EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1544)

Critical Nessus Plugin ID 124997

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

- An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.(CVE-2015-4021)

- An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash.(CVE-2014-3668)

- It was found that certain PHP functions did not properly handle file names containing a NULL character.
A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-4598)

- A flaw was found in the way PHP handled malformed source files when running in CGI mode. A specially crafted PHP file could cause PHP CGI to crash.(CVE-2014-9427)

- An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.(CVE-2018-10548)

- An infinite loop vulnerability was found in ext/iconv/iconv.c in PHP due to the iconv stream not rejecting invalid multibyte sequences. A remote attacker could use this vulnerability to hang the php process and consume resources.(CVE-2018-10546)

- The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.(CVE-2013-4248)

- A use-after-free flaw was found in the way PHP's unserialize() function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize() function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code.(CVE-2015-0231)

- A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-4602)

- It was found that certain PHP functions did not properly handle file names containing a NULL character.
A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-3412)

- The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a 'Python script text executable' rule.(CVE-2015-4605)

- A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. A specially crafted tag input could possibly cause a PHP application to crash.(CVE-2014-9705)

- A buffer overflow flaw was found in the Exif extension.
A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.(CVE-2014-3670)

- A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-4148)

- A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application.(CVE-2014-3515)

- The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a 'Python script text executable' rule.(CVE-2015-4604)

- A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension.
A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file.(CVE-2014-2497)

- A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time.(CVE-2015-4024)

- Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to disclose portion of its memory or crash.(CVE-2015-4599)

- A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-4603)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php packages.

See Also

http://www.nessus.org/u?eb62c9b4

Plugin Details

Severity: Critical

ID: 124997

File Name: EulerOS_SA-2019-1544.nasl

Version: 1.3

Type: local

Published: 2019/05/14

Updated: 2019/06/27

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:php, p-cpe:/a:huawei:euleros:php-cli, p-cpe:/a:huawei:euleros:php-common, cpe:/o:huawei:euleros:uvp:3.0.1.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2019/05/09

Reference Information

CVE: CVE-2013-4248, CVE-2014-2497, CVE-2014-3515, CVE-2014-3668, CVE-2014-3670, CVE-2014-9427, CVE-2014-9705, CVE-2015-0231, CVE-2015-3412, CVE-2015-4021, CVE-2015-4024, CVE-2015-4148, CVE-2015-4598, CVE-2015-4599, CVE-2015-4602, CVE-2015-4603, CVE-2015-4604, CVE-2015-4605, CVE-2018-10546, CVE-2018-10548

BID: 61776, 66233, 68237, 70665, 70666, 71833, 72539, 73031, 74700, 74903, 75103, 75233, 75241, 75244, 75249, 75250, 75251, 75252