Debian DLA-3487-1:fusiondirectory - LTS 安全更新

critical Nessus 插件 ID 178053

简介

远程 Debian 主机上缺少一个或多个与安全性相关的更新。

描述

远程 Debian 10 主机上安装的程序包受到 dla-3487 公告中提及的多个漏洞影响。

- Fusiondirectory 1.3 受到不当会话处理的影响。(CVE-2022-36179)

- 通过 /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106,Fusiondirectory 1.3 版容易受到跨站脚本 (XSS) 的影响。(CVE-2022-36180)

- phpCAS 是一个认证库,允许 PHP 应用程序通过中央认证服务 (CAS) 服务器轻松认证用户。phpCAS 库使用 HTTP 标头来确定用于验证票证的服务 URL。该库允许攻击者控制主机标头,并使用为同一 SSO 领域(CAS 服务器)中的任何授权服务授予的有效票证对 phpCAS 保护的服务进行认证。根据 CAS 服务器服务注册表的设置,在最坏的情况下,这可能是任何其他服务 URL(如果允许的 URL 配置为 ^(https): //.*),或者如果应用了正确的 URL 服务验证,则可能被严格限制为相同 SSO 联合中的已知和授权的服务。当受害者在登录同一 CAS 服务器的情况下访问攻击者的网站时,此漏洞可能会允许攻击者在受漏洞影响的 CASified 服务上获取受害者的帐户,而受害者并不知情。 我们对 phpCAS 1.6.0 版做了主要版本升级,以开始强制执行服务 URL 发现验证,因为在 PHP 中没有 100% 安全的默认配置可供使用。从此版本开始,构造客户端类时需要传入一个额外的服务基本 URL 参数。如需更多信息,请参阅升级文档。此漏洞仅影响 phpCAS 库防御的 CAS 客户端。如果 phpCAS 配置具有以下设置,则只会禁用 phpCAS 低于 1.6.0 的版本中有问题的服务 URL 发现行为,因此您不会受到影响:1. 调用 `phpCAS:: setUrl()`(提醒您必须传入当前页面的完整 URL,而不是服务基本 URL);并且 2. 仅当启用了代理模式时才会调用 `phpCAS: : setCallbackURL()`;3. 如果 PHP 的 HTTP 标头输入“X-Forwarded-Host”、“X-Forwarded-Server”、“X-Forwarded-Proto”、“X-Forwarded-Protocol”在到达 PHP 之前被清理(例如通过反向代理),则您也不会受到此漏洞的影响。如果您的 CAS 服务器服务注册表配置为仅允许已知和可信的服务 URL,则该漏洞的严重性会大大降低,因为攻击者必须控制另一个经授权的服务。否则,您应升级库以获得安全的服务发现行为。
(CVE-2022-39369)

请注意,Nessus 尚未测试这些问题,而是只依据应用程序自我报告的版本号进行判断。

解决方案

升级 fusiondirectory 程序包。

对于 Debian 10 buster,已在 1.2.3-4+deb10u2 版本中修复这些问题。

另见

http://www.nessus.org/u?08a588b6

https://www.debian.org/lts/security/2023/dla-3487

https://security-tracker.debian.org/tracker/CVE-2022-36179

https://security-tracker.debian.org/tracker/CVE-2022-36180

https://security-tracker.debian.org/tracker/CVE-2022-39369

https://packages.debian.org/source/buster/fusiondirectory

插件详情

严重性: Critical

ID: 178053

文件名: debian_DLA-3487.nasl

版本: 1.0

类型: local

代理: unix

发布时间: 2023/7/8

最近更新时间: 2023/7/8

支持的传感器: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

风险信息

VPR

风险因素: High

分数: 7.3

CVSS v2

风险因素: Critical

基本分数: 10

时间分数: 7.8

矢量: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS 分数来源: CVE-2022-36180

CVSS v3

风险因素: Critical

基本分数: 9.8

时间分数: 8.8

矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

时间矢量: CVSS:3.0/E:P/RL:O/RC:C

CVSS 分数来源: CVE-2022-36179

漏洞信息

CPE: p-cpe:/a:debian:debian_linux:fusiondirectory, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-alias, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-alias-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-applications, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-applications-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-argonaut, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-argonaut-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-audit, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-audit-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-autofs, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-autofs-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-certificates, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-community, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-community-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-cyrus, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-cyrus-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-debconf, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-debconf-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-developers, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-dhcp, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-dhcp-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-dns, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-dns-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-dovecot, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-dovecot-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-dsa, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-dsa-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ejbca, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ejbca-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-fai, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-fai-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-freeradius, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-freeradius-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-fusioninventory, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-fusioninventory-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-gpg, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-gpg-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ipmi, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ipmi-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ldapdump, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ldapmanager, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-mail, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-mail-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-mixedgroups, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-nagios, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-nagios-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-netgroups, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-netgroups-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-newsletter, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-newsletter-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-opsi, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-opsi-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-personal, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-personal-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-posix, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-postfix, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-postfix-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ppolicy, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ppolicy-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-puppet, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-puppet-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-pureftpd, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-pureftpd-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-quota, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-quota-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-renater-partage, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-renater-partage-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-repository, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-repository-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-samba, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-spamassassin-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-squid, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-squid-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ssh, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-ssh-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-subcontracting, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-subcontracting-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-sudo, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-sudo-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-supann, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-supann-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-sympa, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-sympa-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-samba-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-sogo, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-sogo-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-spamassassin, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-systems, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-systems-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-user-reminder, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-user-reminder-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-weblink, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-weblink-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-webservice, p-cpe:/a:debian:debian_linux:fusiondirectory-plugin-webservice-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-schema, p-cpe:/a:debian:debian_linux:fusiondirectory-smarty3-acl-render, p-cpe:/a:debian:debian_linux:fusiondirectory-theme-oxygen, p-cpe:/a:debian:debian_linux:fusiondirectory-webservice-shell, cpe:/o:debian:debian_linux:10.0

必需的 KB 项: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

可利用: true

易利用性: Exploits are available

补丁发布日期: 2023/7/8

漏洞发布日期: 2022/10/31

参考资料信息

CVE: CVE-2022-36179, CVE-2022-36180, CVE-2022-39369