ID CVE-2008-0599 Type cve Reporter NVD Modified 2018-10-15T18:01:59
Description
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
{"openvas": [{"lastseen": "2017-07-24T12:51:04", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-128-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=61457", "id": "OPENVAS:61457", "title": "Slackware Advisory SSA:2008-128-01 php", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_128_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New php packages are available for Slackware 10.2, 11.0, 12.0, 12.1,\nand -current to fix security issues.\n\nNote that PHP5 is not the default PHP for Slackware 10.2 or 11.0 (those use\nPHP4), so if your PHP code is not ready for PHP5, don't upgrade until it is\nor you'll (by definition) run into problems.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2008-128-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-128-01\";\n \nif(description)\n{\n script_id(61457);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2008-0599\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2008-128-01 php \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.2.6-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.2.6-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.2.6-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.2.6-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:53", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-devel\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-iconv\n php5-imap\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mhash\n php5-mysql\n php5-ncurses\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-posix\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-sockets\n php5-sqlite\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xsl\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65922", "id": "OPENVAS:65922", "title": "SLES10: Security update for PHP5", "type": "openvas", "sourceData": "#\n#VID slesp2-apache2-mod_php5-5345\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for PHP5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-devel\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-iconv\n php5-imap\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mhash\n php5-mysql\n php5-ncurses\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-posix\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-sockets\n php5-sqlite\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xsl\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65922);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-0599\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for PHP5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mhash\", rpm:\"php5-mhash~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:02:00", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-128-01.", "modified": "2018-04-06T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231061457", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231061457", "title": "Slackware Advisory SSA:2008-128-01 php", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_128_01.nasl 9352 2018-04-06 07:13:02Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New php packages are available for Slackware 10.2, 11.0, 12.0, 12.1,\nand -current to fix security issues.\n\nNote that PHP5 is not the default PHP for Slackware 10.2 or 11.0 (those use\nPHP4), so if your PHP code is not ready for PHP5, don't upgrade until it is\nor you'll (by definition) run into problems.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2008-128-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-128-01\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.61457\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_cve_id(\"CVE-2008-0599\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 9352 $\");\n name = \"Slackware Advisory SSA:2008-128-01 php \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.2.6-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.2.6-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.2.6-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.2.6-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:34", "bulletinFamily": "scanner", "description": "Check for the Version of Apache with PHP", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835180", "id": "OPENVAS:1361412562310835180", "type": "openvas", "title": "HP-UX Update for Apache with PHP HPSBUX02342", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache with PHP HPSBUX02342\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote execution of arbitrary code.\";\ntag_affected = \"Apache with PHP on\n HP-UX B.11.11, B.11.23, B.11.31 running Apache with PHP v5.2.5 or earlier.\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX running \n Apache with PHP. This vulnerability could be exploited remotely to execute \n arbitrary code.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01476437-3\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835180\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02342\");\n script_cve_id(\"CVE-2008-0599\");\n script_name( \"HP-UX Update for Apache with PHP HPSBUX02342\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Apache with PHP\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:18", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-devel\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-iconv\n php5-imap\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mhash\n php5-mysql\n php5-ncurses\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-posix\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-sockets\n php5-sqlite\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xsl\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065922", "id": "OPENVAS:136141256231065922", "type": "openvas", "title": "SLES10: Security update for PHP5", "sourceData": "#\n#VID slesp2-apache2-mod_php5-5345\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for PHP5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-devel\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-iconv\n php5-imap\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mhash\n php5-mysql\n php5-ncurses\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-posix\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-sockets\n php5-sqlite\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xsl\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65922\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-0599\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for PHP5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mhash\", rpm:\"php5-mhash~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.5~9.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:03", "bulletinFamily": "scanner", "description": "Check for the Version of Apache with PHP", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=835180", "id": "OPENVAS:835180", "title": "HP-UX Update for Apache with PHP HPSBUX02342", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache with PHP HPSBUX02342\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote execution of arbitrary code.\";\ntag_affected = \"Apache with PHP on\n HP-UX B.11.11, B.11.23, B.11.31 running Apache with PHP v5.2.5 or earlier.\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX running \n Apache with PHP. This vulnerability could be exploited remotely to execute \n arbitrary code.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01476437-3\");\n script_id(835180);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02342\");\n script_cve_id(\"CVE-2008-0599\");\n script_name( \"HP-UX Update for Apache with PHP HPSBUX02342\");\n\n script_summary(\"Check for the Version of Apache with PHP\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.04.2\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:09", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830469", "id": "OPENVAS:830469", "title": "Mandriva Update for php MDVSA-2008:128 (php)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDVSA-2008:128 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities have been found and corrected in PHP:\n\n php-cgi in PHP prior to 5.2.6 does not properly calculate the length\n of PATH_TRANSLATED, which has unknown impact and attack vectors\n (CVE-2008-0599).\n \n The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown\n impact and context-dependent attack vectors related to incomplete\n multibyte characters (CVE-2008-2051).\n \n Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5\n were discovered that could produce a zero seed in rare circumstances on\n 32bit systems and generations a portion of zero bits during conversion\n due to insufficient precision on 64bit systems (CVE-2008-2107,\n CVE-2008-2108).\n \n The IMAP module in PHP uses obsolete API calls that allow\n context-dependent attackers to cause a denial of service (crash)\n via a long IMAP request (CVE-2008-2829).\n \n In addition, the updated packages provide a number of bug fixes.\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"php on Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-07/msg00007.php\");\n script_id(830469);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:128\");\n script_cve_id(\"CVE-2008-0599\", \"CVE-2008-2051\", \"CVE-2008-2107\", \"CVE-2008-2108\", \"CVE-2008-2829\");\n script_name( \"Mandriva Update for php MDVSA-2008:128 (php)\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dbase\", rpm:\"php-dbase~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mhash\", rpm:\"php-mhash~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mime_magic\", rpm:\"php-mime_magic~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ming\", rpm:\"php-ming~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:52", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830469", "id": "OPENVAS:1361412562310830469", "title": "Mandriva Update for php MDVSA-2008:128 (php)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDVSA-2008:128 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities have been found and corrected in PHP:\n\n php-cgi in PHP prior to 5.2.6 does not properly calculate the length\n of PATH_TRANSLATED, which has unknown impact and attack vectors\n (CVE-2008-0599).\n \n The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown\n impact and context-dependent attack vectors related to incomplete\n multibyte characters (CVE-2008-2051).\n \n Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5\n were discovered that could produce a zero seed in rare circumstances on\n 32bit systems and generations a portion of zero bits during conversion\n due to insufficient precision on 64bit systems (CVE-2008-2107,\n CVE-2008-2108).\n \n The IMAP module in PHP uses obsolete API calls that allow\n context-dependent attackers to cause a denial of service (crash)\n via a long IMAP request (CVE-2008-2829).\n \n In addition, the updated packages provide a number of bug fixes.\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"php on Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-07/msg00007.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830469\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:128\");\n script_cve_id(\"CVE-2008-0599\", \"CVE-2008-2051\", \"CVE-2008-2107\", \"CVE-2008-2108\", \"CVE-2008-2829\");\n script_name( \"Mandriva Update for php MDVSA-2008:128 (php)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dbase\", rpm:\"php-dbase~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mhash\", rpm:\"php-mhash~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mime_magic\", rpm:\"php-mime_magic~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ming\", rpm:\"php-ming~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.5~14.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:43", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860705", "id": "OPENVAS:860705", "title": "Fedora Update for php FEDORA-2008-3606", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2008-3606\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\n easy for developers to write dynamically generated webpages. PHP also\n offers built-in database integration for several commercial and\n non-commercial database management systems, so writing a\n database-enabled webpage with PHP is fairly simple. The most common\n use of PHP coding is probably as a replacement for CGI scripts.\n\n The php package contains the module which adds support for the PHP\n language to Apache HTTP Server.\";\n\ntag_affected = \"php on Fedora 9\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01021.html\");\n script_id(860705);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-3606\");\n script_cve_id(\"CVE-2008-2051\", \"CVE-2007-5899\", \"CVE-2008-2107\", \"CVE-2008-2108\", \"CVE-2008-0599\");\n script_name( \"Fedora Update for php FEDORA-2008-3606\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.2.6~2.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:06:19", "bulletinFamily": "scanner", "description": "The host is installed with PHP, that is prone to multiple\n vulnerabilities.", "modified": "2018-07-09T00:00:00", "published": "2008-10-07T00:00:00", "id": "OPENVAS:1361412562310800110", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800110", "title": "PHP Multiple Vulnerabilities - Aug08", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln_aug08.nasl 10459 2018-07-09 07:41:24Z cfischer $\n#\n# PHP Multiple Vulnerabilities - Aug08\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800110\");\n script_version(\"$Revision: 10459 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-09 09:41:24 +0200 (Mon, 09 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2008-10-07 16:11:33 +0200 (Tue, 07 Oct 2008)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_bugtraq_id(29009, 27413, 27786);\n script_cve_id(\"CVE-2008-2050\", \"CVE-2008-2051\", \"CVE-2007-4850\",\n \"CVE-2008-0599\", \"CVE-2008-0674\");\n script_xref(name:\"CB-A\", value:\"08-0118\");\n script_name(\"PHP Multiple Vulnerabilities - Aug08\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_xref(name:\"URL\", value:\"http://pcre.org/changelog.txt\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176\");\n script_xref(name:\"URL\", value:\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178\");\n script_xref(name:\"URL\", value:\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0086\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could result in remote arbitrary code execution,\n security restrictions bypass, access to restricted files, denial of service.\n\n Impact Level: System\");\n\n script_tag(name:\"affected\", value:\"PHP version prior to 5.2.6\");\n\n script_tag(name:\"insight\", value:\"The flaws are caused by,\n\n - an unspecified stack overflow error in FastCGI SAPI (fastcgi.c).\n\n - an error during path translation in cgi_main.c.\n\n - an error with an unknown impact/attack vectors.\n\n - an unspecified error within the processing of incomplete multibyte\n characters in escapeshellcmd() API function.\n\n - error in curl/interface.c in the cURL library(libcurl), which could be\n exploited by attackers to bypass safe_mode security restrictions.\n\n - an error in PCRE. i.e buffer overflow error when handling a character class\n containing a very large number of characters with codepoints greater than\n 255(UTF-8 mode).\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.2.6 or above,\n http://www.php.net/downloads.php\");\n\n script_tag(name:\"summary\", value:\"The host is installed with PHP, that is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\n# Match PHP version <= 5.2.5\nif( version_is_less_equal( version:phpVer, test_version:\"5.2.5\" ) ) {\n report = report_fixed_ver( installed_version:phpVer, fixed_version:\"5.2.6\" );\n security_message( data:report, port:phpPort );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2018-08-31T00:37:10", "bulletinFamily": "unix", "description": "New php packages are available for Slackware 10.2, 11.0, 12.0, 12.1,\nand -current to fix security issues.\n\nNote that PHP5 is not the default PHP for Slackware 10.2 or 11.0 (those use\nPHP4), so if your PHP code is not ready for PHP5, don't upgrade until it is\nor you'll (by definition) run into problems.\n\nMore details about one of the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599\n\n\nHere are the details from the Slackware 12.1 ChangeLog:\n\npatches/packages/php-5.2.6-i486-1_slack12.1.tgz:\n Upgraded to php-5.2.6.\n This version of PHP contains many fixes and enhancements. Some of the fixes\n are security related, and the PHP release announcement provides this list:\n * Fixed possible stack buffer overflow in the FastCGI SAPI identified by\n Andrei Nigmatulin.\n * Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.\n * Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.\n * Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.\n * Properly address incomplete multibyte chars inside escapeshellcmd()\n identified by Stefan Esser.\n * Upgraded bundled PCRE to version 7.6\n When last checked, CVE-2008-0599 was not yet open. However, additional\n information should become available at this URL:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599\n The list reproduced above, as well as additional information about other\n fixes in PHP 5.2.6 may be found in the PHP release announcement here:\n http://www.php.net/releases/5_2_6.php\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/testing/packages/php5/php-5.2.6-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.2.6-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/php-5.2.6-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/php-5.2.6-i486-1_slack12.1.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.2.6-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 10.2 package:\n4efe7aac0d75ac62b7a81795d026c9b4 php-5.2.6-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\nf34eb2916cac7003750fc56b79d7974b php-5.2.6-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\nffca00ec8ce0209e7d9c31c2d922e2fe php-5.2.6-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n9b0e03d4a306b64c7b61abd3d3de935d php-5.2.6-i486-1_slack12.1.tgz\n\nSlackware -current package:\nb0ccfaca2876c09ee8359a1b6a012406 php-5.2.6-i486-1.tgz\n\n\nInstallation instructions:\n\nFirst, stop Apache:\n > apachectl stop\n\nNext, upgrade to the new PHP package:\n > upgradepkg php-5.2.6-i486-1_slack12.1.tgz\n\nFinally, restart Apache:\n > apachectl start\n\nOr, for Apache 1.3.x versions using SSL:\n > apachectl startssl", "modified": "2008-05-07T20:53:08", "published": "2008-05-07T20:53:08", "id": "SSA-2008-128-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951", "title": "php", "type": "slackware", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:08:24", "bulletinFamily": "scanner", "description": "This version upgrade php5 to 5.2.6 fixes several security\nvulnerabilities.\n\n - Fixed possible stack-based buffer overflow in the\n FastCGI SAPI identified by Andrei Nigmatulin.\n\n - Fixed integer overflow in printf() identified by\n Maksymilian Aciemowicz.\n\n - Fixed security issue detailed in CVE-2008-0599\n identified by Ryan Permeh.\n\n - Fixed a safe_mode bypass in cURL identified by\n Maksymilian Arciemowicz.\n\n - Properly address incomplete multibyte chars inside\n escapeshellcmd() identified by Stefan Esser.\n\n - and many more...", "modified": "2014-06-05T00:00:00", "published": "2008-06-26T00:00:00", "id": "SUSE_APACHE2-MOD_PHP5-5345.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=33266", "title": "SuSE 10 Security Update : PHP5 (ZYPP Patch Number 5345)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33266);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2014/06/05 10:49:46 $\");\n\n script_cve_id(\"CVE-2008-0599\");\n\n script_name(english:\"SuSE 10 Security Update : PHP5 (ZYPP Patch Number 5345)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This version upgrade php5 to 5.2.6 fixes several security\nvulnerabilities.\n\n - Fixed possible stack-based buffer overflow in the\n FastCGI SAPI identified by Andrei Nigmatulin.\n\n - Fixed integer overflow in printf() identified by\n Maksymilian Aciemowicz.\n\n - Fixed security issue detailed in CVE-2008-0599\n identified by Ryan Permeh.\n\n - Fixed a safe_mode bypass in cURL identified by\n Maksymilian Arciemowicz.\n\n - Properly address incomplete multibyte chars inside\n escapeshellcmd() identified by Stefan Esser.\n\n - and many more...\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0599.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5345.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"apache2-mod_php5-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-bcmath-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-bz2-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-calendar-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-ctype-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-curl-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-dba-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-dbase-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-devel-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-dom-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-exif-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-fastcgi-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-filepro-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-ftp-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-gd-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-gettext-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-gmp-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-iconv-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-imap-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-ldap-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-mbstring-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-mcrypt-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-mhash-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-mysql-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-mysqli-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-ncurses-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-odbc-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-openssl-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-pcntl-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-pdo-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-pear-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-pgsql-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-posix-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-pspell-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-shmop-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-snmp-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-soap-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-sockets-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-sqlite-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-suhosin-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-sysvmsg-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-sysvsem-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-sysvshm-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-tokenizer-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-wddx-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-xmlreader-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-xmlrpc-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-xsl-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"php5-zlib-5.1.2-29.59\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"apache2-mod_php5-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-bcmath-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-bz2-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-calendar-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-ctype-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-curl-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-dba-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-dbase-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-devel-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-dom-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-exif-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-fastcgi-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-ftp-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-gd-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-gettext-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-gmp-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-iconv-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-imap-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-json-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-ldap-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-mbstring-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-mcrypt-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-mhash-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-mysql-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-ncurses-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-odbc-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-openssl-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-pcntl-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-pdo-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-pear-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-pgsql-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-posix-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-pspell-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-shmop-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-snmp-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-soap-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-sockets-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-sqlite-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-suhosin-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-sysvmsg-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-sysvsem-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-sysvshm-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-tokenizer-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-wddx-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-xmlreader-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-xmlrpc-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-xsl-5.2.5-9.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-zlib-5.2.5-9.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:21", "bulletinFamily": "scanner", "description": "New php packages are available for Slackware 10.2, 11.0, 12.0, 12.1,\nand -current to fix security issues. Note that PHP5 is not the default\nPHP for Slackware 10.2 or 11.0 (those use PHP4), so if your PHP code\nis not ready for PHP5, don't upgrade until it is or you'll (by\ndefinition) run into problems.", "modified": "2018-06-27T00:00:00", "published": "2008-05-28T00:00:00", "id": "SLACKWARE_SSA_2008-128-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32444", "title": "Slackware 10.2 / 11.0 / 12.0 / 12.1 / current : php (SSA:2008-128-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2008-128-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32444);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/06/27 18:42:26\");\n\n script_cve_id(\"CVE-2008-0599\", \"CVE-2008-2050\", \"CVE-2008-2051\");\n script_bugtraq_id(29009);\n script_xref(name:\"SSA\", value:\"2008-128-01\");\n\n script_name(english:\"Slackware 10.2 / 11.0 / 12.0 / 12.1 / current : php (SSA:2008-128-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 10.2, 11.0, 12.0, 12.1,\nand -current to fix security issues. Note that PHP5 is not the default\nPHP for Slackware 10.2 or 11.0 (those use PHP4), so if your PHP code\nis not ready for PHP5, don't upgrade until it is or you'll (by\ndefinition) run into problems.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6629f5e7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"10.2\", pkgname:\"php\", pkgver:\"5.2.6\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"php\", pkgver:\"5.2.6\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"php\", pkgver:\"5.2.6\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"php\", pkgver:\"5.2.6\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.2.6\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:24", "bulletinFamily": "scanner", "description": "This release updates PHP to the latest upstream version 5.2.6, fixing\nmultiple bugs and security issues. See upstream release notes for\nfurther details: http://www.php.net/releases/5_2_6.php It was\ndiscovered that the PHP escapeshellcmd() function did not properly\nescape multi-byte characters which are not valid in the locale used by\nthe script. This could allow an attacker to bypass quoting\nrestrictions imposed by escapeshellcmd() and execute arbitrary\ncommands if the PHP script was using certain locales. Scripts using\nthe default UTF-8 locale are not affected by this issue.\n(CVE-2008-2051) It was discovered that a PHP script using the\ntransparent session ID configuration option, or using the\noutput_add_rewrite_var() function, could leak session identifiers to\nexternal websites. If a page included an HTML form which is posted to\na third-party website, the user's session ID would be included in the\nform data and passed to that website. (CVE-2007-5899) It was\ndiscovered that PHP did not properly seed its pseudo-random number\ngenerator used by functions such as rand() and mt_rand(), possibly\nallowing an attacker to easily predict the generated pseudo-random\nvalues. (CVE-2008-2107, CVE-2008-2108)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-11-28T00:00:00", "published": "2008-06-24T00:00:00", "id": "FEDORA_2008-3606.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=33231", "title": "Fedora 9 : php-5.2.6-2.fc9 (2008-3606)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3606.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33231);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/11/28 22:47:42\");\n\n script_cve_id(\"CVE-2008-0599\", \"CVE-2008-2051\", \"CVE-2008-2107\", \"CVE-2008-2108\");\n script_bugtraq_id(29009);\n script_xref(name:\"FEDORA\", value:\"2008-3606\");\n\n script_name(english:\"Fedora 9 : php-5.2.6-2.fc9 (2008-3606)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release updates PHP to the latest upstream version 5.2.6, fixing\nmultiple bugs and security issues. See upstream release notes for\nfurther details: http://www.php.net/releases/5_2_6.php It was\ndiscovered that the PHP escapeshellcmd() function did not properly\nescape multi-byte characters which are not valid in the locale used by\nthe script. This could allow an attacker to bypass quoting\nrestrictions imposed by escapeshellcmd() and execute arbitrary\ncommands if the PHP script was using certain locales. Scripts using\nthe default UTF-8 locale are not affected by this issue.\n(CVE-2008-2051) It was discovered that a PHP script using the\ntransparent session ID configuration option, or using the\noutput_add_rewrite_var() function, could leak session identifiers to\nexternal websites. If a page included an HTML form which is posted to\na third-party website, the user's session ID would be included in the\nform data and passed to that website. (CVE-2007-5899) It was\ndiscovered that PHP did not properly seed its pseudo-random number\ngenerator used by functions such as rand() and mt_rand(), possibly\nallowing an attacker to easily predict the generated pseudo-random\nvalues. (CVE-2008-2107, CVE-2008-2108)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/releases/5_2_6.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=445003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=445006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=445684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=445685\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-July/012901.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e191822\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-June/011522.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8cc428e7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"php-5.2.6-2.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:09:03", "bulletinFamily": "scanner", "description": "A number of vulnerabilities have been found and corrected in PHP :\n\nphp-cgi in PHP prior to 5.2.6 does not properly calculate the length\nof PATH_TRANSLATED, which has unknown impact and attack vectors\n(CVE-2008-0599).\n\nThe escapeshellcmd() API function in PHP prior to 5.2.6 has unknown\nimpact and context-dependent attack vectors related to incomplete\nmultibyte characters (CVE-2008-2051).\n\nWeaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5\nwere discovered that could produce a zero seed in rare circumstances\non 32bit systems and generations a portion of zero bits during\nconversion due to insufficient precision on 64bit systems\n(CVE-2008-2107, CVE-2008-2108).\n\nThe IMAP module in PHP uses obsolete API calls that allow\ncontext-dependent attackers to cause a denial of service (crash) via a\nlong IMAP request (CVE-2008-2829).\n\nIn addition, the updated packages provide a number of bug fixes.\n\nThe updated packages have been patched to correct these issues.", "modified": "2018-07-19T00:00:00", "published": "2009-04-23T00:00:00", "id": "MANDRIVA_MDVSA-2008-128.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=36486", "title": "Mandriva Linux Security Advisory : php (MDVSA-2008:128)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:128. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36486);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2008-0599\", \"CVE-2008-2051\", \"CVE-2008-2107\", \"CVE-2008-2108\", \"CVE-2008-2829\");\n script_bugtraq_id(29829);\n script_xref(name:\"MDVSA\", value:\"2008:128\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2008:128)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities have been found and corrected in PHP :\n\nphp-cgi in PHP prior to 5.2.6 does not properly calculate the length\nof PATH_TRANSLATED, which has unknown impact and attack vectors\n(CVE-2008-0599).\n\nThe escapeshellcmd() API function in PHP prior to 5.2.6 has unknown\nimpact and context-dependent attack vectors related to incomplete\nmultibyte characters (CVE-2008-2051).\n\nWeaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5\nwere discovered that could produce a zero seed in rare circumstances\non 32bit systems and generations a portion of zero bits during\nconversion due to insufficient precision on 64bit systems\n(CVE-2008-2107, CVE-2008-2108).\n\nThe IMAP module in PHP uses obsolete API calls that allow\ncontext-dependent attackers to cause a denial of service (crash) via a\nlong IMAP request (CVE-2008-2829).\n\nIn addition, the updated packages provide a number of bug fixes.\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mime_magic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libphp5_common5-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-bcmath-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-bz2-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-calendar-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-cgi-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-cli-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-ctype-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-curl-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-dba-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-dbase-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-devel-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-dom-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-exif-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-fcgi-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-filter-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-ftp-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-gd-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-gettext-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-gmp-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-hash-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-iconv-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-imap-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-json-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-ldap-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-mbstring-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-mcrypt-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-mhash-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-mime_magic-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-ming-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-mssql-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-mysql-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-mysqli-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-ncurses-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-odbc-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-openssl-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-pcntl-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-pdo-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-pdo_dblib-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-pdo_mysql-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-pdo_odbc-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-pdo_pgsql-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-pdo_sqlite-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-pgsql-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-posix-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-pspell-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-readline-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-recode-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-session-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-shmop-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-snmp-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-soap-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-sockets-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-sqlite-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-sysvmsg-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-sysvsem-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-sysvshm-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-tidy-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-tokenizer-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-wddx-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-xml-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-xmlreader-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-xmlrpc-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-xmlwriter-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-xsl-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"php-zlib-5.2.5-14.1mdv2008.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:18", "bulletinFamily": "scanner", "description": "According to its banner, the version of PHP installed on the remote\nhost is older than 5.2.6. Such versions may be affected by the\nfollowing issues :\n\n - A stack-based buffer overflow in FastCGI SAPI.\n\n - An integer overflow in printf().\n\n - An security issue arising from improper calculation\n of the length of PATH_TRANSLATED in cgi_main.c.\n\n - A safe_mode bypass in cURL.\n\n - Incomplete handling of multibyte chars inside\n escapeshellcmd().\n\n - Issues in the bundled PCRE fixed by version 7.6.", "modified": "2018-11-15T00:00:00", "published": "2008-05-02T00:00:00", "id": "PHP_5_2_6.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32123", "title": "PHP < 5.2.6 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32123);\n script_version(\"1.28\");\n script_cvs_date(\"Date: 2018/11/15 20:50:18\");\n\n script_cve_id(\n \"CVE-2007-4850\",\n \"CVE-2007-6039\",\n \"CVE-2008-0599\",\n #\"CVE-2008-0674\", PCRE buffer overflow\n \"CVE-2008-1384\",\n \"CVE-2008-2050\",\n \"CVE-2008-2051\"\n );\n script_bugtraq_id(27413, 28392, 29009);\n script_xref(name:\"Secunia\", value:\"30048\");\n\n script_name(english:\"PHP < 5.2.6 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of PHP\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple flaws.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the version of PHP installed on the remote\nhost is older than 5.2.6. Such versions may be affected by the\nfollowing issues :\n\n - A stack-based buffer overflow in FastCGI SAPI.\n\n - An integer overflow in printf().\n\n - An security issue arising from improper calculation\n of the length of PATH_TRANSLATED in cgi_main.c.\n\n - A safe_mode bypass in cURL.\n\n - Incomplete handling of multibyte chars inside\n escapeshellcmd().\n\n - Issues in the bundled PCRE fixed by version 7.6.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2008/Mar/285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2008/May/102\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2008/May/106\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/releases/5_2_6.php\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.2.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 264);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ \"^5\\.[01]\\.\" || \n version =~ \"^5\\.2\\.[0-5]($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.2.6\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:09:14", "bulletinFamily": "scanner", "description": "A number of vulnerabilities have been found and corrected in PHP :\n\nThe htmlentities() and htmlspecialchars() functions in PHP prior to\n5.2.5 accepted partial multibyte sequences, which has unknown impact\nand attack vectors (CVE-2007-5898).\n\nThe output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites\nlocal forms in which the ACTION attribute references a non-local URL,\nwhich could allow a remote attacker to obtain potentially sensitive\ninformation by reading the requests for this URL (CVE-2007-5899).\n\nphp-cgi in PHP prior to 5.2.6 does not properly calculate the length\nof PATH_TRANSLATED, which has unknown impact and attack vectors\n(CVE-2008-0599).\n\nThe escapeshellcmd() API function in PHP prior to 5.2.6 has unknown\nimpact and context-dependent attack vectors related to incomplete\nmultibyte characters (CVE-2008-2051).\n\nWeaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5\nwere discovered that could produce a zero seed in rare circumstances\non 32bit systems and generations a portion of zero bits during\nconversion due to insufficient precision on 64bit systems\n(CVE-2008-2107, CVE-2008-2108).\n\nThe IMAP module in PHP uses obsolete API calls that allow\ncontext-dependent attackers to cause a denial of service (crash) via a\nlong IMAP request (CVE-2008-2829).\n\nIn addition, this update also corrects an issue with some float to\nstring conversions.\n\nThe updated packages have been patched to correct these issues.", "modified": "2018-07-19T00:00:00", "published": "2009-04-23T00:00:00", "id": "MANDRIVA_MDVSA-2008-127.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=38042", "title": "Mandriva Linux Security Advisory : php (MDVSA-2008:127)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:127. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38042);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\n \"CVE-2007-5898\",\n \"CVE-2007-5899\",\n \"CVE-2008-0599\",\n \"CVE-2008-2051\",\n \"CVE-2008-2107\",\n \"CVE-2008-2108\",\n \"CVE-2008-2829\"\n );\n script_bugtraq_id(\n 26403,\n 29829\n );\n script_xref(name:\"MDVSA\", value:\"2008:127\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2008:127)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities have been found and corrected in PHP :\n\nThe htmlentities() and htmlspecialchars() functions in PHP prior to\n5.2.5 accepted partial multibyte sequences, which has unknown impact\nand attack vectors (CVE-2007-5898).\n\nThe output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites\nlocal forms in which the ACTION attribute references a non-local URL,\nwhich could allow a remote attacker to obtain potentially sensitive\ninformation by reading the requests for this URL (CVE-2007-5899).\n\nphp-cgi in PHP prior to 5.2.6 does not properly calculate the length\nof PATH_TRANSLATED, which has unknown impact and attack vectors\n(CVE-2008-0599).\n\nThe escapeshellcmd() API function in PHP prior to 5.2.6 has unknown\nimpact and context-dependent attack vectors related to incomplete\nmultibyte characters (CVE-2008-2051).\n\nWeaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5\nwere discovered that could produce a zero seed in rare circumstances\non 32bit systems and generations a portion of zero bits during\nconversion due to insufficient precision on 64bit systems\n(CVE-2008-2107, CVE-2008-2108).\n\nThe IMAP module in PHP uses obsolete API calls that allow\ncontext-dependent attackers to cause a denial of service (crash) via a\nlong IMAP request (CVE-2008-2829).\n\nIn addition, this update also corrects an issue with some float to\nstring conversions.\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mime_magic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-simplexml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libphp5_common5-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-bcmath-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-bz2-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-calendar-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-cgi-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-cli-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ctype-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-curl-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-dba-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-dbase-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-devel-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-dom-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-exif-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-fcgi-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-filter-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ftp-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-gd-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-gettext-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-gmp-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-hash-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-iconv-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-imap-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-json-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ldap-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mbstring-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mcrypt-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mhash-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mime_magic-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ming-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mssql-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mysql-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-mysqli-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-ncurses-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-odbc-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-openssl-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pcntl-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_dblib-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_mysql-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_odbc-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_pgsql-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pdo_sqlite-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pgsql-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-posix-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-pspell-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-readline-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-recode-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-session-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-shmop-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-simplexml-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-snmp-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-soap-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sockets-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sqlite-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sysvmsg-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sysvsem-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-sysvshm-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-tidy-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-tokenizer-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-wddx-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xml-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xmlreader-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xmlrpc-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xmlwriter-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-xsl-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"php-zlib-5.2.4-3.2mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:24", "bulletinFamily": "scanner", "description": "This release updates PHP to the latest upstream version 5.2.6, fixing\nmultiple bugs and security issues. See upstream release notes for\nfurther details: http://www.php.net/releases/5_2_5.php\nhttp://www.php.net/releases/5_2_6.php It was discovered that the PHP\nescapeshellcmd() function did not properly escape multi-byte\ncharacters which are not valid in the locale used by the script. This\ncould allow an attacker to bypass quoting restrictions imposed by\nescapeshellcmd() and execute arbitrary commands if the PHP script was\nusing certain locales. Scripts using the default UTF-8 locale are not\naffected by this issue. (CVE-2008-2051) PHP functions htmlentities()\nand htmlspecialchars() did not properly recognize partial multi-byte\nsequences. Certain sequences of bytes could be passed through these\nfunctions without being correctly HTML-escaped. An attacker could use\nthis flaw to conduct cross-site scripting attack against users of such\nbrowsers. (CVE-2007-5898) It was discovered that a PHP script using\nthe transparent session ID configuration option, or using the\noutput_add_rewrite_var() function, could leak session identifiers to\nexternal websites. If a page included an HTML form which is posted to\na third-party website, the user's session ID would be included in the\nform data and passed to that website. (CVE-2007-5899) It was\ndiscovered that PHP fnmatch() function did not restrict the length of\nthe string argument. An attacker could use this flaw to crash the PHP\ninterpreter where a script used fnmatch() on untrusted input data.\n(CVE-2007-4782) It was discovered that PHP did not properly seed its\npseudo-random number generator used by functions such as rand() and\nmt_rand(), possibly allowing an attacker to easily predict the\ngenerated pseudo-random values. (CVE-2008-2107, CVE-2008-2108)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2016-12-08T00:00:00", "published": "2008-06-24T00:00:00", "id": "FEDORA_2008-3864.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=33232", "title": "Fedora 8 : php-5.2.6-2.fc8 (2008-3864)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3864.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33232);\n script_version (\"$Revision: 1.17 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:11:36 $\");\n\n script_cve_id(\"CVE-2007-4782\", \"CVE-2007-5898\", \"CVE-2007-5899\", \"CVE-2008-0599\", \"CVE-2008-2051\", \"CVE-2008-2107\", \"CVE-2008-2108\");\n script_bugtraq_id(26403, 29009);\n script_xref(name:\"FEDORA\", value:\"2008-3864\");\n\n script_name(english:\"Fedora 8 : php-5.2.6-2.fc8 (2008-3864)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release updates PHP to the latest upstream version 5.2.6, fixing\nmultiple bugs and security issues. See upstream release notes for\nfurther details: http://www.php.net/releases/5_2_5.php\nhttp://www.php.net/releases/5_2_6.php It was discovered that the PHP\nescapeshellcmd() function did not properly escape multi-byte\ncharacters which are not valid in the locale used by the script. This\ncould allow an attacker to bypass quoting restrictions imposed by\nescapeshellcmd() and execute arbitrary commands if the PHP script was\nusing certain locales. Scripts using the default UTF-8 locale are not\naffected by this issue. (CVE-2008-2051) PHP functions htmlentities()\nand htmlspecialchars() did not properly recognize partial multi-byte\nsequences. Certain sequences of bytes could be passed through these\nfunctions without being correctly HTML-escaped. An attacker could use\nthis flaw to conduct cross-site scripting attack against users of such\nbrowsers. (CVE-2007-5898) It was discovered that a PHP script using\nthe transparent session ID configuration option, or using the\noutput_add_rewrite_var() function, could leak session identifiers to\nexternal websites. If a page included an HTML form which is posted to\na third-party website, the user's session ID would be included in the\nform data and passed to that website. (CVE-2007-5899) It was\ndiscovered that PHP fnmatch() function did not restrict the length of\nthe string argument. An attacker could use this flaw to crash the PHP\ninterpreter where a script used fnmatch() on untrusted input data.\n(CVE-2007-4782) It was discovered that PHP did not properly seed its\npseudo-random number generator used by functions such as rand() and\nmt_rand(), possibly allowing an attacker to easily predict the\ngenerated pseudo-random values. (CVE-2008-2107, CVE-2008-2108)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/releases/5_2_5.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/releases/5_2_6.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=285881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=382411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=382431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=445003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=445006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=445684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=445685\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-June/011516.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f2056591\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94, 189, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"php-5.2.6-2.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:28", "bulletinFamily": "scanner", "description": "It was discovered that PHP did not properly check the length of the\nstring parameter to the fnmatch function. An attacker could cause a\ndenial of service in the PHP interpreter if a script passed untrusted\ninput to the fnmatch function. (CVE-2007-4782)\n\nMaksymilian Arciemowicz discovered a flaw in the cURL library that\nallowed safe_mode and open_basedir restrictions to be bypassed. If a\nPHP application were tricked into processing a bad file:// request, an\nattacker could read arbitrary files. (CVE-2007-4850)\n\nRasmus Lerdorf discovered that the htmlentities and htmlspecialchars\nfunctions did not correctly stop when handling partial multibyte\nsequences. A remote attacker could exploit this to read certain areas\nof memory, possibly gaining access to sensitive information. This\nissue affects Ubuntu 8.04 LTS, and an updated fix is included for\nUbuntu 6.06 LTS, 7.04 and 7.10. (CVE-2007-5898)\n\nIt was discovered that the output_add_rewrite_var function would\nsometimes leak session id information to forms targeting remote URLs.\nMalicious remote sites could use this information to gain access to a\nPHP application user's login credentials. This issue only affects\nUbuntu 8.04 LTS. (CVE-2007-5899)\n\nIt was discovered that PHP did not properly calculate the length of\nPATH_TRANSLATED. If a PHP application were tricked into processing a\nmalicious URI, and attacker may be able to execute arbitrary code with\napplication privileges. (CVE-2008-0599)\n\nAn integer overflow was discovered in the php_sprintf_appendstring\nfunction. Attackers could exploit this to cause a denial of service.\n(CVE-2008-1384)\n\nAndrei Nigmatulin discovered stack-based overflows in the FastCGI SAPI\nof PHP. An attacker may be able to leverage this issue to perform\nattacks against PHP applications. (CVE-2008-2050)\n\nIt was discovered that the escapeshellcmd did not properly process\nmultibyte characters. An attacker may be able to bypass quoting\nrestrictions and possibly execute arbitrary code with application\nprivileges. (CVE-2008-2051)\n\nIt was discovered that the GENERATE_SEED macro produced a predictable\nseed under certain circumstances. Attackers may by able to easily\npredict the results of the rand and mt_rand functions. (CVE-2008-2107,\nCVE-2008-2108)\n\nTavis Ormandy discovered that the PCRE library did not correctly\nhandle certain in-pattern options. An attacker could cause PHP\napplications using pcre to crash, leading to a denial of service.\nUSN-624-1 fixed vulnerabilities in the pcre3 library. This update\nprovides the corresponding update for PHP. (CVE-2008-2371)\n\nIt was discovered that php_imap used obsolete API calls. If a PHP\napplication were tricked into processing a malicious IMAP request, an\nattacker could cause a denial of service or possibly execute code with\napplication privileges. (CVE-2008-2829).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-11-28T00:00:00", "published": "2008-07-24T00:00:00", "id": "UBUNTU_USN-628-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=33575", "title": "Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : php5 vulnerabilities (USN-628-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-628-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33575);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/11/28 11:42:05\");\n\n script_cve_id(\"CVE-2007-4782\", \"CVE-2007-4850\", \"CVE-2007-5898\", \"CVE-2007-5899\", \"CVE-2008-0599\", \"CVE-2008-1384\", \"CVE-2008-2050\", \"CVE-2008-2051\", \"CVE-2008-2107\", \"CVE-2008-2108\", \"CVE-2008-2371\", \"CVE-2008-2829\");\n script_bugtraq_id(26403, 29009, 29829);\n script_xref(name:\"USN\", value:\"628-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : php5 vulnerabilities (USN-628-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that PHP did not properly check the length of the\nstring parameter to the fnmatch function. An attacker could cause a\ndenial of service in the PHP interpreter if a script passed untrusted\ninput to the fnmatch function. (CVE-2007-4782)\n\nMaksymilian Arciemowicz discovered a flaw in the cURL library that\nallowed safe_mode and open_basedir restrictions to be bypassed. If a\nPHP application were tricked into processing a bad file:// request, an\nattacker could read arbitrary files. (CVE-2007-4850)\n\nRasmus Lerdorf discovered that the htmlentities and htmlspecialchars\nfunctions did not correctly stop when handling partial multibyte\nsequences. A remote attacker could exploit this to read certain areas\nof memory, possibly gaining access to sensitive information. This\nissue affects Ubuntu 8.04 LTS, and an updated fix is included for\nUbuntu 6.06 LTS, 7.04 and 7.10. (CVE-2007-5898)\n\nIt was discovered that the output_add_rewrite_var function would\nsometimes leak session id information to forms targeting remote URLs.\nMalicious remote sites could use this information to gain access to a\nPHP application user's login credentials. This issue only affects\nUbuntu 8.04 LTS. (CVE-2007-5899)\n\nIt was discovered that PHP did not properly calculate the length of\nPATH_TRANSLATED. If a PHP application were tricked into processing a\nmalicious URI, and attacker may be able to execute arbitrary code with\napplication privileges. (CVE-2008-0599)\n\nAn integer overflow was discovered in the php_sprintf_appendstring\nfunction. Attackers could exploit this to cause a denial of service.\n(CVE-2008-1384)\n\nAndrei Nigmatulin discovered stack-based overflows in the FastCGI SAPI\nof PHP. An attacker may be able to leverage this issue to perform\nattacks against PHP applications. (CVE-2008-2050)\n\nIt was discovered that the escapeshellcmd did not properly process\nmultibyte characters. An attacker may be able to bypass quoting\nrestrictions and possibly execute arbitrary code with application\nprivileges. (CVE-2008-2051)\n\nIt was discovered that the GENERATE_SEED macro produced a predictable\nseed under certain circumstances. Attackers may by able to easily\npredict the results of the rand and mt_rand functions. (CVE-2008-2107,\nCVE-2008-2108)\n\nTavis Ormandy discovered that the PCRE library did not correctly\nhandle certain in-pattern options. An attacker could cause PHP\napplications using pcre to crash, leading to a denial of service.\nUSN-624-1 fixed vulnerabilities in the pcre3 library. This update\nprovides the corresponding update for PHP. (CVE-2008-2371)\n\nIt was discovered that php_imap used obsolete API calls. If a PHP\napplication were tricked into processing a malicious IMAP request, an\nattacker could cause a denial of service or possibly execute code with\napplication privileges. (CVE-2008-2829).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/628-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94, 119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.04|7\\.10|8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.04 / 7.10 / 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php-pear\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cgi\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cli\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-common\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-curl\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-dev\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-gd\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-ldap\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mhash\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysql\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysqli\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-odbc\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-pgsql\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-recode\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-snmp\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sqlite\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sybase\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xmlrpc\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xsl\", pkgver:\"5.1.2-1ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php-pear\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-cgi\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-cli\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-common\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-curl\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-dev\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-gd\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-ldap\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-mhash\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-mysql\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-odbc\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-pgsql\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-pspell\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-recode\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-snmp\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-sqlite\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-sybase\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-tidy\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-xmlrpc\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-xsl\", pkgver:\"5.2.1-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php-pear\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-cgi\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-cli\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-common\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-curl\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-dev\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-gd\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-ldap\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-mhash\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-mysql\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-odbc\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-pgsql\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-pspell\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-recode\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-snmp\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-sqlite\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-sybase\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-tidy\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-xmlrpc\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"php5-xsl\", pkgver:\"5.2.3-1ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php-pear\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cgi\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cli\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-common\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-curl\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-dev\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-gd\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-gmp\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-ldap\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-mhash\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-mysql\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-odbc\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-pgsql\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-pspell\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-recode\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-snmp\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-sqlite\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-sybase\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-tidy\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-xmlrpc\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-xsl\", pkgver:\"5.2.4-2ubuntu5.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / php-pear / php5 / php5-cgi / php5-cli / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:29", "bulletinFamily": "scanner", "description": "The remote host is running a version of Mac OS X 10.5 or 10.4 that\ndoes not have the security update 2008-005 applied. \n\nThis update contains security fixes for a number of programs.", "modified": "2018-07-14T00:00:00", "published": "2008-08-01T00:00:00", "id": "MACOSX_SECUPD2008-005.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=33790", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2008-005)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3004) exit(0);\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33790);\n script_version(\"1.25\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2007-4850\", \n \"CVE-2007-5135\", \n \"CVE-2007-6199\", \n \"CVE-2007-6200\", \n \"CVE-2008-0599\",\n \"CVE-2008-0674\", \n \"CVE-2008-1447\", \n \"CVE-2008-2050\", \n \"CVE-2008-2051\", \n \"CVE-2008-2320\",\n \"CVE-2008-2321\", \n \"CVE-2008-2322\", \n \"CVE-2008-2323\", \n \"CVE-2008-2324\", \n \"CVE-2008-2325\",\n \"CVE-2008-2830\", \n \"CVE-2008-2952\"\n );\n script_bugtraq_id(\n 25831, \n 26638, \n 26639, \n 27413, \n 27786, \n 29009, \n 29831, \n 30013, \n 30131, \n 30487,\n 30488, \n 30489, \n 30490, \n 30492, \n 30493\n );\n script_xref(name:\"Secunia\", value:\"31326\");\n script_xref(name:\"IAVA\", value:\"2008-A-0045\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2008-005)\");\n script_summary(english:\"Check for the presence of Security Update 2008-005\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5 or 10.4 that\ndoes not have the security update 2008-005 applied. \n\nThis update contains security fixes for a number of programs.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT2647\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2008/Jul/msg00003.html\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2008-005 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2008/07/31\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n exit(0);\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(0);\n\nif (egrep(pattern:\"Darwin.* (8\\.[0-9]\\.|8\\.1[01]\\.)\", string:uname))\n{\n packages = get_kb_item(\"Host/MacOSX/packages\");\n if (!packages) exit(0);\n\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2008-00[5-8]||2009-|20[1-9][0-9]-)\", string:packages))\n security_hole(0);\n}\nelse if (egrep(pattern:\"Darwin.* (9\\.[0-4]\\.)\", string:uname))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(0);\n\n if (!egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.2008\\.005\\.bom\", string:packages))\n security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:42", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200811-05\n(PHP: Multiple vulnerabilities)\n\n Several vulnerabilitites were found in PHP:\n PHP ships a\n vulnerable version of the PCRE library which allows for the\n circumvention of security restrictions or even for remote code\n execution in case of an application which accepts user-supplied regular\n expressions (CVE-2008-0674).\n Multiple crash issues in several\n PHP functions have been discovered.\n Ryan Permeh reported that\n the init_request_info() function in sapi/cgi/cgi_main.c does not\n properly consider operator precedence when calculating the length of\n PATH_TRANSLATED (CVE-2008-0599).\n An off-by-one error in the\n metaphone() function may lead to memory corruption.\n Maksymilian Arciemowicz of SecurityReason Research reported an\n integer overflow, which is triggerable using printf() and related\n functions (CVE-2008-1384).\n Andrei Nigmatulin reported a\n stack-based buffer overflow in the FastCGI SAPI, which has unknown\n attack vectors (CVE-2008-2050).\n Stefan Esser reported that PHP\n does not correctly handle multibyte characters inside the\n escapeshellcmd() function, which is used to sanitize user input before\n its usage in shell commands (CVE-2008-2051).\n Stefan Esser\n reported that a short-coming in PHP's algorithm of seeding the random\n number generator might allow for predictible random numbers\n (CVE-2008-2107, CVE-2008-2108).\n The IMAP extension in PHP uses\n obsolete c-client API calls making it vulnerable to buffer overflows as\n no bounds checking can be done (CVE-2008-2829).\n Tavis Ormandy\n reported a heap-based buffer overflow in pcre_compile.c in the PCRE\n version shipped by PHP when processing user-supplied regular\n expressions (CVE-2008-2371).\n CzechSec reported that specially\n crafted font files can lead to an overflow in the imageloadfont()\n function in ext/gd/gd.c, which is part of the GD extension\n (CVE-2008-3658).\n Maksymilian Arciemowicz of SecurityReason\n Research reported that a design error in PHP's stream wrappers allows\n to circumvent safe_mode checks in several filesystem-related PHP\n functions (CVE-2008-2665, CVE-2008-2666).\n Laurent Gaffie\n discovered a buffer overflow in the internal memnstr() function, which\n is used by the PHP function explode() (CVE-2008-3659).\n An\n error in the FastCGI SAPI when processing a request with multiple dots\n preceding the extension (CVE-2008-3660).\nImpact :\n\n These vulnerabilities might allow a remote attacker to execute\n arbitrary code, to cause a Denial of Service, to circumvent security\n restrictions, to disclose information, and to manipulate files.\nWorkaround :\n\n There is no known workaround at this time.", "modified": "2018-07-11T00:00:00", "published": "2008-11-17T00:00:00", "id": "GENTOO_GLSA-200811-05.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34787", "title": "GLSA-200811-05 : PHP: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200811-05.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34787);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/07/11 17:09:25\");\n\n script_cve_id(\"CVE-2008-0599\", \"CVE-2008-0674\", \"CVE-2008-1384\", \"CVE-2008-2050\", \"CVE-2008-2051\", \"CVE-2008-2107\", \"CVE-2008-2108\", \"CVE-2008-2371\", \"CVE-2008-2665\", \"CVE-2008-2666\", \"CVE-2008-2829\", \"CVE-2008-3658\", \"CVE-2008-3659\", \"CVE-2008-3660\");\n script_xref(name:\"GLSA\", value:\"200811-05\");\n\n script_name(english:\"GLSA-200811-05 : PHP: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200811-05\n(PHP: Multiple vulnerabilities)\n\n Several vulnerabilitites were found in PHP:\n PHP ships a\n vulnerable version of the PCRE library which allows for the\n circumvention of security restrictions or even for remote code\n execution in case of an application which accepts user-supplied regular\n expressions (CVE-2008-0674).\n Multiple crash issues in several\n PHP functions have been discovered.\n Ryan Permeh reported that\n the init_request_info() function in sapi/cgi/cgi_main.c does not\n properly consider operator precedence when calculating the length of\n PATH_TRANSLATED (CVE-2008-0599).\n An off-by-one error in the\n metaphone() function may lead to memory corruption.\n Maksymilian Arciemowicz of SecurityReason Research reported an\n integer overflow, which is triggerable using printf() and related\n functions (CVE-2008-1384).\n Andrei Nigmatulin reported a\n stack-based buffer overflow in the FastCGI SAPI, which has unknown\n attack vectors (CVE-2008-2050).\n Stefan Esser reported that PHP\n does not correctly handle multibyte characters inside the\n escapeshellcmd() function, which is used to sanitize user input before\n its usage in shell commands (CVE-2008-2051).\n Stefan Esser\n reported that a short-coming in PHP's algorithm of seeding the random\n number generator might allow for predictible random numbers\n (CVE-2008-2107, CVE-2008-2108).\n The IMAP extension in PHP uses\n obsolete c-client API calls making it vulnerable to buffer overflows as\n no bounds checking can be done (CVE-2008-2829).\n Tavis Ormandy\n reported a heap-based buffer overflow in pcre_compile.c in the PCRE\n version shipped by PHP when processing user-supplied regular\n expressions (CVE-2008-2371).\n CzechSec reported that specially\n crafted font files can lead to an overflow in the imageloadfont()\n function in ext/gd/gd.c, which is part of the GD extension\n (CVE-2008-3658).\n Maksymilian Arciemowicz of SecurityReason\n Research reported that a design error in PHP's stream wrappers allows\n to circumvent safe_mode checks in several filesystem-related PHP\n functions (CVE-2008-2665, CVE-2008-2666).\n Laurent Gaffie\n discovered a buffer overflow in the internal memnstr() function, which\n is used by the PHP function explode() (CVE-2008-3659).\n An\n error in the FastCGI SAPI when processing a request with multiple dots\n preceding the extension (CVE-2008-3660).\n \nImpact :\n\n These vulnerabilities might allow a remote attacker to execute\n arbitrary code, to cause a Denial of Service, to circumvent security\n restrictions, to disclose information, and to manipulate files.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200811-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All PHP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-5.2.6-r6'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/php\", unaffected:make_list(\"ge 5.2.6-r6\"), vulnerable:make_list(\"lt 5.2.6-r6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PHP\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2018-12-25T20:18:17", "bulletinFamily": "info", "description": "### Overview \n\nPHP contains a path translation vulnerability that may allow an attacker to execute arbitrary code.\n\n### Description \n\nPHP is a scripting language that is designed for web-based applications and can be imbedded directly into HTML.\n\nPHP versions prior to `5.2.6 `contain a path translation vulnerability. For more information about this issue, see the PHP [CVS log](<http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u>). \n \n--- \n \n### Impact \n\nAn attacker may be able to execute arbitrary code in the context of an application that uses the vulnerable function. The scope of the impact depends on how the affected application works. Applications that process filename input from the network, such as public-facing web applications, would be vulnerable to a remote attacker. \n \n--- \n \n### Solution \n\n**Upgrade** \nPHP [`5.2.6`](<http://www.php.net/archive/2008.php#id2008-05-01-1>) was released to address this and other issues. \n \n--- \n \n### Vendor Information\n\n147027\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ The PHP Group \n\nUpdated: May 06, 2008 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://www.php.net/ChangeLog-5.php>\n * [http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u](<http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u>)\n\n### Credit\n\nThanks to the PHP team for information that was used in this report. \n\nThis document was written by Ryan Giobbi. \n\n### Other Information\n\n**CVE IDs:** | [CVE-2008-0599](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0599>) \n---|--- \n**Severity Metric:****** | 1.13 \n**Date Public:** | 2008-05-06 \n**Date First Published:** | 2008-05-06 \n**Date Last Updated: ** | 2008-07-21 18:01 UTC \n**Document Revision: ** | 21 \n", "modified": "2008-07-21T18:01:00", "published": "2008-05-06T00:00:00", "id": "VU:147027", "href": "https://www.kb.cert.org/vuls/id/147027", "type": "cert", "title": "PHP path translation vulnerability", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:47:24", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 29009\r\nCVE(CAN) ID: CVE-2008-0599\r\n\r\nPHP\u662f\u5e7f\u6cdb\u4f7f\u7528\u7684\u901a\u7528\u76ee\u7684\u811a\u672c\u8bed\u8a00\uff0c\u7279\u522b\u9002\u5408\u4e8eWeb\u5f00\u53d1\uff0c\u53ef\u5d4c\u5165\u5230HTML\u4e2d\u3002\r\n\r\nPHP\u76845.2.6\u4e4b\u524d\u7248\u672c\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u6076\u610f\u7528\u6237\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3001\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u5165\u4fb5\u6709\u6f0f\u6d1e\u7684\u7cfb\u7edf\u3002\r\n\r\n1) FastCGI SAPI\u4e2d\u7684\u5b89\u5168\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u6808\u6ea2\u51fa\u3002\r\n\r\n2) \u5904\u7406escapeshellcmd()\u4e2d\u4e0d\u5b8c\u6574\u591a\u5b57\u8282\u5b57\u7b26\u65f6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\r\n\r\n3) cURL\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u7ed5\u8fc7safe_mode\u9650\u5236\u3002\r\n\r\n4) PCRE\u4e2d\u7684\u8fb9\u754c\u6761\u4ef6\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u6076\u610f\u7528\u6237\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u5165\u4fb5\u6709\u6f0f\u6d1e\u7684\u7cfb\u7edf\u3002\r\n\r\n\n\nPHP < 5.2.6\n PHP\r\n---\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.php.net target=_blank>http://www.php.net</a>", "modified": "2008-05-07T00:00:00", "published": "2008-05-07T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3253", "id": "SSV:3253", "title": "PHP 5.2.6\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "redhat": [{"lastseen": "2018-12-11T17:40:52", "bulletinFamily": "unix", "description": "The Red Hat Application Stack is an integrated open source application\r\nstack, and includes JBoss Enterprise Application Platform (EAP).\r\n\r\nStarting with this update, JBoss EAP is no longer provided via the\r\nApplication Stack channels. Instead, all Application Stack customers are\r\nautomatically entitled to the JBoss EAP channels. This ensures all users\r\nhave immediate access to JBoss EAP packages when they are released,\r\nensuring lesser wait for security and critical patches.\r\n\r\nAs a result, you must MANUALLY subscribe to the appropriate JBoss EAP\r\nchannel, as all further JBoss EAP updates will only go to that channel.\r\n\r\nThis update also entitles all customers to the JBoss EAP 4.3.0 channels.\r\nUsers receive support for JBoss EAP 4.3.0 if they choose to install it.\r\nImportant: downgrading from JBoss EAP 4.3.0 to 4.2.0 is unsupported.\r\n\r\nPHP was updated to version 5.2.6, fixing the following security issues:\r\n\r\nIt was discovered that the PHP escapeshellcmd() function did not properly\r\nescape multi-byte characters which are not valid in the locale used by the\r\nscript. This could allow an attacker to bypass quoting restrictions imposed\r\nby escapeshellcmd() and execute arbitrary commands if the PHP script was\r\nusing certain locales. Scripts using the default UTF-8 locale are not\r\naffected by this issue. (CVE-2008-2051)\r\n\r\nThe PHP functions htmlentities() and htmlspecialchars() did not properly\r\nrecognize partial multi-byte sequences. Certain sequences of bytes could be\r\npassed through these functions without being correctly HTML-escaped.\r\nDepending on the browser being used, an attacker could use this flaw to\r\nconduct cross-site scripting attacks. (CVE-2007-5898)\r\n\r\nA PHP script which used the transparent session ID configuration option, or\r\nwhich used the output_add_rewrite_var() function, could leak session\r\nidentifiers to external web sites. If a page included an HTML form with an\r\nACTION attribute referencing a non-local URL, the user's session ID would\r\nbe included in the form data passed to that URL. (CVE-2007-5899)\r\n\r\nIt was discovered that the PHP fnmatch() function did not restrict the\r\nlength of the string argument. An attacker could use this flaw to crash the\r\nPHP interpreter where a script used fnmatch() on untrusted input data.\r\n(CVE-2007-4782)\r\n\r\nIt was discovered that PHP did not properly seed its pseudo-random number\r\ngenerator used by functions such as rand() and mt_rand(), possibly allowing\r\nan attacker to easily predict the generated pseudo-random values.\r\n(CVE-2008-2107, CVE-2008-2108)\r\n\r\nA flaw was found in PHP's CGI server API. If the web server did not set\r\nDOCUMENT_ROOT environment variable for PHP (e.g. when running PHP in the\r\nFastCGI server mode), an attacker could cause a crash of the PHP child\r\nprocess, causing a temporary denial of service. (CVE-2008-0599)\r\n\r\nMySQL was updated to version 5.0.50sp1a, fixing the following security\r\nissue:\r\n\r\nMySQL did not correctly check directories used as arguments for the DATA\r\nDIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated\r\nattacker could elevate their access privileges to tables created by other\r\ndatabase users. Note: this attack does not work on existing tables. An\r\nattacker can only elevate their access to another user's tables as the\r\ntables are created. As well, the names of these created tables need to be\r\npredicted correctly for this attack to succeed. (CVE-2008-2079)\r\n\r\nThe following packages are updated:\r\n\r\n* httpd to 2.2.8\r\n* mod_jk to 1.2.26\r\n* mod_perl to 2.0.4\r\n* the MySQL Connector/ODBC to 3.51.24r1071\r\n* the MySQL Connector/J (JDBC driver) to 5.0.8\r\n* perl-DBD-MySQL to 4.006\r\n* perl-DBI to 1.604\r\n* postgresql to 8.2.7\r\n* postgresql-jdbc to 8.2.508\r\n* postgresqlclient81 to 8.1.11\r\n* postgresql-odbc to 8.02.0500", "modified": "2018-05-03T23:41:50", "published": "2008-07-02T04:00:00", "id": "RHSA-2008:0505", "href": "https://access.redhat.com/errata/RHSA-2008:0505", "type": "redhat", "title": "(RHSA-2008:0505) Moderate: Red Hat Application Stack v2.1 security and enhancement update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:34", "bulletinFamily": "unix", "description": "It was discovered that PHP did not properly check the length of the string parameter to the fnmatch function. An attacker could cause a denial of service in the PHP interpreter if a script passed untrusted input to the fnmatch function. (CVE-2007-4782)\n\nMaksymilian Arciemowicz discovered a flaw in the cURL library that allowed safe_mode and open_basedir restrictions to be bypassed. If a PHP application were tricked into processing a bad file:// request, an attacker could read arbitrary files. (CVE-2007-4850)\n\nRasmus Lerdorf discovered that the htmlentities and htmlspecialchars functions did not correctly stop when handling partial multibyte sequences. A remote attacker could exploit this to read certain areas of memory, possibly gaining access to sensitive information. This issue affects Ubuntu 8.04 LTS, and an updated fix is included for Ubuntu 6.06 LTS, 7.04 and 7.10. (CVE-2007-5898)\n\nIt was discovered that the output_add_rewrite_var function would sometimes leak session id information to forms targeting remote URLs. Malicious remote sites could use this information to gain access to a PHP application user\u2019s login credentials. This issue only affects Ubuntu 8.04 LTS. (CVE-2007-5899)\n\nIt was discovered that PHP did not properly calculate the length of PATH_TRANSLATED. If a PHP application were tricked into processing a malicious URI, and attacker may be able to execute arbitrary code with application privileges. (CVE-2008-0599)\n\nAn integer overflow was discovered in the php_sprintf_appendstring function. Attackers could exploit this to cause a denial of service. (CVE-2008-1384)\n\nAndrei Nigmatulin discovered stack-based overflows in the FastCGI SAPI of PHP. An attacker may be able to leverage this issue to perform attacks against PHP applications. (CVE-2008-2050)\n\nIt was discovered that the escapeshellcmd did not properly process multibyte characters. An attacker may be able to bypass quoting restrictions and possibly execute arbitrary code with application privileges. (CVE-2008-2051)\n\nIt was discovered that the GENERATE_SEED macro produced a predictable seed under certain circumstances. Attackers may by able to easily predict the results of the rand and mt_rand functions. (CVE-2008-2107, CVE-2008-2108)\n\nTavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause PHP applications using pcre to crash, leading to a denial of service. USN-624-1 fixed vulnerabilities in the pcre3 library. This update provides the corresponding update for PHP. (CVE-2008-2371)\n\nIt was discovered that php_imap used obsolete API calls. If a PHP application were tricked into processing a malicious IMAP request, an attacker could cause a denial of service or possibly execute code with application privileges. (CVE-2008-2829)", "modified": "2008-07-23T00:00:00", "published": "2008-07-23T00:00:00", "id": "USN-628-1", "href": "https://usn.ubuntu.com/628-1/", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:47", "bulletinFamily": "unix", "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nSeveral vulnerabilitites were found in PHP: \n\n * PHP ships a vulnerable version of the PCRE library which allows for the circumvention of security restrictions or even for remote code execution in case of an application which accepts user-supplied regular expressions (CVE-2008-0674).\n * Multiple crash issues in several PHP functions have been discovered.\n * Ryan Permeh reported that the init_request_info() function in sapi/cgi/cgi_main.c does not properly consider operator precedence when calculating the length of PATH_TRANSLATED (CVE-2008-0599).\n * An off-by-one error in the metaphone() function may lead to memory corruption.\n * Maksymilian Arciemowicz of SecurityReason Research reported an integer overflow, which is triggerable using printf() and related functions (CVE-2008-1384).\n * Andrei Nigmatulin reported a stack-based buffer overflow in the FastCGI SAPI, which has unknown attack vectors (CVE-2008-2050).\n * Stefan Esser reported that PHP does not correctly handle multibyte characters inside the escapeshellcmd() function, which is used to sanitize user input before its usage in shell commands (CVE-2008-2051).\n * Stefan Esser reported that a short-coming in PHP's algorithm of seeding the random number generator might allow for predictible random numbers (CVE-2008-2107, CVE-2008-2108).\n * The IMAP extension in PHP uses obsolete c-client API calls making it vulnerable to buffer overflows as no bounds checking can be done (CVE-2008-2829).\n * Tavis Ormandy reported a heap-based buffer overflow in pcre_compile.c in the PCRE version shipped by PHP when processing user-supplied regular expressions (CVE-2008-2371).\n * CzechSec reported that specially crafted font files can lead to an overflow in the imageloadfont() function in ext/gd/gd.c, which is part of the GD extension (CVE-2008-3658).\n * Maksymilian Arciemowicz of SecurityReason Research reported that a design error in PHP's stream wrappers allows to circumvent safe_mode checks in several filesystem-related PHP functions (CVE-2008-2665, CVE-2008-2666).\n * Laurent Gaffie discovered a buffer overflow in the internal memnstr() function, which is used by the PHP function explode() (CVE-2008-3659).\n * An error in the FastCGI SAPI when processing a request with multiple dots preceding the extension (CVE-2008-3660).\n\n### Impact\n\nThese vulnerabilities might allow a remote attacker to execute arbitrary code, to cause a Denial of Service, to circumvent security restrictions, to disclose information, and to manipulate files. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll PHP users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/php-5.2.6-r6\"", "modified": "2008-11-16T00:00:00", "published": "2008-11-16T00:00:00", "id": "GLSA-200811-05", "href": "https://security.gentoo.org/glsa/200811-05", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}