Tenable SecurityCenter PHP < 5.6.30 Multiple Vulnerabilities (TNS-2017-04)

High Nessus Plugin ID 101050

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The Tenable SecurityCenter application on the remote host contains a PHP library that is affected by multiple vulnerabilities.

Description

The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP :

- A seg fault when loading hostile phar could be used to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.
(CVE-2017-11147)

- A floating pointer exception flaw exists in the exif_convert_any_to_int() function in exif.c that is triggered when handling TIFF and JPEG image tags. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10158)

- An integer overflow condition exists in the phar_parse_pharfile() function in phar.c due to improper validation when handling phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10159)

- An off-by-one overflow condition exists in the phar_parse_pharfile() function in phar.c due to improper parsing of phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10160)

- An out-of-bounds read error exists in the finish_nested_data() function in var_unserializer.c due to improper validation of unserialized data. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition or the disclosure of memory contents.
(CVE-2016-10161)

- An out-of-bounds read error exists in the phar_parse_pharfile() function in phar.c due to improper parsing of phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition.

- A denial of service vulnerability exists in the bundled GD Graphics Library (LibGD) in the gdImageCreateFromGd2Ctx() function in gd_gd2.c due to improper validation of images. An unauthenticated, remote attacker can exploit this, via a specially crafted image, to crash the process.

- The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library could allow a remote attacker to cause a denial of service via a crafted image file.
(CVE-2016-10167)

- An integer overflow in gd_io.c in the GD Graphics Library before could allow a remote attacker to have an unspecified impact on PHP. (CVE-2016-10168)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to SecurityCenter version 5.4.3 or later. Alternatively, contact the vendor for a patch.

See Also

https://www.tenable.com/security/tns-2017-04

http://php.net/ChangeLog-5.php#5.6.30

Plugin Details

Severity: High

ID: 101050

File Name: securitycenter_php_5_6_30.nasl

Version: 1.9

Type: combined

Agent: unix

Family: Misc.

Published: 2017/06/26

Updated: 2020/10/09

Dependencies: 71157, 71158

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS Score Source: CVE-2016-10160

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:tenable:securitycenter

Required KB Items: Host/SecurityCenter/Version, installed_sw/SecurityCenter, Host/SecurityCenter/support/php/version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2017/02/09

Vulnerability Publication Date: 2016/12/13

Reference Information

CVE: CVE-2017-11147, CVE-2016-10158, CVE-2016-10159, CVE-2016-10160, CVE-2016-10161, CVE-2016-10167, CVE-2016-10168

BID: 95764, 95768, 95774, 95783, 95869, 99607