Vulnerabilities > CVE-2018-14883 - Integer Overflow or Wraparound vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1066.NASL description exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.(CVE-2018-14883) last seen 2020-06-01 modified 2020-06-02 plugin id 112093 published 2018-08-24 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112093 title Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-1066) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2018-1066. # include("compat.inc"); if (description) { script_id(112093); script_version("1.2"); script_cvs_date("Date: 2018/10/04 9:31:13"); script_cve_id("CVE-2018-14851", "CVE-2018-14883"); script_xref(name:"ALAS", value:"2018-1066"); script_name(english:"Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-1066)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.(CVE-2018-14883)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2018-1066.html" ); script_set_attribute( attribute:"solution", value: "Run 'yum update php56' to update your system. Run 'yum update php70' to update your system. Run 'yum update php71' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo-dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pdo-dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"php56-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-bcmath-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-cli-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-common-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-dba-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-dbg-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-debuginfo-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-devel-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-embedded-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-enchant-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-fpm-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-gd-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-gmp-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-imap-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-intl-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-ldap-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mbstring-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mcrypt-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mssql-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mysqlnd-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-odbc-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-opcache-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pdo-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pgsql-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-process-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pspell-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-recode-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-snmp-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-soap-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-tidy-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-xml-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-xmlrpc-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-bcmath-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-cli-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-common-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-dba-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-dbg-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-debuginfo-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-devel-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-embedded-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-enchant-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-fpm-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-gd-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-gmp-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-imap-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-intl-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-json-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-ldap-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mbstring-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mcrypt-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mysqlnd-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-odbc-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-opcache-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pdo-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pdo-dblib-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pgsql-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-process-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pspell-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-recode-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-snmp-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-soap-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-tidy-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-xml-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-xmlrpc-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-zip-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-bcmath-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-cli-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-common-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-dba-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-dbg-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-debuginfo-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-devel-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-embedded-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-enchant-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-fpm-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-gd-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-gmp-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-imap-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-intl-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-json-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-ldap-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-mbstring-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-mcrypt-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-mysqlnd-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-odbc-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-opcache-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-pdo-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-pdo-dblib-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-pgsql-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-process-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-pspell-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-recode-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-snmp-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-soap-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-tidy-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-xml-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-xmlrpc-7.1.20-1.33.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc"); }
NASL family Misc. NASL id SECURITYCENTER_5_7_1_TNS_2018_12.NASL description According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.7.1. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 117672 published 2018-09-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117672 title Tenable SecurityCenter < 5.7.1 Multiple Vulnerabilities (TNS-2018-12) NASL family CGI abuses NASL id PHP_7_1_20.NASL description According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.20. It is, therefore, affected by a denial of service vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 111231 published 2018-07-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111231 title PHP 7.1.x < 7.1.20 exif_thumbnail_extract() DoS NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4353.NASL description Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a last seen 2020-04-30 modified 2018-12-11 plugin id 119561 published 2018-12-11 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119561 title Debian DSA-4353-1 : php7.0 - security update NASL family CGI abuses NASL id PHP_5_6_37_MULTIPLE.NASL description This plugin has been deprecated due to prior coverage last seen 2018-10-04 modified 2018-09-20 plugin id 117340 published 2018-09-07 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=117340 title PHP < 5.6.37 or 7.2.x < 7.2.8 Multiple Vulnerabilities (Deprecated) NASL family CGI abuses NASL id PHP_5_6_37.NASL description According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.37. It is, therefore, affected by a denial of service vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 111230 published 2018-07-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111230 title PHP 5.6.x < 5.6.37 exif_thumbnail_extract() DoS NASL family CGI abuses NASL id PHP_7_2_8.NASL description According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.8. It is, therefore, affected by a Use-After-Free Arbitrary Code Execution Vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 111216 published 2018-07-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111216 title PHP 7.2.x < 7.2.8 Use After Free Arbitrary Code Execution in EXIF NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-2681-1.NASL description This update for php53 fixes the following issues : The following security issues were fixed : CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) CVE-2018-14883: Fixed an integer overflow leading to a heap-based buffer over-read in exif_thumbnail_extract of exif.c. (bsc#1103836) CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 117449 published 2018-09-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117449 title SUSE SLES11 Security Update : php53 (SUSE-SU-2018:2681-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1490.NASL description Two vulnerabilities have been discovered in php5, a server-side, HTML-embedded scripting language. One (CVE-2018-14851) results in a potential denial of service (out-of-bounds read and application crash) via a crafted JPEG file. The other (CVE-2018-14883) is an Integer Overflow that leads to a heap-based buffer over-read. Additionally, a previously introduced patch for CVE-2017-7272 was found to negatively affect existing PHP applications (#890266). As a result of the negative effects and the fact that the security team has marked the CVE in question as last seen 2020-06-01 modified 2020-06-02 plugin id 112229 published 2018-09-04 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112229 title Debian DLA-1490-1 : php5 security update NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1067.NASL description exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.(CVE-2018-12882) An issue was discovered in PHP 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.(CVE-2018-14883) last seen 2020-06-01 modified 2020-06-02 plugin id 112094 published 2018-08-24 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112094 title Amazon Linux AMI : php72 (ALAS-2018-1067) NASL family CGI abuses NASL id PHP_7_0_31.NASL description According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.31. It is, therefore, affected by a Use-After-Free Arbitrary Code Execution Vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 111215 published 2018-07-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111215 title PHP 7.0.x < 7.0.31 Use After Free Arbitrary Code Execution in EXIF NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3766-1.NASL description It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2018-14851, CVE-2018-14883). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 117539 published 2018-09-18 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117539 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : php5, php7.0, php7.2 vulnerabilities (USN-3766-1)
References
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/104871
- https://bugs.php.net/bug.php?id=76423
- https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html
- https://security.netapp.com/advisory/ntap-20181107-0003/
- https://usn.ubuntu.com/3766-1/
- https://usn.ubuntu.com/3766-2/
- https://www.debian.org/security/2018/dsa-4353
- https://www.tenable.com/security/tns-2018-12
- http://php.net/ChangeLog-5.php
- https://www.tenable.com/security/tns-2018-12
- https://www.debian.org/security/2018/dsa-4353
- https://usn.ubuntu.com/3766-2/
- https://usn.ubuntu.com/3766-1/
- https://security.netapp.com/advisory/ntap-20181107-0003/
- https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html
- https://bugs.php.net/bug.php?id=76423
- http://www.securityfocus.com/bid/104871
- http://php.net/ChangeLog-7.php