5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.003 Low
EPSS
Percentile
68.1%
ZF2015-09: Zend\Captcha\Word
generates a ‘word’ for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this vulnerability announcement, the selection was performed using PHP’s internal array_rand()
function. This function does not generate sufficient entropy due to its usage of rand()
instead of more cryptographically secure methods such as openssl_pseudo_random_bytes()
.
This could potentially lead to information disclosure should an attacker be able to brute force the random number generation. This release contains a patch that replaces the array_rand()
calls to use Zend\Math\Rand::getInteger()
, which provides better RNG.
ZF2015-10: Zend\Crypt\PublicKey\Rsa\PublicKey
has a call to openssl_public_encrypt()
which used PHP’s default $padding
argument, which specifies OPENSSL_PKCS1_PADDING
, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the [Bleichenbacher’s chosen-ciphertext attack](http://crypto.stackexchange.com/questions/12688/ can-you-explain-bleichenbachers-cca-attack-on-pkcs1-v1-5 ), which can be used to recover an RSA private key. This release contains a patch that changes the padding argument to use OPENSSL_PKCS1_OAEP_PADDING
.
Users upgrading to this version may have issues decrypting previously stored values, due to the change in padding. If this occurs, you can pass the constant OPENSSL_PKCS1_PADDING
to a new $padding
argument in Zend\Crypt\PublicKey\Rsa::encrypt()
and decrypt()
(though typically this should only apply to the latter) :
php $decrypted = $rsa->decrypt($data, $key, $mode, OPENSSL_PKCS1_PADDING);
where $rsa
is an instance of Zend\Crypt\PublicKey\Rsa
.
(The $key
and $mode
argument defaults are null
and Zend\Crypt\PublicKey\Rsa::MODE_AUTO
, if you were not using them previously.)
We recommend re-encrypting any such values using the new defaults.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2016-8952105d59.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(92125);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2015-7503");
script_xref(name:"FEDORA", value:"2016-8952105d59");
script_name(english:"Fedora 23 : php-ZendFramework2 / php-zendframework-zendxml (2016-8952105d59)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"## 2.4.10 (2016-05-09)
- Fix HeaderValue throwing an exception on legal
characters
## 2.4.9 (2015-11-23)
### SECURITY UPDATES
- **ZF2015-09**: `Zend\Captcha\Word` generates a 'word'
for a CAPTCHA challenge by selecting a sequence of
random letters from a character set. Prior to this
vulnerability announcement, the selection was performed
using PHP's internal `array_rand()` function. This
function does not generate sufficient entropy due to its
usage of `rand()` instead of more cryptographically
secure methods such as `openssl_pseudo_random_bytes()`.
This could potentially lead to information disclosure
should an attacker be able to brute force the random
number generation. This release contains a patch that
replaces the `array_rand()` calls to use
`Zend\Math\Rand::getInteger()`, which provides better
RNG.
- **ZF2015-10**: `Zend\Crypt\PublicKey\Rsa\PublicKey` has
a call to `openssl_public_encrypt()` which used PHP's
default `$padding` argument, which specifies
`OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5
padding. This padding has a known vulnerability, the
[Bleichenbacher's chosen-ciphertext
attack](http://crypto.stackexchange.com/questions/12688/
can-you-explain-bleichenbachers-cca-attack-on-pkcs1-v1-5
), which can be used to recover an RSA private key. This
release contains a patch that changes the padding
argument to use `OPENSSL_PKCS1_OAEP_PADDING`.
Users upgrading to this version may have issues
decrypting previously stored values, due to the change
in padding. If this occurs, you can pass the constant
`OPENSSL_PKCS1_PADDING` to a new `$padding` argument in
`Zend\Crypt\PublicKey\Rsa::encrypt()` and `decrypt()`
(though typically this should only apply to the
latter) :
```php $decrypted = $rsa->decrypt($data, $key, $mode,
OPENSSL_PKCS1_PADDING); ```
where `$rsa` is an instance of
`Zend\Crypt\PublicKey\Rsa`.
(The `$key` and `$mode` argument defaults are `null` and
`Zend\Crypt\PublicKey\Rsa::MODE_AUTO`, if you were not
using them previously.)
We recommend re-encrypting any such values using the new
defaults.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-8952105d59"
);
script_set_attribute(
attribute:"solution",
value:
"Update the affected php-ZendFramework2 and / or
php-zendframework-zendxml packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-ZendFramework2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-zendframework-zendxml");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/10");
script_set_attribute(attribute:"patch_publication_date", value:"2016/06/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/14");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC23", reference:"php-ZendFramework2-2.4.10-1.fc23")) flag++;
if (rpm_check(release:"FC23", reference:"php-zendframework-zendxml-1.0.2-2.fc23")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php-ZendFramework2 / php-zendframework-zendxml");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | php-zendframework2 | p-cpe:/a:fedoraproject:fedora:php-zendframework2 |
fedoraproject | fedora | php-zendframework-zendxml | p-cpe:/a:fedoraproject:fedora:php-zendframework-zendxml |
fedoraproject | fedora | 23 | cpe:/o:fedoraproject:fedora:23 |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.003 Low
EPSS
Percentile
68.1%