Tenable SecurityCenter PHP < 5.6.31 Multiple Vulnerabilities (TNS-2017-12

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The Tenable SecurityCenter application on the remote host contains a
PHP library that is affected by multiple vulnerabilities.

Description :

The Tenable SecurityCenter application installed on the remote host
is missing a security patch. It is, therefore, affected by multiple
vulnerabilities in the bundled version of PHP :

- An out-of-bounds read flaw in the phar_parse_pharfile() function
in ext/phar/phar.c that is triggered when handling phar archives.
This may allow a remote attacker to cause a denial of service.

- An out-of-bounds read flaw in the gdImageCreateFromGifCtx()
function in gd_gif_in.c that is triggered when handling a
specially crafted GIF file. This may allow a context-dependent
attacker to crash a process linked against the library or
potentially disclose memory contents.

- An extended invalid free flaw in the php_wddx_push_element()
function in ext/wddx/wddx.c that is triggered during the parsing
of empty boolean tags. This may allow a remote attacker to crash a
program built with the language.

- The openssl extension PEM sealing code does not check the return
value of the OpenSSL sealing function, which could lead to a crash
of the PHP interpreter.

- A flaw that is triggered when handling overly large POST requests.
This may allow a remote attacker to exhaust available CPU
resources.

- An out-of-bounds read flaw in the php_parse_date() function in
ext/date/lib/parse_date.c that may allow a remote attacker to
crash a program built with the language or potentially disclose
memory contents.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.tenable.com/security/tns-2017-12
http://php.net/ChangeLog-5.php#5.6.31
https://support.tenable.com/support-center/index.php?x=&mod_id=160

Solution :

Apply the relevant patch as referenced in the vendor advisory.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now