Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).
{"securityvulns": [{"lastseen": "2021-06-08T19:08:46", "description": "unserialize() function integer overflow.", "edition": 2, "cvss3": {}, "published": "2006-10-09T00:00:00", "title": "PHP integer overflow", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2006-4812"], "modified": "2006-10-09T00:00:00", "id": "SECURITYVULNS:VULN:6695", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:6695", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:19", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\n Hardened-PHP Project\r\n www.hardened-php.net\r\n\r\n -= Security Advisory =-\r\n\r\n\r\n Advisory: PHP unserialize() Array Creation Integer Overflow\r\n Release Date: 2006/10/09\r\nLast Modified: 2006/10/09\r\n Author: Stefan Esser [sesser@hardened-php.net]\r\n\r\n Application: PHP 5 <= 5.1.6, PHP 4 < 4.3.0\r\n Not affected: PHP 4 >= 4.3.0,\r\n PHP with Hardening-Patch,\r\n PHP with Suhosin-Patch\r\n Severity: User-input passed to the unserialize() function might \r\n trigger an integer overflow in array creation that \r\n might result in remote code execution\r\n Risk: Critical\r\nVendor Status: Fixed in CVS, no security update planned, wait for PHP 5.2.0\r\n References: http://www.hardened-php.net/advisory_092006.133.html\r\n\r\n\r\nOverview:\r\n\r\n Quote from http://www.php.net\r\n "PHP is a widely-used general-purpose scripting language that \r\n is especially suited for Web development and can be embedded \r\n into HTML."\r\n\r\n The PHP 5 branch of the PHP source code lacks the protection\r\n against possible integer overflows inside ecalloc() that is\r\n present in the PHP 4 branch and also for several years part of\r\n our Hardening-Patch and our new Suhosin-Patch.\r\n \r\n It was discovered that such an integer overflow can be triggered\r\n when user input is passed to the unserialize() function. Earlier\r\n vulnerabilities in PHP's unserialize() that were also discovered \r\n by one of our audits in December 2004 are unrelated to the newly\r\n discovered flaw, but they have shown, that the unserialize() \r\n function is exposed to user-input in many popular PHP applications. \r\n Examples for applications that use the content of COOKIE variables\r\n with unserialize() are phpBB and Serendipity.\r\n \r\n The successful exploitation of this integer overflow will result\r\n in arbitrary code execution.\r\n\r\n\r\nDetails:\r\n\r\n Several years ago when integer overflows inside the calloc() \r\n function-family became popular in the security industry, many\r\n function libraries that contained similar allocation functions\r\n were hardened against the possible multiplication overflow.\r\n \r\n The ecalloc() function used in the Zend Engine 1 was one of the\r\n functions that were hardened against this kind of attack.\r\n Unfortunately the PHP developers never bothered merging this\r\n protection into the code of the Zend Engine 2, which powers PHP 5.\r\n \r\n However when Hardened-PHP was created by us in 2004 a similar\r\n protection of ecalloc() was added to our patch. Therefore our\r\n users are safe from the problem described here.\r\n \r\n unserialize() is a PHP function that allows deserialisation of\r\n previously serialised PHP variables. Many applications use it\r\n to store PHP variables in an easy accessible data format. Some\r\n of them even put serialised strings into COOKIEs and later\r\n unserialize() them again.\r\n \r\n Unfortunately passing user-input to unserialize() is a bad idea\r\n because it also supports the deserialisation of objects, which\r\n might influence the application. Additionally it is trivial to\r\n crash PHP with a large amount of nested arrays.\r\n \r\n Furthermore we discovered that storing a large value for the \r\n number of array elements into the serialised string will trigger\r\n an integer overflow inside ecalloc(), resulting in the allocation\r\n of 0 bytes (plus the Zend Memory Manager management headers).\r\n When this happens unserialize() will continue working with a\r\n to small bucket array. When the string is parsed for the array \r\n elements the HashTable functions will operate on memory not\r\n allocated for this purpose. This can lead to several different\r\n memory corruption attacks.\r\n \r\n A carefully crafted string can use this to execute arbitrary code.\r\n In our proof of concept exploit this is achieved by storing a\r\n HashTable with our own destructor into the PHP array. When the\r\n PHP variable is destroyed this will result in the execution of\r\n our shellcode. \r\n \r\n Note: In general this kind of attack on HashTable destructors\r\n is impossible when Hardening-Patch or Suhosin-Patch are installed\r\n because both detect modification of HashTable destructors.\r\n \r\n Note: In general we dislike to release advisories while there are\r\n no official fixed versions available, but the fact that Linux\r\n distributions already are shipping patched versions and that the\r\n PHP CVS contains an explicit commit message we believe it is \r\n important all parties about unserialize(). It is not really a\r\n problem to find out with a few grep commands that unserialize()\r\n is allowing dangerous ecalloc() calls.\r\n\r\n\r\nProof of Concept:\r\n\r\n The Hardened-PHP Project will release a proof of concept exploit\r\n for this vulnerability after the release of PHP 5.2.0 has happened\r\n and a few weeks have passed.\r\n\r\n\r\nDisclosure Timeline:\r\n\r\n 30. September 2006 - Notified security@php.net, vendor-sec\r\n 30. September 2006 - Patch was committed to PHP CVS\r\n 05. October 2006 - Redhat, Mandriva release PHP updates\r\n 06. October 2006 - PHP security updates in media\r\n 09. October 2006 - Public Disclosure\r\n\r\n\r\nRecommendation:\r\n\r\n It is strongly recommended to patch your version of PHP with the\r\n following patch until php.net is providing updates.\r\n\r\n http://www.hardened-php.net/files/CVE-2006-4812.patch\r\n \r\n As usual we very strongly recommend to install our Suhosin-Patch\r\n and the Suhosin Extension. Once again it was proved, that our\r\n patch protects users of PHP against unknown flaws within PHP.\r\n Users of our patch have been protected against this flaw for about\r\n 2 years now.\r\n \r\n Our Suhosin extension on the other hand supports transparent\r\n cookie encryption. When TCE is activated, which is the default\r\n setting, and the encryption key is set it is not possible for\r\n an external attacker to exploit the unserialize() flaws in our\r\n examples: phpBB and Serendipity.\r\n\r\n Grab your copy and more information at:\r\n \r\n http://www.hardened-php.net/suhosin/index.html\r\n\r\n\r\nCVE Information:\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\n assigned the name CVE-2006-4812 to this vulnerability.\r\n \r\n\r\nGPG-Key:\r\n\r\n http://www.hardened-php.net/hardened-php-signature-key.asc\r\n\r\n pub 1024D/0A864AA1 2004-04-17 Hardened-PHP Signature Key\r\n Key fingerprint = 066F A6D0 E57E 9936 9082 7E52 4439 14CC 0A86 4AA1\r\n\r\n\r\nCopyright 2006 Stefan Esser. All rights reserved.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.3 (GNU/Linux)\r\n\r\niD8DBQFFKfzkRDkUzAqGSqERAkMuAKCw+OadmbMHtdRV9A3kh3o81nbaNACggDuD\r\nK5E+jNHI1LbxybPhlsBtWo8=\r\n=6AC+\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2006-10-09T00:00:00", "title": "Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2006-4812"], "modified": "2006-10-09T00:00:00", "id": "SECURITYVULNS:DOC:14602", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:14602", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:19", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2006:180\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : php\r\n Date : October 5, 2006\r\n Affected: 2006.0, 2007.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n An integer overflow was discovered in the PHP memory handling routines.\r\n If a script can cause memory allocation based on untrusted user data, a\r\n remote attacker sending a carefully crafted request could execute\r\n arbitrary code as the 'apache' user.\r\n\r\n Updated packages have been patched to correct these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4812\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Mandriva Linux 2006.0:\r\n 6ac30c43d712db9447f2be74ddfaa40a 2006.0/i586/libphp5_common5-5.0.4-9.15.20060mdk.i586.rpm\r\n df476188754c1df5da3a86b91f8c1987 2006.0/i586/php-cgi-5.0.4-9.15.20060mdk.i586.rpm\r\n 6a2593131e09a34423b3cbfa74edab9b 2006.0/i586/php-cli-5.0.4-9.15.20060mdk.i586.rpm\r\n 20efe33389dbb5304d732d09dce04463 2006.0/i586/php-devel-5.0.4-9.15.20060mdk.i586.rpm\r\n db440436a40b6f253d751714506a3e0d 2006.0/i586/php-fcgi-5.0.4-9.15.20060mdk.i586.rpm \r\n f1e6029968873eeaf58659e6f8f56f0f 2006.0/SRPMS/php-5.0.4-9.15.20060mdk.src.rpm\r\n\r\n Mandriva Linux 2006.0/X86_64:\r\n 82c8b4eb0e5bb855227846f6d3398bf9 2006.0/x86_64/lib64php5_common5-5.0.4-9.15.20060mdk.x86_64.rpm\r\n bbd0ab99535516869b6e1eafdc4e13dd 2006.0/x86_64/php-cgi-5.0.4-9.15.20060mdk.x86_64.rpm\r\n a27aaaf58e981e0d3cc118dec0c51f67 2006.0/x86_64/php-cli-5.0.4-9.15.20060mdk.x86_64.rpm\r\n 14388814a935ece2ca160d8423652dca 2006.0/x86_64/php-devel-5.0.4-9.15.20060mdk.x86_64.rpm\r\n 73de1863d4d02010b2061414d980e360 2006.0/x86_64/php-fcgi-5.0.4-9.15.20060mdk.x86_64.rpm \r\n f1e6029968873eeaf58659e6f8f56f0f 2006.0/SRPMS/php-5.0.4-9.15.20060mdk.src.rpm\r\n\r\n Mandriva Linux 2007.0:\r\n af43f53c775a56613baa08becc0ffd8e 2007.0/i586/libphp5_common5-5.1.6-1.1mdv2007.0.i586.rpm\r\n 4a7616b81b7b44690d743fa731e10c77 2007.0/i586/php-cgi-5.1.6-1.1mdv2007.0.i586.rpm\r\n a37c23311a003f8736ec0a3b3b29fa63 2007.0/i586/php-cli-5.1.6-1.1mdv2007.0.i586.rpm\r\n c6d085ba649258ae2ab6d092be64cdff 2007.0/i586/php-devel-5.1.6-1.1mdv2007.0.i586.rpm\r\n 8b2e2ab58f18a242ff3d2bc44859d144 2007.0/i586/php-fcgi-5.1.6-1.1mdv2007.0.i586.rpm \r\n f43ef0b533e7844b8320bbb2862a7a3e 2007.0/SRPMS/php-5.1.6-1.1mdv2007.0.src.rpm\r\n\r\n Mandriva Linux 2007.0/X86_64:\r\n 477c4dc57c253f33464a562ece238537 2007.0/x86_64/lib64php5_common5-5.1.6-1.1mdv2007.0.x86_64.rpm\r\n 0e437323d4dc15f9445de8991a9b69c9 2007.0/x86_64/php-cgi-5.1.6-1.1mdv2007.0.x86_64.rpm\r\n 75ffda1f5d0946401257f3f1f59c5c60 2007.0/x86_64/php-cli-5.1.6-1.1mdv2007.0.x86_64.rpm\r\n 30094b00441d0af123bc6170f7945ea4 2007.0/x86_64/php-devel-5.1.6-1.1mdv2007.0.x86_64.rpm\r\n ed779aabad5448745c9ef23f0eab9d63 2007.0/x86_64/php-fcgi-5.1.6-1.1mdv2007.0.x86_64.rpm \r\n f43ef0b533e7844b8320bbb2862a7a3e 2007.0/SRPMS/php-5.1.6-1.1mdv2007.0.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\r\n\r\niD8DBQFFJVpLmqjQ0CJFipgRAjlfAJ9OV39Yb97us6c9vKFOiZwwaE3ZWwCffp49\r\n1snZ5eKM19U4qu+Sb3Am4rs=\r\n=6GRb\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "edition": 1, "cvss3": {}, "published": "2006-10-06T00:00:00", "title": "[Full-disclosure] [ MDKSA-2006:180 ] - Updated php packages fix integer overflow vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2006-4812"], "modified": "2006-10-06T00:00:00", "id": "SECURITYVULNS:DOC:14564", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:14564", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2021-10-21T04:44:42", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nAn integer overflow was discovered in the PHP memory handling routines. If\r\na script can cause memory allocation based on untrusted user data, a remote\r\nattacker sending a carefully crafted request could execute arbitrary code\r\nas the 'apache' user. (CVE-2006-4812) \r\n\r\nThis issue did not affect the PHP packages distributed with Red Hat\r\nEnterprise Linux 3 or 4.\r\n\r\nUsers of PHP should upgrade to these updated packages which contain a\r\nbackported patch that corrects this issue.", "cvss3": {}, "published": "2006-10-05T00:00:00", "type": "redhat", "title": "(RHSA-2006:0708) php security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4812"], "modified": "2018-03-14T15:27:35", "id": "RHSA-2006:0708", "href": "https://access.redhat.com/errata/RHSA-2006:0708", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:39:13", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nAn integer overflow was discovered in the PHP memory handling routines. If\r\na script can cause memory allocation based on untrusted user data, a remote\r\nattacker sending a carefully crafted request could execute arbitrary code\r\nas the 'apache' user. (CVE-2006-4812)\r\n\r\nA buffer overflow was discovered in the PHP sscanf() function. If a script\r\nused the sscanf() function with positional arguments in the format string,\r\na remote attacker sending a carefully crafted request could execute\r\narbitrary code as the 'apache' user. (CVE-2006-4020)\r\n\r\nAn integer overflow was discovered in the PHP wordwrap() and str_repeat()\r\nfunctions. If a script running on a 64-bit server used either of these\r\nfunctions on untrusted user data, a remote attacker sending a carefully\r\ncrafted request might be able to cause a heap overflow. (CVE-2006-4482)\r\n\r\nA buffer overflow was discovered in the PHP gd extension. If a script was\r\nset up to process GIF images from untrusted sources using the gd extension,\r\na remote attacker could cause a heap overflow. (CVE-2006-4484)\r\n\r\nA buffer overread was discovered in the PHP stripos() function. If a\r\nscript used the stripos() function with untrusted user data, PHP may read\r\npast the end of a buffer, which could allow a denial of service attack by a\r\nremote user. (CVE-2006-4485)\r\n\r\nAn integer overflow was discovered in the PHP memory allocation handling. \r\nOn 64-bit platforms, the \"memory_limit\" setting was not enforced correctly,\r\nwhich could allow a denial of service attack by a remote user. (CVE-2006-4486)\r\n\r\nThese packages also contain a fix for a bug where certain input strings to\r\nthe metaphone() function could cause memory corruption.\r\n\r\nUsers of PHP should upgrade to these updated packages, which contain\r\nbackported patches to correct these issues.", "cvss3": {}, "published": "2006-10-05T00:00:00", "type": "redhat", "title": "(RHSA-2006:0688) php security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4020", "CVE-2006-4482", "CVE-2006-4484", "CVE-2006-4485", "CVE-2006-4486", "CVE-2006-4812"], "modified": "2019-03-22T19:44:18", "id": "RHSA-2006:0688", "href": "https://access.redhat.com/errata/RHSA-2006:0688", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T13:15:18", "description": "Updated PHP packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nAn integer overflow was discovered in the PHP memory handling routines. If a script can cause memory allocation based on untrusted user data, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4812)\n\nThis issue did not affect the PHP packages distributed with Red Hat Enterprise Linux 3 or 4.\n\nUsers of PHP should upgrade to these updated packages which contain a backported patch that corrects this issue.", "cvss3": {"score": null, "vector": null}, "published": "2006-10-10T00:00:00", "type": "nessus", "title": "RHEL 2.1 : php (RHSA-2006:0708)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4812"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-manual", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "cpe:/o:redhat:enterprise_linux:2.1"], "id": "REDHAT-RHSA-2006-0708.NASL", "href": "https://www.tenable.com/plugins/nessus/22524", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0708. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22524);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-4812\");\n script_bugtraq_id(20349);\n script_xref(name:\"RHSA\", value:\"2006:0708\");\n\n script_name(english:\"RHEL 2.1 : php (RHSA-2006:0708)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix an integer overflow flaw are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nAn integer overflow was discovered in the PHP memory handling\nroutines. If a script can cause memory allocation based on untrusted\nuser data, a remote attacker sending a carefully crafted request could\nexecute arbitrary code as the 'apache' user. (CVE-2006-4812)\n\nThis issue did not affect the PHP packages distributed with Red Hat\nEnterprise Linux 3 or 4.\n\nUsers of PHP should upgrade to these updated packages which contain a\nbackported patch that corrects this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0708\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/10/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0708\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-4.1.2-2.12\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-devel-4.1.2-2.12\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-imap-4.1.2-2.12\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-ldap-4.1.2-2.12\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-manual-4.1.2-2.12\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-mysql-4.1.2-2.12\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-odbc-4.1.2-2.12\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-pgsql-4.1.2-2.12\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-imap / php-ldap / php-manual / php-mysql / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:15:19", "description": "Stefan Esser reports :\n\nThe PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc() that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch.\n\nIt was discovered that such an integer overflow can be triggered when user input is passed to the unserialize() function. Earlier vulnerabilities in PHP's unserialize() that were also discovered by one of our audits in December 2004 are unrelated to the newly discovered flaw, but they have shown, that the unserialize() function is exposed to user-input in many popular PHP applications. Examples for applications that use the content of COOKIE variables with unserialize() are phpBB and Serendipity.\n\nThe successful exploitation of this integer overflow will result in arbitrary code execution.", "cvss3": {"score": null, "vector": null}, "published": "2006-10-10T00:00:00", "type": "nessus", "title": "FreeBSD : php -- _ecalloc Integer Overflow Vulnerability (e329550b-54f7-11db-a5ae-00508d6a62df)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4812"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mod_php5", "p-cpe:/a:freebsd:freebsd:php5", "p-cpe:/a:freebsd:freebsd:php5-cgi", "p-cpe:/a:freebsd:freebsd:php5-cli", "p-cpe:/a:freebsd:freebsd:php5-dtc", "p-cpe:/a:freebsd:freebsd:php5-horde", "p-cpe:/a:freebsd:freebsd:php5-nms", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_E329550B54F711DBA5AE00508D6A62DF.NASL", "href": "https://www.tenable.com/plugins/nessus/22520", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22520);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-4812\");\n script_xref(name:\"Secunia\", value:\"22280\");\n\n script_name(english:\"FreeBSD : php -- _ecalloc Integer Overflow Vulnerability (e329550b-54f7-11db-a5ae-00508d6a62df)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stefan Esser reports :\n\nThe PHP 5 branch of the PHP source code lacks the protection against\npossible integer overflows inside ecalloc() that is present in the PHP\n4 branch and also for several years part of our Hardening-Patch and\nour new Suhosin-Patch.\n\nIt was discovered that such an integer overflow can be triggered when\nuser input is passed to the unserialize() function. Earlier\nvulnerabilities in PHP's unserialize() that were also discovered by\none of our audits in December 2004 are unrelated to the newly\ndiscovered flaw, but they have shown, that the unserialize() function\nis exposed to user-input in many popular PHP applications. Examples\nfor applications that use the content of COOKIE variables with\nunserialize() are phpBB and Serendipity.\n\nThe successful exploitation of this integer overflow will result in\narbitrary code execution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.hardened-php.net/advisory_092006.133.html\"\n );\n # https://vuxml.freebsd.org/freebsd/e329550b-54f7-11db-a5ae-00508d6a62df.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?512c71e5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-dtc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-horde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-nms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php5<5.1.6_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-cli>=5<5.1.6_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-cgi>=5<5.1.6_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-dtc>=5<5.1.6_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-horde>=5<5.1.6_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-nms>=5<5.1.6_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mod_php5>=5<5.1.6_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T14:56:50", "description": "The remote host is running a version of PHP 4.x older than 4.3.0. As such, it reportedly has an integer overflow in array creation that can be triggered by user-input passed to an 'unserialize()' function. \n\nSuccessful exploitation of this vulnerability could allow an attacker to execute arbitrary code on this host.", "cvss3": {"score": null, "vector": null}, "published": "2012-01-11T00:00:00", "type": "nessus", "title": "PHP 4.x < 4.3.0 ZendEngine Integer Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4812"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_4_3_0_ZENDENGINE.NASL", "href": "https://www.tenable.com/plugins/nessus/17796", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17796);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2006-4812\");\n script_bugtraq_id(20349);\n\n script_name(english:\"PHP 4.x < 4.3.0 ZendEngine Integer Overflow\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Arbitrary code may be run on the remote server.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of PHP 4.x older than 4.3.0. As\nsuch, it reportedly has an integer overflow in array creation that can\nbe triggered by user-input passed to an 'unserialize()' function. \n\nSuccessful exploitation of this vulnerability could allow an attacker\nto execute arbitrary code on this host.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.hardened-php.net/advisory_092006.133.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP 4.3.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\n#\n# The script code starts here\n#\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version !~ \"^4\\.\") exit(0, \"The web server on port \"+port+\" uses PHP \"+version+\" rather than 4.x.\");\n\nif (version =~ \"^4\\.[0-2]\\.\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 4.3.0\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:14:49", "description": "The remote host is affected by the vulnerability described in GLSA-200610-14 (PHP: Integer overflow)\n\n A flaw in the PHP memory handling routines allows an unserialize() call to be executed on non-allocated memory due to a previous integer overflow.\n Impact :\n\n An attacker could execute arbitrary code with the rights of the web server user or the user running a vulnerable PHP script.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2006-10-31T00:00:00", "type": "nessus", "title": "GLSA-200610-14 : PHP: Integer overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4812"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:php", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200610-14.NASL", "href": "https://www.tenable.com/plugins/nessus/22929", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200610-14.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22929);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-4812\");\n script_bugtraq_id(20349);\n script_xref(name:\"GLSA\", value:\"200610-14\");\n\n script_name(english:\"GLSA-200610-14 : PHP: Integer overflow\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200610-14\n(PHP: Integer overflow)\n\n A flaw in the PHP memory handling routines allows an unserialize() call\n to be executed on non-allocated memory due to a previous integer\n overflow.\n \nImpact :\n\n An attacker could execute arbitrary code with the rights of the web\n server user or the user running a vulnerable PHP script.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200610-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All PHP 5.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-5.1.6-r6'\n All PHP 4.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-4.4.4-r6'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/31\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/php\", unaffected:make_list(\"rge 4.4.4-r6\", \"rge 4.4.6\", \"rge 4.4.7\", \"rge 4.4.8_pre20070816\", \"ge 5.1.6-r6\"), vulnerable:make_list(\"lt 5.1.6-r6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PHP\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:12:02", "description": "The ini_restore() method could be exploited to reset options set in the webserver config to their default values. (CVE-2006-4625)\n\nThe memory handling routines contained an integer overflow.\n(CVE-2006-4812)", "cvss3": {"score": null, "vector": null}, "published": "2007-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : PHP (ZYPP Patch Number 2152)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4625", "CVE-2006-4812"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_APACHE2-MOD_PHP5-2152.NASL", "href": "https://www.tenable.com/plugins/nessus/29375", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29375);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-4625\", \"CVE-2006-4812\");\n\n script_name(english:\"SuSE 10 Security Update : PHP (ZYPP Patch Number 2152)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The ini_restore() method could be exploited to reset options set in\nthe webserver config to their default values. (CVE-2006-4625)\n\nThe memory handling routines contained an integer overflow.\n(CVE-2006-4812)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4625.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4812.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2152.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"apache2-mod_php5-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-bcmath-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-curl-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-dba-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-devel-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-dom-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-exif-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-fastcgi-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-ftp-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-gd-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-iconv-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-imap-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-ldap-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-mbstring-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-mysql-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-mysqli-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-pdo-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-pear-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-pgsql-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-soap-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-wddx-5.1.2-29.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"php5-xmlrpc-5.1.2-29.19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:13:09", "description": "The ini_restore() method could be exploited to reset options set in the webserver config to their default values (CVE-2006-4625).\n\nThe memory handling routines contained an integer overflow (CVE-2006-4812).", "cvss3": {"score": null, "vector": null}, "published": "2007-10-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-2153)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4625", "CVE-2006-4812"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-mysqli", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_APACHE2-MOD_PHP5-2153.NASL", "href": "https://www.tenable.com/plugins/nessus/27147", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-mod_php5-2153.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27147);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-4625\", \"CVE-2006-4812\");\n\n script_name(english:\"openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-2153)\");\n script_summary(english:\"Check for the apache2-mod_php5-2153 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The ini_restore() method could be exploited to reset options set in\nthe webserver config to their default values (CVE-2006-4625).\n\nThe memory handling routines contained an integer overflow\n(CVE-2006-4812).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_php5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"apache2-mod_php5-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-bcmath-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-curl-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-dba-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-devel-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-dom-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-exif-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-fastcgi-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-ftp-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-gd-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-iconv-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-imap-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-ldap-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-mbstring-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-mysql-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-mysqli-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-pdo-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-pear-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-pgsql-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-soap-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-wddx-5.1.2-29.19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-xmlrpc-5.1.2-29.19\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:19:55", "description": "The remote host is missing the patch for the advisory SUSE-SA:2006:059 (php4,php5).\n\n\nThe ini_restore() method could be exploited to reset options such as open_basedir when set via the web server config file to their default value set in php.ini (CVE-2006-4625).\n\nAdditionally php5 on all products as well as php4 on SLES8 were vulnerable to an integer overflow problem in the memory allocation routine. This bug can be exploited to execute arbitrary code with the uid of the web server (CVE-2006-4812).\nThanks to Stefan Esser for reporting the problem.", "cvss3": {}, "published": "2007-02-18T00:00:00", "type": "nessus", "title": "SUSE-SA:2006:059: php4,php5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4625", "CVE-2006-4812"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SUSE_SA_2006_059.NASL", "href": "https://www.tenable.com/plugins/nessus/24437", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:059\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(24437);\n script_version(\"1.10\");\n \n name[\"english\"] = \"SUSE-SA:2006:059: php4,php5\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2006:059 (php4,php5).\n\n\nThe ini_restore() method could be exploited to reset options such as\nopen_basedir when set via the web server config file to their default\nvalue set in php.ini (CVE-2006-4625).\n\nAdditionally php5 on all products as well as php4 on SLES8 were\nvulnerable to an integer overflow problem in the memory\nallocation routine. This bug can be exploited to execute\narbitrary code with the uid of the web server (CVE-2006-4812).\nThanks to Stefan Esser for reporting the problem.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.novell.com/linux/security/advisories/2006_59_php.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"Medium\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/02/18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the php4,php5 package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"apache2-mod_php4-4.4.0-6.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-mod_php5-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-4.4.0-6.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-curl-4.4.0-6.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-devel-4.4.0-6.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-exif-4.4.0-6.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-fastcgi-4.4.0-6.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-gd-4.4.0-6.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-imap-4.4.0-6.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-mbstring-4.4.0-6.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-pgsql-4.4.0-6.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-servlet-4.4.0-6.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-session-4.4.0-6.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-unixODBC-4.4.0-6.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-wddx-4.4.0-6.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-bcmath-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-curl-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-devel-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-dom-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-exif-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-fastcgi-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-ftp-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-gd-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-iconv-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-imap-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-ldap-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-mbstring-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-mysql-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-mysqli-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-pear-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-pgsql-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-soap-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-wddx-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-xmlrpc-5.0.4-9.20\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-mod_php4-4.3.8-8.33\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mod_php4-servlet-4.3.8-8.33\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-4.3.8-8.33\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-curl-4.3.8-8.33\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-devel-4.3.8-8.33\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-exif-4.3.8-8.33\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-fastcgi-4.3.8-8.33\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-gd-4.3.8-8.33\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-imap-4.3.8-8.33\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-mbstring-4.3.8-8.33\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-pear-4.3.8-8.33\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-pgsql-4.3.8-8.33\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-session-4.3.8-8.33\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-sysvshm-4.3.8-8.33\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-wddx-4.3.8-8.33\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-mod_php4-4.3.10-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-mod_php5-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mod_php4-servlet-4.3.10-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-4.3.10-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-curl-4.3.10-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-devel-4.3.10-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-exif-4.3.10-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-fastcgi-4.3.10-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-gd-4.3.10-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-imap-4.3.10-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-mbstring-4.3.10-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-pear-4.3.10-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-pgsql-4.3.10-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-session-4.3.10-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-sysvshm-4.3.10-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-wddx-4.3.10-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-bcmath-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-curl-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-dba-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-devel-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-dom-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-exif-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-fastcgi-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-ftp-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-gd-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-iconv-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-imap-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-ldap-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-mbstring-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-mysql-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-mysqli-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-pear-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-pgsql-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-soap-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-sysvmsg-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-sysvshm-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-wddx-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-xmlrpc-5.0.3-14.30\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-04-12T15:05:52", "description": "The remote host is running PHP 4.3.0.\n\nThere is a flaw in this version that could allow an attacker to execute arbitrary PHP code on this host.", "cvss3": {"score": null, "vector": null}, "published": "2003-02-18T00:00:00", "type": "nessus", "title": "PHP < 4.3.1 CGI Module Force Redirect Settings Bypass Arbitrary File Access", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0097", "CVE-2006-4812"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_4_3_0.NASL", "href": "https://www.tenable.com/plugins/nessus/11237", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11237);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2003-0097\", \"CVE-2006-4812\");\n script_bugtraq_id(6875);\n\n script_name(english:\"PHP < 4.3.1 CGI Module Force Redirect Settings Bypass Arbitrary File Access\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Arbitrary code may be run on the remote server.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running PHP 4.3.0.\n\nThere is a flaw in this version that could allow an attacker to execute\narbitrary PHP code on this host.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP 4.3.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\n#\n# The script code starts here\n#\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ \"^4\\.3\\.0($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 4.3.1\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:12:44", "description": "The stripos() function did not check for invalidly long or empty haystack strings. In an application that uses this function on arbitrary untrusted data this could be exploited to crash the PHP interpreter. (CVE-2006-4485)\n\nAn integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the 'memory_limit' setting was not enforced correctly. A remote attacker could exploit this to cause a Denial of Service attack through memory exhaustion. (CVE-2006-4486)\n\nMaksymilian Arciemowicz discovered that security relevant configuration options like open_basedir and safe_mode (which can be configured in Apache's httpd.conf) could be bypassed and reset to their default value in php.ini by using the ini_restore() function.\n(CVE-2006-4625)\n\nStefan Esser discovered that the ecalloc() function in the Zend engine did not check for integer overflows. This particularly affected the unserialize() function. In applications which unserialize untrusted user-defined data, this could be exploited to execute arbitrary code with the application's privileges. (CVE-2006-4812).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2007-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-362-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4485", "CVE-2006-4486", "CVE-2006-4625", "CVE-2006-4812"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php4", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:php-pear", "p-cpe:/a:canonical:ubuntu_linux:php4", "p-cpe:/a:canonical:ubuntu_linux:php4-cgi", "p-cpe:/a:canonical:ubuntu_linux:php4-cli", "p-cpe:/a:canonical:ubuntu_linux:php4-common", "p-cpe:/a:canonical:ubuntu_linux:php4-dev", "p-cpe:/a:canonical:ubuntu_linux:php5", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-common", "p-cpe:/a:canonical:ubuntu_linux:php5-curl", "p-cpe:/a:canonical:ubuntu_linux:php5-dev", "p-cpe:/a:canonical:ubuntu_linux:php5-gd", "p-cpe:/a:canonical:ubuntu_linux:php5-ldap", "p-cpe:/a:canonical:ubuntu_linux:php5-mhash", "p-cpe:/a:canonical:ubuntu_linux:php5-mysql", "p-cpe:/a:canonical:ubuntu_linux:php5-mysqli", "p-cpe:/a:canonical:ubuntu_linux:php5-odbc", "p-cpe:/a:canonical:ubuntu_linux:php5-pgsql", "p-cpe:/a:canonical:ubuntu_linux:php5-recode", "p-cpe:/a:canonical:ubuntu_linux:php5-snmp", "p-cpe:/a:canonical:ubuntu_linux:php5-sqlite", "p-cpe:/a:canonical:ubuntu_linux:php5-sybase", "p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc", "p-cpe:/a:canonical:ubuntu_linux:php5-xsl", "cpe:/o:canonical:ubuntu_linux:5.04", "cpe:/o:canonical:ubuntu_linux:5.10", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-362-1.NASL", "href": "https://www.tenable.com/plugins/nessus/27942", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-362-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27942);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-4485\", \"CVE-2006-4486\", \"CVE-2006-4625\", \"CVE-2006-4812\");\n script_bugtraq_id(19582, 19933, 20349);\n script_xref(name:\"USN\", value:\"362-1\");\n\n script_name(english:\"Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-362-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The stripos() function did not check for invalidly long or empty\nhaystack strings. In an application that uses this function on\narbitrary untrusted data this could be exploited to crash the PHP\ninterpreter. (CVE-2006-4485)\n\nAn integer overflow was discovered in the PHP memory allocation\nhandling. On 64-bit platforms, the 'memory_limit' setting was not\nenforced correctly. A remote attacker could exploit this to cause a\nDenial of Service attack through memory exhaustion. (CVE-2006-4486)\n\nMaksymilian Arciemowicz discovered that security relevant\nconfiguration options like open_basedir and safe_mode (which can be\nconfigured in Apache's httpd.conf) could be bypassed and reset to\ntheir default value in php.ini by using the ini_restore() function.\n(CVE-2006-4625)\n\nStefan Esser discovered that the ecalloc() function in the Zend engine\ndid not check for integer overflows. This particularly affected the\nunserialize() function. In applications which unserialize untrusted\nuser-defined data, this could be exploited to execute arbitrary code\nwith the application's privileges. (CVE-2006-4812).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/362-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.04|5\\.10|6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.04 / 5.10 / 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libapache2-mod-php4\", pkgver:\"4:4.3.10-10ubuntu4.8\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4\", pkgver:\"4.3.10-10ubuntu4.8\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-cgi\", pkgver:\"4:4.3.10-10ubuntu4.8\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-cli\", pkgver:\"4:4.3.10-10ubuntu4.8\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-common\", pkgver:\"4.3.10-10ubuntu4.8\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-dev\", pkgver:\"4.3.10-10ubuntu4.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php-pear\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-cgi\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-cli\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-common\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-curl\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-dev\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-gd\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-ldap\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-mhash\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-mysql\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-odbc\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-pgsql\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-recode\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-snmp\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-sqlite\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-sybase\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-xmlrpc\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-xsl\", pkgver:\"5.0.5-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php-pear\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cgi\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cli\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-common\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-curl\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-dev\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-gd\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-ldap\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mhash\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysql\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysqli\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-odbc\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-pgsql\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-recode\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-snmp\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sqlite\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sybase\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xmlrpc\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xsl\", pkgver:\"5.1.2-1ubuntu3.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php4 / libapache2-mod-php5 / php-pear / php4 / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:15:16", "description": "This update includes the latest upstream release of PHP 5.1, version 5.1.6, fixing a number of security vulnerabilities, and other bugs.\n\nAn integer overflow was discovered in the PHP memory handling routines. If a script can cause memory allocation based on untrusted user data, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4812)\n\nA buffer overflow was discovered in the PHP sscanf() function. If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4020)\n\nAn integer overflow was discovered in the PHP wordwrap() and str_repeat() functions. If a script running on a 64-bit server used either of these functions on untrusted user data, a remote attacker sending a carefully crafted request might be able to cause a heap overflow. (CVE-2006-4482)\n\nA buffer overflow was discovered in the PHP gd extension. If a script was set up to process GIF images from untrusted sources using the gd extension, a remote attacker could cause a heap overflow.\n(CVE-2006-4484)\n\nA buffer overread was discovered in the PHP stripos() function. If a script used the stripos() function with untrusted user data, PHP may read past the end of a buffer, which could allow a denial of service attack by a remote user. (CVE-2006-4485)\n\nAn integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the 'memory_limit' setting was not enforced correctly, which could allow a denial of service attack by a remote user. (CVE-2006-4486)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2007-01-17T00:00:00", "type": "nessus", "title": "Fedora Core 5 : php-5.1.6-1.1 (2006-1024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4020", "CVE-2006-4482", "CVE-2006-4484", "CVE-2006-4485", "CVE-2006-4486", "CVE-2006-4812"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-bcmath", "p-cpe:/a:fedoraproject:fedora:php-dba", "p-cpe:/a:fedoraproject:fedora:php-debuginfo", "p-cpe:/a:fedoraproject:fedora:php-devel", "p-cpe:/a:fedoraproject:fedora:php-gd", "p-cpe:/a:fedoraproject:fedora:php-imap", "p-cpe:/a:fedoraproject:fedora:php-ldap", "p-cpe:/a:fedoraproject:fedora:php-mbstring", "p-cpe:/a:fedoraproject:fedora:php-mysql", "p-cpe:/a:fedoraproject:fedora:php-ncurses", "p-cpe:/a:fedoraproject:fedora:php-odbc", "p-cpe:/a:fedoraproject:fedora:php-pdo", "p-cpe:/a:fedoraproject:fedora:php-pgsql", "p-cpe:/a:fedoraproject:fedora:php-snmp", "p-cpe:/a:fedoraproject:fedora:php-soap", "p-cpe:/a:fedoraproject:fedora:php-xml", "p-cpe:/a:fedoraproject:fedora:php-xmlrpc", "cpe:/o:fedoraproject:fedora_core:5"], "id": "FEDORA_2006-1024.NASL", "href": "https://www.tenable.com/plugins/nessus/24032", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-1024.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24032);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(19415, 19582, 20349);\n script_xref(name:\"FEDORA\", value:\"2006-1024\");\n\n script_name(english:\"Fedora Core 5 : php-5.1.6-1.1 (2006-1024)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes the latest upstream release of PHP 5.1, version\n5.1.6, fixing a number of security vulnerabilities, and other bugs.\n\nAn integer overflow was discovered in the PHP memory handling\nroutines. If a script can cause memory allocation based on untrusted\nuser data, a remote attacker sending a carefully crafted request could\nexecute arbitrary code as the 'apache' user. (CVE-2006-4812)\n\nA buffer overflow was discovered in the PHP sscanf() function. If a\nscript used the sscanf() function with positional arguments in the\nformat string, a remote attacker sending a carefully crafted request\ncould execute arbitrary code as the 'apache' user. (CVE-2006-4020)\n\nAn integer overflow was discovered in the PHP wordwrap() and\nstr_repeat() functions. If a script running on a 64-bit server used\neither of these functions on untrusted user data, a remote attacker\nsending a carefully crafted request might be able to cause a heap\noverflow. (CVE-2006-4482)\n\nA buffer overflow was discovered in the PHP gd extension. If a script\nwas set up to process GIF images from untrusted sources using the gd\nextension, a remote attacker could cause a heap overflow.\n(CVE-2006-4484)\n\nA buffer overread was discovered in the PHP stripos() function. If a\nscript used the stripos() function with untrusted user data, PHP may\nread past the end of a buffer, which could allow a denial of service\nattack by a remote user. (CVE-2006-4485)\n\nAn integer overflow was discovered in the PHP memory allocation\nhandling. On 64-bit platforms, the 'memory_limit' setting was not\nenforced correctly, which could allow a denial of service attack by a\nremote user. (CVE-2006-4486)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2006-October/000666.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bc45eb90\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"php-5.1.6-1.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"php-bcmath-5.1.6-1.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"php-dba-5.1.6-1.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"php-debuginfo-5.1.6-1.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"php-devel-5.1.6-1.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"php-gd-5.1.6-1.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"php-imap-5.1.6-1.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"php-ldap-5.1.6-1.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"php-mbstring-5.1.6-1.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"php-mysql-5.1.6-1.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"php-ncurses-5.1.6-1.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"php-odbc-5.1.6-1.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"php-pdo-5.1.6-1.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"php-pgsql-5.1.6-1.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"php-snmp-5.1.6-1.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"php-soap-5.1.6-1.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"php-xml-5.1.6-1.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"php-xmlrpc-5.1.6-1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-dba / php-debuginfo / php-devel / php-gd / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:10:43", "description": " According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2.0. Such versions may be affected by several buffer overflows To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script to the remote server, or to be able to manipulate several variables processed by some PHP functions such as htmlentities(). ", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2008-03-25T00:00:00", "type": "nessus", "title": "PHP 5.x < 5.2.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4812", "CVE-2006-4486", "CVE-2006-5465", "CVE-2006-4625", "CVE-2007-0448", "CVE-2007-5424", "CVE-2006-5706", "CVE-2007-1584", "CVE-2006-1015", "CVE-2006-1549", "CVE-2006-2660", "CVE-2006-7205", "CVE-2007-1381", "CVE-2007-1888", "CVE-2007-2844"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "4444.PRM", "href": "https://www.tenable.com/plugins/nnm/4444", "sourceData": "Binary data 4444.prm", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:28:23", "description": "According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may be affected by several buffer overflows. \n\nTo exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server or to manipulate several variables processed by some PHP functions such as 'htmlentities().'", "cvss3": {"score": null, "vector": null}, "published": "2008-03-25T00:00:00", "type": "nessus", "title": "PHP 5.x < 5.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1015", "CVE-2006-1549", "CVE-2006-2660", "CVE-2006-4486", "CVE-2006-4625", "CVE-2006-4812", "CVE-2006-5465", "CVE-2006-5706", "CVE-2006-7205", "CVE-2007-0448", "CVE-2007-1381", "CVE-2007-1584", "CVE-2007-1888", "CVE-2007-2844", "CVE-2007-5424"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_2_0.NASL", "href": "https://www.tenable.com/plugins/nessus/31649", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31649);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2006-1015\",\n \"CVE-2006-1549\",\n \"CVE-2006-2660\",\n \"CVE-2006-4486\",\n \"CVE-2006-4625\",\n \"CVE-2006-4812\",\n \"CVE-2006-5465\",\n \"CVE-2006-5706\",\n \"CVE-2006-7205\",\n \"CVE-2007-0448\",\n \"CVE-2007-1381\",\n \"CVE-2007-1584\",\n \"CVE-2007-1888\",\n \"CVE-2007-2844\",\n \"CVE-2007-5424\"\n );\n script_bugtraq_id(20349, 20879, 49634);\n\n script_name(english:\"PHP 5.x < 5.2 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple buffer overflows.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.x installed on the\nremote host is older than 5.2. Such versions may be affected by\nseveral buffer overflows. \n\nTo exploit these issues, an attacker would need the ability to upload\nan arbitrary PHP script on the remote server or to manipulate several\nvariables processed by some PHP functions such as 'htmlentities().'\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.hardened-php.net/advisory_092006.133.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/releases/5_2_0.php\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.2.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94, 119, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version !~ \"^5\\.\") exit(0, \"The web server on port \"+port+\" uses PHP \"+version+\" rather than 5.x.\");\n\nif (version =~ \"^5\\.[0-1]\\.\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.2\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-02T21:10:21", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: php5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4812"], "modified": "2016-09-27T00:00:00", "id": "OPENVAS:57457", "href": "http://plugins.openvas.org/nasl.php?oid=57457", "sourceData": "#\n#VID e329550b-54f7-11db-a5ae-00508d6a62df\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n php5 php5-cli php5-cgi php5-dtc\n php5-horde php5-nms mod_php5\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/22280/\nhttp://www.vuxml.org/freebsd/e329550b-54f7-11db-a5ae-00508d6a62df.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(57457);\n script_version(\"$Revision: 4148 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-27 07:32:19 +0200 (Tue, 27 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-4812\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: php5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"php5\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.1.6_1\")<0) {\n txt += 'Package php5 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php5-cli\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package php5-cli version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php5-cgi\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package php5-cgi version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php5-dtc\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package php5-dtc version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php5-horde\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package php5-horde version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php5-nms\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package php5-nms version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mod_php5\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package mod_php5 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:25", "description": "The remote host is missing updates announced in\nadvisory GLSA 200610-14.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200610-14 (php)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4812"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57912", "href": "http://plugins.openvas.org/nasl.php?oid=57912", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is vulnerable to an integer overflow potentially allowing the remote\nexecution of arbitrary code.\";\ntag_solution = \"All PHP 5.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-5.1.6-r6'\n\nAll PHP 4.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-4.4.4-r6'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200610-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=150261\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200610-14.\";\n\n \n\nif(description)\n{\n script_id(57912);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-4812\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200610-14 (php)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-lang/php\", unaffected: make_list(\"rge 4.4.4-r6\", \"ge 5.1.6-r6\"), vulnerable: make_list(\"lt 5.1.6-r6\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:17", "description": "Check for the Version of php", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2007-287", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0907", "CVE-2007-0909", "CVE-2007-0910", "CVE-2007-0988", "CVE-2006-4812", "CVE-2007-0906", "CVE-2007-0908", "CVE-2006-5465"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861271", "href": "http://plugins.openvas.org/nasl.php?oid=861271", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2007-287\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"php on Fedora Core 5\";\ntag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\n easy for developers to write dynamically generated webpages. PHP also\n offers built-in database integration for several commercial and\n non-commercial database management systems, so writing a\n database-enabled webpage with PHP is fairly simple. The most common\n use of PHP coding is probably as a replacement for CGI scripts. The\n mod_php module enables the Apache Web server to understand and process\n the embedded PHP language in Web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-February/msg00152.html\");\n script_id(861271);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-287\");\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0988\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0907\", \"CVE-2007-0910\", \"CVE-2006-5465\", \"CVE-2006-4812\");\n script_name( \"Fedora Update for php FEDORA-2007-287\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-xml\", rpm:\"x86_64/php-xml~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-snmp\", rpm:\"x86_64/php-snmp~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-dba\", rpm:\"x86_64/php-dba~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/php-debuginfo\", rpm:\"x86_64/debug/php-debuginfo~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-odbc\", rpm:\"x86_64/php-odbc~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-mbstring\", rpm:\"x86_64/php-mbstring~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-soap\", rpm:\"x86_64/php-soap~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-ncurses\", rpm:\"x86_64/php-ncurses~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-pgsql\", rpm:\"x86_64/php-pgsql~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php\", rpm:\"x86_64/php~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-mysql\", rpm:\"x86_64/php-mysql~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-gd\", rpm:\"x86_64/php-gd~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-xmlrpc\", rpm:\"x86_64/php-xmlrpc~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-bcmath\", rpm:\"x86_64/php-bcmath~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-imap\", rpm:\"x86_64/php-imap~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-pdo\", rpm:\"x86_64/php-pdo~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-devel\", rpm:\"x86_64/php-devel~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-ldap\", rpm:\"x86_64/php-ldap~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-xml\", rpm:\"i386/php-xml~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-ldap\", rpm:\"i386/php-ldap~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-pdo\", rpm:\"i386/php-pdo~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-xmlrpc\", rpm:\"i386/php-xmlrpc~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-mbstring\", rpm:\"i386/php-mbstring~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php\", rpm:\"i386/php~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-odbc\", rpm:\"i386/php-odbc~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-snmp\", rpm:\"i386/php-snmp~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/php-debuginfo\", rpm:\"i386/debug/php-debuginfo~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-soap\", rpm:\"i386/php-soap~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-dba\", rpm:\"i386/php-dba~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-devel\", rpm:\"i386/php-devel~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-gd\", rpm:\"i386/php-gd~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-ncurses\", rpm:\"i386/php-ncurses~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-bcmath\", rpm:\"i386/php-bcmath~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-pgsql\", rpm:\"i386/php-pgsql~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-mysql\", rpm:\"i386/php-mysql~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-imap\", rpm:\"i386/php-imap~5.1.6~1.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:28", "description": "Check for the Version of php", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2007-455", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0907", "CVE-2007-1285", "CVE-2007-0909", "CVE-2007-1001", "CVE-2007-1718", "CVE-2007-0910", "CVE-2007-0455", "CVE-2007-0988", "CVE-2006-4812", "CVE-2007-1583", "CVE-2007-0906", "CVE-2007-0908", "CVE-2006-5465"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861278", "href": "http://plugins.openvas.org/nasl.php?oid=861278", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2007-455\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"php on Fedora Core 5\";\ntag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\n easy for developers to write dynamically generated webpages. PHP also\n offers built-in database integration for several commercial and\n non-commercial database management systems, so writing a\n database-enabled webpage with PHP is fairly simple. The most common\n use of PHP coding is probably as a replacement for CGI scripts. The\n mod_php module enables the Apache Web server to understand and process\n the embedded PHP language in Web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00056.html\");\n script_id(861278);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:27:46 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-455\");\n script_cve_id(\"CVE-2007-1285\", \"CVE-2007-1583\", \"CVE-2007-1718\", \"CVE-2007-1001\", \"CVE-2007-0455\", \"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2006-5465\", \"CVE-2006-4812\");\n script_name( \"Fedora Update for php FEDORA-2007-455\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-mysql\", rpm:\"x86_64/php-mysql~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-xml\", rpm:\"x86_64/php-xml~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-soap\", rpm:\"x86_64/php-soap~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-ncurses\", rpm:\"x86_64/php-ncurses~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php\", rpm:\"x86_64/php~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-pdo\", rpm:\"x86_64/php-pdo~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-pgsql\", rpm:\"x86_64/php-pgsql~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-ldap\", rpm:\"x86_64/php-ldap~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-mbstring\", rpm:\"x86_64/php-mbstring~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-dba\", rpm:\"x86_64/php-dba~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-odbc\", rpm:\"x86_64/php-odbc~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-bcmath\", rpm:\"x86_64/php-bcmath~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-xmlrpc\", rpm:\"x86_64/php-xmlrpc~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-devel\", rpm:\"x86_64/php-devel~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-snmp\", rpm:\"x86_64/php-snmp~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/php-debuginfo\", rpm:\"x86_64/debug/php-debuginfo~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-imap\", rpm:\"x86_64/php-imap~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-gd\", rpm:\"x86_64/php-gd~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-mbstring\", rpm:\"i386/php-mbstring~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-xmlrpc\", rpm:\"i386/php-xmlrpc~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-dba\", rpm:\"i386/php-dba~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-devel\", rpm:\"i386/php-devel~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-mysql\", rpm:\"i386/php-mysql~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-snmp\", rpm:\"i386/php-snmp~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-xml\", rpm:\"i386/php-xml~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-pgsql\", rpm:\"i386/php-pgsql~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-bcmath\", rpm:\"i386/php-bcmath~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-imap\", rpm:\"i386/php-imap~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-pdo\", rpm:\"i386/php-pdo~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-odbc\", rpm:\"i386/php-odbc~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-gd\", rpm:\"i386/php-gd~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php\", rpm:\"i386/php~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/php-debuginfo\", rpm:\"i386/debug/php-debuginfo~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-soap\", rpm:\"i386/php-soap~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-ncurses\", rpm:\"i386/php-ncurses~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-ldap\", rpm:\"i386/php-ldap~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:32:03", "description": "PHP version smaller than 5.2.0 suffers from multiple vulnerabilities.", "cvss3": {}, "published": "2012-06-21T00:00:00", "type": "openvas", "title": "PHP Version < 5.2.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4486", "CVE-2007-2844", "CVE-2006-7205", "CVE-2006-2660", "CVE-2007-1381", "CVE-2007-1584", "CVE-2006-4625", "CVE-2007-0448", "CVE-2006-1015", "CVE-2006-4812", "CVE-2007-5424", "CVE-2006-1549", "CVE-2006-5465", "CVE-2006-5706", "CVE-2007-1888"], "modified": "2018-07-09T00:00:00", "id": "OPENVAS:1361412562310110173", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310110173", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: nopsec_php_5_2_0.nasl 10460 2018-07-09 07:50:03Z cfischer $\n#\n# PHP Version < 5.2.0 Multiple Vulnerabilities\n#\n# Authors:\n# Songhan Yu <syu@nopsec.com>\n#\n# Copyright:\n# Copyright NopSec Inc. 2012, http://www.nopsec.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.110173\");\n script_version(\"$Revision: 10460 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-09 09:50:03 +0200 (Mon, 09 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-21 11:43:12 +0100 (Thu, 21 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2006-1015\", \"CVE-2006-1549\", \"CVE-2006-2660\", \"CVE-2006-4486\",\n \"CVE-2006-4625\", \"CVE-2006-4812\", \"CVE-2006-5465\", \"CVE-2006-5706\",\n \"CVE-2006-7205\", \"CVE-2007-0448\", \"CVE-2007-1381\", \"CVE-2007-1584\",\n \"CVE-2007-1888\", \"CVE-2007-2844\", \"CVE-2007-5424\");\n script_bugtraq_id(20349, 20879, 49634);\n script_name(\"PHP Version < 5.2.0 Multiple Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright NopSec Inc. 2012\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_tag(name:\"solution\", value:\"Update PHP to version 5.2.0 or later.\");\n\n script_tag(name:\"summary\", value:\"PHP version smaller than 5.2.0 suffers from multiple vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"5.2.0\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.2.0\" );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:56:39", "description": "Check for the Version of php", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2007-526", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0907", "CVE-2007-1285", "CVE-2007-0909", "CVE-2007-1001", "CVE-2007-2510", "CVE-2007-2509", "CVE-2007-1718", "CVE-2007-0910", "CVE-2007-0455", "CVE-2007-0988", "CVE-2006-4812", "CVE-2007-1864", "CVE-2007-1583", "CVE-2007-0906", "CVE-2007-0908", "CVE-2006-5465"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861185", "href": "http://plugins.openvas.org/nasl.php?oid=861185", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2007-526\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"php on Fedora Core 5\";\ntag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\n easy for developers to write dynamically generated webpages. PHP also\n offers built-in database integration for several commercial and\n non-commercial database management systems, so writing a\n database-enabled webpage with PHP is fairly simple. The most common\n use of PHP coding is probably as a replacement for CGI scripts. The\n mod_php module enables the Apache Web server to understand and process\n the embedded PHP language in Web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-May/msg00045.html\");\n script_id(861185);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-526\");\n script_cve_id(\"CVE-2007-1864\", \"CVE-2007-2509\", \"CVE-2007-2510\", \"CVE-2007-0455\", \"CVE-2007-1001\", \"CVE-2007-1285\", \"CVE-2007-1583\", \"CVE-2007-1718\", \"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2006-5465\", \"CVE-2006-4812\");\n script_name( \"Fedora Update for php FEDORA-2007-526\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-pgsql\", rpm:\"x86_64/php-pgsql~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-bcmath\", rpm:\"x86_64/php-bcmath~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-ncurses\", rpm:\"x86_64/php-ncurses~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/php-debuginfo\", rpm:\"x86_64/debug/php-debuginfo~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php\", rpm:\"x86_64/php~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-ldap\", rpm:\"x86_64/php-ldap~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-soap\", rpm:\"x86_64/php-soap~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-dba\", rpm:\"x86_64/php-dba~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-gd\", rpm:\"x86_64/php-gd~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-devel\", rpm:\"x86_64/php-devel~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-imap\", rpm:\"x86_64/php-imap~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-xml\", rpm:\"x86_64/php-xml~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-mysql\", rpm:\"x86_64/php-mysql~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-xmlrpc\", rpm:\"x86_64/php-xmlrpc~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-pdo\", rpm:\"x86_64/php-pdo~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-mbstring\", rpm:\"x86_64/php-mbstring~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-snmp\", rpm:\"x86_64/php-snmp~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-odbc\", rpm:\"x86_64/php-odbc~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-xml\", rpm:\"i386/php-xml~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-pdo\", rpm:\"i386/php-pdo~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-imap\", rpm:\"i386/php-imap~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-xmlrpc\", rpm:\"i386/php-xmlrpc~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-bcmath\", rpm:\"i386/php-bcmath~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/php-debuginfo\", rpm:\"i386/debug/php-debuginfo~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-dba\", rpm:\"i386/php-dba~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php\", rpm:\"i386/php~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-ncurses\", rpm:\"i386/php-ncurses~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-devel\", rpm:\"i386/php-devel~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-mbstring\", rpm:\"i386/php-mbstring~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-odbc\", rpm:\"i386/php-odbc~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-gd\", rpm:\"i386/php-gd~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-pgsql\", rpm:\"i386/php-pgsql~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-mysql\", rpm:\"i386/php-mysql~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-snmp\", rpm:\"i386/php-snmp~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-ldap\", rpm:\"i386/php-ldap~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-soap\", rpm:\"i386/php-soap~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2022-02-27T15:57:37", "description": "**CentOS Errata and Security Advisory** CESA-2006:0708-01\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nAn integer overflow was discovered in the PHP memory handling routines. If\r\na script can cause memory allocation based on untrusted user data, a remote\r\nattacker sending a carefully crafted request could execute arbitrary code\r\nas the 'apache' user. (CVE-2006-4812) \r\n\r\nThis issue did not affect the PHP packages distributed with Red Hat\r\nEnterprise Linux 3 or 4.\r\n\r\nUsers of PHP should upgrade to these updated packages which contain a\r\nbackported patch that corrects this issue.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2006-October/050233.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-imap\nphp-ldap\nphp-manual\nphp-mysql\nphp-odbc\nphp-pgsql\n\n", "cvss3": {}, "published": "2006-10-09T01:04:12", "type": "centos", "title": "php security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4812"], "modified": "2006-10-09T01:04:12", "id": "CESA-2006:0708-01", "href": "https://lists.centos.org/pipermail/centos-announce/2006-October/050233.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2022-01-19T16:03:50", "description": "\n\nStefan Esser reports:\n\nThe PHP 5 branch of the PHP source code lacks the\n\t protection against possible integer overflows inside\n\t ecalloc() that is present in the PHP 4 branch and also for\n\t several years part of our Hardening-Patch and our new\n\t Suhosin-Patch.\nIt was discovered that such an integer overflow can be\n\t triggered when user input is passed to the unserialize()\n\t function. Earlier vulnerabilities in PHP's unserialize()\n\t that were also discovered by one of our audits in December\n\t 2004 are unrelated to the newly discovered flaw, but they\n\t have shown, that the unserialize() function is exposed to\n\t user-input in many popular PHP applications. Examples for\n\t applications that use the content of COOKIE variables with\n\t unserialize() are phpBB and Serendipity.\nThe successful exploitation of this integer overflow will\n\t result in arbitrary code execution.\n\n\n", "cvss3": {}, "published": "2006-09-30T00:00:00", "type": "freebsd", "title": "php -- _ecalloc Integer Overflow Vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4812"], "modified": "2013-04-01T00:00:00", "id": "E329550B-54F7-11DB-A5AE-00508D6A62DF", "href": "https://vuxml.freebsd.org/freebsd/e329550b-54f7-11db-a5ae-00508d6a62df.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:46:04", "description": "Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote\nattackers to execute arbitrary code via an argument to the unserialize PHP\nfunction with a large value for the number of array elements, which\ntriggers the overflow in the Zend Engine ecalloc function\n(Zend/zend_alloc.c).", "cvss3": {}, "published": "2006-10-10T00:00:00", "type": "ubuntucve", "title": "CVE-2006-4812", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4812"], "modified": "2006-10-10T00:00:00", "id": "UB:CVE-2006-4812", "href": "https://ubuntu.com/security/CVE-2006-4812", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:17:23", "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nA flaw in the PHP memory handling routines allows an unserialize() call to be executed on non-allocated memory due to a previous integer overflow. \n\n### Impact\n\nAn attacker could execute arbitrary code with the rights of the web server user or the user running a vulnerable PHP script. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll PHP 5.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/php-5.1.6-r6\"\n\nAll PHP 4.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/php-4.4.4-r6\"", "cvss3": {}, "published": "2006-10-30T00:00:00", "type": "gentoo", "title": "PHP: Integer overflow", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4812"], "modified": "2008-03-29T00:00:00", "id": "GLSA-200610-14", "href": "https://security.gentoo.org/glsa/200610-14", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2021-06-08T18:41:05", "description": "The ini_restore() method could be exploited to reset options such as open_basedir when set via the web server config file to their default value set in php.ini (CVE-2006-4625). Additionally php5 on all products as well as php4 on SLES8 were vulnerable to an integer overflow problem in the memory allocation routine. This bug can be exploited to execute arbitrary code with the uid of the web server (CVE-2006-4812). Thanks to Stefan Esser for reporting the problem.\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2006-10-09T16:00:37", "type": "suse", "title": "remote code execution in php4,php5", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2006-4625", "CVE-2006-4812"], "modified": "2006-10-09T16:00:37", "id": "SUSE-SA:2006:059", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-10/msg00008.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2022-03-23T15:55:40", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4812. Reason: This candidate is a reservation duplicate of CVE-2006-4812. Notes: All CVE users should reference CVE-2006-4812 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2006-10-10T12:07:00", "type": "cve", "title": "CVE-2006-4170", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2006-4170", "CVE-2006-4812"], "modified": "2008-09-10T20:27:00", "cpe": [], "id": "CVE-2006-4170", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4170", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "ubuntu": [{"lastseen": "2022-01-04T13:35:54", "description": "The stripos() function did not check for invalidly long or empty \nhaystack strings. In an application that uses this function on \narbitrary untrusted data this could be exploited to crash the PHP \ninterpreter. (CVE-2006-4485)\n\nAn integer overflow was discovered in the PHP memory allocation \nhandling. On 64-bit platforms, the \"memory_limit\" setting was not \nenforced correctly. A remote attacker could exploit this to cause a \nDenial of Service attack through memory exhaustion. (CVE-2006-4486)\n\nMaksymilian Arciemowicz discovered that security relevant \nconfiguration options like open_basedir and safe_mode (which can be \nconfigured in Apache's httpd.conf) could be bypassed and reset to \ntheir default value in php.ini by using the ini_restore() function. \n(CVE-2006-4625)\n\nStefan Esser discovered that the ecalloc() function in the Zend engine \ndid not check for integer overflows. This particularly affected the \nunserialize() function. In applications which unserialize untrusted \nuser-defined data, this could be exploited to execute arbitrary code \nwith the application's privileges. (CVE-2006-4812)\n", "cvss3": {}, "published": "2006-10-11T00:00:00", "type": "ubuntu", "title": "PHP vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4625", "CVE-2006-4485", "CVE-2006-4486", "CVE-2006-4812"], "modified": "2006-10-11T00:00:00", "id": "USN-362-1", "href": "https://ubuntu.com/security/notices/USN-362-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages. ", "cvss3": {}, "published": "2007-02-26T22:09:19", "type": "fedora", "title": "[SECURITY] Fedora Core 5 Update: php-5.1.6-1.4", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4812", "CVE-2006-5465", "CVE-2007-0906", "CVE-2007-0907", "CVE-2007-0908", "CVE-2007-0909", "CVE-2007-0910", "CVE-2007-0988"], "modified": "2007-02-26T22:09:19", "id": "FEDORA:L1QM9JUC009191", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AJOMUC5AVMVK477I533I5TZLW6DG53Z5/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages. ", "cvss3": {}, "published": "2007-04-18T22:42:03", "type": "fedora", "title": "[SECURITY] Fedora Core 5 Update: php-5.1.6-1.5", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4812", "CVE-2006-5465", "CVE-2007-0455", "CVE-2007-0906", "CVE-2007-0907", "CVE-2007-0908", "CVE-2007-0909", "CVE-2007-0910", "CVE-2007-0988", "CVE-2007-1001", "CVE-2007-1285", "CVE-2007-1583", "CVE-2007-1718"], "modified": "2007-04-18T22:42:03", "id": "FEDORA:L3IMG3K5004841", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZVGFWONPAPNHEHWDU44GOCTS4G3FPH2O/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages. ", "cvss3": {}, "published": "2007-05-24T05:24:12", "type": "fedora", "title": "[SECURITY] Fedora Core 5 Update: php-5.1.6-1.6", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4812", "CVE-2006-5465", "CVE-2007-0455", "CVE-2007-0906", "CVE-2007-0907", "CVE-2007-0908", "CVE-2007-0909", "CVE-2007-0910", "CVE-2007-0988", "CVE-2007-1001", "CVE-2007-1285", "CVE-2007-1583", "CVE-2007-1718", "CVE-2007-1864", "CVE-2007-2509", "CVE-2007-2510"], "modified": "2007-05-24T05:24:12", "id": "FEDORA:L4O5OCBW020783", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4REKVL5PRIZR4VRU3QPTUEDPSM54FBXO/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}