Tenable SecurityCenter < 5.3.0 Multiple Vulnerabilities (TNS-2016-04)

Medium Nessus Plugin ID 93343

Synopsis

The Tenable SecurityCenter application installed on the remote host is affected by multiple vulnerabilities.

Description

The Tenable SecurityCenter application installed on the remote host is either prior to version 5.3.0 or is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the Perl-Compatible Regular Expressions (PCRE) library bundled with PHP :

- An overflow condition exists in the PCRE library due to improper validation of user-supplied input when handling repeated conditional groups. An attacker can exploit this, via a specially crafted regular expression, to cause a buffer overflow, resulting in a denial of service condition. (CVE-2015-8383)

- An overflow condition exists in the PCRE library due to improper validation of user-supplied input when handling mutual recursions within a 'lookbehind' assertion. An attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition.
(CVE-2015-8386)

- An integer overflow condition exists in the PCRE library due to improper validation of user-supplied input when handling subroutine calls. An attacker can exploit this, via a specially crafted regular expression, to cause a denial of service condition. (CVE-2015-8387)

- A flaw exists in the PCRE library due to improper handling of the /(?:|a|){100}x/ pattern or other related patterns. An attacker can exploit this, via a specially crafted regular expression, to cause an infinite recursion, resulting in a denial of service condition.
(CVE-2015-8389)

- A flaw exists in the PCRE library due to improper handling of the [: and \\ substrings in character classes. An attacker can exploit this, via a specially crafted regular expression, to cause an uninitialized memory read, resulting in a denial of service condition.
(CVE-2015-8390)

- A flaw exists in the PCRE library in the pcre_compile() function in pcre_compile.c due to improper handling of [: nesting. An attacker can exploit this, via a specially crafted regular expression, to cause an excessive consumption of CPU resources, resulting in a denial of service condition. (CVE-2015-8391)

- A flaw exists in the PCRE library due to improper handling of the '-q' option for binary files. An attacker can exploit this, via a specially crafted file, to disclose sensitive information. (CVE-2015-8393)

- An integer overflow condition exists in the PCRE library due to improper validation of user-supplied input when handling the (?(<digits>) and (?(R<digits>) conditions.
An attacker can exploit this, via a specially crafted regular expression, to cause a denial of service condition. (CVE-2015-8394)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to SecurityCenter version 5.3.0 or later. Alternatively, apply patch SC-201603.1-5.x-rh5-64.tgz / SC-201603.1-5.x-rh6-64.tgz.

See Also

https://www.tenable.com/security/tns-2016-04

https://secure.php.net/ChangeLog-5.php#5.6.18

Plugin Details

Severity: Medium

ID: 93343

File Name: securitycenter_php_5_6_18.nasl

Version: 1.11

Type: local

Family: Misc.

Published: 2016/09/06

Updated: 2019/03/27

Dependencies: 71157, 71158

Risk Information

Risk Factor: Medium

CVSS Score Source: manual

CVSS Score Rationale: Score based on analysis of the vendor advisory.

CVSS v2.0

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 4.3

Temporal Score: 3.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:tenable:securitycenter

Required KB Items: Host/SecurityCenter/Version, installed_sw/SecurityCenter, Host/SecurityCenter/support/php/version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/03/08

Vulnerability Publication Date: 2015/11/23

Reference Information

CVE: CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394

BID: 79810, 82990