Vulnerabilities > CVE-2019-16163 - Uncontrolled Recursion vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • XML Nested Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].
  • XML Oversized Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An attacker's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1].
  • Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
    XML Denial of Service (XDoS) can be applied to any technology that utilizes XML data. This is, of course, most distributed systems technology including Java, .Net, databases, and so on. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. There are three primary attack vectors that XDoS can navigate Target CPU through recursion: attacker creates a recursive payload and sends to service provider Target memory through jumbo payloads: service provider uses DOM to parse XML. DOM creates in memory representation of XML document, but when document is very large (for example, north of 1 Gb) service provider host may exhaust memory trying to build memory objects. XML Ping of death: attack service provider with numerous small files that clog the system. All of the above attacks exploit the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.
  • XML Parser Attack
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.99.1]

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1918.NASL
    descriptionThe Oniguruma regular expressions library, notably used in PHP mbstring, is vulnerable to stack exhaustion. A crafted regular expression can crash the process. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id128778
    published2019-09-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128778
    titleDebian DLA-1918-1 : libonig security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1918-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128778);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/27");
    
      script_cve_id("CVE-2019-16163");
    
      script_name(english:"Debian DLA-1918-1 : libonig security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Oniguruma regular expressions library, notably used in PHP
    mbstring, is vulnerable to stack exhaustion. A crafted regular
    expression can crash the process.
    
    For Debian 8 'Jessie', this problem has been fixed in version
    5.9.5-3.2+deb8u3.
    
    We recommend that you upgrade your libonig packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/libonig"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Upgrade the affected libonig-dev, libonig2, and libonig2-dbg packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libonig-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libonig2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libonig2-dbg");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"libonig-dev", reference:"5.9.5-3.2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libonig2", reference:"5.9.5-3.2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libonig2-dbg", reference:"5.9.5-3.2+deb8u3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0196_ONIGURUMA.NASL
    descriptionAn update of the oniguruma package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id132975
    published2020-01-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132975
    titlePhoton OS 2.0: Oniguruma PHSA-2019-2.0-0196
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-2.0-0196. The text
    # itself is copyright (C) VMware, Inc.
    
    include('compat.inc');
    
    if (description)
    {
      script_id(132975);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/18");
    
      script_cve_id(
        "CVE-2019-13225",
        "CVE-2019-16163",
        "CVE-2019-19012",
        "CVE-2019-19203",
        "CVE-2019-19204",
        "CVE-2019-19246"
      );
    
      script_name(english:"Photon OS 2.0: Oniguruma PHSA-2019-2.0-0196");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the oniguruma package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-196.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19204");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:oniguruma");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_exists(rpm:"oniguruma-6.9", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"oniguruma-6.9.3-1.ph2")) flag++;
    if (rpm_exists(rpm:"oniguruma-6.9", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", cpu:"src", reference:"oniguruma-6.9.3-1.ph2.src")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"oniguruma-debuginfo-6.9.3-1.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "oniguruma");
    }
    
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-E4819C6510.NASL
    descriptiononiguruma security fix bugport, including fix for CVE-2019-16163 and bugs found on PHP. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131172
    published2019-11-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131172
    titleFedora 30 : oniguruma (2019-e4819c6510)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-e4819c6510.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131172);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/09");
    
      script_cve_id("CVE-2019-16163");
      script_xref(name:"FEDORA", value:"2019-e4819c6510");
    
      script_name(english:"Fedora 30 : oniguruma (2019-e4819c6510)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "oniguruma security fix bugport, including fix for CVE-2019-16163 and
    bugs found on PHP.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-e4819c6510"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected oniguruma package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:oniguruma");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC30", reference:"oniguruma-6.9.2-3.fc30")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "oniguruma");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1178.NASL
    descriptionAccording to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.(CVE-2019-19204) - Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.(CVE-2019-16163) - Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2020-02-25
    plugin id134012
    published2020-02-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134012
    titleEulerOS 2.0 SP8 : ruby (EulerOS-SA-2020-1178)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134012);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");
    
      script_cve_id(
        "CVE-2019-16163",
        "CVE-2019-19204",
        "CVE-2019-19246"
      );
    
      script_name(english:"EulerOS 2.0 SP8 : ruby (EulerOS-SA-2020-1178)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the ruby packages installed, the EulerOS
    installation on the remote host is affected by the following
    vulnerabilities :
    
      - An issue was discovered in Oniguruma 6.x before
        6.9.4_rc2. In the function fetch_interval_quantifier
        (formerly known as fetch_range_quantifier) in
        regparse.c, PFETCH is called without checking PEND.
        This leads to a heap-based buffer
        over-read.(CVE-2019-19204)
    
      - Oniguruma before 6.9.3 allows Stack Exhaustion in
        regcomp.c because of recursion in
        regparse.c.(CVE-2019-16163)
    
      - Oniguruma through 6.9.3, as used in PHP 7.3.x and other
        products, has a heap-based buffer over-read in
        str_lower_case_match in regexec.c.(CVE-2019-19246)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1178
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bae3487a");
      script_set_attribute(attribute:"solution", value:
    "Update the affected ruby packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/25");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby-irb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["ruby-2.5.1-98.h6.eulerosv2r8",
            "ruby-irb-2.5.1-98.h6.eulerosv2r8",
            "ruby-libs-2.5.1-98.h6.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1019.NASL
    descriptionAccording to the versions of the oniguruma package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.(CVE-2019-16163) - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.(CVE-2019-19203) - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.(CVE-2019-19204) - Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2020-01-02
    plugin id132612
    published2020-01-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132612
    titleEulerOS 2.0 SP8 : oniguruma (EulerOS-SA-2020-1019)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132612);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");
    
      script_cve_id(
        "CVE-2019-16163",
        "CVE-2019-19203",
        "CVE-2019-19204",
        "CVE-2019-19246"
      );
    
      script_name(english:"EulerOS 2.0 SP8 : oniguruma (EulerOS-SA-2020-1019)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the oniguruma package installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - Oniguruma before 6.9.3 allows Stack Exhaustion in
        regcomp.c because of recursion in
        regparse.c.(CVE-2019-16163)
    
      - An issue was discovered in Oniguruma 6.x before
        6.9.4_rc2. In the function gb18030_mbc_enc_len in file
        gb18030.c, a UChar pointer is dereferenced without
        checking if it passed the end of the matched string.
        This leads to a heap-based buffer
        over-read.(CVE-2019-19203)
    
      - An issue was discovered in Oniguruma 6.x before
        6.9.4_rc2. In the function fetch_interval_quantifier
        (formerly known as fetch_range_quantifier) in
        regparse.c, PFETCH is called without checking PEND.
        This leads to a heap-based buffer
        over-read.(CVE-2019-19204)
    
      - Oniguruma through 6.9.3, as used in PHP 7.3.x and other
        products, has a heap-based buffer over-read in
        str_lower_case_match in regexec.c.(CVE-2019-19246)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1019
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?02bb355c");
      script_set_attribute(attribute:"solution", value:
    "Update the affected oniguruma packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/02");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:oniguruma");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["oniguruma-6.9.0-2.h4.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "oniguruma");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2020-1380.NASL
    descriptionOniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. (CVE-2019-16163) Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)
    last seen2020-06-01
    modified2020-06-02
    plugin id132735
    published2020-01-09
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132735
    titleAmazon Linux 2 : oniguruma (ALAS-2020-1380)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux 2 Security Advisory ALAS-2020-1380.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132735);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/13");
    
      script_cve_id("CVE-2019-16163", "CVE-2019-19012", "CVE-2019-19204", "CVE-2019-19246");
      script_xref(name:"ALAS", value:"2020-1380");
    
      script_name(english:"Amazon Linux 2 : oniguruma (ALAS-2020-1380)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux 2 host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of
    recursion in regparse.c. (CVE-2019-16163)
    
    Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has
    a heap-based buffer over-read in str_lower_case_match in
    regexec.c.(CVE-2019-19246)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/AL2/ALAS-2020-1380.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update oniguruma' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:oniguruma");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:oniguruma-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:oniguruma-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "2")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"AL2", reference:"oniguruma-5.9.6-1.amzn2.0.3")) flag++;
    if (rpm_check(release:"AL2", reference:"oniguruma-debuginfo-5.9.6-1.amzn2.0.3")) flag++;
    if (rpm_check(release:"AL2", reference:"oniguruma-devel-5.9.6-1.amzn2.0.3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "oniguruma / oniguruma-debuginfo / oniguruma-devel");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1339.NASL
    descriptionAccording to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c(CVE-2019-16163) - Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246) - An out-of-bounds read vulnerability was found in Oniguruma in the way it handled regular expression quantifiers. A remote attacker could abuse this flaw by providing a malformed regular expression that, when processed by an application linked to Oniguruma, could possibly crash the application, resulting in a denial of service.(CVE-2019-19204) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-07
    modified2020-04-02
    plugin id135126
    published2020-04-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135126
    titleEulerOS Virtualization for ARM 64 3.0.6.0 : ruby (EulerOS-SA-2020-1339)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135126);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/06");
    
      script_cve_id(
        "CVE-2019-16163",
        "CVE-2019-19204",
        "CVE-2019-19246"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.6.0 : ruby (EulerOS-SA-2020-1339)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the ruby packages installed, the EulerOS
    Virtualization for ARM 64 installation on the remote host is affected
    by the following vulnerabilities :
    
      - Oniguruma before 6.9.3 allows Stack Exhaustion in
        regcomp.c because of recursion in
        regparse.c(CVE-2019-16163)
    
      - Oniguruma through 6.9.3, as used in PHP 7.3.x and other
        products, has a heap-based buffer over-read in
        str_lower_case_match in regexec.c.(CVE-2019-19246)
    
      - An out-of-bounds read vulnerability was found in
        Oniguruma in the way it handled regular expression
        quantifiers. A remote attacker could abuse this flaw by
        providing a malformed regular expression that, when
        processed by an application linked to Oniguruma, could
        possibly crash the application, resulting in a denial
        of service.(CVE-2019-19204)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1339
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f2f8c64f");
      script_set_attribute(attribute:"solution", value:
    "Update the affected ruby packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby-irb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-bigdecimal");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-io-console");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-psych");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-rdoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygems");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["ruby-2.5.1-98.h6.eulerosv2r8",
            "ruby-irb-2.5.1-98.h6.eulerosv2r8",
            "ruby-libs-2.5.1-98.h6.eulerosv2r8",
            "rubygem-bigdecimal-1.3.4-98.h6.eulerosv2r8",
            "rubygem-io-console-0.4.6-98.h6.eulerosv2r8",
            "rubygem-json-2.1.0-98.h6.eulerosv2r8",
            "rubygem-openssl-2.1.0-98.h6.eulerosv2r8",
            "rubygem-psych-3.0.2-98.h6.eulerosv2r8",
            "rubygem-rdoc-6.0.1-98.h6.eulerosv2r8",
            "rubygems-2.7.6-98.h6.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1350.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11050) - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren
    last seen2020-04-07
    modified2020-04-02
    plugin id135137
    published2020-04-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135137
    titleEulerOS Virtualization for ARM 64 3.0.6.0 : php (EulerOS-SA-2020-1350)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135137);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/06");
    
      script_cve_id(
        "CVE-2017-7272",
        "CVE-2019-11045",
        "CVE-2019-11046",
        "CVE-2019-11047",
        "CVE-2019-11050",
        "CVE-2019-16163",
        "CVE-2019-19204",
        "CVE-2019-19246"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.6.0 : php (EulerOS-SA-2020-1350)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the php packages installed, the EulerOS
    Virtualization for ARM 64 installation on the remote host is affected
    by the following vulnerabilities :
    
      - When PHP EXIF extension is parsing EXIF information
        from an image, e.g. via exif_read_data() function, in
        PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and
        7.4.0 it is possible to supply it with data what will
        cause it to read past the allocated buffer. This may
        lead to information disclosure or
        crash.(CVE-2019-11050)
    
      - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13
        and 7.4.0, PHP bcmath extension functions on some
        systems, including Windows, can be tricked into reading
        beyond the allocated space by supplying it with string
        containing characters that are identified as numeric by
        the OS but aren't ASCII numbers. This can read to
        disclosure of the content of some memory
        locations.(CVE-2019-11046)
    
      - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13
        and 7.4.0, PHP DirectoryIterator class accepts
        filenames with embedded \0 byte and treats them as
        terminating at that byte. This could lead to security
        vulnerabilities, e.g. in applications checking paths
        that the code is allowed to access.(CVE-2019-11045)
    
      - When PHP EXIF extension is parsing EXIF information
        from an image, e.g. via exif_read_data() function, in
        PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and
        7.4.0 it is possible to supply it with data what will
        cause it to read past the allocated buffer. This may
        lead to information disclosure or
        crash.(CVE-2019-11047)
    
      - PHP through 7.1.11 enables potential SSRF in
        applications that accept an fsockopen or pfsockopen
        hostname argument with an expectation that the port
        number is constrained. Because a :port syntax is
        recognized, fsockopen will use the port number that is
        specified in the hostname argument, instead of the port
        number in the second argument of the
        function.(CVE-2017-7272)
    
      - Oniguruma before 6.9.3 allows Stack Exhaustion in
        regcomp.c because of recursion in
        regparse.c.(CVE-2019-16163)
    
      - Oniguruma through 6.9.3, as used in PHP 7.3.x and other
        products, has a heap-based buffer over-read in
        str_lower_case_match in regexec.c.(CVE-2019-19246)
    
      - An issue was discovered in Oniguruma 6.x before
        6.9.4_rc2. In the function fetch_interval_quantifier
        (formerly known as fetch_range_quantifier) in
        regparse.c, PFETCH is called without checking PEND.
        This leads to a heap-based buffer
        over-read.(CVE-2019-19204)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1350
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6edb8cba");
      script_set_attribute(attribute:"solution", value:
    "Update the affected php packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["php-7.2.10-1.h13.eulerosv2r8",
            "php-cli-7.2.10-1.h13.eulerosv2r8",
            "php-common-7.2.10-1.h13.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1172.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.(CVE-2019-19204) - Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.(CVE-2019-16163) - Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246) - PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.(CVE-2017-7272) - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.(CVE-2019-11045) - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren
    last seen2020-05-03
    modified2020-02-25
    plugin id134006
    published2020-02-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134006
    titleEulerOS 2.0 SP8 : php (EulerOS-SA-2020-1172)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134006);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");
    
      script_cve_id(
        "CVE-2017-7272",
        "CVE-2019-11045",
        "CVE-2019-11046",
        "CVE-2019-11047",
        "CVE-2019-11050",
        "CVE-2019-16163",
        "CVE-2019-19204",
        "CVE-2019-19246"
      );
    
      script_name(english:"EulerOS 2.0 SP8 : php (EulerOS-SA-2020-1172)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the php packages installed, the EulerOS
    installation on the remote host is affected by the following
    vulnerabilities :
    
      - An issue was discovered in Oniguruma 6.x before
        6.9.4_rc2. In the function fetch_interval_quantifier
        (formerly known as fetch_range_quantifier) in
        regparse.c, PFETCH is called without checking PEND.
        This leads to a heap-based buffer
        over-read.(CVE-2019-19204)
    
      - Oniguruma before 6.9.3 allows Stack Exhaustion in
        regcomp.c because of recursion in
        regparse.c.(CVE-2019-16163)
    
      - Oniguruma through 6.9.3, as used in PHP 7.3.x and other
        products, has a heap-based buffer over-read in
        str_lower_case_match in regexec.c.(CVE-2019-19246)
    
      - PHP through 7.1.11 enables potential SSRF in
        applications that accept an fsockopen or pfsockopen
        hostname argument with an expectation that the port
        number is constrained. Because a :port syntax is
        recognized, fsockopen will use the port number that is
        specified in the hostname argument, instead of the port
        number in the second argument of the
        function.(CVE-2017-7272)
    
      - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13
        and 7.4.0, PHP DirectoryIterator class accepts
        filenames with embedded \0 byte and treats them as
        terminating at that byte. This could lead to security
        vulnerabilities, e.g. in applications checking paths
        that the code is allowed to access.(CVE-2019-11045)
    
      - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13
        and 7.4.0, PHP bcmath extension functions on some
        systems, including Windows, can be tricked into reading
        beyond the allocated space by supplying it with string
        containing characters that are identified as numeric by
        the OS but aren't ASCII numbers. This can read to
        disclosure of the content of some memory
        locations.(CVE-2019-11046)
    
      - When PHP EXIF extension is parsing EXIF information
        from an image, e.g. via exif_read_data() function, in
        PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and
        7.4.0 it is possible to supply it with data what will
        cause it to read past the allocated buffer. This may
        lead to information disclosure or
        crash.(CVE-2019-11047)
    
      - When PHP EXIF extension is parsing EXIF information
        from an image, e.g. via exif_read_data() function, in
        PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and
        7.4.0 it is possible to supply it with data what will
        cause it to read past the allocated buffer. This may
        lead to information disclosure or
        crash.(CVE-2019-11050)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1172
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?01035da3");
      script_set_attribute(attribute:"solution", value:
    "Update the affected php packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/25");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["php-7.2.10-1.h13.eulerosv2r8",
            "php-cli-7.2.10-1.h13.eulerosv2r8",
            "php-common-7.2.10-1.h13.eulerosv2r8",
            "php-fpm-7.2.10-1.h13.eulerosv2r8",
            "php-gd-7.2.10-1.h13.eulerosv2r8",
            "php-ldap-7.2.10-1.h13.eulerosv2r8",
            "php-odbc-7.2.10-1.h13.eulerosv2r8",
            "php-pdo-7.2.10-1.h13.eulerosv2r8",
            "php-process-7.2.10-1.h13.eulerosv2r8",
            "php-recode-7.2.10-1.h13.eulerosv2r8",
            "php-soap-7.2.10-1.h13.eulerosv2r8",
            "php-xml-7.2.10-1.h13.eulerosv2r8",
            "php-xmlrpc-7.2.10-1.h13.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-6A931C8EEC.NASL
    descriptiononiguruma security fix bugport, including fix for CVE-2019-16163 and bugs found on PHP. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131169
    published2019-11-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131169
    titleFedora 29 : oniguruma (2019-6a931c8eec)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-6a931c8eec.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131169);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/09");
    
      script_cve_id("CVE-2019-16163");
      script_xref(name:"FEDORA", value:"2019-6a931c8eec");
    
      script_name(english:"Fedora 29 : oniguruma (2019-6a931c8eec)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "oniguruma security fix bugport, including fix for CVE-2019-16163 and
    bugs found on PHP.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a931c8eec"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected oniguruma package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:oniguruma");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"oniguruma-6.9.1-3.fc29")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "oniguruma");
    }