Operating System:

[LINUX][Appliance][Virtual]

Published:

06 April 2018

Protect yourself against future threats.

//Service

AusCERT Education

Enhance your knowledge with our exceptional one day training offerings for individuals and organisations

Read more
Resources > Security Bulletins > ASB-2018.0070 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0070
      [R1] SecurityCenter 5.6.2.1 Fixes One Third-party Vulnerability
                               6 April 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Tenable SecurityCenter
Operating System:     Linux variants
                      Network Appliance
                      Virtualisation
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                      Denial of Service               -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-7584  
Member content until: Sunday, May  6 2018
Reference:            ESB-2018.0941
                      ESB-2018.0867
                      ESB-2018.0796

OVERVIEW

        Vulnerability has been identified in PHP module that is part
        of Tenable SecurityCenter prior to version 5.6.2.1. [1]


IMPACT

        The vendor has provided the following details regarding the 
        vulnerabilities:
        
        "SecurityCenter leverages third-party software to help provide 
        underlying functionality. One of the third-party components (PHP) 
        were found to contain vulnerabilities, and updated versions have 
        been made available by the providers.
        
        Out of caution and in line with good practice, Tenable opted to 
        upgrade the bundled PHP to address the potential impact of these 
        issues on SecurityCenter. SecurityCenter 5.6.2.1 updates PHP to 
        version 5.6.34 to address the identified vulnerabilities.
        
        References for the issues are below:
        
        PHP Stack Buffer Overflow Vulnerability (CVE-2018-7584)
        
        CVE ID: CVE-2018-7584
        Tenable Advisory ID: TNS-2018-03
        Risk Factor: High
        CVSSv2 Base / Temporal Score: 7.5 / 5.9
        CVSSv2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"[1][2]


MITIGATION

        Tenable advises users to upgrade to the latest version.
        
        "Tenable has released SecurityCenter 5.6.2.1 to address this issue.
        The new version can be obtained from the Tenable Support 
        Portal"[1][3]


REFERENCES

        [1] [R1] SecurityCenter 5.6.2.1 Fixes One Third-party Vulnerability
            http://www.tenable.com/security/tns-2018-03

        [2] [CVE-MITRE] Stack-based buffer under-read while parsing an HTTP
            response in the php_stream_url_wrap_http_ex function
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7584

        [3] Tenable Support Portal
            https://support.tenable.com/support-center/index.php?x=&mod_id=160

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWsaxVYx+lLeg9Ub1AQiD2g//RLR+1dBm/F94MYimZfzRjmQ15o26EOzf
bvbgPW3hnSVTE6ACOcUtHZdkmMWi/1/q2x7S6nh72eZEUeNTGTpyMGNSTxEIOHHe
FQpr0W0LeCd1QZW+M4a4A48zAWQYQ1I8tVcU9Rtk87p5csbQZshu3MMzfuTVWM1a
FK4R9FpfOjRnw6yHORLaVmYw4eYscMl44y5OSQsSMS4ZVNHDzAz2MCV1rT+d5UrI
qgEvV8aZIcf+gL+tqrYCL0h+MwWzRaUrfkU6sUffNaQHgaZ1RPoAv5UT3xbf71iE
k9OuGOoe717V5nfazEMDUmkQwApemLUoA1XkyQkrmuZepmRUcNMgcwNqEQ4vCFao
A6VRmxFEV0RknUqv4nlfx342GRSONKC86j0P5+P8SIzJzBMmxhe0PzYM4gTzIZQP
PFtv2hWyDL0Ihv0fqVOCdTa29Ic2kJlTUBPR4r9Fh7UuXHV0XNlwrMoDDRhbdblE
8dcwW5KYRbuJJ30IMumXEdQs3Z4t6fF0LUEgPmDDlnvlYV/XJCFGz4R5cvFvOo+K
7Jf6qFJPEcIU3CN21s0ESpIL49Vl2KcEw9pJzp47U8jafpgmtdO8lOfEHXEJuoS7
HeQyVZasYU/7Y1xZj9z8oCBKbCftbhmG3a9lMoh0rdaOxWtpk9eG8k5ymbTAyoZk
H4Dhb0QPCkk=
=Pt3r
-----END PGP SIGNATURE-----