian DLA-1490-1 : php5 security update NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1067.NASL description exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.(CVE-2018-12882) An issue was discovered in PHP 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.(CVE-2018-14883) last seen 2020-06-01 modified 2020-06-02 plugin id 112094 published 2018-08-24 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112094 title Amazon Linux AMI : php72 (ALAS-2018-1067) NASL family CGI abuses NASL id PHP_7_0_31.NASL description According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.31. It is, therefore, affected by a Use-After-Free Arbitrary Code Execution Vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 111215 published 2018-07-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111215 title PHP 7.0.x < 7.0.31 Use After Free Arbitrary Code Execution in EXIF NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3766-1.NASL description It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2018-14851, CVE-2018-14883). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 117539 published 2018-09-18 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117539 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : php5, php7.0, php7.2 vulnerabilities (USN-3766-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-2337-1.NASL description This update for php7 fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2017-9120: Fixed an buffer overflow in mysqli_real_escape_string, which could be exploited via along string and could result in an application crash or have other unspecified impacts. (bsc#1103661) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2019-01-02 plugin id 120079 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120079 title SUSE SLES15 Security Update : php7 (SUSE-SU-2018:2337-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2438.NASL description According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933) - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124) - The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi )abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.(CVE-2015-8382) - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712) - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) - The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480) - ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411) - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879) - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension last seen 2020-05-08 modified 2019-12-04 plugin id 131592 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131592 title EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1984.NASL description According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.(CVE-2014-9912) - Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.(CVE-2015-4116) - A flaw was found in the way the way PHP last seen 2020-05-08 modified 2019-09-24 plugin id 129178 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129178 title EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1984) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-619.NASL description This update for php7 fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2017-9120: Fixed an buffer overflow in mysqli_real_escape_string, which could be exploited via along string and could result in an application crash or have other unspecified impacts. (bsc#1103661) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-05-31 modified 2019-03-27 plugin id 123270 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123270 title openSUSE Security Update : php7 (openSUSE-2019-619)
Redhat
| advisories |
| ||||
| rpms |
|
References
- https://bugs.php.net/bug.php?id=76557
- http://php.net/ChangeLog-7.php
- http://php.net/ChangeLog-5.php
- https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html
- https://usn.ubuntu.com/3766-1/
- https://www.tenable.com/security/tns-2018-12
- https://usn.ubuntu.com/3766-2/
- http://www.securityfocus.com/bid/104871
- https://security.netapp.com/advisory/ntap-20181107-0003/
- https://www.debian.org/security/2018/dsa-4353
- https://access.redhat.com/errata/RHSA-2019:2519