Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-4081.NASL
HistoryJan 09, 2018 - 12:00 a.m.

Debian DSA-4081-1 : php5 - security update

2018-01-0900:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
34

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.032 Low

EPSS

Percentile

91.2%

JSON

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language :

  • CVE-2017-11142 Denial of service via overly long form variables

  • CVE-2017-11143 Invalid free() in wddx_deserialize()

  • CVE-2017-11144 Denial of service in openssl extension due to incorrect return value check of OpenSSL sealing function.

  • CVE-2017-11145 Out-of-bounds read in wddx_deserialize()

  • CVE-2017-11628 Buffer overflow in PHP INI parsing API

  • CVE-2017-12933 Buffer overread in finish_nested_data()

  • CVE-2017-16642 Out-of-bounds read in timelib_meridian()

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-4081. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(105664);
  script_version("3.5");
  script_cvs_date("Date: 2019/04/05 23:25:05");

  script_cve_id("CVE-2017-11142", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-16642");
  script_xref(name:"DSA", value:"4081");

  script_name(english:"Debian DSA-4081-1 : php5 - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities were found in PHP, a widely-used open source
general purpose scripting language :

  - CVE-2017-11142
    Denial of service via overly long form variables

  - CVE-2017-11143
    Invalid free() in wddx_deserialize()

  - CVE-2017-11144
    Denial of service in openssl extension due to incorrect
    return value check of OpenSSL sealing function.

  - CVE-2017-11145
    Out-of-bounds read in wddx_deserialize()

  - CVE-2017-11628
    Buffer overflow in PHP INI parsing API

  - CVE-2017-12933
    Buffer overread in finish_nested_data()

  - CVE-2017-16642
    Out-of-bounds read in timelib_meridian()"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2017-11142"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2017-11143"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2017-11144"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2017-11145"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2017-11628"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2017-12933"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2017-16642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/source-package/php5"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/php5"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2018/dsa-4081"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the php5 packages.

For the oldstable distribution (jessie), these problems have been
fixed in version 5.6.33+dfsg-0+deb8u1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/01/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/09");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"libapache2-mod-php5", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libapache2-mod-php5filter", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libphp5-embed", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php-pear", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-cgi", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-cli", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-common", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-curl", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-dbg", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-dev", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-enchant", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-fpm", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-gd", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-gmp", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-imap", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-interbase", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-intl", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-ldap", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-mcrypt", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-mysql", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-mysqlnd", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-odbc", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-pgsql", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-phpdbg", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-pspell", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-readline", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-recode", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-snmp", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-sqlite", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-sybase", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-tidy", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-xmlrpc", reference:"5.6.33+dfsg-0+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"php5-xsl", reference:"5.6.33+dfsg-0+deb8u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxphp5p-cpe:/a:debian:debian_linux:php5
debiandebian_linux8.0cpe:/o:debian:debian_linux:8.0

References

Related

debian 5
osv 12
openvas 34
nessus 52
f5 4
nvd 9
prion 7
redhatcve 7
hackerone 5
cvelist 7
ubuntucve 7
debiancve 7
cve 9
suse 2
ubuntu 4
veracode 7
tenable 1
zdt 1
checkpoint_advisories 1
threatpost 1
gentoo 1
redhat 2
rosalinux 1
cloudlinux 1
ibm 1
debian
debian
[SECURITY] [DSA 4081-1] php5 security update
2018-01-08 22:33:54
[SECURITY] [DSA 4080-1] php7.0 security update
2018-01-08 22:30:09
[SECURITY] [DLA 1034-1] php5 security update
2017-07-21 11:45:57
osv
osv
php5 - security update
2018-01-08 00:00:00
php7.0 - security update
2018-01-08 00:00:00
CVE-2017-16642
2017-11-07 21:29:00
openvas
openvas
Debian: Security Advisory (DSA-4081-1)
2018-01-07 00:00:00
Debian: Security Advisory (DSA-4080-1)
2018-01-07 00:00:00
Debian: Security Advisory (DLA-1034-1)
2018-02-07 00:00:00
nessus
nessus
Debian DSA-4080-1 : php7.0 - security update
2018-01-09 00:00:00
Tenable SecurityCenter PHP < 5.6.31 Multiple Vulnerabilities (TNS-2017-12
2017-09-12 00:00:00
PHP 5.6.x < 5.6.31 Multiple Vulnerabilities
2017-07-13 00:00:00
f5
f5
K20289222 : Multiple PHP vulnerabilities
2017-08-08 00:00:00
K06420357 : PHP vulnerability CVE-2017-16642
2017-11-17 00:00:00
K75543432 : PHP vulnerability CVE-2017-11628
2017-11-06 00:00:00
nvd
nvd
CVE-2017-16642
2017-11-07 21:29:00
CVE-2017-11142
2017-07-10 14:29:00
CVE-2017-12933
2017-08-18 03:29:00
prion
prion
Out-of-bounds
2017-11-07 21:29:00
Code injection
2017-07-10 14:29:00
Stack overflow
2017-07-25 23:29:00
redhatcve
redhatcve
CVE-2017-16642
2017-11-10 18:50:05
CVE-2017-12933
2017-08-24 12:18:53
CVE-2017-11142
2017-07-17 14:19:48
hackerone
hackerone
Internet Bug Bounty: Out-Of-Bounds Read in timelib_meridian()
2017-10-28 00:16:57
Internet Bug Bounty: PHP WDDX Deserialization Heap OOB Read in timelib_meridian()
2017-07-12 10:27:57
Internet Bug Bounty: PHP INI Parsing Stack Buffer Overflow Vulnerability
2017-07-12 09:21:09
cvelist
cvelist
CVE-2017-16642
2017-11-07 21:00:00
CVE-2017-11142
2017-07-10 14:00:00
CVE-2017-11144
2017-07-10 14:00:00
ubuntucve
ubuntucve
CVE-2017-16642
2017-11-07 00:00:00
CVE-2017-11142
2017-07-10 00:00:00
CVE-2017-11144
2017-07-10 00:00:00
debiancve
debiancve
CVE-2017-16642
2017-11-07 21:29:00
CVE-2017-11142
2017-07-10 14:29:00
CVE-2017-11144
2017-07-10 14:29:00
cve
cve
CVE-2017-16642
2017-11-07 21:29:00
CVE-2017-11142
2017-07-10 14:29:00
CVE-2017-11628
2017-07-25 23:29:00
suse
suse
Security update for php7 (important)
2017-09-04 12:07:53
Security update for php7 (important)
2017-08-30 19:30:52
ubuntu
ubuntu
PHP vulnerabilities
2018-02-12 00:00:00
PHP vulnerabilities
2017-12-18 00:00:00
PHP vulnerabilities
2017-08-10 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 02:59:59
Information Disclosure
2019-05-16 02:59:59
Buffer Overflow
2019-05-16 02:59:59
tenable
tenable
[R1] SecurityCenter 5.3.2, 5.4.0, 5.4.2, 5.4.5, 5.5.0, and 5.5.1 Fixes Multiple Vulnerabilities
2017-09-13 18:59:00
zdt
zdt
PHP 7.1.8 - Heap-Based Buffer Overflow Vulnerability
2017-11-15 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP Core timelib_meridian Heap Buffer Overflow (CVE-2017-16642)
2017-11-20 00:00:00
threatpost
threatpost
Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution
2018-08-17 18:03:08
gentoo
gentoo
PHP: Multiple vulnerabilities
2017-09-24 00:00:00
redhat
redhat
(RHSA-2018:1296) Moderate: rh-php70-php security, bug fix, and enhancement update
2018-05-03 03:21:11
(RHSA-2019:2519) Moderate: rh-php71-php security, bug fix, and enhancement update
2019-08-19 08:09:18
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
cloudlinux
cloudlinux
Fix of 227 CVE
2020-10-15 12:00:00
ibm
ibm
Security Bulletin: Multiple Security Issues in IBM Tealeaf Customer Experience PCA
2018-06-23 03:45:19

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.032 Low

EPSS

Percentile

91.2%

JSON
Related for DEBIAN_DSA-4081.NASL
debian5osv12openvas34nessus52f54nvd9prion7redhatcve7hackerone5cvelist7ubuntucve7debiancve7cve9suse2ubuntu4veracode7tenable1zdt1checkpoint_advisories1threatpost1gentoo1redhat2rosalinux1cloudlinux1ibm1