Detections
Analytics
Tenable SecurityCenter PHP < 5.6.30 Multiple Vulnerabilities (TNS-2017-04)
critical Nessus Plugin ID 101050
Language:
Synopsis
The Tenable SecurityCenter application on the remote host contains a PHP library that is affected by multiple vulnerabilities.Description
The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP :- A seg fault when loading hostile phar could be used to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.
(CVE-2017-11147)
- A floating pointer exception flaw exists in the exif_convert_any_to_int() function in exif.c that is triggered when handling TIFF and JPEG image tags. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10158)
- An integer overflow condition exists in the phar_parse_pharfile() function in phar.c due to improper validation when handling phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10159)
- An off-by-one overflow condition exists in the phar_parse_pharfile() function in phar.c due to improper parsing of phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10160)
- An out-of-bounds read error exists in the finish_nested_data() function in var_unserializer.c due to improper validation of unserialized data. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition or the disclosure of memory contents.
(CVE-2016-10161)
- An out-of-bounds read error exists in the phar_parse_pharfile() function in phar.c due to improper parsing of phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition.
- A denial of service vulnerability exists in the bundled GD Graphics Library (LibGD) in the gdImageCreateFromGd2Ctx() function in gd_gd2.c due to improper validation of images. An unauthenticated, remote attacker can exploit this, via a specially crafted image, to crash the process.
- The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library could allow a remote attacker to cause a denial of service via a crafted image file.
(CVE-2016-10167)
- An integer overflow in gd_io.c in the GD Graphics Library before could allow a remote attacker to have an unspecified impact on PHP. (CVE-2016-10168)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to SecurityCenter version 5.4.3 or later. Alternatively, contact the vendor for a patch.See Also
Plugin Details
Severity: Critical
ID: 101050
File Name: securitycenter_php_5_6_30.nasl
Version: 1.9
Type: combined
Agent: unix
Family: Misc.
Published: 6/26/2017
Updated: 10/9/2020
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.0
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2016-10160
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:tenable:securitycenter
Required KB Items: Host/SecurityCenter/Version, installed_sw/SecurityCenter, Host/SecurityCenter/support/php/version
Exploit Ease: No known exploits are available
Patch Publication Date: 2/9/2017
Vulnerability Publication Date: 12/13/2016
Reference Information
CVE: CVE-2016-10158, CVE-2016-10159, CVE-2016-10160, CVE-2016-10161, CVE-2016-10167, CVE-2016-10168, CVE-2017-11147