Lucene search

HistoryMar 12, 2018 - 12:00 a.m.

Fedora 26 : php (2018-e8bc8d2784)

2018-03-1200:00:00

www.tenable.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.753 High

EPSS

Percentile

98.2%

JSON

PHP version 7.1.15 (01 Mar 2018)

Apache2Handler:

Fixed bug php#75882 (a simple way for segfaults in threadsafe php just with configuration). (Anatol)

Date:

Fixed bug php#75857 (Timezone gets truncated when formatted). (carusogabriel)
Fixed bug php#75928 (Argument 2 for DateTimeZone::listIdentifiers() should accept null).
(Pedro Lacerda)
Fixed bug php#68406 (calling var_dump on a DateTimeZone object modifies it). (jhdxr)

PGSQL:

Fixed php#75838 (Memory leak in pg_escape_bytea()).
(ard_1 at mail dot ru)

ODBC:

Fixed bug php#73725 (Unable to retrieve value of varchar(max) type). (Anatol)

LDAP:

Fixed bug php#49876 (Fix LDAP path lookup on 64-bit distros). (dzuelke)

libxml2:

Fixed bug php#75871 (use pkg-config where available).
(pmmaga)

Phar:

Fixed bug php#65414 (deal with leading slash when adding files correctly). (bishopb)

SPL:

Fixed bug php#74519 (strange behavior of AppendIterator). (jhdxr)

Standard:

Fixed bug php#75916 (DNS_CAA record results contain garbage). (Mike, Philip Sharp)
Fixed bug php#75981 (stack-buffer-overflow while parsing HTTP response). (Stas)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2018-e8bc8d2784.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(107282);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2018-7584");
  script_xref(name:"FEDORA", value:"2018-e8bc8d2784");

  script_name(english:"Fedora 26 : php (2018-e8bc8d2784)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"**PHP version 7.1.15** (01 Mar 2018)

**Apache2Handler:**

  - Fixed bug php#75882 (a simple way for segfaults in
    threadsafe php just with configuration). (Anatol)

**Date:**

  - Fixed bug php#75857 (Timezone gets truncated when
    formatted). (carusogabriel)

  - Fixed bug php#75928 (Argument 2 for
    `DateTimeZone::listIdentifiers()` should accept `null`).
    (Pedro Lacerda)

  - Fixed bug php#68406 (calling var_dump on a DateTimeZone
    object modifies it). (jhdxr)

**PGSQL:**

  - Fixed php#75838 (Memory leak in pg_escape_bytea()).
    (ard_1 at mail dot ru)

**ODBC:**

  - Fixed bug php#73725 (Unable to retrieve value of
    varchar(max) type). (Anatol)

**LDAP:**

  - Fixed bug php#49876 (Fix LDAP path lookup on 64-bit
    distros). (dzuelke)

**libxml2:**

  - Fixed bug php#75871 (use pkg-config where available).
    (pmmaga)

**Phar:**

  - Fixed bug php#65414 (deal with leading slash when adding
    files correctly). (bishopb)

**SPL:**

  - Fixed bug php#74519 (strange behavior of
    AppendIterator). (jhdxr)

**Standard:**

  - Fixed bug php#75916 (DNS_CAA record results contain
    garbage). (Mike, Philip Sharp)

  - Fixed bug php#75981 (stack-buffer-overflow while parsing
    HTTP response). (Stas)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-e8bc8d2784"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC26", reference:"php-7.1.15-1.fc26")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
}

VendorProductVersionCPE
fedoraprojectfedoraphpp-cpe:/a:fedoraproject:fedora:php
fedoraprojectfedora26cpe:/o:fedoraproject:fedora:26

Vendor	Product	Version	CPE
fedoraproject	fedora	php	p-cpe:/a:fedoraproject:fedora:php
fedoraproject	fedora	26	cpe:/o:fedoraproject:fedora:26

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7584

bodhi.fedoraproject.org/updates/FEDORA-2018-e8bc8d2784

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.753 High

EPSS

Percentile

98.2%

JSON

Related for FEDORA_2018-E8BC8D2784.NASL