Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.CENTOS8_RHSA-2023-0848.NASL
HistoryFeb 21, 2023 - 12:00 a.m.

CentOS 8 : php:8.0 (CESA-2023:0848)

2023-02-2100:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
centos 8
php 8.0
cesa-2023:0848
vulnerability
insecure cookies
pdo::quote()
integer overflow
buffer overflow
keccak xkcp sha-3

9.3 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.1%

JSON

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:0848 advisory.

  • In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. (CVE-2022-31628)

  • In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim’s browser which is treated as a __Host- or __Secure- cookie by PHP applications. (CVE-2022-31629)

  • In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. (CVE-2022-31630)

  • A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is possible to force the function to return a single apostrophe if the function is called on user-supplied input without any length restrictions in place. (CVE-2022-31631) (CVE-2022-31631)

  • The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.
    This occurs in the sponge function interface. (CVE-2022-37454)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Red Hat Security Advisory RHSA-2023:0848. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(171698);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/08");

  script_cve_id(
    "CVE-2022-31628",
    "CVE-2022-31629",
    "CVE-2022-31630",
    "CVE-2022-31631",
    "CVE-2022-37454"
  );
  script_xref(name:"RHSA", value:"2023:0848");

  script_name(english:"CentOS 8 : php:8.0 (CESA-2023:0848)");

  script_set_attribute(attribute:"synopsis", value:
"The remote CentOS host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
CESA-2023:0848 advisory.

  - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress
    quines gzip files, resulting in an infinite loop. (CVE-2022-31628)

  - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site
    attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or
    `__Secure-` cookie by PHP applications. (CVE-2022-31629)

  - In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension,
    it is possible to supply a specially crafted font file, such as if the loaded font is used with
    imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or
    disclosure of confidential information. (CVE-2022-31630)

  - A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of
    PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is
    possible to force the function to return a single apostrophe if the function is called on user-supplied
    input without any length restrictions in place. (CVE-2022-31631) (CVE-2022-31631)

  - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer
    overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.
    This occurs in the sponge function interface. (CVE-2022-37454)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2023:0848");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-37454");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/09/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/02/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:8-stream");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:apcu-panel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libzip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libzip-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libzip-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pecl-apcu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pecl-apcu-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pecl-rrd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pecl-xdebug3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pecl-zip");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CentOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/CentOS/release');
if (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');
var os_ver = pregmatch(pattern: "CentOS(?: Stream)?(?: Linux)? release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');
os_ver = os_ver[1];
if ('CentOS Stream' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);

if (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);

var module_ver = get_kb_item('Host/RedHat/appstream/php');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:8.0');
if ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module php:' + module_ver);

var appstreams = {
    'php:8.0': [
      {'reference':'apcu-panel-5.1.20-1.module_el8.6.0+1066+63503082', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'apcu-panel-5.1.20-1.module_el8.6.0+1066+63503082', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libzip-1.7.3-1.module_el8.6.0+1066+63503082', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libzip-1.7.3-1.module_el8.6.0+1066+63503082', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libzip-devel-1.7.3-1.module_el8.6.0+1066+63503082', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libzip-devel-1.7.3-1.module_el8.6.0+1066+63503082', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libzip-tools-1.7.3-1.module_el8.6.0+1066+63503082', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libzip-tools-1.7.3-1.module_el8.6.0+1066+63503082', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'php-pear-1.10.13-1.module_el8.6.0+1066+63503082', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'php-pear-1.10.13-1.module_el8.6.0+1066+63503082', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'php-pecl-apcu-5.1.20-1.module_el8.6.0+1066+63503082', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'php-pecl-apcu-5.1.20-1.module_el8.6.0+1066+63503082', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'php-pecl-apcu-devel-5.1.20-1.module_el8.6.0+1066+63503082', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'php-pecl-apcu-devel-5.1.20-1.module_el8.6.0+1066+63503082', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'php-pecl-rrd-2.0.3-1.module_el8.6.0+1066+63503082', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'php-pecl-rrd-2.0.3-1.module_el8.6.0+1066+63503082', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'php-pecl-xdebug3-3.1.2-1.module_el8.6.0+1066+63503082', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'php-pecl-xdebug3-3.1.2-1.module_el8.6.0+1066+63503082', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'php-pecl-zip-1.19.2-1.module_el8.6.0+1066+63503082', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'php-pecl-zip-1.19.2-1.module_el8.6.0+1066+63503082', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
    ]
};

var flag = 0;
appstreams_found = 0;
foreach module (keys(appstreams)) {
  var appstream = NULL;
  var appstream_name = NULL;
  var appstream_version = NULL;
  var appstream_split = split(module, sep:':', keep:FALSE);
  if (!empty_or_null(appstream_split)) {
    appstream_name = appstream_split[0];
    appstream_version = appstream_split[1];
    if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);
  }
  if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
    appstreams_found++;
    foreach package_array ( appstreams[module] ) {
      var reference = NULL;
      var _release = NULL;
      var sp = NULL;
      var _cpu = NULL;
      var el_string = NULL;
      var rpm_spec_vers_cmp = NULL;
      var epoch = NULL;
      var allowmaj = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
      if (reference && _release) {
        if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
      }
    }
  }
}

if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:8.0');

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apcu-panel / libzip / libzip-devel / libzip-tools / php-pear / etc');
}
VendorProductVersionCPE
centoscentos8-streamcpe:/o:centos:centos:8-stream
centoscentosapcu-panelp-cpe:/a:centos:centos:apcu-panel
centoscentoslibzipp-cpe:/a:centos:centos:libzip
centoscentoslibzip-develp-cpe:/a:centos:centos:libzip-devel
centoscentoslibzip-toolsp-cpe:/a:centos:centos:libzip-tools
centoscentosphp-pearp-cpe:/a:centos:centos:php-pear
centoscentosphp-pecl-apcup-cpe:/a:centos:centos:php-pecl-apcu
centoscentosphp-pecl-apcu-develp-cpe:/a:centos:centos:php-pecl-apcu-devel
centoscentosphp-pecl-rrdp-cpe:/a:centos:centos:php-pecl-rrd
centoscentosphp-pecl-xdebug3p-cpe:/a:centos:centos:php-pecl-xdebug3
Rows per page:
1-10 of 111

Related

nessus 67
almalinux 4
osv 18
redhat 4
rocky 2
oraclelinux 4
openvas 38
gentoo 1
fedora 7
ubuntu 3
debian 2
mageia 2
slackware 4
altlinux 9
suse 2
f5 1
redhatcve 4
prion 3
debiancve 4
veracode 3
ubuntucve 3
alpinelinux 2
cve 3
nvd 3
cvelist 2
cnvd 1
ibm 1
checkpoint_advisories 1
redos 1
nessus
nessus
CentOS 8 : php:7.4 (CESA-2023:2903)
2023-05-17 00:00:00
Oracle Linux 9 : php (ELSA-2023-0965)
2023-02-28 00:00:00
AlmaLinux 9 : php (ALSA-2023:0965)
2023-02-28 00:00:00
almalinux
almalinux
Moderate: php security update
2023-02-28 00:00:00
Moderate: php:7.4 security update
2023-05-16 00:00:00
Moderate: php:8.0 security update
2023-02-21 00:00:00
osv
osv
Moderate: php:8.0 security update
2023-02-21 00:00:00
Moderate: php:8.1 security update
2023-05-09 00:00:00
Moderate: php security update
2023-04-06 15:53:36
redhat
redhat
(RHSA-2023:2903) Moderate: php:7.4 security update
2023-05-16 05:57:44
(RHSA-2023:2417) Moderate: php:8.1 security update
2023-05-09 05:10:10
(RHSA-2023:0965) Moderate: php security update
2023-02-28 07:53:30
rocky
rocky
php security update
2023-04-06 15:53:36
php:8.0 security update
2023-02-22 01:08:53
oraclelinux
oraclelinux
php security update
2023-02-28 00:00:00
8.1 security update
2023-05-15 00:00:00
php:7.4 security update
2023-05-24 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2023-1332)
2023-02-09 00:00:00
Ubuntu: Security Advisory (USN-5717-1)
2022-11-09 00:00:00
Debian: Security Advisory (DSA-5277-1)
2022-11-15 00:00:00
gentoo
gentoo
PHP: Multiple Vulnerabilities
2022-11-19 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: php-8.1.12-1.fc37
2022-11-10 22:53:48
[SECURITY] Fedora 35 Update: php-8.0.25-1.fc35
2022-11-01 15:57:52
[SECURITY] Fedora 36 Update: php-8.1.12-1.fc36
2022-11-03 15:58:44
ubuntu
ubuntu
PHP vulnerabilities
2022-11-08 00:00:00
PHP vulnerabilities
2023-03-02 00:00:00
PHP vulnerability
2023-01-23 00:00:00
debian
debian
[SECURITY] [DSA 5277-1] php7.4 security update
2022-11-13 18:52:43
[SECURITY] [DLA 3243-1] php7.3 security update
2022-12-15 18:33:17
mageia
mageia
Updated php packages fix security vulnerability
2022-10-08 23:22:22
Updated php packages fix security vulnerability
2023-01-24 10:58:24
slackware
slackware
[slackware-security] php
2022-09-30 18:00:43
[slackware-security] php80/php81
2022-10-31 23:47:05
[slackware-security] php
2022-11-10 19:52:56
altlinux
altlinux
Security fix for the ALT Linux 10 package php8.1 version 8.1.12-alt1
2022-11-03 00:00:00
Security fix for the ALT Linux 10 package php8.2 version 8.1.12-alt1
2022-10-31 00:00:00
Security fix for the ALT Linux 10 package php8.2 version 8.1.11-alt1
2022-09-30 00:00:00
suse
suse
Security update for php7 (moderate)
2022-11-01 00:00:00
Security update for php8 (important)
2022-10-19 00:00:00
f5
f5
K000136109 : PHP SQLite vulnerability CVE-2022-31631
2023-09-06 00:00:00
redhatcve
redhatcve
CVE-2022-31631
2023-01-06 16:05:18
CVE-2022-31628
2022-10-13 14:29:46
CVE-2022-31629
2022-10-13 14:29:56
prion
prion
Code injection
2022-09-28 23:15:00
Design/Logic Flaw
2022-11-14 07:15:00
Code injection
2022-09-28 23:15:00
debiancve
debiancve
CVE-2022-31628
2022-09-28 23:15:09
CVE-2022-31631
2023-01-07 02:11:16
CVE-2022-31630
2022-11-14 07:15:09
veracode
veracode
Denial Of Service (DoS)
2022-09-30 11:08:30
Arbitrary Code Execution
2022-10-27 03:36:20
SQL Injection
2023-01-08 13:03:34
ubuntucve
ubuntucve
CVE-2022-31631
2023-01-05 00:00:00
CVE-2022-31630
2022-10-31 00:00:00
CVE-2022-31629
2022-09-28 00:00:00
alpinelinux
alpinelinux
CVE-2022-31631
2023-01-07 02:11:16
CVE-2022-31630
2022-11-14 07:15:09
cve
cve
CVE-2022-31631
2023-01-07 02:11:16
CVE-2022-31630
2022-11-14 07:15:09
CVE-2022-31629
2022-09-28 23:15:10
nvd
nvd
CVE-2022-31630
2022-11-14 07:15:09
CVE-2022-31628
2022-09-28 23:15:09
CVE-2022-31629
2022-09-28 23:15:10
cvelist
cvelist
CVE-2022-31629 $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities
2022-09-28 00:00:00
CVE-2022-31630 OOB read due to insufficient input validation in imageloadfont()
2022-11-14 06:53:06
cnvd
cnvd
PHP Denial of Service Vulnerability
2022-09-30 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in PHP may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2021-21703, CVE-2021-21708, CVE-2021-21707, CVE-2022-31629, CVE-2022-31628)
2022-12-16 17:01:05
checkpoint_advisories
checkpoint_advisories
PHP Authentication Bypass (CVE-2022-31629)
2022-11-24 00:00:00
redos
redos
ROS-20221222-04
2022-12-22 00:00:00

9.3 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.1%

JSON
Related for CENTOS8_RHSA-2023-0848.NASL
nessus67almalinux4osv18redhat4rocky2oraclelinux4openvas38gentoo1fedora7ubuntu3debian2mageia2slackware4altlinux9suse2f51redhatcve4prion3debiancve4veracode3ubuntucve3alpinelinux2cve3nvd3cvelist2cnvd1ibm1checkpoint_advisories1redos1