Debian DLA-3487-1:fusiondirectory - LTS 安全性更新

critical Nessus Plugin ID 178053

概要

遠端 Debian 主機上缺少一個或多個安全性更新。

說明

遠端 Debian 10 主機上安裝的多個套件受到 dla-3487 公告中提及的多個弱點影響。

- Fusiondirectory 1.3 受到不當工作階段處理的影響。(CVE-2022-36179)

- Fusiondirectory 1.3 容易透過 /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106 受到跨網站指令碼 (XSS) 影響。(CVE-2022-36180)

- phpCAS 是一種驗證程式庫,可讓 PHP 應用程式透過中央驗證服務 (CAS) 伺服器輕鬆驗證使用者。phpCAS 程式庫使用 HTTP 標頭來判斷用於驗證票證的服務 URL。借助該庫,攻擊者可以控制主機標頭,並使用授予相同 SSO 領域 (CAS 伺服器) 中任何授權服務的有效票證,以驗證受 phpCAS 保護的服務。根據 CAS 伺服器服務登錄檔的設定,在最壞的情況下,這可能是任何其他服務 URL (如果允許的 URL 設定為 ^(https)://.*);如果套用適當的 URL 服務驗證,則可能會嚴格限制為相同 SSO 聯盟中的已知和授權服務。當受害者在登入相同 CAS 伺服器的情況下造訪攻擊者的網站時,此弱點可能允許攻擊者在受害者不知情的情況下,在有弱點的 CASified 服務上取得受害者帳戶的存取權。 我們對 phpCAS 1.6.0 版進行了主要版本升級,開始強制執行服務 URL 探索驗證,因為 PHP 中沒有可使用的 100% 安全的預設組態。從此版本開始,建構用戶端類別時,必須傳入額外的服務基本 URL 引數。如需詳細資訊,請參閱升級檔案。此弱點只會影響 phpCAS 程式庫保護的 CAS 用戶端。如果 phpCAS 組態有下列設定,phpCAS 低於 1.6.0 的版本中儘存在問題的服務 URL 探索行為會遭到停用,因此您不會受到影響:1. 呼叫「phpCAS:: setUrl()」(提醒您必須傳入目前頁面的完整 URL,而非服務基底 URL),以及;2. 僅在啟用 Proxy 模式時,才會呼叫「phpCAS:: setCallbackURL()」;3. 如果 PHP 的 HTTP 標頭輸入「X-Forwarded-Host」、「X-Forwarded-Server」、「X-Forwarded-Proto」、「X-Forwarded-Protocol」在傳送至 PHP 之前被清理 (由例如反向代理伺服器),您也不會受到此弱點的影響。如果您的 CAS 伺服器服務登錄檔設定為只允許已知且受信任的服務 URL,則該弱點的嚴重性會大幅降低,因為攻擊者必須控制另一個授權服務。否則,您應該升級程式庫以獲得安全的服務探索行為。
(CVE-2022-39369)

請注意,Nessus 並未測試這些問題,而是僅依據應用程式自我報告的版本號碼作出判斷。

解決方案

升級 fusiondirectory 套件。

針對 Debian 10 buster,已在 1.2.3-4+deb10u2 版本中修正這些問題。

另請參閱

http://www.nessus.org/u?08a588b6

https://www.debian.org/lts/security/2023/dla-3487

https://security-tracker.debian.org/tracker/CVE-2022-36179

https://security-tracker.debian.org/tracker/CVE-2022-36180

https://security-tracker.debian.org/tracker/CVE-2022-39369

https://packages.debian.org/source/buster/fusiondirectory

Plugin 詳細資訊

嚴重性: Critical

ID: 178053

檔案名稱: debian_DLA-3487.nasl

版本: 1.0

類型: local

代理程式: unix

已發布: 2023/7/8

已更新: 2023/7/8

支援的感應器: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

風險資訊

VPR

風險因素: High

分數: 7.3

CVSS v2

風險因素: Critical

基本分數: 10

時間分數: 7.8

媒介: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS 評分資料來源: CVE-2022-36180

CVSS v3

風險因素: Critical

基本分數: 9.8

時間分數: 8.8

媒介: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

時間媒介: CVSS:3.0/E:P/RL:O/RC:C

CVSS 評分資料來源: CVE-2022-36179

弱點資訊

CPE: p-cpe:/a:debian:debian_linux:fusiondirectory, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-alias, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-alias-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-applications, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-applications-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-argonaut, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-argonaut-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-audit, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-audit-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-autofs, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-autofs-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-certificates, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-community, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-community-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-cyrus, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-cyrus-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-debconf, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-debconf-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-developers, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-dhcp, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-dhcp-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-dns, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-dns-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-dovecot, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-dovecot-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-dsa, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-dsa-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ejbca, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ejbca-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-fai, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-fai-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-freeradius, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-freeradius-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-fusioninventory, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-fusioninventory-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-gpg, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-gpg-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ipmi, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ipmi-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ldapdump, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ldapmanager, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-mail, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-mail-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-mixedgroups, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-nagios, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-nagios-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-netgroups, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-netgroups-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-newsletter, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-newsletter-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-opsi, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-opsi-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-personal, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-personal-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-posix, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-postfix, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-postfix-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ppolicy, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ppolicy-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-puppet, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-puppet-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-pureftpd, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-pureftpd-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-quota, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-quota-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-renater-partage, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-renater-partage-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-repository, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-repository-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-samba, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-spamassassin-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-squid, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-squid-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ssh, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ssh-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-subcontracting, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-subcontracting-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-sudo, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-sudo-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-supann, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-supann-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-sympa, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-sympa-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-samba-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-sogo, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-sogo-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-spamassassin, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-systems, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-systems-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-user-reminder, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-user-reminder-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-weblink, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-weblink-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-webservice, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-webservice-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-smarty3-acl-render, p-cpe:/a:debian:debian_linux:fusiondirectory-theme-oxygen, p-cpe:/a:debian:debian_linux:fusiondirectory-webservice-shell, cpe:/o:debian:debian_linux:10.0

必要的 KB 項目: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

可被惡意程式利用: true

可輕鬆利用: Exploits are available

修補程式發佈日期: 2023/7/8

弱點發布日期: 2022/10/31

參考資訊

CVE: CVE-2022-36179, CVE-2022-36180, CVE-2022-39369