Detections
Analytics
Alibaba Cloud Linux 3 : 0277: php:7.4 (ALINUX3-SA-2024:0277)
critical Nessus Plugin ID 236268
Synopsis
The remote Alibaba Cloud Linux host is missing one or more security updates.Description
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0277 advisory.Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities:
CVE-2023-0567:
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.
CVE-2023-0568:
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.
CVE-2023-3247:
In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.
CVE-2023-3823:
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded.
This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such asImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down.
CVE-2023-3824:
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
CVE-2024-2756:
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a
__Host-or __Secure-cookie by PHP applications.
CVE-2024-3096:
In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, ifa password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true.
CVE-2024-5458:
In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs(FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.
CVE-2024-8925:
In PHP versions8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed.
This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.
CVE-2024-8927:
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12,HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead tocgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.
CVE-2024-9026:
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it isconfigured to catch workers output through catch_workers_output = yes,it may be possible to pollute the final log orremove up to 4 characters from the log messages by manipulating log message content. Additionally, ifPHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.
Tenable has extracted the preceding description block directly from the Alibaba Cloud Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
http://mirrors.aliyun.com/alinux/3/cve/alinux3-sa-20240277.xml
Plugin Details
Severity: Critical
ID: 236268
File Name: alinux3_sa_2024-0277.nasl
Version: 1.1
Type: local
Published: 5/14/2025
Updated: 5/14/2025
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2023-3824
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-snmp, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-bcmath-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-enchant, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-ldap-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-pdo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-enchant-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-opcache, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-pdo-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-gmp-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-mysqlnd, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-dbg, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-pgsql-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-gd-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-cli, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-mbstring-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-debugsource, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-process, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-ldap, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-odbc-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-gmp, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-soap-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-json, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-dba, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-odbc, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-gd, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-intl-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-xml-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-xmlrpc-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-snmp-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-cli-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-embedded, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-embedded-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-dbg-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-pgsql, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-xmlrpc, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-bcmath, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-fpm-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-mysqlnd-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-mbstring, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-json-debuginfo, cpe:/o:alibabacloud:alibaba_cloud_linux_3, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-common, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-fpm, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-opcache-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-process-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-soap, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-common-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-intl, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-xml, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-dba-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-ffi, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-ffi-debuginfo
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Alibaba/release, Host/Alibaba/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/16/2024
Vulnerability Publication Date: 2/14/2023
Reference Information
CVE: CVE-2023-0567, CVE-2023-0568, CVE-2023-3247, CVE-2023-3823, CVE-2023-3824, CVE-2024-2756, CVE-2024-3096, CVE-2024-5458, CVE-2024-8925, CVE-2024-8927, CVE-2024-9026