Vulnerabilities > CVE-2019-11043 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
id EDB-ID:47553 last seen 2019-10-30 modified 2019-10-28 published 2019-10-28 reporter Exploit-DB source https://www.exploit-db.com/download/47553 title PHP-FPM + Nginx - Remote Code Execution id EDB-ID:48182 last seen 2020-03-09 modified 2020-03-09 published 2020-03-09 reporter Exploit-DB source https://www.exploit-db.com/download/48182 title PHP-FPM - Underflow Remote Code Execution (Metasploit)
Metasploit
description | This module exploits an underflow vulnerability in versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 of PHP-FPM on Nginx. Only servers with certains Nginx + PHP-FPM configurations are exploitable. This is a port of the original neex's exploit code (see refs.). First, it detects the correct parameters (Query String Length and custom header length) needed to trigger code execution. This step determines if the target is actually vulnerable (Check method). Then, the exploit sets a series of PHP INI directives to create a file locally on the target, which enables code execution through a query string parameter. This is used to execute normal payload stagers. Finally, this module does some cleanup by killing local PHP-FPM workers (those are spawned automatically once killed) and removing the created local file. |
id | MSF:EXPLOIT/MULTI/HTTP/PHP_FPM_RCE |
last seen | 2020-06-12 |
modified | 2020-03-06 |
published | 2020-01-20 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/php_fpm_rce.rb |
title | PHP-FPM Underflow RCE |
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2546.NASL description According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.(CVE-2011-4718) - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-09 plugin id 131820 published 2019-12-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131820 title EulerOS 2.0 SP5 : php (EulerOS-SA-2019-2546) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131820); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2011-4718", "CVE-2019-11043" ); script_bugtraq_id( 61929 ); script_name(english:"EulerOS 2.0 SP5 : php (EulerOS-SA-2019-2546)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.(CVE-2011-4718) - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2546 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?02bff10d"); script_set_attribute(attribute:"solution", value: "Update the affected php packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'PHP-FPM Underflow RCE'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["php-5.4.16-45.h21.eulerosv2r7", "php-cli-5.4.16-45.h21.eulerosv2r7", "php-common-5.4.16-45.h21.eulerosv2r7", "php-gd-5.4.16-45.h21.eulerosv2r7", "php-ldap-5.4.16-45.h21.eulerosv2r7", "php-mysql-5.4.16-45.h21.eulerosv2r7", "php-odbc-5.4.16-45.h21.eulerosv2r7", "php-pdo-5.4.16-45.h21.eulerosv2r7", "php-pgsql-5.4.16-45.h21.eulerosv2r7", "php-process-5.4.16-45.h21.eulerosv2r7", "php-recode-5.4.16-45.h21.eulerosv2r7", "php-soap-5.4.16-45.h21.eulerosv2r7", "php-xml-5.4.16-45.h21.eulerosv2r7", "php-xmlrpc-5.4.16-45.h21.eulerosv2r7"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2457.NASL description This update for php7 fixes the following issues : Security issue fixed : - CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-03-18 modified 2019-11-12 plugin id 130888 published 2019-11-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130888 title openSUSE Security Update : php7 (openSUSE-2019-2457) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-2457. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(130888); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09"); script_cve_id("CVE-2019-11043"); script_name(english:"openSUSE Security Update : php7 (openSUSE-2019-2457)"); script_summary(english:"Check for the openSUSE-2019-2457 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for php7 fixes the following issues : Security issue fixed : - CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1154999" ); script_set_attribute(attribute:"solution", value:"Update the affected php7 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'PHP-FPM Underflow RCE'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-embed"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-embed-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-firebird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-firebird-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-opcache-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-readline-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sodium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sodium-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tidy-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/28"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"apache2-mod_php7-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"apache2-mod_php7-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-bcmath-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-bcmath-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-bz2-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-bz2-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-calendar-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-calendar-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-ctype-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-ctype-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-curl-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-curl-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-dba-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-dba-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-debugsource-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-devel-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-dom-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-dom-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-embed-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-embed-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-enchant-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-enchant-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-exif-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-exif-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-fastcgi-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-fastcgi-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-fileinfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-fileinfo-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-firebird-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-firebird-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-fpm-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-fpm-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-ftp-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-ftp-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-gd-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-gd-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-gettext-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-gettext-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-gmp-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-gmp-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-iconv-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-iconv-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-intl-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-intl-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-json-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-json-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-ldap-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-ldap-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-mbstring-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-mbstring-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-mysql-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-mysql-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-odbc-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-odbc-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-opcache-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-opcache-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-openssl-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-openssl-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-pcntl-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-pcntl-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-pdo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-pdo-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-pear-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-pear-Archive_Tar-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-pgsql-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-pgsql-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-phar-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-phar-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-posix-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-posix-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-readline-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-readline-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-shmop-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-shmop-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-snmp-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-snmp-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-soap-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-soap-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-sockets-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-sockets-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-sodium-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-sodium-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-sqlite-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-sqlite-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-sysvmsg-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-sysvmsg-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-sysvsem-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-sysvsem-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-sysvshm-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-sysvshm-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-test-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-tidy-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-tidy-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-tokenizer-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-tokenizer-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-wddx-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-wddx-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-xmlreader-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-xmlreader-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-xmlrpc-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-xmlrpc-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-xmlwriter-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-xmlwriter-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-xsl-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-xsl-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-zip-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-zip-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-zlib-7.2.5-lp150.2.29.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"php7-zlib-debuginfo-7.2.5-lp150.2.29.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php7 / apache2-mod_php7-debuginfo / php7 / php7-bcmath / etc"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-3736.NASL description From Red Hat Security Advisory 2019:3736 : An update for the php:7.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-03-18 modified 2019-11-25 plugin id 131271 published 2019-11-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131271 title Oracle Linux 8 : php:7.3 (ELSA-2019-3736) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:3736 and # Oracle Linux Security Advisory ELSA-2019-3736 respectively. # include("compat.inc"); if (description) { script_id(131271); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09"); script_cve_id("CVE-2019-11043"); script_xref(name:"RHSA", value:"2019:3736"); script_name(english:"Oracle Linux 8 : php:7.3 (ELSA-2019-3736)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2019:3736 : An update for the php:7.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2019-November/009384.html" ); script_set_attribute( attribute:"solution", value:"Update the affected php:7.3 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'PHP-FPM Underflow RCE'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:apcu-panel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libzip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libzip-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libzip-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pecl-apcu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pecl-apcu-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pecl-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/28"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 8", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"apcu-panel-5.1.17-1.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"libzip-1.5.2-1.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"libzip-devel-1.5.2-1.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"libzip-tools-1.5.2-1.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-bcmath-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-cli-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-common-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-dba-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-dbg-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-devel-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-embedded-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-enchant-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-fpm-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-gd-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-gmp-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-intl-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-json-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-ldap-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-mbstring-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-mysqlnd-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-odbc-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-opcache-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-pdo-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-pear-1.10.9-1.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-pecl-apcu-5.1.17-1.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-pecl-apcu-devel-5.1.17-1.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-pecl-zip-1.15.4-1.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-pgsql-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-process-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-recode-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-snmp-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-soap-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-xml-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"php-xmlrpc-7.3.5-5.module+el8.1.0+5441+020cccf5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apcu-panel / libzip / libzip-devel / libzip-tools / php / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0522-1.NASL description This update for php5 fixes the following issues : Security issues fixed : CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). CVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \0 bytes (bsc#1159923). CVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924). CVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922). CVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927). CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629). CVE-2020-7060: Fixed a global buffer-overflow in mbfl_filt_conv_big5_wchar (bsc#1162632). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-03-02 plugin id 134199 published 2020-03-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134199 title SUSE SLES12 Security Update : php5 (SUSE-SU-2020:0522-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2020:0522-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(134199); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09"); script_cve_id("CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11043", "CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11050", "CVE-2020-7059", "CVE-2020-7060"); script_name(english:"SUSE SLES12 Security Update : php5 (SUSE-SU-2020:0522-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for php5 fixes the following issues : Security issues fixed : CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). CVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \0 bytes (bsc#1159923). CVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924). CVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922). CVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927). CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629). CVE-2020-7060: Fixed a global buffer-overflow in mbfl_filt_conv_big5_wchar (bsc#1162632). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1145095" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1146360" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1154999" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1159922" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1159923" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1159924" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1159927" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1161982" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1162629" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1162632" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11041/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11042/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11043/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11045/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11046/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11047/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11050/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-7059/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-7060/" ); # https://www.suse.com/support/update/announcement/2020/suse-su-20200522-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7e9a53cf" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-522=1 SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-522=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'PHP-FPM Underflow RCE'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-imap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/09"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debugsource-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-imap-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-imap-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-phar-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-phar-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-debuginfo-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-5.5.14-109.68.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-debuginfo-5.5.14-109.68.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php5"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-3287.NASL description From Red Hat Security Advisory 2019:3287 : An update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-03-18 modified 2019-11-04 plugin id 130497 published 2019-11-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130497 title Oracle Linux 6 : php (ELSA-2019-3287) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:3287 and # Oracle Linux Security Advisory ELSA-2019-3287 respectively. # include("compat.inc"); if (description) { script_id(130497); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09"); script_cve_id("CVE-2019-11043"); script_xref(name:"RHSA", value:"2019:3287"); script_name(english:"Oracle Linux 6 : php (ELSA-2019-3287)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2019:3287 : An update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2019-November/009315.html" ); script_set_attribute(attribute:"solution", value:"Update the affected php packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'PHP-FPM Underflow RCE'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:php-zts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/28"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"php-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-bcmath-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-cli-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-common-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-dba-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-devel-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-embedded-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-enchant-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-fpm-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-gd-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-imap-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-intl-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-ldap-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-mbstring-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-mysql-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-odbc-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-pdo-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-pgsql-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-process-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-pspell-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-recode-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-snmp-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-soap-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-tidy-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-xml-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-xmlrpc-5.3.3-50.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"php-zts-5.3.3-50.el6_10")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc"); }
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2019-1315.NASL description In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) last seen 2020-03-17 modified 2019-11-04 plugin id 130471 published 2019-11-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130471 title Amazon Linux AMI : php71 / php72,php73,php56 (ALAS-2019-1315) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2019-1315. # include("compat.inc"); if (description) { script_id(130471); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09"); script_cve_id("CVE-2019-11043"); script_xref(name:"ALAS", value:"2019-1315"); script_name(english:"Amazon Linux AMI : php71 / php72,php73,php56 (ALAS-2019-1315)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2019-1315.html" ); script_set_attribute( attribute:"solution", value: "Run 'yum update php71' to update your system. Run 'yum update php72' to update your system. Run 'yum update php73' to update your system. Run 'yum update php56' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'PHP-FPM Underflow RCE'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pdo-dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-pdo-dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php72-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-pdo-dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php73-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/28"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"php56-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-bcmath-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-cli-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-common-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-dba-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-dbg-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-debuginfo-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-devel-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-embedded-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-enchant-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-fpm-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-gd-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-gmp-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-imap-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-intl-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-ldap-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mbstring-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mcrypt-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mssql-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-mysqlnd-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-odbc-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-opcache-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pdo-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pgsql-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-process-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-pspell-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-recode-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-snmp-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-soap-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-tidy-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-xml-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php56-xmlrpc-5.6.40-1.143.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-bcmath-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-cli-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-common-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-dba-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-dbg-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-debuginfo-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-devel-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-embedded-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-enchant-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-fpm-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-gd-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-gmp-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-imap-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-intl-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-json-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-ldap-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-mbstring-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-mcrypt-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-mysqlnd-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-odbc-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-opcache-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-pdo-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-pdo-dblib-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-pgsql-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-process-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-pspell-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-recode-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-snmp-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-soap-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-tidy-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-xml-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php71-xmlrpc-7.1.33-1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-bcmath-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-cli-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-common-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-dba-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-dbg-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-debuginfo-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-devel-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-embedded-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-enchant-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-fpm-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-gd-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-gmp-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-imap-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-intl-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-json-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-ldap-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-mbstring-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-mysqlnd-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-odbc-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-opcache-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-pdo-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-pdo-dblib-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-pgsql-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-process-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-pspell-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-recode-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-snmp-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-soap-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-tidy-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-xml-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php72-xmlrpc-7.2.24-1.18.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-bcmath-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-cli-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-common-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-dba-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-dbg-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-debuginfo-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-devel-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-embedded-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-enchant-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-fpm-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-gd-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-gmp-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-imap-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-intl-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-json-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-ldap-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-mbstring-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-mysqlnd-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-odbc-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-opcache-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-pdo-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-pdo-dblib-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-pgsql-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-process-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-pspell-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-recode-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-snmp-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-soap-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-tidy-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-xml-7.3.11-1.21.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php73-xmlrpc-7.3.11-1.21.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2019-187AE3128D.NASL description **PHP version 7.2.24** (24 Oct 2019) **Core:** - Fixed bug php#78535 (auto_detect_line_endings value not parsed as bool). (bugreportuser) - Fixed bug php#78620 (Out of memory error). (cmb, Nikita) **Exif:** - Fixed bug php#78442 ( last seen 2020-03-17 modified 2019-11-04 plugin id 130476 published 2019-11-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130476 title Fedora 29 : php (2019-187ae3128d) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-187ae3128d. # include("compat.inc"); if (description) { script_id(130476); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09"); script_cve_id("CVE-2019-11043"); script_xref(name:"FEDORA", value:"2019-187ae3128d"); script_name(english:"Fedora 29 : php (2019-187ae3128d)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "**PHP version 7.2.24** (24 Oct 2019) **Core:** - Fixed bug php#78535 (auto_detect_line_endings value not parsed as bool). (bugreportuser) - Fixed bug php#78620 (Out of memory error). (cmb, Nikita) **Exif:** - Fixed bug php#78442 ('Illegal component' on exif_read_data since PHP7) (Kalle) **FPM:** - Fixed bug php#78599 (env_path_info underflow in fpm_main.c can lead to RCE). (**CVE-2019-11043**) (Jakub Zelenka) **MBString:** - Fixed bug php#78579 (mb_decode_numericentity: args number inconsistency). (cmb) - Fixed bug php#78609 (mb_check_encoding() no longer supports stringable objects). (cmb) **MySQLi:** - Fixed bug php#76809 (SSL settings aren't respected when persistent connections are used). (fabiomsouto) **PDO_MySQL:** - Fixed bug php#78623 (Regression caused by 'SP call yields additional empty result set'). (cmb) **Session:** - Fixed bug php#78624 (session_gc return value for user defined session handlers). (bshaffer) **Standard:** - Fixed bug php#76342 (file_get_contents waits twice specified timeout). (Thomas Calvet) - Fixed bug php#78612 (strtr leaks memory when integer keys are used and the subject string shorter). (Nikita) - Fixed bug php#76859 (stream_get_line skips data if used with data-generating filter). (kkopachev) **Zip:** - Fixed bug php#78641 (addGlob can modify given remove_path value). (cmb) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-187ae3128d" ); script_set_attribute(attribute:"solution", value:"Update the affected php package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'PHP-FPM Underflow RCE'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/28"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"php-7.2.24-1.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php"); }
NASL family MacOS X Local Security Checks NASL id MACOS_HT210919.NASL description The remote host is running a version of macOS / Mac OS X that is 10.15.x prior to 10.15.3, 10.13.x prior to 10.13.6, 10.14.x prior to 10.14.6. It is, therefore, affected by multiple vulnerabilities: - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. (CVE-2019-11043) - An arbitrary code exution vulnerability exists due to a misconfiguration. An authenticated, local attacker can exploit this to execute arbitrary code on the remote host. (CVE-2019-18634) - An arbitrary code exution vulnerability exists due to the ability to process a maliciously crafted image. An unauthenticated, remote attacker can exploit this to execute arbitrary code on the remote host. (CVE-2020-3826 CVE-2020-3827 CVE-2020-3870 CVE-2020-3878) - A privilege escalation vulnerability exists in due to an out-of-bounds read issue. An unauthenticated, remote attacker can exploit this, to gain elevated access to the system. (CVE-2020-3829) - An arbitrary file write vulnerability exists in the handling of symlinks. A malicious program crafted by an attacker can exploit this to overwrite arbitrary files on the remote host. (CVE-2020-3830 CVE-2020-3835 CVE-2020-3855) - An information disclosure vulnerability exists in the access control handling of applications. A malicious application crafted by attacker can exploit this to disclose the kernel memory layout. (CVE-2020-3836) - An arbitrary code exution vulnerability exists due to a memory corruption issue. A malicious application crafted by a remote attacker may be able to execute arbitrary code with kernel privileges on the remote host. (CVE-2020-3837 CVE-2020-3842 CVE-2020-3871) - An arbitrary code exution vulnerability exists due to a permissions logic flaw. A malicious application crafted by a remote attacker may be able to execute arbitrary code with system privileges on the remote host. (CVE-2019-18634 CVE-2020-3854 CVE-2020-3845 CVE-2020-3853 CVE-2020-3857) - An information disclosure vulnerability exists in the input sanitization logic. A malicious application crafted by attacker can exploit this to read restricted memory. (CVE-2020-3839 CVE-2020-3847) - An arbitrary code exution vulnerability exists due to the loading of a maliciously crafted racoon configuration file. An authenticated, local attacker can exploit this to execute arbitrary code on the remote host. (CVE-2020-3840) - A denial of service (DoS) vulnerability exists due to a memory corruption issue. An unauthenticated, remote attacker can exploit this issue, via malicious input, to cause the system to crash, stop responding, or corrupt the kernel memory. (CVE-2020-3843) - An arbitrary code exution vulnerability exists due to either a buffer overflow or out-of-bounds read issue. An authenticated, local attacker can exploit this to execute arbitrary code on the remote host or cause an unexpected application to terminate. (CVE-2020-3846 CVE-2020-3848 CVE-2020-3849 CVE-2020-3850 CVE-2020-3877) - A memory corruption vulnerability exists due to a malicious crafted string. An unauthenticated, remote attacker can exploit this issue, via malicious input, to cause the corruption of the heap memory. (CVE-2020-3856) - An security bypass vulnerability exists in the handling of files from an attacker controlled NFS mount. A remote attacker with local access could search for and open a file from an attacker controlled NFS mount and bypass Gatekeeper Security features. (CVE-2020-3866) - An information disclosure vulnerability exists where an application can read restricted memory. A local, authorized attacker can exploit this to read restricted memory. (CVE-2020-3872 CVE-2020-3875) Note that Nessus has not tested for this issue but has instead relied only on the operating system last seen 2020-06-12 modified 2020-02-07 plugin id 133531 published 2020-02-07 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133531 title macOS 10.15.x < 10.15.3 / 10.14.x < 10.14.6 / 10.13.x < 10.13.6 NASL family Scientific Linux Local Security Checks NASL id SL_20191031_PHP_ON_SL6_X.NASL description Security Fix(es) : - php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) last seen 2020-03-18 modified 2019-11-04 plugin id 130499 published 2019-11-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130499 title Scientific Linux Security Update : php on SL6.x i386/x86_64 (20191031) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2819-1.NASL description This update for php7 fixes the following issues : Security issue fixed : CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-10-31 plugin id 130421 published 2019-10-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130421 title SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2019:2819-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0329.NASL description An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es) : * golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling (CVE-2019-16276) * golang: invalid public key causes panic in dsa.Verify (CVE-2019-17596) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-21 modified 2020-02-05 plugin id 133478 published 2020-02-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133478 title RHEL 8 : go-toolset:rhel8 (RHSA-2020:0329) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2809-1.NASL description This update for php7 fixes the following issues : Security issue fixed : CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-10-30 plugin id 130390 published 2019-10-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130390 title SUSE SLES12 Security Update : php7 (SUSE-SU-2019:2809-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-3286.NASL description From Red Hat Security Advisory 2019:3286 : An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-03-18 modified 2019-11-01 plugin id 130442 published 2019-11-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130442 title Oracle Linux 7 : php (ELSA-2019-3286) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4552.NASL description Emil Lerner and Andrew Danau discovered that insufficient validation in the path handling code of PHP FPM could result in the execution of arbitrary code in some setups. last seen 2020-03-17 modified 2019-10-29 plugin id 130349 published 2019-10-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130349 title Debian DSA-4552-1 : php7.0 - security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2649.NASL description According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says last seen 2020-05-08 modified 2019-12-18 plugin id 132184 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132184 title EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649) NASL family Fedora Local Security Checks NASL id FEDORA_2019-7BB07C3B02.NASL description **PHP version 7.3.11** (24 Oct 2019) **Core:** - Fixed bug php#78535 (auto_detect_line_endings value not parsed as bool). (bugreportuser) - Fixed bug php#78620 (Out of memory error). (cmb, Nikita) **Exif :** - Fixed bug php#78442 ( last seen 2020-03-17 modified 2019-11-04 plugin id 130482 published 2019-11-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130482 title Fedora 30 : php (2019-7bb07c3b02) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201910-01.NASL description The remote host is affected by the vulnerability described in GLSA-201910-01 (PHP: Arbitrary code execution) A underflow in env_path_info in PHP-FPM under certain configurations can be exploited to gain remote code execution. Impact : A remote attacker, by sending special crafted HTTP requests, could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround : If patching is not feasible, the suggested workaround is to include checks to verify whether or not a file exists before passing to PHP. last seen 2020-03-18 modified 2019-10-28 plugin id 130329 published 2019-10-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130329 title GLSA-201910-01 : PHP: Arbitrary code execution NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2020-0018_PHP.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has php packages installed that are affected by a vulnerability: - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. (CVE-2019-11043) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-03-18 modified 2020-03-08 plugin id 134323 published 2020-03-08 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134323 title NewStart CGSL MAIN 4.05 : php Vulnerability (NS-SA-2020-0018) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3736.NASL description An update for the php:7.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-23 modified 2019-11-08 plugin id 130739 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130739 title RHEL 8 : php:7.3 (RHSA-2019:3736) NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZLSA-2019-3286.NASL description An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2019-11-08 plugin id 130758 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130758 title Virtuozzo 7 : php / php-bcmath / php-cli / php-common / php-dba / etc (VZLSA-2019-3286) NASL family Scientific Linux Local Security Checks NASL id SL_20191031_PHP_ON_SL7_X.NASL description Security Fix(es) : - php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) last seen 2020-03-18 modified 2019-11-01 plugin id 130447 published 2019-11-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130447 title Scientific Linux Security Update : php on SL7.x x86_64 (20191031) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-3287.NASL description An update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-03-17 modified 2019-11-04 plugin id 130474 published 2019-11-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130474 title CentOS 6 : php (CESA-2019:3287) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2441.NASL description This update for php7 fixes the following issues : Security issue fixed : - CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-03-18 modified 2019-11-06 plugin id 130580 published 2019-11-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130580 title openSUSE Security Update : php7 (openSUSE-2019-2441) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4553.NASL description Emil Lerner and Andrew Danau discovered that insufficient validation in the path handling code of PHP FPM could result in the execution of arbitrary code in some setups. last seen 2020-03-17 modified 2019-10-29 plugin id 130350 published 2019-10-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130350 title Debian DSA-4553-1 : php7.3 - security update NASL family Fedora Local Security Checks NASL id FEDORA_2019-4ADC49A476.NASL description **PHP version 7.3.11** (24 Oct 2019) **Core:** - Fixed bug php#78535 (auto_detect_line_endings value not parsed as bool). (bugreportuser) - Fixed bug php#78620 (Out of memory error). (cmb, Nikita) **Exif :** - Fixed bug php#78442 ( last seen 2020-03-17 modified 2019-10-31 plugin id 130411 published 2019-10-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130411 title Fedora 31 : php (2019-4adc49a476) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2020-0001_PHP.NASL description The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has php packages installed that are affected by a vulnerability: - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. (CVE-2019-11043) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-03-18 modified 2020-01-20 plugin id 133087 published 2020-01-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133087 title NewStart CGSL CORE 5.05 / MAIN 5.05 : php Vulnerability (NS-SA-2020-0001) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1058.NASL description According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) - ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.(CVE-2018-19935) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2020-01-13 plugin id 132812 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132812 title EulerOS Virtualization for ARM 64 3.0.5.0 : php (EulerOS-SA-2020-1058) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-3286.NASL description An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-03-17 modified 2019-11-04 plugin id 130473 published 2019-11-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130473 title CentOS 7 : php (CESA-2019:3286) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3735.NASL description An update for the php:7.2 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-23 modified 2019-11-08 plugin id 130738 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130738 title RHEL 8 : php:7.2 (RHSA-2019:3735) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2295.NASL description According to the version of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-11-27 plugin id 131361 published 2019-11-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131361 title EulerOS 2.0 SP8 : php (EulerOS-SA-2019-2295) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3286.NASL description An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-03-18 modified 2019-11-01 plugin id 130445 published 2019-11-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130445 title RHEL 7 : php (RHSA-2019:3286) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0322.NASL description An update for the php:7.2 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-21 modified 2020-02-04 plugin id 133446 published 2020-02-04 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133446 title RHEL 8 : php:7.2 (RHSA-2020:0322) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1970.NASL description Emil Lerner, beched and d90pwn found a buffer underflow in php5-fpm, a Fast Process Manager for the PHP language, which can lead to remote code execution. Instances are vulnerable depending on the web server configuration, in particular PATH_INFO handling. For a full list of preconditions, check: https://github.com/neex/phuip-fpizdam For Debian 8 last seen 2020-03-17 modified 2019-10-28 plugin id 130283 published 2019-10-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130283 title Debian DLA-1970-1 : php5 security update NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6A7C2AB000DD11EA83CE705A0F828759.NASL description The PHP project reports : The PHP development team announces the immediate availability of PHP 7.3.11. This is a security release which also contains several bug fixes. The PHP development team announces the immediate availability of PHP 7.2.24. This is a security release which also contains several bug fixes. The PHP development team announces the immediate availability of PHP 7.1.33. This is a security release which also contains several bug fixes. last seen 2020-03-18 modified 2019-11-07 plugin id 130617 published 2019-11-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130617 title FreeBSD : php -- env_path_info underflow in fpm_main.c can lead to RCE (6a7c2ab0-00dd-11ea-83ce-705a0f828759) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2909-1.NASL description This update for php72 fixes the following issues : Security issue fixed : CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-11-07 plugin id 130621 published 2019-11-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130621 title SUSE SLES12 Security Update : php72 (SUSE-SU-2019:2909-1) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0214_PHP.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has php packages installed that are affected by a vulnerability: - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. (CVE-2019-11043) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-03-18 modified 2019-12-02 plugin id 131418 published 2019-12-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131418 title NewStart CGSL CORE 5.04 / MAIN 5.04 : php Vulnerability (NS-SA-2019-0214) NASL family CGI abuses NASL id PHP_7_3_11.NASL description According to its banner, the version of PHP running on the remote web server is prior to 7.1.33, 7.2.x prior to 7.2.24, or 7.3.x prior to 7.3.11. It is, therefore, affected by a remote code execution vulnerability due to insufficient validation of user input. An unauthenticated, remote attacker can exploit this, by sending a specially crafted request, to cause the execution of arbitrary code by breaking the fastcgi_split_path_info directive. last seen 2020-04-30 modified 2019-10-25 plugin id 130276 published 2019-10-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130276 title PHP < 7.1.33 / 7.2.x < 7.2.24 / 7.3.x < 7.3.11 Remote Code Execution Vulnerability. NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4166-1.NASL description It was discovered that PHP incorrectly handled certain paths when being used in FastCGI configurations. A remote attacker could possibly use this issue to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-10-29 plugin id 130362 published 2019-10-29 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130362 title Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : php7.0, php7.2, php7.3 vulnerability (USN-4166-1) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1344.NASL description In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) last seen 2020-03-17 modified 2019-11-04 plugin id 130470 published 2019-11-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130470 title Amazon Linux 2 : php (ALAS-2019-1344) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2438.NASL description According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933) - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124) - The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi )abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.(CVE-2015-8382) - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712) - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) - The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480) - ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411) - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879) - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension last seen 2020-05-08 modified 2019-12-04 plugin id 131592 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131592 title EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438) NASL family CGI abuses NASL id PHP_7_4_0.NASL description According to its banner, the version of PHP running on the remote web server is 7.4.x prior to 7.4.0. It is, therefore, affected by multiple vulnerabilities including a buffer overflow last seen 2020-03-18 modified 2019-12-06 plugin id 131732 published 2019-12-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131732 title PHP 7.4.x < 7.4.0 Multiple Vulnerabilities. NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3287.NASL description An update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-03-18 modified 2019-11-01 plugin id 130446 published 2019-11-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130446 title RHEL 6 : php (RHSA-2019:3287) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-3735.NASL description From Red Hat Security Advisory 2019:3735 : An update for the php:7.2 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-03-18 modified 2019-11-25 plugin id 131270 published 2019-11-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131270 title Oracle Linux 8 : php:7.2 (ELSA-2019-3735)
Packetstorm
data source | https://packetstormsecurity.com/files/download/156642/php_fpm_rce.rb.txt |
id | PACKETSTORM:156642 |
last seen | 2020-03-06 |
published | 2020-03-05 |
reporter | cdelafuente-r7 |
source | https://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html |
title | PHP-FPM 7.x Remote Code Execution |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
The Hacker News
id | THN:B9AD1A8C118DBF486256A5AD0D9ECBE6 |
last seen | 2019-10-27 |
modified | 2019-10-27 |
published | 2019-10-26 |
reporter | The Hacker News |
source | https://thehackernews.com/2019/10/nginx-php-fpm-hacking.html |
title | New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers |
Related news
References
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html
- http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2020/Jan/40
- http://seclists.org/fulldisclosure/2020/Jan/40
- https://access.redhat.com/errata/RHSA-2019:3286
- https://access.redhat.com/errata/RHSA-2019:3286
- https://access.redhat.com/errata/RHSA-2019:3287
- https://access.redhat.com/errata/RHSA-2019:3287
- https://access.redhat.com/errata/RHSA-2019:3299
- https://access.redhat.com/errata/RHSA-2019:3299
- https://access.redhat.com/errata/RHSA-2019:3300
- https://access.redhat.com/errata/RHSA-2019:3300
- https://access.redhat.com/errata/RHSA-2019:3724
- https://access.redhat.com/errata/RHSA-2019:3724
- https://access.redhat.com/errata/RHSA-2019:3735
- https://access.redhat.com/errata/RHSA-2019:3735
- https://access.redhat.com/errata/RHSA-2019:3736
- https://access.redhat.com/errata/RHSA-2019:3736
- https://access.redhat.com/errata/RHSA-2020:0322
- https://access.redhat.com/errata/RHSA-2020:0322
- https://bugs.php.net/bug.php?id=78599
- https://bugs.php.net/bug.php?id=78599
- https://github.com/neex/phuip-fpizdam
- https://github.com/neex/phuip-fpizdam
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/
- https://seclists.org/bugtraq/2020/Jan/44
- https://seclists.org/bugtraq/2020/Jan/44
- https://security.netapp.com/advisory/ntap-20191031-0003/
- https://security.netapp.com/advisory/ntap-20191031-0003/
- https://support.apple.com/kb/HT210919
- https://support.apple.com/kb/HT210919
- https://support.f5.com/csp/article/K75408500?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K75408500?utm_source=f5support&%3Butm_medium=RSS
- https://usn.ubuntu.com/4166-1/
- https://usn.ubuntu.com/4166-1/
- https://usn.ubuntu.com/4166-2/
- https://usn.ubuntu.com/4166-2/
- https://www.debian.org/security/2019/dsa-4552
- https://www.debian.org/security/2019/dsa-4552
- https://www.debian.org/security/2019/dsa-4553
- https://www.debian.org/security/2019/dsa-4553
- https://www.synology.com/security/advisory/Synology_SA_19_36
- https://www.synology.com/security/advisory/Synology_SA_19_36
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14