{"id": "CVE-2007-2511", "bulletinFamily": "NVD", "title": "CVE-2007-2511", "description": "Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.", "published": "2007-05-09T00:19:00", "modified": "2018-10-30T16:25:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2511", "reporter": "cve@mitre.org", "references": ["http://security.gentoo.org/glsa/glsa-200705-19.xml", "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html", "http://secunia.com/advisories/25445", "http://viewcvs.php.net/viewvc.cgi/php-src/ext/standard/user_filters.c?r1=1.31.2.4.2.5&r2=1.31.2.4.2.6", "http://us2.php.net/releases/5_2_2.php", "http://secunia.com/advisories/25372", "http://osvdb.org/34676", "http://www.mandriva.com/security/advisories?name=MDKSA-2007:102", "http://secunia.com/advisories/25255", "http://secunia.com/advisories/26048", "http://secunia.com/advisories/25191", "http://www.trustix.org/errata/2007/0017/", "http://www.ubuntu.com/usn/usn-462-1"], "cvelist": ["CVE-2007-2511"], "type": "cve", "lastseen": "2020-10-03T11:45:51", "edition": 3, "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:34676"]}, {"type": "nessus", "idList": ["SUSE_PHP5-3745.NASL", "MANDRAKE_MDKSA-2007-102.NASL", "SUSE_PHP5-3753.NASL", "UBUNTU_USN-462-1.NASL", "SUSE_PHP5-3754.NASL", "PHP_4_4_7_OR_5_2_2.NASL", "GENTOO_GLSA-200705-19.NASL"]}, {"type": "ubuntu", "idList": ["USN-462-1"]}, {"type": "openvas", "idList": ["OPENVAS:58297", "OPENVAS:840071", "OPENVAS:830123", "OPENVAS:1361412562310830123"]}, {"type": "suse", "idList": ["SUSE-SA:2007:044"]}, {"type": "gentoo", "idList": ["GLSA-200705-19"]}], "modified": "2020-10-03T11:45:51", "rev": 2}, "score": {"value": 8.3, "vector": "NONE", "modified": "2020-10-03T11:45:51", "rev": 2}, "vulnersScore": 8.3}, "cpe": ["cpe:/a:php:php:4.4.0", "cpe:/a:php:php:4.4.6", "cpe:/a:php:php:4.0.4", "cpe:/a:php:php:5.0", "cpe:/a:php:php:4.4.2", "cpe:/a:php:php:4.3.6", "cpe:/a:php:php:4.4.3", "cpe:/a:php:php:4.3.0", "cpe:/a:php:php:4.0.2", "cpe:/a:php:php:4.0.7", "cpe:/a:php:php:4.3.7", "cpe:/a:php:php:4.3.4", "cpe:/a:php:php:4.3.5", "cpe:/a:php:php:4.2.0", "cpe:/a:php:php:4.3.2", "cpe:/a:php:php:4.3.1", "cpe:/a:php:php:4.3.10", "cpe:/a:php:php:4.2.1", "cpe:/a:php:php:4.0.0", "cpe:/a:php:php:4.3.11", "cpe:/a:php:php:4.1.2", "cpe:/a:php:php:4.4.1", "cpe:/a:php:php:4.1.0", "cpe:/a:php:php:4.0.5", "cpe:/a:php:php:4.3.8", "cpe:/a:php:php:4.4.4", "cpe:/a:php:php:4.3.3", "cpe:/a:php:php:4.3.9", "cpe:/a:php:php:4.0.3", "cpe:/a:php:php:4.2.2", "cpe:/a:php:php:4.0.1", "cpe:/a:php:php:4.4.5", "cpe:/a:php:php:4.2.3", "cpe:/a:php:php:4.1.1", "cpe:/a:php:php:5.0.0", "cpe:/a:php:php:4.0.6"], "affectedSoftware": [{"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.0.3"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.0.3"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.4.6"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.0.2"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "5.0.0"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.0.0"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.2.2"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.3.7"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.1.0"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.2.3"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.0.6"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.2.0"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.3.0"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.0.7"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.0.7"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.0.7"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.0.7"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.0.1"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.0.1"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.0.1"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.3.6"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.3.10"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.3.8"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.3.5"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.3.9"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.3.1"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.0.4"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.0.4"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.4.1"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.1.1"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.2.1"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.3.2"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.0.5"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "5.0"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "5.0"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "5.0"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.1.2"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.4.2"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.4.5"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.4.3"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.4.4"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.4.0"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.3.4"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.3.3"}, {"cpeName": "php:php", "name": "php", "operator": "eq", "version": "4.3.11"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.4:patch1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}

{"osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-2511"], "description": "## Vulnerability Description\nPHP contains a flaw that may allow local attackers to escalate privileges. The issue is due to the user_filter_factory_create() function not properly sanitizing user input. No further details have been provided.\n## Solution Description\nUpgrade to version 5.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nPHP contains a flaw that may allow local attackers to escalate privileges. The issue is due to the user_filter_factory_create() function not properly sanitizing user input. No further details have been provided.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://us2.php.net/releases/5_2_2.php\nVendor Specific News/Changelog Entry: http://viewcvs.php.net/viewvc.cgi/php-src/ext/standard/user_filters.c?r1=1.31.2.4.2.5&r2=1.31.2.4.2.6\n[Secunia Advisory ID:25372](https://secuniaresearch.flexerasoftware.com/advisories/25372/)\n[Secunia Advisory ID:25445](https://secuniaresearch.flexerasoftware.com/advisories/25445/)\n[Secunia Advisory ID:26048](https://secuniaresearch.flexerasoftware.com/advisories/26048/)\n[Secunia Advisory ID:25255](https://secuniaresearch.flexerasoftware.com/advisories/25255/)\nOther Advisory URL: http://www.ubuntu.com/usn/usn-462-1\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200705-19.xml\nOther Advisory URL: http://www.trustix.org/errata/2007/0017/\n[CVE-2007-2511](https://vulners.com/cve/CVE-2007-2511)\n", "edition": 1, "modified": "2007-05-03T22:07:30", "published": "2007-05-03T22:07:30", "href": "https://vulners.com/osvdb/OSVDB:34676", "id": "OSVDB:34676", "title": "PHP user_filter_factory_create() Function Overflow", "type": "osvdb", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:22:26", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2510", "CVE-2007-2509", "CVE-2007-2511", "CVE-2007-2519"], "description": "A flaw was discovered in the FTP command handler in PHP. Commands were \nnot correctly filtered for control characters. An attacker could issue \narbitrary FTP commands using specially crafted arguments. (CVE-2007-2509)\n\nIlia Alshanetsky discovered a buffer overflow in the SOAP request handler \nin PHP. Remote attackers could send a specially crafted SOAP request \nand execute arbitrary code with web server privileges. (CVE-2007-2510)\n\nIlia Alshanetsky discovered a buffer overflow in the user filter factory \nin PHP. A local attacker could create a specially crafted script and \nexecute arbitrary code with web server privileges. (CVE-2007-2511)\n\nGregory Beaver discovered that the PEAR installer did not validate \ninstallation paths. If a user were tricked into installing a malicious \nPEAR package, an attacker could overwrite arbitrary files. (CVE-2007-2519)", "edition": 6, "modified": "2007-05-22T00:00:00", "published": "2007-05-22T00:00:00", "id": "USN-462-1", "href": "https://ubuntu.com/security/notices/USN-462-1", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-04-09T11:40:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2510", "CVE-2007-2509", "CVE-2007-2511", "CVE-2007-1864"], "description": "Check for the Version of php", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830123", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830123", "type": "openvas", "title": "Mandriva Update for php MDKSA-2007:102 (php)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDKSA-2007:102 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A heap buffer overflow flaw was found in the xmlrpc extension for PHP.\n A script that implements an XML-RPC server using this extension could\n allow a remote attacker to execute arbitrary code as the apache user.\n This flaw does not, however, affect PHP applications using the pure-PHP\n XML_RPC class provided via PEAR (CVE-2007-1864).\n\n A flaw was found in the ftp extension for PHP. A script using\n this extension to provide access to a private FTP server and which\n passed untrusted script input directly to any function provided by\n this extension could allow a remote attacker to send arbitrary FTP\n commands to the server (CVE-2007-2509).\n \n A buffer overflow flaw was found in the soap extension for PHP\n in the handling of an HTTP redirect response when using the SOAP\n client provided by the extension with an untrusted SOAP server\n (CVE-2007-2510).\n \n A buffer overflow in the user_filter_factory_create() function has\n unknown impact and local attack vectors (CVE-2007-2511).\n \n Updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"php on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-05/msg00013.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830123\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:102\");\n script_cve_id(\"CVE-2007-1864\", \"CVE-2007-2509\", \"CVE-2007-2510\", \"CVE-2007-2511\");\n script_name( \"Mandriva Update for php MDKSA-2007:102 (php)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.1~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.1~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.1~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.1~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.1~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.1~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.1~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.1~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.1~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.1~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.2.1~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.1~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.1.6~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.1.6~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.1.6~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.1.6~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.1.6~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.1.6~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.1.6~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:30:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2510", "CVE-2007-2509", "CVE-2007-2511", "CVE-2007-2519"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-462-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840071", "href": "http://plugins.openvas.org/nasl.php?oid=840071", "type": "openvas", "title": "Ubuntu Update for php5 vulnerabilities USN-462-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_462_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for php5 vulnerabilities USN-462-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw was discovered in the FTP command handler in PHP. Commands were\n not correctly filtered for control characters. An attacker could issue\n arbitrary FTP commands using specially crafted arguments. (CVE-2007-2509)\n\n Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler\n in PHP. Remote attackers could send a specially crafted SOAP request\n and execute arbitrary code with web server privileges. (CVE-2007-2510)\n \n Ilia Alshanetsky discovered a buffer overflow in the user filter factory\n in PHP. A local attacker could create a specially crafted script and\n execute arbitrary code with web server privileges. (CVE-2007-2511)\n \n Gregory Beaver discovered that the PEAR installer did not validate\n installation paths. If a user were tricked into installing a malicious\n PEAR package, an attacker could overwrite arbitrary files. (CVE-2007-2519)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-462-1\";\ntag_affected = \"php5 vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-462-1/\");\n script_id(840071);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"462-1\");\n script_cve_id(\"CVE-2007-2509\", \"CVE-2007-2510\", \"CVE-2007-2511\", \"CVE-2007-2519\");\n script_name( \"Ubuntu Update for php5 vulnerabilities USN-462-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysqli\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysqli\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2510", "CVE-2007-2509", "CVE-2007-2511", "CVE-2007-1864"], "description": "Check for the Version of php", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830123", "href": "http://plugins.openvas.org/nasl.php?oid=830123", "type": "openvas", "title": "Mandriva Update for php MDKSA-2007:102 (php)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDKSA-2007:102 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A heap buffer overflow flaw was found in the xmlrpc extension for PHP.\n A script that implements an XML-RPC server using this extension could\n allow a remote attacker to execute arbitrary code as the apache user.\n This flaw does not, however, affect PHP applications using the pure-PHP\n XML_RPC class provided via PEAR (CVE-2007-1864).\n\n A flaw was found in the ftp extension for PHP. A script using\n this extension to provide access to a private FTP server and which\n passed untrusted script input directly to any function provided by\n this extension could allow a remote attacker to send arbitrary FTP\n commands to the server (CVE-2007-2509).\n \n A buffer overflow flaw was found in the soap extension for PHP\n in the handling of an HTTP redirect response when using the SOAP\n client provided by the extension with an untrusted SOAP server\n (CVE-2007-2510).\n \n A buffer overflow in the user_filter_factory_create() function has\n unknown impact and local attack vectors (CVE-2007-2511).\n \n Updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"php on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-05/msg00013.php\");\n script_id(830123);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:102\");\n script_cve_id(\"CVE-2007-1864\", \"CVE-2007-2509\", \"CVE-2007-2510\", \"CVE-2007-2511\");\n script_name( \"Mandriva Update for php MDKSA-2007:102 (php)\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.1~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.1~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.1~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.1~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.1~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.1~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.1~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.1~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.1~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.1~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.2.1~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.1~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.1.6~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.1.6~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.1.6~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.1.6~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.1.6~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.1.6~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.1.6~1.8mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1701", "CVE-2007-1717", "CVE-2007-1285", "CVE-2007-1521", "CVE-2007-1001", "CVE-2007-2510", "CVE-2007-2509", "CVE-2007-1718", "CVE-2007-2511", "CVE-2007-1484", "CVE-2007-1286", "CVE-2007-1900", "CVE-2007-1864", "CVE-2007-1583", "CVE-2007-1700", "CVE-2007-1711"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200705-19.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:58297", "href": "http://plugins.openvas.org/nasl.php?oid=58297", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200705-19 (php)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP contains several vulnerabilities including buffer and integer overflows\nwhich could under certain conditions lead to the remote execution of\narbitrary code.\";\ntag_solution = \"All PHP 5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-5.2.2'\n\nAll PHP 4 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-4.4.7'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200705-19\nhttp://bugs.gentoo.org/show_bug.cgi?id=169372\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200705-19.\";\n\n \n\nif(description)\n{\n script_id(58297);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-1001\", \"CVE-2007-1285\", \"CVE-2007-1286\", \"CVE-2007-1484\", \"CVE-2007-1521\", \"CVE-2007-1583\", \"CVE-2007-1700\", \"CVE-2007-1701\", \"CVE-2007-1711\", \"CVE-2007-1717\", \"CVE-2007-1718\", \"CVE-2007-1864\", \"CVE-2007-1900\", \"CVE-2007-2509\", \"CVE-2007-2510\", \"CVE-2007-2511\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200705-19 (php)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-lang/php\", unaffected: make_list(\"rge 4.4.7\", \"ge 5.2.2\"), vulnerable: make_list(\"lt 5.2.2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-07T11:51:43", "description": "A heap buffer overflow flaw was found in the xmlrpc extension for PHP.\nA script that implements an XML-RPC server using this extension could\nallow a remote attacker to execute arbitrary code as the apache user.\nThis flaw does not, however, affect PHP applications using the\npure-PHP XML_RPC class provided via PEAR (CVE-2007-1864).\n\nA flaw was found in the ftp extension for PHP. A script using this\nextension to provide access to a private FTP server and which passed\nuntrusted script input directly to any function provided by this\nextension could allow a remote attacker to send arbitrary FTP commands\nto the server (CVE-2007-2509).\n\nA buffer overflow flaw was found in the soap extension for PHP in the\nhandling of an HTTP redirect response when using the SOAP client\nprovided by the extension with an untrusted SOAP server\n(CVE-2007-2510).\n\nA buffer overflow in the user_filter_factory_create() function has\nunknown impact and local attack vectors (CVE-2007-2511).\n\nUpdated packages have been patched to prevent this issue.", "edition": 25, "published": "2007-05-11T00:00:00", "title": "Mandrake Linux Security Advisory : php (MDKSA-2007:102)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2510", "CVE-2007-2509", "CVE-2007-2511", "CVE-2007-1864"], "modified": "2007-05-11T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:php-fcgi", "p-cpe:/a:mandriva:linux:php-cgi", "cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:php-zlib", "p-cpe:/a:mandriva:linux:php-openssl", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-ftp", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:libphp5_common5", "p-cpe:/a:mandriva:linux:php-devel"], "id": "MANDRAKE_MDKSA-2007-102.NASL", "href": "https://www.tenable.com/plugins/nessus/25212", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:102. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25212);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-1864\", \"CVE-2007-2509\", \"CVE-2007-2510\", \"CVE-2007-2511\");\n script_bugtraq_id(23813, 23818);\n script_xref(name:\"MDKSA\", value:\"2007:102\");\n\n script_name(english:\"Mandrake Linux Security Advisory : php (MDKSA-2007:102)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap buffer overflow flaw was found in the xmlrpc extension for PHP.\nA script that implements an XML-RPC server using this extension could\nallow a remote attacker to execute arbitrary code as the apache user.\nThis flaw does not, however, affect PHP applications using the\npure-PHP XML_RPC class provided via PEAR (CVE-2007-1864).\n\nA flaw was found in the ftp extension for PHP. A script using this\nextension to provide access to a private FTP server and which passed\nuntrusted script input directly to any function provided by this\nextension could allow a remote attacker to send arbitrary FTP commands\nto the server (CVE-2007-2509).\n\nA buffer overflow flaw was found in the soap extension for PHP in the\nhandling of an HTTP redirect response when using the SOAP client\nprovided by the extension with an untrusted SOAP server\n(CVE-2007-2510).\n\nA buffer overflow in the user_filter_factory_create() function has\nunknown impact and local attack vectors (CVE-2007-2511).\n\nUpdated packages have been patched to prevent this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.1.6-1.8mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libphp5_common5-5.1.6-1.8mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-cgi-5.1.6-1.8mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-cli-5.1.6-1.8mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-devel-5.1.6-1.8mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-fcgi-5.1.6-1.8mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-ftp-5.1.6-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-soap-5.1.6-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-xmlrpc-5.1.6-1.1mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.2.1-4.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libphp5_common5-5.2.1-4.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-cgi-5.2.1-4.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-cli-5.2.1-4.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-devel-5.2.1-4.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-fcgi-5.2.1-4.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-ftp-5.2.1-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-openssl-5.2.1-4.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-soap-5.2.1-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-xmlrpc-5.2.1-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-zlib-5.2.1-4.2mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:56:24", "description": "A flaw was discovered in the FTP command handler in PHP. Commands were\nnot correctly filtered for control characters. An attacker could issue\narbitrary FTP commands using specially crafted arguments.\n(CVE-2007-2509)\n\nIlia Alshanetsky discovered a buffer overflow in the SOAP request\nhandler in PHP. Remote attackers could send a specially crafted SOAP\nrequest and execute arbitrary code with web server privileges.\n(CVE-2007-2510)\n\nIlia Alshanetsky discovered a buffer overflow in the user filter\nfactory in PHP. A local attacker could create a specially crafted\nscript and execute arbitrary code with web server privileges.\n(CVE-2007-2511)\n\nGregory Beaver discovered that the PEAR installer did not validate\ninstallation paths. If a user were tricked into installing a malicious\nPEAR package, an attacker could overwrite arbitrary files.\n(CVE-2007-2519).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2007-11-10T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 : php5 vulnerabilities (USN-462-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2510", "CVE-2007-2509", "CVE-2007-2511", "CVE-2007-2519"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:php5-mhash", "p-cpe:/a:canonical:ubuntu_linux:php5-curl", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:php5-pspell", "p-cpe:/a:canonical:ubuntu_linux:php5-mysql", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-odbc", "p-cpe:/a:canonical:ubuntu_linux:php5-sqlite", "p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc", "p-cpe:/a:canonical:ubuntu_linux:php5-gd", "p-cpe:/a:canonical:ubuntu_linux:php5-xsl", "p-cpe:/a:canonical:ubuntu_linux:php5-sybase", "p-cpe:/a:canonical:ubuntu_linux:php5-dev", "p-cpe:/a:canonical:ubuntu_linux:php5-common", "p-cpe:/a:canonical:ubuntu_linux:php5-pgsql", "p-cpe:/a:canonical:ubuntu_linux:php5-mysqli", "p-cpe:/a:canonical:ubuntu_linux:php5-ldap", "p-cpe:/a:canonical:ubuntu_linux:php5-tidy", "p-cpe:/a:canonical:ubuntu_linux:php5-recode", "p-cpe:/a:canonical:ubuntu_linux:php5", "p-cpe:/a:canonical:ubuntu_linux:php5-snmp", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "p-cpe:/a:canonical:ubuntu_linux:php-pear"], "id": "UBUNTU_USN-462-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28062", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-462-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(28062);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:33:01\");\n\n script_cve_id(\"CVE-2007-2509\", \"CVE-2007-2510\", \"CVE-2007-2511\", \"CVE-2007-2519\");\n script_bugtraq_id(23813, 23818, 24034);\n script_xref(name:\"USN\", value:\"462-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 : php5 vulnerabilities (USN-462-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the FTP command handler in PHP. Commands were\nnot correctly filtered for control characters. An attacker could issue\narbitrary FTP commands using specially crafted arguments.\n(CVE-2007-2509)\n\nIlia Alshanetsky discovered a buffer overflow in the SOAP request\nhandler in PHP. Remote attackers could send a specially crafted SOAP\nrequest and execute arbitrary code with web server privileges.\n(CVE-2007-2510)\n\nIlia Alshanetsky discovered a buffer overflow in the user filter\nfactory in PHP. A local attacker could create a specially crafted\nscript and execute arbitrary code with web server privileges.\n(CVE-2007-2511)\n\nGregory Beaver discovered that the PEAR installer did not validate\ninstallation paths. If a user were tricked into installing a malicious\nPEAR package, an attacker could overwrite arbitrary files.\n(CVE-2007-2519).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/462-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php-pear\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cgi\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cli\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-common\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-curl\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-dev\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-gd\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-ldap\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mhash\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysql\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysqli\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-odbc\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-pgsql\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-recode\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-snmp\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sqlite\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sybase\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xmlrpc\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xsl\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php-pear\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-cgi\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-cli\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-common\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-curl\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-dev\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-gd\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-ldap\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-mhash\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-mysql\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-mysqli\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-odbc\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-pgsql\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-recode\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-snmp\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-sqlite\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-sybase\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-xmlrpc\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-xsl\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php-pear\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-cgi\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-cli\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-common\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-curl\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-dev\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-gd\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-ldap\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-mhash\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-mysql\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-odbc\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-pgsql\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-pspell\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-recode\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-snmp\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-sqlite\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-sybase\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-tidy\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-xmlrpc\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-xsl\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / php-pear / php5 / php5-cgi / php5-cli / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:46:54", "description": "The following issues have been fixed in PHP, which were spotted by the\nMOPB project or fixed in PHP 5.2.3 release :\n\n - missing open_basedir and safe_mode restriction\n (CVE-2007-3007)\n\n - chunk_split() integer overflow (CVE-2007-2872)\n\n - DoS condition in libgd's image processing\n (CVE-2007-2756)\n\n - possible super-global overwrite inside\n import_request_variables() (CVE-2007-1396)\n\n - buffer overflow inside user_filter_factory_create()\n (CVE-2007-2511)\n\n - remotely trigger-able buffer overflow inside bundled\n libxmlrpc (CVE-2007-1864)\n\n - CRLF injection inside ftp_putcmd() (CVE-2007-2509)\n\n - remotely trigger-able buffer overflow inside\n make_http_soap_request() (CVE-2007-2510)\n\n - MOPB-41-2007:PHP 5 sqlite_udf_decode_binary() Buffer\n Overflow Vulnerability (CVE-2007-0906)\n\n - MOPB-03-2007: deep recursion DoS (CVE-2007-1285)", "edition": 26, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : php5 (php5-3753)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2872", "CVE-2007-1396", "CVE-2007-1285", "CVE-2007-2756", "CVE-2007-2510", "CVE-2007-3007", "CVE-2007-2509", "CVE-2007-2511", "CVE-2007-1864", "CVE-2007-0906"], "modified": "2007-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-mysqli", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-mhash", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-dbase", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-ncurses", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-snmp", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-filepro", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-ldap"], "id": "SUSE_PHP5-3753.NASL", "href": "https://www.tenable.com/plugins/nessus/27392", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update php5-3753.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27392);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-1285\", \"CVE-2007-1396\", \"CVE-2007-1864\", \"CVE-2007-2509\", \"CVE-2007-2510\", \"CVE-2007-2511\", \"CVE-2007-2756\", \"CVE-2007-2872\", \"CVE-2007-3007\");\n\n script_name(english:\"openSUSE 10 Security Update : php5 (php5-3753)\");\n script_summary(english:\"Check for the php5-3753 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following issues have been fixed in PHP, which were spotted by the\nMOPB project or fixed in PHP 5.2.3 release :\n\n - missing open_basedir and safe_mode restriction\n (CVE-2007-3007)\n\n - chunk_split() integer overflow (CVE-2007-2872)\n\n - DoS condition in libgd's image processing\n (CVE-2007-2756)\n\n - possible super-global overwrite inside\n import_request_variables() (CVE-2007-1396)\n\n - buffer overflow inside user_filter_factory_create()\n (CVE-2007-2511)\n\n - remotely trigger-able buffer overflow inside bundled\n libxmlrpc (CVE-2007-1864)\n\n - CRLF injection inside ftp_putcmd() (CVE-2007-2509)\n\n - remotely trigger-able buffer overflow inside\n make_http_soap_request() (CVE-2007-2510)\n\n - MOPB-41-2007:PHP 5 sqlite_udf_decode_binary() Buffer\n Overflow Vulnerability (CVE-2007-0906)\n\n - MOPB-03-2007: deep recursion DoS (CVE-2007-1285)\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20, 119, 189, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-filepro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"apache2-mod_php5-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-bcmath-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-bz2-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-calendar-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-ctype-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-curl-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-dba-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-dbase-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-devel-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-dom-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-exif-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-fastcgi-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-filepro-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-ftp-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-gd-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-gettext-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-gmp-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-iconv-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-imap-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-ldap-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-mbstring-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-mcrypt-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-mhash-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-mysql-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-mysqli-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-ncurses-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-odbc-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-openssl-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-pcntl-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-pdo-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-pear-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-pgsql-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-posix-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-pspell-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-shmop-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-snmp-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-soap-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-sockets-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-sqlite-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-sysvmsg-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-sysvsem-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-sysvshm-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-tidy-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-tokenizer-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-wddx-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-xmlreader-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-xmlrpc-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-xsl-5.1.2-29.40\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-zlib-5.1.2-29.40\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:46:54", "description": "The following issues have been fixed :\n\n - missing open_basedir and safe_mode restriction.\n (CVE-2007-3007)\n\n - chunk_split() integer overflow. (CVE-2007-2872)\n\n - DoS condition in libgd's image processing.\n (CVE-2007-2756)\n\n - possible super-global overwrite inside\n import_request_variables(). (CVE-2007-1396)\n\n - buffer overflow inside user_filter_factory_create().\n (CVE-2007-2511)\n\n - remotely trigger-able buffer overflow inside bundled\n libxmlrpc. (CVE-2007-1864)\n\n - CRLF injection inside ftp_putcmd(). (CVE-2007-2509)\n\n - remotely trigger-able buffer overflow inside\n make_http_soap_request(). (CVE-2007-2510)\n\n - MOPB-41-2007:PHP 5 sqlite_udf_decode_binary() Buffer\n Overflow Vulnerability. (CVE-2007-0906)\n\n - MOPB-03-2007: deep recursion DoS (CVE-2007-1285)", "edition": 25, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3754)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2872", "CVE-2007-1396", "CVE-2007-1285", "CVE-2007-2756", "CVE-2007-2510", "CVE-2007-3007", "CVE-2007-2509", "CVE-2007-2511", "CVE-2007-1864", "CVE-2007-0906"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_PHP5-3754.NASL", "href": "https://www.tenable.com/plugins/nessus/29552", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29552);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-1285\", \"CVE-2007-1396\", \"CVE-2007-1864\", \"CVE-2007-2509\", \"CVE-2007-2510\", \"CVE-2007-2511\", \"CVE-2007-2756\", \"CVE-2007-2872\", \"CVE-2007-3007\");\n\n script_name(english:\"SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3754)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following issues have been fixed :\n\n - missing open_basedir and safe_mode restriction.\n (CVE-2007-3007)\n\n - chunk_split() integer overflow. (CVE-2007-2872)\n\n - DoS condition in libgd's image processing.\n (CVE-2007-2756)\n\n - possible super-global overwrite inside\n import_request_variables(). (CVE-2007-1396)\n\n - buffer overflow inside user_filter_factory_create().\n (CVE-2007-2511)\n\n - remotely trigger-able buffer overflow inside bundled\n libxmlrpc. (CVE-2007-1864)\n\n - CRLF injection inside ftp_putcmd(). (CVE-2007-2509)\n\n - remotely trigger-able buffer overflow inside\n make_http_soap_request(). (CVE-2007-2510)\n\n - MOPB-41-2007:PHP 5 sqlite_udf_decode_binary() Buffer\n Overflow Vulnerability. (CVE-2007-0906)\n\n - MOPB-03-2007: deep recursion DoS (CVE-2007-1285)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-0906.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1396.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1864.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2509.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2510.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2511.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2756.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2872.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3007.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 3754.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20, 119, 189, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"apache2-mod_php5-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-bcmath-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-bz2-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-calendar-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-ctype-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-curl-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-dba-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-dbase-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-devel-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-dom-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-exif-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-fastcgi-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-filepro-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-ftp-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-gd-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-gettext-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-gmp-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-iconv-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-imap-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-ldap-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-mbstring-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-mcrypt-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-mhash-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-mysql-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-mysqli-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-ncurses-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-odbc-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-openssl-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-pcntl-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-pdo-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-pear-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-pgsql-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-posix-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-pspell-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-shmop-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-snmp-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-soap-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-sockets-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-sqlite-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-suhosin-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-sysvmsg-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-sysvsem-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-sysvshm-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-tokenizer-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-wddx-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-xmlreader-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-xmlrpc-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-xsl-5.1.2-29.40\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-zlib-5.1.2-29.40\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:46:54", "description": "The following issues have been fixed in PHP, which were spotted by the\nMOPB project or fixed in PHP 5.2.3 release :\n\n - missing open_basedir and safe_mode restriction\n (CVE-2007-3007)\n\n - chunk_split() integer overflow (CVE-2007-2872)\n\n - DoS condition in libgd's image processing\n (CVE-2007-2756)\n\n - possible super-global overwrite inside\n import_request_variables() (CVE-2007-1396)\n\n - buffer overflow inside user_filter_factory_create()\n (CVE-2007-2511)\n\n - remotely trigger-able buffer overflow inside bundled\n libxmlrpc (CVE-2007-1864)\n\n - CRLF injection inside ftp_putcmd() (CVE-2007-2509)\n\n - remotely trigger-able buffer overflow inside\n make_http_soap_request() (CVE-2007-2510)\n\n - MOPB-41-2007:PHP 5 sqlite_udf_decode_binary() Buffer\n Overflow Vulnerability (CVE-2007-0906)\n\n - MOPB-03-2007: deep recursion DoS (CVE-2007-1285)", "edition": 26, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : php5 (php5-3745)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2872", "CVE-2007-1396", "CVE-2007-1285", "CVE-2007-2756", "CVE-2007-2510", "CVE-2007-3007", "CVE-2007-2509", "CVE-2007-2511", "CVE-2007-1864", "CVE-2007-0906"], "modified": "2007-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-mcrypt", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-mhash", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-dbase", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-ncurses", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-ldap"], "id": "SUSE_PHP5-3745.NASL", "href": "https://www.tenable.com/plugins/nessus/27391", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update php5-3745.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27391);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-1285\", \"CVE-2007-1396\", \"CVE-2007-1864\", \"CVE-2007-2509\", \"CVE-2007-2510\", \"CVE-2007-2511\", \"CVE-2007-2756\", \"CVE-2007-2872\", \"CVE-2007-3007\");\n\n script_name(english:\"openSUSE 10 Security Update : php5 (php5-3745)\");\n script_summary(english:\"Check for the php5-3745 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following issues have been fixed in PHP, which were spotted by the\nMOPB project or fixed in PHP 5.2.3 release :\n\n - missing open_basedir and safe_mode restriction\n (CVE-2007-3007)\n\n - chunk_split() integer overflow (CVE-2007-2872)\n\n - DoS condition in libgd's image processing\n (CVE-2007-2756)\n\n - possible super-global overwrite inside\n import_request_variables() (CVE-2007-1396)\n\n - buffer overflow inside user_filter_factory_create()\n (CVE-2007-2511)\n\n - remotely trigger-able buffer overflow inside bundled\n libxmlrpc (CVE-2007-1864)\n\n - CRLF injection inside ftp_putcmd() (CVE-2007-2509)\n\n - remotely trigger-able buffer overflow inside\n make_http_soap_request() (CVE-2007-2510)\n\n - MOPB-41-2007:PHP 5 sqlite_udf_decode_binary() Buffer\n Overflow Vulnerability (CVE-2007-0906)\n\n - MOPB-03-2007: deep recursion DoS (CVE-2007-1285)\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20, 119, 189, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"apache2-mod_php5-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-bcmath-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-bz2-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-calendar-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-ctype-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-curl-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-dba-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-dbase-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-devel-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-dom-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-exif-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-fastcgi-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-ftp-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-gd-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-gettext-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-gmp-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-iconv-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-imap-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-ldap-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-mbstring-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-mcrypt-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-mhash-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-mysql-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-ncurses-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-odbc-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-openssl-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-pcntl-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-pdo-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-pear-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-pgsql-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-posix-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-pspell-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-shmop-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-snmp-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-soap-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-sockets-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-sqlite-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-sysvmsg-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-sysvsem-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-sysvshm-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-tidy-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-tokenizer-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-wddx-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-xmlreader-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-xmlrpc-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-xsl-5.2.0-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"php5-zlib-5.2.0-16\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:13", "description": "The remote host is affected by the vulnerability described in GLSA-200705-19\n(PHP: Multiple vulnerabilities)\n\n Several vulnerabilities were found in PHP, most of them during the\n Month Of PHP Bugs (MOPB) by Stefan Esser. The most severe of these\n vulnerabilities are integer overflows in wbmp.c from the GD library\n (CVE-2007-1001) and in the substr_compare() PHP 5 function\n (CVE-2007-1375). Ilia Alshanetsky also reported a buffer overflow in\n the make_http_soap_request() and in the user_filter_factory_create()\n functions (CVE-2007-2510, CVE-2007-2511), and Stanislav Malyshev\n discovered another buffer overflow in the bundled XMLRPC library\n (CVE-2007-1864). Additionally, the session_regenerate_id() and the\n array_user_key_compare() functions contain a double-free vulnerability\n (CVE-2007-1484, CVE-2007-1521). Finally, there exist implementation\n errors in the Zend engine, in the mb_parse_str(), the unserialize() and\n the mail() functions and other elements.\n \nImpact :\n\n Remote attackers might be able to exploit these issues in PHP\n applications making use of the affected functions, potentially\n resulting in the execution of arbitrary code, Denial of Service,\n execution of scripted contents in the context of the affected site,\n security bypass or information leak.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2007-05-29T00:00:00", "title": "GLSA-200705-19 : PHP: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1701", "CVE-2007-1717", "CVE-2007-1285", "CVE-2007-1375", "CVE-2007-1521", "CVE-2007-1001", "CVE-2007-2510", "CVE-2007-2509", "CVE-2007-1718", "CVE-2007-2511", "CVE-2007-1484", "CVE-2007-1286", "CVE-2007-1900", "CVE-2007-1864", "CVE-2007-1583", "CVE-2007-1700", "CVE-2007-1711"], "modified": "2007-05-29T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:php"], "id": "GENTOO_GLSA-200705-19.NASL", "href": "https://www.tenable.com/plugins/nessus/25340", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200705-19.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25340);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-1001\", \"CVE-2007-1285\", \"CVE-2007-1286\", \"CVE-2007-1484\", \"CVE-2007-1521\", \"CVE-2007-1583\", \"CVE-2007-1700\", \"CVE-2007-1701\", \"CVE-2007-1711\", \"CVE-2007-1717\", \"CVE-2007-1718\", \"CVE-2007-1864\", \"CVE-2007-1900\", \"CVE-2007-2509\", \"CVE-2007-2510\", \"CVE-2007-2511\");\n script_xref(name:\"GLSA\", value:\"200705-19\");\n\n script_name(english:\"GLSA-200705-19 : PHP: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200705-19\n(PHP: Multiple vulnerabilities)\n\n Several vulnerabilities were found in PHP, most of them during the\n Month Of PHP Bugs (MOPB) by Stefan Esser. The most severe of these\n vulnerabilities are integer overflows in wbmp.c from the GD library\n (CVE-2007-1001) and in the substr_compare() PHP 5 function\n (CVE-2007-1375). Ilia Alshanetsky also reported a buffer overflow in\n the make_http_soap_request() and in the user_filter_factory_create()\n functions (CVE-2007-2510, CVE-2007-2511), and Stanislav Malyshev\n discovered another buffer overflow in the bundled XMLRPC library\n (CVE-2007-1864). Additionally, the session_regenerate_id() and the\n array_user_key_compare() functions contain a double-free vulnerability\n (CVE-2007-1484, CVE-2007-1521). Finally, there exist implementation\n errors in the Zend engine, in the mb_parse_str(), the unserialize() and\n the mail() functions and other elements.\n \nImpact :\n\n Remote attackers might be able to exploit these issues in PHP\n applications making use of the affected functions, potentially\n resulting in the execution of arbitrary code, Denial of Service,\n execution of scripted contents in the context of the affected site,\n security bypass or information leak.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200705-19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All PHP 5 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-5.2.2'\n All PHP 4 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-4.4.7'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/php\", unaffected:make_list(\"rge 4.4.7\", \"rge 4.4.8_pre20070816\", \"ge 5.2.2\"), vulnerable:make_list(\"lt 5.2.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PHP\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:C/A:N"}}, {"lastseen": "2021-01-01T04:54:21", "description": "According to its banner, the version of PHP installed on the remote\nhost is older than 4.4.7 / 5.2.2. Such versions may be affected by\nseveral issues, including buffer overflows in the GD library.", "edition": 24, "published": "2007-05-04T00:00:00", "title": "PHP < 4.4.7 / 5.2.2 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1399", "CVE-2007-1717", "CVE-2007-4670", "CVE-2007-1709", "CVE-2007-1396", "CVE-2007-2748", "CVE-2007-1285", "CVE-2007-2727", "CVE-2007-1375", "CVE-2007-1521", "CVE-2007-1582", "CVE-2007-0911", "CVE-2007-1001", "CVE-2007-2510", "CVE-2007-2509", "CVE-2007-3998", "CVE-2007-1718", "CVE-2007-2511", "CVE-2007-0455", "CVE-2007-1484", "CVE-2007-1522", "CVE-2007-1883", "CVE-2007-1710", "CVE-2007-1864", "CVE-2007-1583", "CVE-2007-1460", "CVE-2007-1461"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_4_4_7_OR_5_2_2.NASL", "href": "https://www.tenable.com/plugins/nessus/25159", "sourceData": "#\n# Copyright (C) Westpoint Limited\n#\n# Based on scripts written by Tenable Network Security.\n#\n# Changes made by Tenable:\n# -Add audit.inc include and adjust get_kb_item code to obtain\n# PHP version and source after updates to php_version.nasl (9/5/2013)\n#\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(25159);\n script_version(\"1.37\");\n script_cvs_date(\"Date: 2018/07/24 18:56:10\");\n\n script_cve_id(\n \"CVE-2007-0455\",\n \"CVE-2007-0911\",\n \"CVE-2007-1001\",\n \"CVE-2007-1521\",\n \"CVE-2007-1285\",\n \"CVE-2007-1375\",\n \"CVE-2007-1396\",\n \"CVE-2007-1399\",\n \"CVE-2007-1460\",\n \"CVE-2007-1461\",\n \"CVE-2007-1484\",\n \"CVE-2007-1522\",\n \"CVE-2007-1582\",\n \"CVE-2007-1583\",\n \"CVE-2007-1709\",\n \"CVE-2007-1710\",\n \"CVE-2007-1717\",\n \"CVE-2007-1718\",\n \"CVE-2007-1864\",\n \"CVE-2007-1883\",\n \"CVE-2007-2509\",\n \"CVE-2007-2510\",\n \"CVE-2007-2511\",\n \"CVE-2007-2727\",\n \"CVE-2007-2748\",\n \"CVE-2007-3998\",\n \"CVE-2007-4670\"\n );\n script_bugtraq_id(\n 22289,\n 22764,\n 22990,\n 23357,\n 23813,\n 23818,\n 23984,\n 24012\n );\n\n script_name(english:\"PHP < 4.4.7 / 5.2.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of PHP\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple flaws.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP installed on the remote\nhost is older than 4.4.7 / 5.2.2. Such versions may be affected by\nseveral issues, including buffer overflows in the GD library.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/releases/4_4_7.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/releases/5_2_2.php\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP 4.4.7 / 5.2.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/04\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Westpoint Limited.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\", \"Settings/ParanoidReport\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\n\n# Banner checks of PHP are prone to false-positives so we only run the\n# check if the reporting is paranoid.\nif (report_paranoia <= 1) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80, php:TRUE);\n\nversion = get_kb_item_or_exit('www/php/'+port+'/version');\nmatch = eregmatch(string:version, pattern:'(.+) under (.+)$');\nif (!isnull(match))\n{\n version = match[1];\n source = match[2];\n}\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ \"^3\\.|4\\.[0-3]\\.\" ||\n version =~ \"^4\\.4\\.[0-6]($|[^0-9])\" ||\n version =~ \"^5\\.[01]\\.\" ||\n version =~ \"^5\\.2\\.[01]($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 4.4.7 / 5.2.2\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:22:53", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2872", "CVE-2007-1396", "CVE-2007-1285", "CVE-2007-2756", "CVE-2007-2510", "CVE-2007-3007", "CVE-2007-2509", "CVE-2007-2511", "CVE-2007-1864", "CVE-2007-0906"], "description": "The scripting language implementations PHP4 and PHP5 have been updated to fix several security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2007-07-12T16:26:43", "published": "2007-07-12T16:26:43", "id": "SUSE-SA:2007:044", "href": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html", "type": "suse", "title": "remote denial of service in php4,php5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:22", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1701", "CVE-2007-1717", "CVE-2007-1285", "CVE-2007-1375", "CVE-2007-1521", "CVE-2007-1001", "CVE-2007-2510", "CVE-2007-2509", "CVE-2007-1718", "CVE-2007-2511", "CVE-2007-1484", "CVE-2007-1286", "CVE-2007-1900", "CVE-2007-1864", "CVE-2007-1583", "CVE-2007-1700", "CVE-2007-1711"], "edition": 1, "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nSeveral vulnerabilities were found in PHP, most of them during the Month Of PHP Bugs (MOPB) by Stefan Esser. The most severe of these vulnerabilities are integer overflows in wbmp.c from the GD library (CVE-2007-1001) and in the substr_compare() PHP 5 function (CVE-2007-1375). Ilia Alshanetsky also reported a buffer overflow in the make_http_soap_request() and in the user_filter_factory_create() functions (CVE-2007-2510, CVE-2007-2511), and Stanislav Malyshev discovered another buffer overflow in the bundled XMLRPC library (CVE-2007-1864). Additionally, the session_regenerate_id() and the array_user_key_compare() functions contain a double-free vulnerability (CVE-2007-1484, CVE-2007-1521). Finally, there exist implementation errors in the Zend engine, in the mb_parse_str(), the unserialize() and the mail() functions and other elements. \n\n### Impact\n\nRemote attackers might be able to exploit these issues in PHP applications making use of the affected functions, potentially resulting in the execution of arbitrary code, Denial of Service, execution of scripted contents in the context of the affected site, security bypass or information leak. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll PHP 5 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/php-5.2.2\"\n\nAll PHP 4 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/php-4.4.7\"", "modified": "2008-03-29T00:00:00", "published": "2007-05-26T00:00:00", "id": "GLSA-200705-19", "href": "https://security.gentoo.org/glsa/200705-19", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}]}