Detections
Analytics

Amazon Linux 2 : php (ALASPHP8.1-2025-006)

high Nessus Plugin ID 216808

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of php installed on the remote host is prior to 8.1.31-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2025-006 advisory.

 The upstream advisory describes this issue as follows:

 A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash. When exploited, it allows an attacker to extract a single byte of data from the heap or cause a DoS. (CVE-2024-11233)

 The upstream advisory describes this issue as follows:

 Configuring a proxy in a stream context might allow for CRLF injection in URIs, resulting in HTTP request smuggling attacks. (CVE-2024-11234)

 Erroneous parsing of multipart form data

 NOTE: Fixed in 8.3.12, 8.2.24NOTE: https://github.com/php/php- src/security/advisories/GHSA-9pqp-7h25-4f32NOTE: https://github.com/php/php- src/commit/19b49258d0c5a61398d395d8afde1123e8d161e0 (PHP-8.2.24) (CVE-2024-8925)

 cgi.force_redirect configuration is byppassible due to the environment variable collision

 NOTE: Fixed in 8.3.12, 8.2.24NOTE: https://github.com/php/php- src/security/advisories/GHSA-94p6-54jq-9mwpNOTE: https://github.com/php/php- src/commit/48808d98f4fc2a05193cdcc1aedd6c66816450f1 (PHP-8.2.24) (CVE-2024-8927)

 The upstream advisory describes this issue as follows:

 By connecting to a fake MySQL server or tampering with network packets and initiating a SQL Query, it is possible to abuse the function static enum_func_status php_mysqlnd_rset_field_read when parsing MySQL fields packets in order to include the rest of the heap content starting from the address of the cursor of the currently read buffer.

 Using PHP-FPM which stays alive between request, and between two different SQL query requests, as the previous buffer used to store received data from MySQL is not emptied and malloc allocates a memory region which is very near the previous one, one is able to extract the response content of the previous MySQL request from the PHP-FPM worker. (CVE-2024-8929)

 The upstream advisory describes this issue as follows:

 Uncontrolled long string inputs to ldap_escape on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. (CVE-2024-8932)

 Logs from childrens may be altered

 NOTE: Fixed in 8.3.12, 8.2.24NOTE: https://github.com/php/php- src/security/advisories/GHSA-865w-9rf3-2wh5NOTE: https://github.com/php/php- src/commit/1f8e16172c7961045c2b0f34ba7613e3f21cdee8 (PHP-8.2.24) (CVE-2024-9026)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update php' to update your system.

See Also

https://alas.aws.amazon.com/AL2/ALASPHP8.1-2025-006.html

https://alas.aws.amazon.com/cve/html/CVE-2024-11233.html

https://alas.aws.amazon.com/cve/html/CVE-2024-11234.html

https://alas.aws.amazon.com/cve/html/CVE-2024-8925.html

https://alas.aws.amazon.com/cve/html/CVE-2024-8927.html

https://alas.aws.amazon.com/cve/html/CVE-2024-8929.html

https://alas.aws.amazon.com/cve/html/CVE-2024-8932.html

https://alas.aws.amazon.com/cve/html/CVE-2024-9026.html

https://alas.aws.amazon.com/faqs.html

Plugin Details

Severity: High

ID: 216808

File Name: al2_ALASPHP8_1-2025-006.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2/26/2025

Updated: 2/26/2025

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C

CVSS Score Source: CVE-2024-11233

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:php-process, p-cpe:/a:amazon:linux:php-common, p-cpe:/a:amazon:linux:php, p-cpe:/a:amazon:linux:php-dbg, p-cpe:/a:amazon:linux:php-opcache, p-cpe:/a:amazon:linux:php-soap, p-cpe:/a:amazon:linux:php-intl, p-cpe:/a:amazon:linux:php-sodium, p-cpe:/a:amazon:linux:php-gmp, p-cpe:/a:amazon:linux:php-pdo, p-cpe:/a:amazon:linux:php-gd, p-cpe:/a:amazon:linux:php-snmp, p-cpe:/a:amazon:linux:php-embedded, p-cpe:/a:amazon:linux:php-pspell, cpe:/o:amazon:linux:2, p-cpe:/a:amazon:linux:php-ldap, p-cpe:/a:amazon:linux:php-mysqlnd, p-cpe:/a:amazon:linux:php-debuginfo, p-cpe:/a:amazon:linux:php-xml, p-cpe:/a:amazon:linux:php-cli, p-cpe:/a:amazon:linux:php-odbc, p-cpe:/a:amazon:linux:php-enchant, p-cpe:/a:amazon:linux:php-bcmath, p-cpe:/a:amazon:linux:php-fpm, p-cpe:/a:amazon:linux:php-pgsql, p-cpe:/a:amazon:linux:php-devel, p-cpe:/a:amazon:linux:php-dba, p-cpe:/a:amazon:linux:php-mbstring

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: No known exploits are available

Patch Publication Date: 2/12/2025

Vulnerability Publication Date: 9/25/2024

Reference Information

CVE: CVE-2024-11233, CVE-2024-11234, CVE-2024-8925, CVE-2024-8927, CVE-2024-8929, CVE-2024-8932, CVE-2024-9026

IAVA: 2024-A-0609-S, 2024-A-0763