Tenable SecurityCenter PHP < 5.6.31 Multiple Vulnerabilities (TNS-2017-12
Medium Nessus Plugin ID 103121
SynopsisThe Tenable SecurityCenter application on the remote host contains a PHP library that is affected by multiple vulnerabilities.
DescriptionThe Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP :
- An out-of-bounds read flaw in the phar_parse_pharfile() function in ext/phar/phar.c that is triggered when handling phar archives.
This may allow a remote attacker to cause a denial of service.
- An out-of-bounds read flaw in the gdImageCreateFromGifCtx() function in gd_gif_in.c that is triggered when handling a specially crafted GIF file. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.
- An extended invalid free flaw in the php_wddx_push_element() function in ext/wddx/wddx.c that is triggered during the parsing of empty boolean tags. This may allow a remote attacker to crash a program built with the language.
- The openssl extension PEM sealing code does not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter.
- A flaw that is triggered when handling overly large POST requests.
This may allow a remote attacker to exhaust available CPU resources.
- An out-of-bounds read flaw in the php_parse_date() function in ext/date/lib/parse_date.c that may allow a remote attacker to crash a program built with the language or potentially disclose memory contents.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionApply the relevant patch as referenced in the vendor advisory.