SUSE SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2022:4067-1)

critical Nessus Plugin ID 167950

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4067-1 advisory.

 - An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php- fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility. (CVE-2015-9253)

 - The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. (CVE-2017-8923)

 - PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string. (CVE-2017-9120)

 - Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5. (CVE-2018-1000222)

 - exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after- free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function. (CVE-2018-12882)

 - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. (CVE-2018-14851)

 - The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a Transfer-Encoding: chunked request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. (CVE-2018-17082)

 - ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function. (CVE-2018-19935)

 - In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.
 (CVE-2018-20783)

 - When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. (CVE-2019-11034)

 - When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. (CVE-2019-11035)

 - When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. (CVE-2019-11036)

 - Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash. (CVE-2019-11039)

 - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2019-11040)

 - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2019-11041, CVE-2019-11042)

 - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. (CVE-2019-11043)

 - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. (CVE-2019-11045)

 - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations. (CVE-2019-11046)

 - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
 (CVE-2019-11047, CVE-2019-11050)

 - In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server. (CVE-2019-11048)

 - An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. (CVE-2019-9020)

 - An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c. (CVE-2019-9021)

 - An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2.
 dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries. (CVE-2019-9022)

 - An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences. (CVE-2019-9023)

 - An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c. (CVE-2019-9024)

 - An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.
 (CVE-2019-9637)

 - An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. (CVE-2019-9638)

 - An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. (CVE-2019-9640)

 - An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. (CVE-2019-9641)

 - ** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3.
 phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: This issue allows theoretical compromise of security, but a practical attack is usually impossible. (CVE-2019-9675)

 - When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7059)

 - When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7060)

 - In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. (CVE-2020-7062)

 - In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted. (CVE-2020-7063)

 - In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash. (CVE-2020-7064)

 - In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it.
 This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server. (CVE-2020-7066)

 - In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure. (CVE-2020-7068)

 - In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. (CVE-2020-7069)

 - In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like
 __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. (CVE-2020-7070)

 - In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL. (CVE-2020-7071)

 - In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash. (CVE-2021-21702)

 - In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower- privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
 (CVE-2021-21703)

 - In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
 (CVE-2021-21704)

 - In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.
 (CVE-2021-21705)

 - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended. (CVE-2021-21707)

 - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. (CVE-2022-31625)

 - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. (CVE-2022-31626)

 - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. (CVE-2022-31628)

 - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. (CVE-2022-31629)

 - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.
 This occurs in the sponge function interface. (CVE-2022-37454)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1204577

http://www.nessus.org/u?49172965

https://www.suse.com/security/cve/CVE-2015-9253

https://www.suse.com/security/cve/CVE-2017-8923

https://www.suse.com/security/cve/CVE-2017-9120

https://www.suse.com/security/cve/CVE-2018-1000222

https://www.suse.com/security/cve/CVE-2018-12882

https://www.suse.com/security/cve/CVE-2018-14851

https://www.suse.com/security/cve/CVE-2018-17082

https://www.suse.com/security/cve/CVE-2018-19935

https://www.suse.com/security/cve/CVE-2018-20783

https://www.suse.com/security/cve/CVE-2019-11034

https://www.suse.com/security/cve/CVE-2019-11035

https://www.suse.com/security/cve/CVE-2019-11036

https://www.suse.com/security/cve/CVE-2019-11039

https://www.suse.com/security/cve/CVE-2019-11040

https://www.suse.com/security/cve/CVE-2019-11041

https://www.suse.com/security/cve/CVE-2019-11042

https://www.suse.com/security/cve/CVE-2019-11043

https://www.suse.com/security/cve/CVE-2019-11045

https://www.suse.com/security/cve/CVE-2019-11046

https://www.suse.com/security/cve/CVE-2019-11047

https://www.suse.com/security/cve/CVE-2019-11048

https://www.suse.com/security/cve/CVE-2019-11050

https://www.suse.com/security/cve/CVE-2019-9020

https://www.suse.com/security/cve/CVE-2019-9021

https://www.suse.com/security/cve/CVE-2019-9022

https://www.suse.com/security/cve/CVE-2019-9023

https://www.suse.com/security/cve/CVE-2019-9024

https://www.suse.com/security/cve/CVE-2019-9637

https://www.suse.com/security/cve/CVE-2019-9638

https://www.suse.com/security/cve/CVE-2019-9640

https://www.suse.com/security/cve/CVE-2019-9641

https://www.suse.com/security/cve/CVE-2019-9675

https://www.suse.com/security/cve/CVE-2020-7059

https://www.suse.com/security/cve/CVE-2020-7060

https://www.suse.com/security/cve/CVE-2020-7062

https://www.suse.com/security/cve/CVE-2020-7063

https://www.suse.com/security/cve/CVE-2020-7064

https://www.suse.com/security/cve/CVE-2020-7066

https://www.suse.com/security/cve/CVE-2020-7068

https://www.suse.com/security/cve/CVE-2020-7069

https://www.suse.com/security/cve/CVE-2020-7070

https://www.suse.com/security/cve/CVE-2020-7071

https://www.suse.com/security/cve/CVE-2021-21702

https://www.suse.com/security/cve/CVE-2021-21703

https://www.suse.com/security/cve/CVE-2021-21704

https://www.suse.com/security/cve/CVE-2021-21705

https://www.suse.com/security/cve/CVE-2021-21707

https://www.suse.com/security/cve/CVE-2022-31625

https://www.suse.com/security/cve/CVE-2022-31626

https://www.suse.com/security/cve/CVE-2022-31628

https://www.suse.com/security/cve/CVE-2022-31629

https://www.suse.com/security/cve/CVE-2022-37454

Plugin Details

Severity: Critical

ID: 167950

File Name: suse_SU-2022-4067-1.nasl

Version: 1.12

Type: local

Agent: unix

Published: 11/19/2022

Updated: 3/10/2023

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:H/RL:OF/RC:C

CVSS Score Source: CVE-2019-9641

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-37454

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:apache2-mod_php7, p-cpe:/a:novell:suse_linux:php7, p-cpe:/a:novell:suse_linux:php7-bcmath, p-cpe:/a:novell:suse_linux:php7-bz2, p-cpe:/a:novell:suse_linux:php7-calendar, p-cpe:/a:novell:suse_linux:php7-ctype, p-cpe:/a:novell:suse_linux:php7-curl, p-cpe:/a:novell:suse_linux:php7-dba, p-cpe:/a:novell:suse_linux:php7-devel, p-cpe:/a:novell:suse_linux:php7-dom, p-cpe:/a:novell:suse_linux:php7-enchant, p-cpe:/a:novell:suse_linux:php7-exif, p-cpe:/a:novell:suse_linux:php7-fastcgi, p-cpe:/a:novell:suse_linux:php7-fileinfo, p-cpe:/a:novell:suse_linux:php7-fpm, p-cpe:/a:novell:suse_linux:php7-ftp, p-cpe:/a:novell:suse_linux:php7-gd, p-cpe:/a:novell:suse_linux:php7-gettext, p-cpe:/a:novell:suse_linux:php7-gmp, p-cpe:/a:novell:suse_linux:php7-iconv, p-cpe:/a:novell:suse_linux:php7-intl, p-cpe:/a:novell:suse_linux:php7-json, p-cpe:/a:novell:suse_linux:php7-ldap, p-cpe:/a:novell:suse_linux:php7-mbstring, p-cpe:/a:novell:suse_linux:php7-mysql, p-cpe:/a:novell:suse_linux:php7-odbc, p-cpe:/a:novell:suse_linux:php7-opcache, p-cpe:/a:novell:suse_linux:php7-openssl, p-cpe:/a:novell:suse_linux:php7-pcntl, p-cpe:/a:novell:suse_linux:php7-pdo, p-cpe:/a:novell:suse_linux:php7-pear, p-cpe:/a:novell:suse_linux:php7-pear-Archive_Tar, p-cpe:/a:novell:suse_linux:php7-pgsql, p-cpe:/a:novell:suse_linux:php7-phar, p-cpe:/a:novell:suse_linux:php7-posix, p-cpe:/a:novell:suse_linux:php7-readline, p-cpe:/a:novell:suse_linux:php7-shmop, p-cpe:/a:novell:suse_linux:php7-snmp, p-cpe:/a:novell:suse_linux:php7-soap, p-cpe:/a:novell:suse_linux:php7-sockets, p-cpe:/a:novell:suse_linux:php7-sodium, p-cpe:/a:novell:suse_linux:php7-sqlite, p-cpe:/a:novell:suse_linux:php7-sysvmsg, p-cpe:/a:novell:suse_linux:php7-sysvsem, p-cpe:/a:novell:suse_linux:php7-sysvshm, p-cpe:/a:novell:suse_linux:php7-tidy, p-cpe:/a:novell:suse_linux:php7-tokenizer, p-cpe:/a:novell:suse_linux:php7-wddx, p-cpe:/a:novell:suse_linux:php7-xmlreader, p-cpe:/a:novell:suse_linux:php7-xmlrpc, p-cpe:/a:novell:suse_linux:php7-xmlwriter, p-cpe:/a:novell:suse_linux:php7-xsl, p-cpe:/a:novell:suse_linux:php7-zip, p-cpe:/a:novell:suse_linux:php7-zlib, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/18/2022

Vulnerability Publication Date: 5/12/2017

CISA Known Exploited Dates: 4/15/2022

Exploitable With

Metasploit (PHP-FPM Underflow RCE)

Reference Information

CVE: CVE-2015-9253, CVE-2017-8923, CVE-2017-9120, CVE-2018-12882, CVE-2018-14851, CVE-2018-17082, CVE-2018-19935, CVE-2018-20783, CVE-2018-1000222, CVE-2019-9020, CVE-2019-9021, CVE-2019-9022, CVE-2019-9023, CVE-2019-9024, CVE-2019-9637, CVE-2019-9638, CVE-2019-9640, CVE-2019-9641, CVE-2019-9675, CVE-2019-11034, CVE-2019-11035, CVE-2019-11036, CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-11043, CVE-2019-11045, CVE-2019-11046, CVE-2019-11047, CVE-2019-11048, CVE-2019-11050, CVE-2020-7059, CVE-2020-7060, CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7066, CVE-2020-7068, CVE-2020-7069, CVE-2020-7070, CVE-2020-7071, CVE-2021-21702, CVE-2021-21703, CVE-2021-21704, CVE-2021-21705, CVE-2021-21707, CVE-2022-31625, CVE-2022-31626, CVE-2022-31628, CVE-2022-31629, CVE-2022-37454

SuSE: SUSE-SU-2022:4067-1

IAVA: 2019-A-0437-S, 2022-A-0397, 2021-A-0009-S, 2020-A-0039-S, 2020-A-0221-S, 2022-A-0455-S, 2019-A-0399-S, 2020-A-0081-S, 2021-A-0082-S, 2022-A-0515-S, 2020-A-0006-S, 2020-A-0445-S, 2020-A-0373-S, 2021-A-0566, 2020-A-0117-S, 2021-A-0503-S

IAVB: 2019-B-0033-S, 2018-B-0157-S, 2019-B-0045-S, 2018-B-0077-S, 2017-B-0060-S, 2019-B-0020-S, 2019-B-0070-S, 2018-B-0126-S, 2019-B-0030-S

CEA-ID: CEA-2021-0004, CEA-2019-0695