Detections
Analytics
EulerOS Virtualization for ARM 64 3.0.6.0 : php (EulerOS-SA-2020-1350)
high Nessus Plugin ID 135137
Synopsis
The remote EulerOS Virtualization for ARM 64 host is missing multiple security updates.Description
According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :- When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11050)
- In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.(CVE-2019-11046)
- In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.(CVE-2019-11045)
- When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11047)
- PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.(CVE-2017-7272)
- Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.(CVE-2019-16163)
- Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)
- An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND.
This leads to a heap-based buffer over-read.(CVE-2019-19204)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected php packages.See Also
Plugin Details
Severity: High
ID: 135137
File Name: EulerOS_SA-2020-1350.nasl
Version: 1.7
Type: local
Family: Huawei Local Security Checks
Published: 4/2/2020
Updated: 3/20/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS Score Source: CVE-2019-11050
CVSS v3
Risk Factor: High
Base Score: 7.4
Temporal Score: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2017-7272
Vulnerability Information
CPE: p-cpe:/a:huawei:euleros:php, p-cpe:/a:huawei:euleros:php-cli, p-cpe:/a:huawei:euleros:php-common, cpe:/o:huawei:euleros:uvp:3.0.6.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 4/2/2020
Reference Information
CVE: CVE-2017-7272, CVE-2019-11045, CVE-2019-11046, CVE-2019-11047, CVE-2019-11050, CVE-2019-16163, CVE-2019-19204, CVE-2019-19246