Detections
Analytics

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : PHP vulnerabilities (USN-6757-2)

medium Nessus Plugin ID 194949

Language:

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6757-2 advisory.

 - A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow. (CVE-2022-4900)

 - Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a
 __Host- or __Secure- cookie by PHP applications. (CVE-2024-2756)

 - In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. (CVE-2024-3096)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://ubuntu.com/security/notices/USN-6757-2

Plugin Details

Severity: Medium

ID: 194949

File Name: ubuntu_USN-6757-2.nasl

Version: 1.0

Type: local

Agent: unix

Published: 5/2/2024

Updated: 5/2/2024

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2022-4900

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:php7.4-sybase, p-cpe:/a:canonical:ubuntu_linux:php7.4-tidy, p-cpe:/a:canonical:ubuntu_linux:php8.1-curl, p-cpe:/a:canonical:ubuntu_linux:php8.1-mbstring, p-cpe:/a:canonical:ubuntu_linux:php8.2-gmp, p-cpe:/a:canonical:ubuntu_linux:php8.2-imap, p-cpe:/a:canonical:ubuntu_linux:php8.2-xml, p-cpe:/a:canonical:ubuntu_linux:php7.4-pspell, p-cpe:/a:canonical:ubuntu_linux:php7.4-soap, p-cpe:/a:canonical:ubuntu_linux:php8.1-fpm, p-cpe:/a:canonical:ubuntu_linux:php8.1-pspell, p-cpe:/a:canonical:ubuntu_linux:php8.1-xsl, p-cpe:/a:canonical:ubuntu_linux:php8.2-mysql, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:php7.4-common, p-cpe:/a:canonical:ubuntu_linux:php7.4-ldap, p-cpe:/a:canonical:ubuntu_linux:php7.4-mbstring, p-cpe:/a:canonical:ubuntu_linux:php7.4-xml, p-cpe:/a:canonical:ubuntu_linux:php7.4-xmlrpc, p-cpe:/a:canonical:ubuntu_linux:php8.1-pgsql, p-cpe:/a:canonical:ubuntu_linux:php8.2-cgi, p-cpe:/a:canonical:ubuntu_linux:php7.4-enchant, p-cpe:/a:canonical:ubuntu_linux:php7.4-intl, p-cpe:/a:canonical:ubuntu_linux:php7.4-odbc, p-cpe:/a:canonical:ubuntu_linux:php8.1-cgi, p-cpe:/a:canonical:ubuntu_linux:php8.1-mysql, p-cpe:/a:canonical:ubuntu_linux:php8.2-xsl, p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php8.1, p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php8.2, p-cpe:/a:canonical:ubuntu_linux:php7.4-interbase, p-cpe:/a:canonical:ubuntu_linux:php7.4-phpdbg, p-cpe:/a:canonical:ubuntu_linux:php8.1-dev, p-cpe:/a:canonical:ubuntu_linux:php8.1-ldap, p-cpe:/a:canonical:ubuntu_linux:php8.1-snmp, p-cpe:/a:canonical:ubuntu_linux:php7.4-dba, p-cpe:/a:canonical:ubuntu_linux:php8.1-cli, p-cpe:/a:canonical:ubuntu_linux:php8.1-sqlite3, p-cpe:/a:canonical:ubuntu_linux:libphp8.1-embed, p-cpe:/a:canonical:ubuntu_linux:php7.4-snmp, p-cpe:/a:canonical:ubuntu_linux:php8.1-xml, p-cpe:/a:canonical:ubuntu_linux:php8.2, p-cpe:/a:canonical:ubuntu_linux:php8.2-sqlite3, p-cpe:/a:canonical:ubuntu_linux:php8.1-readline, p-cpe:/a:canonical:ubuntu_linux:php8.2-interbase, p-cpe:/a:canonical:ubuntu_linux:php8.2-ldap, p-cpe:/a:canonical:ubuntu_linux:php8.1-dba, p-cpe:/a:canonical:ubuntu_linux:php8.1-intl, p-cpe:/a:canonical:ubuntu_linux:php8.2-bcmath, p-cpe:/a:canonical:ubuntu_linux:php8.2-dev, p-cpe:/a:canonical:ubuntu_linux:php8.2-phpdbg, p-cpe:/a:canonical:ubuntu_linux:php8.2-pspell, p-cpe:/a:canonical:ubuntu_linux:php8.2-snmp, p-cpe:/a:canonical:ubuntu_linux:php7.4-bz2, p-cpe:/a:canonical:ubuntu_linux:php7.4-curl, p-cpe:/a:canonical:ubuntu_linux:php7.4-pgsql, p-cpe:/a:canonical:ubuntu_linux:php7.4-sqlite3, p-cpe:/a:canonical:ubuntu_linux:php8.1-bz2, p-cpe:/a:canonical:ubuntu_linux:php8.1-common, p-cpe:/a:canonical:ubuntu_linux:php8.1-odbc, p-cpe:/a:canonical:ubuntu_linux:php8.1-phpdbg, p-cpe:/a:canonical:ubuntu_linux:php8.1-zip, p-cpe:/a:canonical:ubuntu_linux:php8.2-fpm, p-cpe:/a:canonical:ubuntu_linux:php7.4-bcmath, p-cpe:/a:canonical:ubuntu_linux:php7.4-json, p-cpe:/a:canonical:ubuntu_linux:php7.4-opcache, p-cpe:/a:canonical:ubuntu_linux:php7.4-xsl, p-cpe:/a:canonical:ubuntu_linux:php8.1-gmp, p-cpe:/a:canonical:ubuntu_linux:php8.1-opcache, p-cpe:/a:canonical:ubuntu_linux:php8.1-sybase, p-cpe:/a:canonical:ubuntu_linux:php8.2-pgsql, p-cpe:/a:canonical:ubuntu_linux:php8.2-readline, p-cpe:/a:canonical:ubuntu_linux:php8.2-tidy, p-cpe:/a:canonical:ubuntu_linux:php8.2-zip, cpe:/o:canonical:ubuntu_linux:23.10, p-cpe:/a:canonical:ubuntu_linux:libphp8.2-embed, p-cpe:/a:canonical:ubuntu_linux:php7.4-dev, p-cpe:/a:canonical:ubuntu_linux:php8.1-enchant, p-cpe:/a:canonical:ubuntu_linux:php8.1-imap, p-cpe:/a:canonical:ubuntu_linux:php8.1-interbase, p-cpe:/a:canonical:ubuntu_linux:php8.2-common, p-cpe:/a:canonical:ubuntu_linux:php8.2-enchant, p-cpe:/a:canonical:ubuntu_linux:php8.2-mbstring, p-cpe:/a:canonical:ubuntu_linux:php8.2-sybase, p-cpe:/a:canonical:ubuntu_linux:php7.4-cli, p-cpe:/a:canonical:ubuntu_linux:php8.1, p-cpe:/a:canonical:ubuntu_linux:php8.1-soap, p-cpe:/a:canonical:ubuntu_linux:php8.1-tidy, p-cpe:/a:canonical:ubuntu_linux:php8.2-gd, p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.4, p-cpe:/a:canonical:ubuntu_linux:php7.4, p-cpe:/a:canonical:ubuntu_linux:php7.4-gd, p-cpe:/a:canonical:ubuntu_linux:php7.4-gmp, p-cpe:/a:canonical:ubuntu_linux:php8.2-intl, p-cpe:/a:canonical:ubuntu_linux:php8.2-opcache, p-cpe:/a:canonical:ubuntu_linux:php7.4-fpm, p-cpe:/a:canonical:ubuntu_linux:php7.4-imap, p-cpe:/a:canonical:ubuntu_linux:php7.4-mysql, p-cpe:/a:canonical:ubuntu_linux:php7.4-readline, p-cpe:/a:canonical:ubuntu_linux:php8.1-bcmath, p-cpe:/a:canonical:ubuntu_linux:php8.1-gd, p-cpe:/a:canonical:ubuntu_linux:php8.2-bz2, p-cpe:/a:canonical:ubuntu_linux:php8.2-cli, p-cpe:/a:canonical:ubuntu_linux:php8.2-curl, p-cpe:/a:canonical:ubuntu_linux:php8.2-dba, p-cpe:/a:canonical:ubuntu_linux:php8.2-soap, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php8.0, p-cpe:/a:canonical:ubuntu_linux:libphp7.4-embed, p-cpe:/a:canonical:ubuntu_linux:php7.4-cgi, p-cpe:/a:canonical:ubuntu_linux:php7.4-zip, p-cpe:/a:canonical:ubuntu_linux:php8.2-odbc

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 5/2/2024

Vulnerability Publication Date: 2/21/2023

Reference Information

CVE: CVE-2022-4900, CVE-2024-2756, CVE-2024-3096

USN: 6757-2