Tenable SecurityCenter PHP < 5.6.30 Multiple Vulnerabilities (TNS-2017-04)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The Tenable SecurityCenter application on the remote host contains a
PHP library that is affected by multiple vulnerabilities.

Description :

The Tenable SecurityCenter application installed on the remote host
is missing a security patch. It is, therefore, affected by multiple
vulnerabilities in the bundled version of PHP :

- A floating pointer exception flaw exists in the
exif_convert_any_to_int() function in exif.c that is
triggered when handling TIFF and JPEG image tags. An
unauthenticated, remote attacker can exploit this to
cause a crash, resulting in a denial of service
condition. (CVE-2016-10158)

- An integer overflow condition exists in the
phar_parse_pharfile() function in phar.c due to improper
validation when handling phar archives. An
unauthenticated, remote attacker can exploit this to
cause a crash, resulting in a denial of service
condition. (CVE-2016-10159)

- An off-by-one overflow condition exists in the
phar_parse_pharfile() function in phar.c due to improper
parsing of phar archives. An unauthenticated, remote
attacker can exploit this to cause a crash, resulting in
a denial of service condition. (CVE-2016-10160)

- An out-of-bounds read error exists in the
finish_nested_data() function in var_unserializer.c due
to improper validation of unserialized data. An
unauthenticated, remote attacker can exploit this to
cause a crash, resulting in a denial of service
condition or the disclosure of memory contents.
(CVE-2016-10161)

- A denial of service vulnerability exists in the bundled
GD Graphics Library (LibGD) in the
gdImageCreateFromGd2Ctx() function in gd_gd2.c due to
improper validation of images. An unauthenticated,
remote attacker can exploit this, via a specially
crafted image, to crash the process. (CVE-2016-10167)

- An out-of-bounds read error exists in the
phar_parse_pharfile() function in phar.c due to improper
parsing of phar archives. An unauthenticated, remote
attacker can exploit this to cause a crash, resulting in
a denial of service condition. (VulnDB 149621)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.tenable.com/security/tns-2017-04
http://php.net/ChangeLog-5.php#5.6.30

Solution :

Upgrade to SecurityCenter version 5.4.3 or later. Alternatively,
contact the vendor for a patch.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 101050 ()

Bugtraq ID: 95764
95768
95774
95783
95869

CVE ID: CVE-2016-10158
CVE-2016-10159
CVE-2016-10160
CVE-2016-10161
CVE-2016-10167

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now