Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2019.0310
Multiple vulnerabilities have been identified in Tenable.sc
(formerly Tenable Security Center)
5 November 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Tenable.sc
Operating System: Windows
Linux variants
Network Appliance
Impact/Access: Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-9637 CVE-2019-9022 CVE-2018-17082
CVE-2018-10548
Member content until: Thursday, December 5 2019
Reference: ESB-2019.4077
ESB-2019.3172
ESB-2019.2087
ESB-2019.1855
ESB-2019.1377
ESB-2019.1277
OVERVIEW
Multiple vulnerabilities have been identified in the following
versions of Tenable.sc:
"- 5.7.X
- 5.8.X
- 5.9.X
- 5.10.X
- 5.11.X" [1]
IMPACT
Tenable has provided the following details regarding the
vulnerabilities:
"CVE-2019-9637:
Description
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16,
and 7.3.x before 7.3.3. Due to the way rename() across filesystems
is implemented, it is possible that file being renamed is briefly
available with wrong permissions while the rename is ongoing, thus
enabling unauthorized users to access the data." [2]
"CVE-2019-9022:
Description
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before
7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS
response, which can allow a hostile DNS server to cause PHP to
misuse memcpy, leading to read operations going past the buffer
allocated for DNS data. This affects php_parserr in
ext/standard/dns.c for DNS_CAA and DNS_ANY queries." [3]
"CVE-2018-17082:
Description
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32,
7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body
of a "Transfer-Encoding: chunked" request, because the bucket
brigade is mishandled in the php_handler function in
sapi/apache2handler/sapi_apache2.c." [4]
"CVE-2018-10548:
Description
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30,
7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows
remote LDAP servers to cause a denial of service (NULL pointer
dereference and application crash) because of mishandling of the
ldap_get_dn return value." [5]
MITIGATION
Tenable recommends users of Tenable.sc 5.7.x and 5.11.x apply their
respective stand-alone patches [6], to address these issues.
Tenable states:
"This stand-alone patch updates PHP to version 7.1.33 to address the
identified vulnerabilities." [1]
REFERENCES
[1] [R1] PHP Stand-alone Patch Available for Tenable.sc versions 5.7.x
to 5.11.x
https://www.tenable.com/security/tns-2019-07
[2] CVE-2019-9637
https://www.tenable.com/cve/CVE-2019-9637
[3] CVE-2019-9022
https://www.tenable.com/cve/CVE-2019-9022
[4] CVE-2018-17082
https://www.tenable.com/cve/CVE-2018-17082
[5] CVE-2018-10548
https://www.tenable.com/cve/CVE-2018-10548
[6] Tenable.sc, xTool, and Migration Tool
https://www.tenable.com/downloads/tenable-sc
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXcDE5WaOgq3Tt24GAQgh8Q//dqM143VIJ/MxEzvUeKxTba4Q7A8QQ+KT
iCkEpBRdzWOFHxdeWKYubg5JHWnOD+e3HINdg7IGCHxV9FzUsrTkJXlRh7YuRscY
4oTCFKEv86tq/evwuIRNE+pxQGRRo+CkMhLC8XSvo5GdmVGPmxWFigG8LIMeR5Ip
zcFu4LWglANLcGFiA8xfp+JLKceavDUcFuyzd+RcHa8foHAk9Q/jYj9QRLoUJ7kx
u2DpatonTFBhKoEtgCbKfVoATAXv0qbjU3p0TQrw0/+AND2iXzTicZoHaflP0Vqn
APyEw/L0pfi7ZbY7yvhzYQCt66v0fOw6fhnTS1fCt7XUZRJri2pi10bcSUNg3LPD
DEmWBuAmiUu2hxjhCszjYE45vgkgZ21doGtTEPtI2J1Z8z2Ys33Yq2CCiXVu3IAi
OwBkYQH75HbxRtKd0tvZBiW7lfhS5Lqs3wcNZMuSKLcjl3aLlXSYB/Kf+2QssjsF
sShgttzuhd5qskr9PRCo5TCcmIVad0KiZXtZjRSFyqCdB6w8FC6IH3UsVpHWOvY7
NN9vu6DyqJjNa0NOuEyT1zpX1S68m80ZrRd/1lziZPSw8iDmqW36TV3a9Z7dBvVM
123sBYJPZ9ZQ+l9eHsiX97LyNKHIsnwOpaqAkX98Ve9QccoTnXVarkwM8H2+qP4j
Qiap6heObjo=
=Q3HE
-----END PGP SIGNATURE-----