Tenable SecurityCenter PHP Character Handling (TNS-2015-09)

critical Nessus Plugin ID 89027

Synopsis

The remote application is affected by a character handling vulnerability in the bundled version of PHP.

Description

The SecurityCenter application installed on the remote host contains a bundled version of PHP that is prior to 5.4.43. It is, therefore, affected by an exclamation mark character handling issue in the escapeshellcmd() and escapeshellarg() PHP functions. A remote attacker can exploit this to substitute environment variables.

Solution

Apply the relevant patch as referenced in the vendor advisory.

See Also

https://www.tenable.com/security/tns-2015-09

https://bugs.php.net/bug.php?id=69768

http://php.net/ChangeLog-5.php#5.4.43

http://php.net/ChangeLog-5.php#5.5.27

http://php.net/ChangeLog-5.php#5.6.11

Plugin Details

Severity: Critical

ID: 89027

File Name: securitycenter_php_5_4_43.nasl

Version: 1.16

Type: combined

Agent: unix

Family: Misc.

Published: 2/29/2016

Updated: 11/27/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vendor advisory.

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:tenable:securitycenter

Required KB Items: Host/local_checks_enabled, Host/SecurityCenter/Version, installed_sw/SecurityCenter

Patch Publication Date: 7/20/2015

Vulnerability Publication Date: 6/7/2015