Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0310 Multiple vulnerabilities have been identified in Tenable.sc (formerly Tenable Security Center) 5 November 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Tenable.sc Operating System: Windows Linux variants Network Appliance Impact/Access: Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-9637 CVE-2019-9022 CVE-2018-17082 CVE-2018-10548 Member content until: Thursday, December 5 2019 Reference: ESB-2019.4077 ESB-2019.3172 ESB-2019.2087 ESB-2019.1855 ESB-2019.1377 ESB-2019.1277 OVERVIEW Multiple vulnerabilities have been identified in the following versions of Tenable.sc: "- 5.7.X - 5.8.X - 5.9.X - 5.10.X - 5.11.X" [1] IMPACT Tenable has provided the following details regarding the vulnerabilities: "CVE-2019-9637: Description An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data." [2] "CVE-2019-9022: Description An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries." [3] "CVE-2018-17082: Description The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c." [4] "CVE-2018-10548: Description An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value." [5] MITIGATION Tenable recommends users of Tenable.sc 5.7.x and 5.11.x apply their respective stand-alone patches [6], to address these issues. Tenable states: "This stand-alone patch updates PHP to version 7.1.33 to address the identified vulnerabilities." [1] REFERENCES [1] [R1] PHP Stand-alone Patch Available for Tenable.sc versions 5.7.x to 5.11.x https://www.tenable.com/security/tns-2019-07 [2] CVE-2019-9637 https://www.tenable.com/cve/CVE-2019-9637 [3] CVE-2019-9022 https://www.tenable.com/cve/CVE-2019-9022 [4] CVE-2018-17082 https://www.tenable.com/cve/CVE-2018-17082 [5] CVE-2018-10548 https://www.tenable.com/cve/CVE-2018-10548 [6] Tenable.sc, xTool, and Migration Tool https://www.tenable.com/downloads/tenable-sc AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXcDE5WaOgq3Tt24GAQgh8Q//dqM143VIJ/MxEzvUeKxTba4Q7A8QQ+KT iCkEpBRdzWOFHxdeWKYubg5JHWnOD+e3HINdg7IGCHxV9FzUsrTkJXlRh7YuRscY 4oTCFKEv86tq/evwuIRNE+pxQGRRo+CkMhLC8XSvo5GdmVGPmxWFigG8LIMeR5Ip zcFu4LWglANLcGFiA8xfp+JLKceavDUcFuyzd+RcHa8foHAk9Q/jYj9QRLoUJ7kx u2DpatonTFBhKoEtgCbKfVoATAXv0qbjU3p0TQrw0/+AND2iXzTicZoHaflP0Vqn APyEw/L0pfi7ZbY7yvhzYQCt66v0fOw6fhnTS1fCt7XUZRJri2pi10bcSUNg3LPD DEmWBuAmiUu2hxjhCszjYE45vgkgZ21doGtTEPtI2J1Z8z2Ys33Yq2CCiXVu3IAi OwBkYQH75HbxRtKd0tvZBiW7lfhS5Lqs3wcNZMuSKLcjl3aLlXSYB/Kf+2QssjsF sShgttzuhd5qskr9PRCo5TCcmIVad0KiZXtZjRSFyqCdB6w8FC6IH3UsVpHWOvY7 NN9vu6DyqJjNa0NOuEyT1zpX1S68m80ZrRd/1lziZPSw8iDmqW36TV3a9Z7dBvVM 123sBYJPZ9ZQ+l9eHsiX97LyNKHIsnwOpaqAkX98Ve9QccoTnXVarkwM8H2+qP4j Qiap6heObjo= =Q3HE -----END PGP SIGNATURE-----