EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2023-2243)

critical Nessus Plugin ID 177173

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

- The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. (CVE-2017-8923)

- PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
(CVE-2017-9118)

- The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures. (CVE-2017-9119)

- PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string. (CVE-2017-9120)

- In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress 'quines' gzip files, resulting in an infinite loop. (CVE-2022-31628)

- In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. (CVE-2022-31629)

- In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. (CVE-2022-31630)

- The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.
This occurs in the sponge function interface. (CVE-2022-37454)

- php: PDO::quote() may return unquoted string due to an integer overflow (CVE-2022-31631)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php packages.

See Also

http://www.nessus.org/u?bb9e5da8

Plugin Details

Severity: Critical

ID: 177173

File Name: EulerOS_SA-2023-2243.nasl

Version: 1.1

Type: local

Published: 6/13/2023

Updated: 10/18/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-9120

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-37454

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:php-ldap, p-cpe:/a:huawei:euleros:php-odbc, p-cpe:/a:huawei:euleros:php-pdo, p-cpe:/a:huawei:euleros:php-process, p-cpe:/a:huawei:euleros:php-recode, p-cpe:/a:huawei:euleros:php-soap, p-cpe:/a:huawei:euleros:php-xml, p-cpe:/a:huawei:euleros:php-xmlrpc, cpe:/o:huawei:euleros:uvp:3.0.6.0, p-cpe:/a:huawei:euleros:php, p-cpe:/a:huawei:euleros:php-cli, p-cpe:/a:huawei:euleros:php-common, p-cpe:/a:huawei:euleros:php-fpm, p-cpe:/a:huawei:euleros:php-gd

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/12/2023

Vulnerability Publication Date: 5/12/2017

Reference Information

CVE: CVE-2017-8923, CVE-2017-9118, CVE-2017-9119, CVE-2017-9120, CVE-2022-31628, CVE-2022-31629, CVE-2022-31630, CVE-2022-31631, CVE-2022-37454

IAVA: 2022-A-0397-S, 2022-A-0455-S, 2022-A-0515-S, 2023-A-0016-S

IAVB: 2017-B-0060-S