Vulnerabilities > CVE-2018-14883 - Out-of-bounds Read vulnerability in multiple products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

nessus

NVD

Published: 2018-08-03

Updated: 2020-08-24

Summary

An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.

Vulnerable Configurations

Part	Description	Count
Application	Php PHP PHP - PHP PHP 0.1 PHP PHP 0.1.1 PHP PHP 0.2 PHP PHP 0.2.0 PHP PHP 0.2.1 PHP PHP 0.2.2 PHP PHP 0.2.3 PHP PHP 0.2.4 PHP PHP 0.3 PHP PHP 0.4 PHP PHP 0.5 PHP PHP 0.5.2 PHP PHP 0.5.3 PHP PHP 0.6 PHP PHP 0.7 PHP PHP 0.9 PHP PHP 0.9.0 PHP PHP 0.9.1 PHP PHP 0.9.2 PHP PHP 0.9.3 PHP PHP 0.9.4 PHP PHP 0.10 PHP PHP 0.11 PHP PHP 0.90 PHP PHP 0.91 PHP PHP 1.0 PHP PHP 1.0.0 PHP PHP 1.0.1 PHP PHP 1.0.2 PHP PHP 1.0.3 PHP PHP 1.0.4 PHP PHP 1.1 PHP PHP 1.1.0 PHP PHP 1.1.1 PHP PHP 1.2 PHP PHP 1.2.0 PHP PHP 1.2.1 PHP PHP 1.2.2 PHP PHP 1.2.3 PHP PHP 1.2.4 PHP PHP 1.2.5 PHP PHP 1.3 PHP PHP 1.3.1 PHP PHP 1.3.5 PHP PHP 1.4 PHP PHP 1.5 PHP PHP 2.0 PHP PHP 2.0.0 PHP PHP 2.0.1 PHP PHP 2.0.2 PHP PHP 2.0B10 PHP PHP 3.0 PHP PHP 3.0.1 PHP PHP 3.0.2 PHP PHP 3.0.3 PHP PHP 3.0.4 PHP PHP 3.0.5 PHP PHP 3.0.6 PHP PHP 3.0.7 PHP PHP 3.0.8 PHP PHP 3.0.9 PHP PHP 3.0.10 PHP PHP 3.0.11 PHP PHP 3.0.12 PHP PHP 3.0.13 PHP PHP 3.0.14 PHP PHP 3.0.15 PHP PHP 3.0.16 PHP PHP 3.0.17 PHP PHP 3.0.18 PHP PHP 4.0 PHP PHP 4.0.0 PHP PHP 4.0.1 PHP PHP 4.0.2 PHP PHP 4.0.3 PHP PHP 4.0.4 PHP PHP 4.0.5 PHP PHP 4.0.6 PHP PHP 4.0.7 PHP PHP 4.1.0 PHP PHP 4.1.1 PHP PHP 4.1.2 PHP PHP 4.1.3 PHP PHP 4.2 PHP PHP 4.2.0 PHP PHP 4.2.1 PHP PHP 4.2.2 PHP PHP 4.2.3 PHP PHP 4.2.4 PHP PHP 4.3 PHP PHP 4.3.0 PHP PHP 4.3.1 PHP PHP 4.3.2 PHP PHP 4.3.3 PHP PHP 4.3.4 PHP PHP 4.3.5 PHP PHP 4.3.6 PHP PHP 4.3.7 PHP PHP 4.3.8 PHP PHP 4.3.9 PHP PHP 4.3.10 PHP PHP 4.3.11 PHP PHP 4.4.0 PHP PHP 4.4.1 PHP PHP 4.4.2 PHP PHP 4.4.3 PHP PHP 4.4.4 PHP PHP 4.4.5 PHP PHP 4.4.6 PHP PHP 4.4.7 PHP PHP 4.4.8 PHP PHP 4.4.9 PHP PHP 5.0.0 PHP PHP 5.0.1 PHP PHP 5.0.2 PHP PHP 5.0.3 PHP PHP 5.0.4 PHP PHP 5.0.5 PHP PHP 5.1 PHP PHP 5.1.0 PHP PHP 5.1.1 PHP PHP 5.1.2 PHP PHP 5.1.3 PHP PHP 5.1.4 PHP PHP 5.1.5 PHP PHP 5.1.6 PHP PHP 5.2.0 PHP PHP 5.2.1 PHP PHP 5.2.2 PHP PHP 5.2.3 PHP PHP 5.2.4 PHP PHP 5.2.5 PHP PHP 5.2.6 PHP PHP 5.2.7 PHP PHP 5.2.8 PHP PHP 5.2.9 PHP PHP 5.2.10 PHP PHP 5.2.11 PHP PHP 5.2.12 PHP PHP 5.2.13 PHP PHP 5.2.14 PHP PHP 5.2.15 PHP PHP 5.2.16 PHP PHP 5.2.17 PHP PHP 5.3.0 PHP PHP 5.3.1 PHP PHP 5.3.2 PHP PHP 5.3.3 PHP PHP 5.3.4 PHP PHP 5.3.5 PHP PHP 5.3.6 PHP PHP 5.3.7 PHP PHP 5.3.8 PHP PHP 5.3.9 PHP PHP 5.3.10 PHP PHP 5.3.11 PHP PHP 5.3.12 PHP PHP 5.3.13 PHP PHP 5.3.14 PHP PHP 5.3.15 PHP PHP 5.3.16 PHP PHP 5.3.17 PHP PHP 5.3.18 PHP PHP 5.3.19 PHP PHP 5.3.20 PHP PHP 5.3.21 PHP PHP 5.3.22 PHP PHP 5.3.23 PHP PHP 5.3.24 PHP PHP 5.3.25 PHP PHP 5.3.26 PHP PHP 5.3.27 PHP PHP 5.3.28 PHP PHP 5.3.29 PHP PHP 5.4.0 PHP PHP 5.4.1 PHP PHP 5.4.2 PHP PHP 5.4.3 PHP PHP 5.4.4 PHP PHP 5.4.5 PHP PHP 5.4.6 PHP PHP 5.4.7 PHP PHP 5.4.8 PHP PHP 5.4.9 PHP PHP 5.4.10 PHP PHP 5.4.11 PHP PHP 5.4.12 PHP PHP 5.4.13 PHP PHP 5.4.14 PHP PHP 5.4.15 PHP PHP 5.4.16 PHP PHP 5.4.17 PHP PHP 5.4.18 PHP PHP 5.4.19 PHP PHP 5.4.20 PHP PHP 5.4.21 PHP PHP 5.4.22 PHP PHP 5.4.23 PHP PHP 5.4.24 PHP PHP 5.4.25 PHP PHP 5.4.26 PHP PHP 5.4.27 PHP PHP 5.4.28 PHP PHP 5.4.29 PHP PHP 5.4.30 PHP PHP 5.4.31 PHP PHP 5.4.32 PHP PHP 5.4.33 PHP PHP 5.4.34 PHP PHP 5.4.35 PHP PHP 5.4.36 PHP PHP 5.4.37 PHP PHP 5.4.38 PHP PHP 5.4.39 PHP PHP 5.4.40 PHP PHP 5.4.41 PHP PHP 5.4.42 PHP PHP 5.4.43 PHP PHP 5.4.44 PHP PHP 5.4.45 PHP PHP 5.5.0 PHP PHP 5.5.1 PHP PHP 5.5.2 PHP PHP 5.5.3 PHP PHP 5.5.4 PHP PHP 5.5.5 PHP PHP 5.5.6 PHP PHP 5.5.7 PHP PHP 5.5.8 PHP PHP 5.5.9 PHP PHP 5.5.10 PHP PHP 5.5.11 PHP PHP 5.5.12 PHP PHP 5.5.13 PHP PHP 5.5.14 PHP PHP 5.5.15 PHP PHP 5.5.16 PHP PHP 5.5.17 PHP PHP 5.5.18 PHP PHP 5.5.19 PHP PHP 5.5.20 PHP PHP 5.5.21 PHP PHP 5.5.22 PHP PHP 5.5.23 PHP PHP 5.5.24 PHP PHP 5.5.25 PHP PHP 5.5.26 PHP PHP 5.5.27 PHP PHP 5.5.28 PHP PHP 5.5.29 PHP PHP 5.5.30 PHP PHP 5.5.31 PHP PHP 5.5.32 PHP PHP 5.5.33 PHP PHP 5.5.34 PHP PHP 5.5.35 PHP PHP 5.5.36 PHP PHP 5.5.37 PHP PHP 5.5.38 PHP PHP 5.6.0 PHP PHP 5.6.1 PHP PHP 5.6.2 PHP PHP 5.6.3 PHP PHP 5.6.4 PHP PHP 5.6.5 PHP PHP 5.6.6 PHP PHP 5.6.7 PHP PHP 5.6.8 PHP PHP 5.6.9 PHP PHP 5.6.10 PHP PHP 5.6.11 PHP PHP 5.6.12 PHP PHP 5.6.13 PHP PHP 5.6.14 PHP PHP 5.6.15 PHP PHP 5.6.16 PHP PHP 5.6.17 PHP PHP 5.6.18 PHP PHP 5.6.19 PHP PHP 5.6.20 PHP PHP 5.6.21 PHP PHP 5.6.22 PHP PHP 5.6.23 PHP PHP 5.6.24 PHP PHP 5.6.25 PHP PHP 5.6.26 PHP PHP 5.6.27 PHP PHP 5.6.28 PHP PHP 5.6.29 PHP PHP 5.6.30 PHP PHP 5.6.31 PHP PHP 5.6.32 PHP PHP 5.6.33 PHP PHP 5.6.34 PHP PHP 5.6.35 PHP PHP 5.6.36 PHP PHP 7.0.0 PHP PHP 7.0.1 PHP PHP 7.0.2 PHP PHP 7.0.3 PHP PHP 7.0.4 PHP PHP 7.0.5 PHP PHP 7.0.6 PHP PHP 7.0.7 PHP PHP 7.0.8 PHP PHP 7.0.9 PHP PHP 7.0.10 PHP PHP 7.0.11 PHP PHP 7.0.12 PHP PHP 7.0.13 PHP PHP 7.0.14 PHP PHP 7.0.15 PHP PHP 7.0.16 PHP PHP 7.0.17 PHP PHP 7.0.18 PHP PHP 7.0.19 PHP PHP 7.0.20 PHP PHP 7.0.21 PHP PHP 7.0.22 PHP PHP 7.0.23 PHP PHP 7.0.24 PHP PHP 7.0.25 PHP PHP 7.0.26 PHP PHP 7.0.27 PHP PHP 7.0.28 PHP PHP 7.0.29 PHP PHP 7.0.30 PHP PHP 7.1.0 PHP PHP 7.1.1 PHP PHP 7.1.2 PHP PHP 7.1.3 PHP PHP 7.1.4 PHP PHP 7.1.5 PHP PHP 7.1.6 PHP PHP 7.1.7 PHP PHP 7.1.8 PHP PHP 7.1.9 PHP PHP 7.1.10 PHP PHP 7.1.11 PHP PHP 7.1.12 PHP PHP 7.1.13 PHP PHP 7.1.14 PHP PHP 7.1.15 PHP PHP 7.1.16 PHP PHP 7.1.17 PHP PHP 7.1.18 PHP PHP 7.1.19 PHP PHP 7.2.0 PHP PHP 7.2.1 PHP PHP 7.2.2 PHP PHP 7.2.3 PHP PHP 7.2.4 PHP PHP 7.2.5 PHP PHP 7.2.6 PHP PHP 7.2.7	1026
Application	Netapp Netapp Storage Automation Store -	1
OS	Canonical Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 18.04	4
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 9.0	2

Common Weakness Enumeration (CWE)

CWE-125 - Out-of-bounds Read

Common Attack Pattern Enumeration and Classification (CAPEC)

Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2018-1066.NASL
description	exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.(CVE-2018-14883)
last seen	2020-06-01
modified	2020-06-02
plugin id	112093
published	2018-08-24
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/112093
title	Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-1066)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2018-1066. # include("compat.inc"); if (description) { script_id(112093); script_version("1.2"); script_cvs_date("Date: 2018/10/04 9:31:13"); script_cve_id("CVE-2018-14851", "CVE-2018-14883"); script_xref(name:"ALAS", value:"2018-1066"); script_name(english:"Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-1066)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.(CVE-2018-14883)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2018-1066.html" ); script_set_attribute( attribute:"solution", value: "Run 'yum update php56' to update your system. Run 'yum update php70' to update your system. Run 'yum update php71' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo-dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pdo-dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"php56-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-bcmath-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-cli-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-common-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-dba-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-dbg-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-debuginfo-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-devel-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-embedded-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-enchant-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-fpm-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-gd-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-gmp-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-imap-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-intl-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-ldap-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mbstring-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mcrypt-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mssql-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mysqlnd-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-odbc-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-opcache-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pdo-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pgsql-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-process-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pspell-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-recode-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-snmp-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-soap-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-tidy-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-xml-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-xmlrpc-5.6.37-1.139.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-bcmath-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-cli-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-common-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-dba-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-dbg-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-debuginfo-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-devel-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-embedded-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-enchant-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-fpm-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-gd-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-gmp-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-imap-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-intl-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-json-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-ldap-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mbstring-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mcrypt-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mysqlnd-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-odbc-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-opcache-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pdo-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pdo-dblib-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pgsql-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-process-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pspell-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-recode-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-snmp-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-soap-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-tidy-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-xml-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-xmlrpc-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-zip-7.0.31-1.30.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-bcmath-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-cli-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-common-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-dba-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-dbg-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-debuginfo-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-devel-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-embedded-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-enchant-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-fpm-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-gd-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-gmp-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-imap-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-intl-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-json-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-ldap-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-mbstring-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-mcrypt-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-mysqlnd-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-odbc-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-opcache-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-pdo-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-pdo-dblib-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-pgsql-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-process-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-pspell-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-recode-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-snmp-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-soap-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-tidy-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-xml-7.1.20-1.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-xmlrpc-7.1.20-1.33.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc"); }

NASL family	Misc.
NASL id	SECURITYCENTER_5_7_1_TNS_2018_12.NASL
description	According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.7.1. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	117672
published	2018-09-24
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117672
title	Tenable SecurityCenter < 5.7.1 Multiple Vulnerabilities (TNS-2018-12)

NASL family	CGI abuses
NASL id	PHP_7_1_20.NASL
description	According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.20. It is, therefore, affected by a denial of service vulnerability.
last seen	2020-06-01
modified	2020-06-02
plugin id	111231
published	2018-07-24
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111231
title	PHP 7.1.x < 7.1.20 exif_thumbnail_extract() DoS

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4353.NASL
description	Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a
last seen	2020-04-30
modified	2018-12-11
plugin id	119561
published	2018-12-11
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119561
title	Debian DSA-4353-1 : php7.0 - security update

NASL family	CGI abuses
NASL id	PHP_5_6_37_MULTIPLE.NASL
description	This plugin has been deprecated due to prior coverage
last seen	2018-10-04
modified	2018-09-20
plugin id	117340
published	2018-09-07
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=117340
title	PHP < 5.6.37 or 7.2.x < 7.2.8 Multiple Vulnerabilities (Deprecated)

NASL family	CGI abuses
NASL id	PHP_5_6_37.NASL
description	According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.37. It is, therefore, affected by a denial of service vulnerability.
last seen	2020-06-01
modified	2020-06-02
plugin id	111230
published	2018-07-24
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111230
title	PHP 5.6.x < 5.6.37 exif_thumbnail_extract() DoS

NASL family	CGI abuses
NASL id	PHP_7_2_8.NASL
description	According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.8. It is, therefore, affected by a Use-After-Free Arbitrary Code Execution Vulnerability.
last seen	2020-06-01
modified	2020-06-02
plugin id	111216
published	2018-07-20
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111216
title	PHP 7.2.x < 7.2.8 Use After Free Arbitrary Code Execution in EXIF

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-2681-1.NASL
description	This update for php53 fixes the following issues : The following security issues were fixed : CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) CVE-2018-14883: Fixed an integer overflow leading to a heap-based buffer over-read in exif_thumbnail_extract of exif.c. (bsc#1103836) CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	117449
published	2018-09-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117449
title	SUSE SLES11 Security Update : php53 (SUSE-SU-2018:2681-1)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1490.NASL
description	Two vulnerabilities have been discovered in php5, a server-side, HTML-embedded scripting language. One (CVE-2018-14851) results in a potential denial of service (out-of-bounds read and application crash) via a crafted JPEG file. The other (CVE-2018-14883) is an Integer Overflow that leads to a heap-based buffer over-read. Additionally, a previously introduced patch for CVE-2017-7272 was found to negatively affect existing PHP applications (#890266). As a result of the negative effects and the fact that the security team has marked the CVE in question as
last seen	2020-06-01
modified	2020-06-02
plugin id	112229
published	2018-09-04
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/112229
title	Debian DLA-1490-1 : php5 security update

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2018-1067.NASL
description	exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.(CVE-2018-12882) An issue was discovered in PHP 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.(CVE-2018-14883)
last seen	2020-06-01
modified	2020-06-02
plugin id	112094
published	2018-08-24
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/112094
title	Amazon Linux AMI : php72 (ALAS-2018-1067)

NASL family	CGI abuses
NASL id	PHP_7_0_31.NASL
description	According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.31. It is, therefore, affected by a Use-After-Free Arbitrary Code Execution Vulnerability.
last seen	2020-06-01
modified	2020-06-02
plugin id	111215
published	2018-07-20
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111215
title	PHP 7.0.x < 7.0.31 Use After Free Arbitrary Code Execution in EXIF

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3766-1.NASL
description	It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2018-14851, CVE-2018-14883). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	117539
published	2018-09-18
reporter	Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117539
title	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : php5, php7.0, php7.2 vulnerabilities (USN-3766-1)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

References