ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.
{"ubuntucve": [{"lastseen": "2021-11-22T21:45:45", "description": "ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds\nwith SplArray unserialization without validating a return value and data\ntype, which allows remote attackers to cause a denial of service or\npossibly have unspecified other impact via crafted serialized data.\n\n#### Bugs\n\n * <https://bugs.php.net/bug.php?id=73029>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-17T00:00:00", "type": "ubuntucve", "title": "CVE-2016-7417", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7417"], "modified": "2016-09-17T00:00:00", "id": "UB:CVE-2016-7417", "href": "https://ubuntu.com/security/CVE-2016-7417", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2021-12-14T17:51:49", "description": "ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-17T21:59:00", "type": "debiancve", "title": "CVE-2016-7417", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7417"], "modified": "2016-09-17T21:59:00", "id": "DEBIANCVE:CVE-2016-7417", "href": "https://security-tracker.debian.org/tracker/CVE-2016-7417", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2021-09-02T22:53:24", "description": "ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-19T13:48:45", "type": "redhatcve", "title": "CVE-2016-7417", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7417"], "modified": "2020-08-18T13:18:26", "id": "RH:CVE-2016-7417", "href": "https://access.redhat.com/security/cve/cve-2016-7417", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2021-07-25T19:27:53", "description": "**Issue Overview:**\n\next/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata (CVE-2016-7412).\n\nUse-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call (CVE-2016-7413).\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c (CVE-2016-7414).\n\next/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument (CVE-2016-7416).\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data (CVE-2016-7417).\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call (CVE-2016-7418). \n\n\n \n**Affected Packages:** \n\n\nphp70\n\n \n**Issue Correction:** \nRun _yum update php70_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 php70-enchant-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-bcmath-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-process-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-intl-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-gmp-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-soap-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-xml-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-mbstring-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-mcrypt-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-json-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-gd-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-recode-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-snmp-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-imap-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-ldap-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-tidy-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-cli-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-odbc-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-zip-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-common-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-embedded-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-pdo-dblib-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-fpm-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-pdo-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-devel-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-mysqlnd-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-dba-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-xmlrpc-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-dbg-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-pgsql-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-pspell-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-opcache-7.0.11-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-debuginfo-7.0.11-1.16.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 php70-7.0.11-1.16.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 php70-tidy-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-imap-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-pspell-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-mbstring-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-intl-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-dba-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-embedded-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-mysqlnd-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-soap-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-zip-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-opcache-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-gmp-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-pdo-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-fpm-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-snmp-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-common-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-mcrypt-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-pgsql-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-enchant-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-recode-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-odbc-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-json-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-cli-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-xmlrpc-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-ldap-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-pdo-dblib-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-devel-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-process-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-debuginfo-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-dbg-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-bcmath-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-gd-7.0.11-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-xml-7.0.11-1.16.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-10-12T17:00:00", "type": "amazon", "title": "Medium: php70", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-10-12T17:00:00", "id": "ALAS-2016-754", "href": "https://alas.aws.amazon.com/ALAS-2016-754.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-25T19:27:54", "description": "**Issue Overview:**\n\next/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object (CVE-2016-7411).\n\next/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata (CVE-2016-7412).\n\nUse-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call (CVE-2016-7413).\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c (CVE-2016-7414).\n\next/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument (CVE-2016-7416).\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data (CVE-2016-7417).\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call (CVE-2016-7418). \n\n\n \n**Affected Packages:** \n\n\nphp56\n\n \n**Issue Correction:** \nRun _yum update php56_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 php56-tidy-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-bcmath-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-fpm-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mysqlnd-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-intl-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-cli-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mssql-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-enchant-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-dba-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-soap-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-common-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mcrypt-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-gmp-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-process-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pspell-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mbstring-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pgsql-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-debuginfo-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-dbg-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-imap-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-odbc-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-snmp-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-ldap-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-embedded-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-xmlrpc-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-devel-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pdo-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-gd-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-opcache-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-recode-5.6.26-1.128.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-xml-5.6.26-1.128.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 php56-5.6.26-1.128.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 php56-process-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-dba-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-odbc-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-intl-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pgsql-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-recode-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-gmp-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-enchant-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-xml-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-ldap-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-bcmath-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-devel-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mbstring-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-common-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-soap-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-dbg-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pspell-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-debuginfo-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-snmp-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-xmlrpc-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mssql-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-cli-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pdo-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-opcache-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-gd-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-fpm-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mysqlnd-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-embedded-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-tidy-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-imap-5.6.26-1.128.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mcrypt-5.6.26-1.128.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-10-12T17:00:00", "type": "amazon", "title": "Medium: php56", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-10-12T17:00:00", "id": "ALAS-2016-753", "href": "https://alas.aws.amazon.com/ALAS-2016-753.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:35:48", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2016-09-12T00:00:00", "type": "openvas", "title": "PHP Multiple Vulnerabilities - 03 - Sep16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310809316", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809316", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln03_sep16_win.nasl 14181 2019-03-14 12:59:41Z cfischer $\n#\n# PHP Multiple Vulnerabilities - 03 - Sep16 (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809316\");\n script_version(\"$Revision: 14181 $\");\n script_cve_id(\"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\",\n \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_bugtraq_id(93005, 93006, 93004, 93022, 93008, 93007, 93011);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:59:41 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-12 18:19:30 +0530 (Mon, 12 Sep 2016)\");\n script_name(\"PHP Multiple Vulnerabilities - 03 - Sep16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Use-after-free vulnerability in the 'wddx_stack_destroy' function\n in 'ext/wddx/wddx.c' script.\n\n - Improper varification of a BIT field has the UNSIGNED_FLAG flag\n in 'ext/mysqlnd/mysqlnd_wireprotocol.c' script.\n\n - The ZIP signature-verification feature does not ensure that the\n uncompressed_filesize field is large enough.\n\n - The script 'ext/spl/spl_array.c' proceeds with SplArray unserialization\n without validating a return value and data type.\n\n - The script 'ext/intl/msgformat/msgformat_format.c' does not properly restrict\n the locale length provided to the Locale class in the ICU library.\n\n - An error in the php_wddx_push_element function in ext/wddx/wddx.c.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to cause a denial of service, or possibly have unspecified\n other impact.\");\n\n script_tag(name:\"affected\", value:\"PHP versions prior to 5.6.26 and\n 7.x before 7.0.11 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.6.26, or 7.0.11,\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-7.php\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_less(version:phpVer, test_version:\"5.6.26\"))\n{\n fix = \"5.6.26\";\n VULN = TRUE;\n}\n\nelse if(phpVer =~ \"^7\\.0\")\n{\n if(version_in_range(version:phpVer, test_version:\"7.0\", test_version2:\"7.0.10\"))\n {\n fix = \"7.0.11\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:00", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2016-09-12T00:00:00", "type": "openvas", "title": "PHP Multiple Vulnerabilities - 03 - Sep16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2018-10-17T00:00:00", "id": "OPENVAS:1361412562310809317", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809317", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln03_sep16_lin.nasl 11938 2018-10-17 10:08:39Z asteins $\n#\n# PHP Multiple Vulnerabilities - 03 - Sep16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809317\");\n script_version(\"$Revision: 11938 $\");\n script_cve_id(\"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\",\n \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_bugtraq_id(93005, 93006, 93004, 93022, 93008, 93007, 93011);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-17 12:08:39 +0200 (Wed, 17 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-12 18:19:30 +0530 (Mon, 12 Sep 2016)\");\n script_name(\"PHP Multiple Vulnerabilities - 03 - Sep16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Use-after-free vulnerability in the 'wddx_stack_destroy' function\n in 'ext/wddx/wddx.c' script.\n\n - Improper varification of a BIT field has the UNSIGNED_FLAG flag\n in 'ext/mysqlnd/mysqlnd_wireprotocol.c' script.\n\n - The ZIP signature-verification feature does not ensure that the\n uncompressed_filesize field is large enough.\n\n - The script 'ext/spl/spl_array.c' proceeds with SplArray unserialization\n without validating a return value and data type.\n\n - The script 'ext/intl/msgformat/msgformat_format.c' does not properly restrict\n the locale length provided to the Locale class in the ICU library.\n\n - An error in the php_wddx_push_element function in ext/wddx/wddx.c.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to cause a denial of service, or possibly have unspecified\n other impact.\");\n\n script_tag(name:\"affected\", value:\"PHP versions prior to 5.6.25 and\n 7.x before 7.0.10 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.6.25, or 7.0.10,\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-7.php\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_less(version:phpVer, test_version:\"5.6.26\"))\n{\n fix = \"5.6.26\";\n VULN = TRUE;\n}\n\nelse if(phpVer =~ \"^7\\.0\")\n{\n if(version_in_range(version:phpVer, test_version:\"7.0\", test_version2:\"7.0.10\"))\n {\n fix = \"7.0.11\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:57:29", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-10-26T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-754)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120743", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120743", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120743\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:27 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-754)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in PHP. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update php70 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-754.html\");\n script_cve_id(\"CVE-2016-7418\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7412\", \"CVE-2016-7413\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php70-enchant\", rpm:\"php70-enchant~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-bcmath\", rpm:\"php70-bcmath~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-process\", rpm:\"php70-process~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-intl\", rpm:\"php70-intl~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-gmp\", rpm:\"php70-gmp~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-soap\", rpm:\"php70-soap~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-xml\", rpm:\"php70-xml~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-mbstring\", rpm:\"php70-mbstring~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-mcrypt\", rpm:\"php70-mcrypt~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-json\", rpm:\"php70-json~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-gd\", rpm:\"php70-gd~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-recode\", rpm:\"php70-recode~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-snmp\", rpm:\"php70-snmp~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-imap\", rpm:\"php70-imap~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-ldap\", rpm:\"php70-ldap~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-tidy\", rpm:\"php70-tidy~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-cli\", rpm:\"php70-cli~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-odbc\", rpm:\"php70-odbc~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-zip\", rpm:\"php70-zip~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-common\", rpm:\"php70-common~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-embedded\", rpm:\"php70-embedded~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-pdo-dblib\", rpm:\"php70-pdo-dblib~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-fpm\", rpm:\"php70-fpm~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-pdo\", rpm:\"php70-pdo~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-devel\", rpm:\"php70-devel~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-mysqlnd\", rpm:\"php70-mysqlnd~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-dba\", rpm:\"php70-dba~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-xmlrpc\", rpm:\"php70-xmlrpc~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-dbg\", rpm:\"php70-dbg~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-pgsql\", rpm:\"php70-pgsql~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-pspell\", rpm:\"php70-pspell~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-opcache\", rpm:\"php70-opcache~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70-debuginfo\", rpm:\"php70-debuginfo~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php70\", rpm:\"php70~7.0.11~1.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-09-29T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2016-db71b72137", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809423", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809423", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2016-db71b72137\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809423\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-29 06:01:14 +0200 (Thu, 29 Sep 2016)\");\n script_cve_id(\"CVE-2016-7418\", \"CVE-2016-7417\", \"CVE-2016-7416\", \"CVE-2016-7414\", \"CVE-2016-7413\", \"CVE-2016-7412\", \"CVE-2016-7411\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2016-db71b72137\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-db71b72137\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OAOLNCQKFGIGAQBUCUAYISLRZSQCLEW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.6.26~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:34:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-10-15T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for php5 (openSUSE-SU-2016:2540-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851410", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851410", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851410\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-15 05:53:02 +0200 (Sat, 15 Oct 2016)\");\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\",\n \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for php5 (openSUSE-SU-2016:2540-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php5'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for php5 fixes the following security issues:\n\n * CVE-2016-7411: php5: Memory corruption when destructing deserialized\n object\n\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n\n * CVE-2016-7413: Use after free in wddx_deserialize\n\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n\n * CVE-2016-7417: Missing type check when unserializing SplArray\n\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"php5 on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2540-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5-debuginfo\", rpm:\"apache2-mod_php5-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath-debuginfo\", rpm:\"php5-bcmath-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2-debuginfo\", rpm:\"php5-bz2-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar-debuginfo\", rpm:\"php5-calendar-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype-debuginfo\", rpm:\"php5-ctype-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl-debuginfo\", rpm:\"php5-curl-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba-debuginfo\", rpm:\"php5-dba-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debuginfo\", rpm:\"php5-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debugsource\", rpm:\"php5-debugsource~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom-debuginfo\", rpm:\"php5-dom-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant\", rpm:\"php5-enchant~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant-debuginfo\", rpm:\"php5-enchant-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif-debuginfo\", rpm:\"php5-exif-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi-debuginfo\", rpm:\"php5-fastcgi-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo\", rpm:\"php5-fileinfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo-debuginfo\", rpm:\"php5-fileinfo-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-firebird\", rpm:\"php5-firebird~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-firebird-debuginfo\", rpm:\"php5-firebird-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm\", rpm:\"php5-fpm~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm-debuginfo\", rpm:\"php5-fpm-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp-debuginfo\", rpm:\"php5-ftp-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd-debuginfo\", rpm:\"php5-gd-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext-debuginfo\", rpm:\"php5-gettext-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp-debuginfo\", rpm:\"php5-gmp-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv-debuginfo\", rpm:\"php5-iconv-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap-debuginfo\", rpm:\"php5-imap-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl\", rpm:\"php5-intl~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl-debuginfo\", rpm:\"php5-intl-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json-debuginfo\", rpm:\"php5-json-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap-debuginfo\", rpm:\"php5-ldap-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring-debuginfo\", rpm:\"php5-mbstring-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt-debuginfo\", rpm:\"php5-mcrypt-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql\", rpm:\"php5-mssql~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql-debuginfo\", rpm:\"php5-mssql-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql-debuginfo\", rpm:\"php5-mysql-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc-debuginfo\", rpm:\"php5-odbc-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-opcache\", rpm:\"php5-opcache~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-opcache-debuginfo\", rpm:\"php5-opcache-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl-debuginfo\", rpm:\"php5-openssl-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl-debuginfo\", rpm:\"php5-pcntl-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo-debuginfo\", rpm:\"php5-pdo-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql-debuginfo\", rpm:\"php5-pgsql-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar\", rpm:\"php5-phar~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar-debuginfo\", rpm:\"php5-phar-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix-debuginfo\", rpm:\"php5-posix-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell-debuginfo\", rpm:\"php5-pspell-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline-debuginfo\", rpm:\"php5-readline-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop-debuginfo\", rpm:\"php5-shmop-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp-debuginfo\", rpm:\"php5-snmp-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap-debuginfo\", rpm:\"php5-soap-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets-debuginfo\", rpm:\"php5-sockets-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite-debuginfo\", rpm:\"php5-sqlite-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin-debuginfo\", rpm:\"php5-suhosin-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg-debuginfo\", rpm:\"php5-sysvmsg-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem-debuginfo\", rpm:\"php5-sysvsem-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm-debuginfo\", rpm:\"php5-sysvshm-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy-debuginfo\", rpm:\"php5-tidy-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer-debuginfo\", rpm:\"php5-tokenizer-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx-debuginfo\", rpm:\"php5-wddx-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader-debuginfo\", rpm:\"php5-xmlreader-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc-debuginfo\", rpm:\"php5-xmlrpc-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter-debuginfo\", rpm:\"php5-xmlwriter-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl-debuginfo\", rpm:\"php5-xsl-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip-debuginfo\", rpm:\"php5-zip-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib-debuginfo\", rpm:\"php5-zlib-debuginfo~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.5.14~62.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:55:39", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-10-26T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-753)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120742", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120742", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120742\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:27 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-753)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in PHP. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update php56 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-753.html\");\n script_cve_id(\"CVE-2016-7418\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php56-tidy\", rpm:\"php56-tidy~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-bcmath\", rpm:\"php56-bcmath~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-fpm\", rpm:\"php56-fpm~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mysqlnd\", rpm:\"php56-mysqlnd~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-intl\", rpm:\"php56-intl~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-cli\", rpm:\"php56-cli~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mssql\", rpm:\"php56-mssql~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-enchant\", rpm:\"php56-enchant~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-dba\", rpm:\"php56-dba~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-soap\", rpm:\"php56-soap~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-common\", rpm:\"php56-common~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mcrypt\", rpm:\"php56-mcrypt~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-gmp\", rpm:\"php56-gmp~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-process\", rpm:\"php56-process~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pspell\", rpm:\"php56-pspell~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mbstring\", rpm:\"php56-mbstring~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pgsql\", rpm:\"php56-pgsql~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-debuginfo\", rpm:\"php56-debuginfo~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-dbg\", rpm:\"php56-dbg~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-imap\", rpm:\"php56-imap~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-odbc\", rpm:\"php56-odbc~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-snmp\", rpm:\"php56-snmp~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-ldap\", rpm:\"php56-ldap~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-embedded\", rpm:\"php56-embedded~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-xmlrpc\", rpm:\"php56-xmlrpc~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-devel\", rpm:\"php56-devel~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pdo\", rpm:\"php56-pdo~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-gd\", rpm:\"php56-gd~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-opcache\", rpm:\"php56-opcache~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-recode\", rpm:\"php56-recode~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-xml\", rpm:\"php56-xml~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56\", rpm:\"php56~5.6.26~1.128.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:35:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-10-05T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for php5 (openSUSE-SU-2016:2444-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851402", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851402\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-05 05:44:46 +0200 (Wed, 05 Oct 2016)\");\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\",\n \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for php5 (openSUSE-SU-2016:2444-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php5'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for php5 fixes the following security issues:\n\n * CVE-2016-7411: Memory corruption when destructing deserialized object\n\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n\n * CVE-2016-7413: Use after free in wddx_deserialize\n\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n\n * CVE-2016-7417: Missing type check when unserializing SplArray\n\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\");\n\n script_tag(name:\"affected\", value:\"php5 on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2444-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5-debuginfo\", rpm:\"apache2-mod_php5-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath-debuginfo\", rpm:\"php5-bcmath-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2-debuginfo\", rpm:\"php5-bz2-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar-debuginfo\", rpm:\"php5-calendar-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype-debuginfo\", rpm:\"php5-ctype-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl-debuginfo\", rpm:\"php5-curl-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba-debuginfo\", rpm:\"php5-dba-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debuginfo\", rpm:\"php5-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debugsource\", rpm:\"php5-debugsource~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom-debuginfo\", rpm:\"php5-dom-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant\", rpm:\"php5-enchant~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant-debuginfo\", rpm:\"php5-enchant-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif-debuginfo\", rpm:\"php5-exif-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi-debuginfo\", rpm:\"php5-fastcgi-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo\", rpm:\"php5-fileinfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo-debuginfo\", rpm:\"php5-fileinfo-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-firebird\", rpm:\"php5-firebird~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-firebird-debuginfo\", rpm:\"php5-firebird-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm\", rpm:\"php5-fpm~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm-debuginfo\", rpm:\"php5-fpm-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp-debuginfo\", rpm:\"php5-ftp-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd-debuginfo\", rpm:\"php5-gd-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext-debuginfo\", rpm:\"php5-gettext-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp-debuginfo\", rpm:\"php5-gmp-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv-debuginfo\", rpm:\"php5-iconv-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap-debuginfo\", rpm:\"php5-imap-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl\", rpm:\"php5-intl~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl-debuginfo\", rpm:\"php5-intl-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json-debuginfo\", rpm:\"php5-json-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap-debuginfo\", rpm:\"php5-ldap-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring-debuginfo\", rpm:\"php5-mbstring-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt-debuginfo\", rpm:\"php5-mcrypt-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql\", rpm:\"php5-mssql~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql-debuginfo\", rpm:\"php5-mssql-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql-debuginfo\", rpm:\"php5-mysql-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc-debuginfo\", rpm:\"php5-odbc-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-opcache\", rpm:\"php5-opcache~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-opcache-debuginfo\", rpm:\"php5-opcache-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl-debuginfo\", rpm:\"php5-openssl-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl-debuginfo\", rpm:\"php5-pcntl-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo-debuginfo\", rpm:\"php5-pdo-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql-debuginfo\", rpm:\"php5-pgsql-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar\", rpm:\"php5-phar~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar-debuginfo\", rpm:\"php5-phar-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix-debuginfo\", rpm:\"php5-posix-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell-debuginfo\", rpm:\"php5-pspell-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline-debuginfo\", rpm:\"php5-readline-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop-debuginfo\", rpm:\"php5-shmop-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp-debuginfo\", rpm:\"php5-snmp-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap-debuginfo\", rpm:\"php5-soap-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets-debuginfo\", rpm:\"php5-sockets-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite-debuginfo\", rpm:\"php5-sqlite-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin-debuginfo\", rpm:\"php5-suhosin-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg-debuginfo\", rpm:\"php5-sysvmsg-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem-debuginfo\", rpm:\"php5-sysvsem-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm-debuginfo\", rpm:\"php5-sysvshm-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy-debuginfo\", rpm:\"php5-tidy-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer-debuginfo\", rpm:\"php5-tokenizer-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx-debuginfo\", rpm:\"php5-wddx-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader-debuginfo\", rpm:\"php5-xmlreader-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc-debuginfo\", rpm:\"php5-xmlrpc-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter-debuginfo\", rpm:\"php5-xmlwriter-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl-debuginfo\", rpm:\"php5-xsl-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip-debuginfo\", rpm:\"php5-zip-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib-debuginfo\", rpm:\"php5-zlib-debuginfo~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.6.1~78.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-09-28T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2016-62fc05fd68", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809422", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809422", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2016-62fc05fd68\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809422\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-28 06:03:21 +0200 (Wed, 28 Sep 2016)\");\n script_cve_id(\"CVE-2016-7418\", \"CVE-2016-7417\", \"CVE-2016-7416\", \"CVE-2016-7414\", \"CVE-2016-7413\", \"CVE-2016-7412\", \"CVE-2016-7411\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2016-62fc05fd68\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-62fc05fd68\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCPYXRCCP6O73RVWR5XSFZK2TBUYIY3M\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.6.26~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:34", "description": "Several vulnerabilities were found in PHP,\na general-purpose scripting language commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.26, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:\n\nhttps://php.net/ChangeLog-5.php#5.6.25https://php.net/ChangeLog-5.php#5.6.26", "cvss3": {}, "published": "2016-10-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3689-1 (php5 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7127", "CVE-2016-7131", "CVE-2016-7125", "CVE-2016-7130", "CVE-2016-7129", "CVE-2016-7413", "CVE-2016-7126", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7124", "CVE-2016-7417", "CVE-2016-7128", "CVE-2016-7418", "CVE-2016-7132", "CVE-2016-7412"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703689", "href": "http://plugins.openvas.org/nasl.php?oid=703689", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3689.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3689-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703689);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7126\", \"CVE-2016-7127\",\n \"CVE-2016-7128\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\",\n \"CVE-2016-7132\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\",\n \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_name(\"Debian Security Advisory DSA 3689-1 (php5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-10-08 00:00:00 +0200 (Sat, 08 Oct 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3689.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"php5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package is a metapackage that,\nwhen installed, guarantees that you have at least one of the four server-side\nversions of the PHP5 interpreter installed. Removing this package won't remove\nPHP5 from your system, however it may remove other packages that depend on this\none.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 5.6.26+dfsg-0+deb8u1.\n\nWe recommend that you upgrade your php5 packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were found in PHP,\na general-purpose scripting language commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.26, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:\n\nhttps://php.net/ChangeLog-5.php#5.6.25https://php.net/ChangeLog-5.php#5.6.26\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.26+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-02-05T16:38:55", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2017-1068)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4342", "CVE-2016-6290", "CVE-2016-7127", "CVE-2016-7131", "CVE-2016-7478", "CVE-2016-7130", "CVE-2016-7129", "CVE-2016-6295", "CVE-2016-6297", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-5773", "CVE-2016-7132", "CVE-2016-4343", "CVE-2015-8876", "CVE-2016-6296"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220171068", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171068", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1068\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2016-4342\", \"CVE-2016-4343\", \"CVE-2016-6290\", \"CVE-2016-6295\", \"CVE-2016-6296\", \"CVE-2016-6297\", \"CVE-2016-7127\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\", \"CVE-2016-7132\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7478\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:47:39 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2017-1068)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1068\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1068\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2017-1068 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.(CVE-2016-7478)\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.(CVE-2016-7417)\n\next/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.(CVE-2016-4342)\n\nThe php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document(CVE-2016-7129)\n\nInteger signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.(CVE-2016-6296)\n\next/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773.(CVE-2016-6295)\n\next/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.(CVE-2016-6290)\n\nInteger overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL.(CVE-2016-6297) ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~42.h27\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~42.h27\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~42.h27\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~42.h27\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~42.h27\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~42.h27\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~42.h27\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~42.h27\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~42.h27\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~42.h27\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~42.h27\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~42.h27\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~42.h27\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~42.h27\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:35:49", "description": "Several vulnerabilities were found in PHP,\na general-purpose scripting language commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.26, which includes additional bug fixes.", "cvss3": {}, "published": "2016-10-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3689-1 (php5 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7127", "CVE-2016-7131", "CVE-2016-7125", "CVE-2016-7130", "CVE-2016-7129", "CVE-2016-7413", "CVE-2016-7126", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7124", "CVE-2016-7417", "CVE-2016-7128", "CVE-2016-7418", "CVE-2016-7132", "CVE-2016-7412"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703689", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703689", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3689.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3689-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703689\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7126\", \"CVE-2016-7127\",\n \"CVE-2016-7128\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\",\n \"CVE-2016-7132\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\",\n \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_name(\"Debian Security Advisory DSA 3689-1 (php5 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-08 00:00:00 +0200 (Sat, 08 Oct 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3689.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"php5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 5.6.26+dfsg-0+deb8u1.\n\nWe recommend that you upgrade your php5 packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were found in PHP,\na general-purpose scripting language commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.26, which includes additional bug fixes.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.26+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-05T16:42:13", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2017-1067)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4342", "CVE-2016-6290", "CVE-2016-7127", "CVE-2016-7131", "CVE-2016-7478", "CVE-2016-7130", "CVE-2016-7129", "CVE-2016-6295", "CVE-2016-6297", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-5773", "CVE-2016-7132", "CVE-2016-4343", "CVE-2015-8876", "CVE-2016-6296"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220171067", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171067", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1067\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2016-4342\", \"CVE-2016-4343\", \"CVE-2016-6290\", \"CVE-2016-6295\", \"CVE-2016-6296\", \"CVE-2016-6297\", \"CVE-2016-7127\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\", \"CVE-2016-7132\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7478\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:47:26 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2017-1067)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1067\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1067\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2017-1067 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.(CVE-2016-7478)\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.(CVE-2016-7417)\n\next/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.(CVE-2016-4342)\n\nThe php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document(CVE-2016-7129)\n\nInteger signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.(CVE-2016-6296)\n\next/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773.(CVE-2016-6295)\n\next/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.(CVE-2016-6290)\n\nInteger overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL.(CVE-2016-6297) ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~42.h27\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:35:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-10-05T00:00:00", "type": "openvas", "title": "Ubuntu Update for php7.0 USN-3095-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7127", "CVE-2016-7133", "CVE-2016-7131", "CVE-2016-7125", "CVE-2016-7134", "CVE-2016-7130", "CVE-2016-7129", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7124", "CVE-2016-7417", "CVE-2016-7128", "CVE-2016-7418", "CVE-2016-7132", "CVE-2016-7412"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842904", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842904", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for php7.0 USN-3095-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842904\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-05 05:43:33 +0200 (Wed, 05 Oct 2016)\");\n script_cve_id(\"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7127\", \"CVE-2016-7128\",\n \t\t\"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\", \"CVE-2016-7132\",\n\t\t\"CVE-2016-7413\", \"CVE-2016-7133\", \"CVE-2016-7134\", \"CVE-2016-7411\",\n\t\t\"CVE-2016-7412\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\",\n\t\t\"CVE-2016-7418\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for php7.0 USN-3095-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php7.0'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Taoguang Chen discovered that PHP incorrectly\n handled certain invalid objects when unserializing data. A remote attacker could\n use this issue to cause PHP to crash, resulting in a denial of service, or possibly\n execute arbitrary code. (CVE-2016-7124)\n\nTaoguang Chen discovered that PHP incorrectly handled invalid session\nnames. A remote attacker could use this issue to inject arbitrary session\ndata. (CVE-2016-7125)\n\nIt was discovered that PHP incorrectly handled certain gamma values in the\nimagegammacorrect function. A remote attacker could use this issue to cause\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2016-7127)\n\nIt was discovered that PHP incorrectly handled certain crafted TIFF image\nthumbnails. A remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly expose sensitive information.\n(CVE-2016-7128)\n\nIt was discovered that PHP incorrectly handled unserializing certain\nwddxPacket XML documents. A remote attacker could use this issue to cause\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2016-7129, CVE-2016-7130, CVE-2016-7131,\nCVE-2016-7132, CVE-2016-7413)\n\nIt was discovered that PHP incorrectly handled certain memory operations. A\nremote attacker could use this issue to cause PHP to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 16.04 LTS. (CVE-2016-7133)\n\nIt was discovered that PHP incorrectly handled long strings in curl_escape\ncalls. A remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code. This\nissue only affected Ubuntu 16.04 LTS. (CVE-2016-7134)\n\nTaoguang Chen discovered that PHP incorrectly handled certain failures when\nunserializing data. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2016-7411)\n\nIt was discovered that PHP incorrectly handled certain flags in the MySQL\ndriver. Malicious remote MySQL servers could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-7412)\n\nIt was discovered that PHP incorrectly handled ZIP file signature\nverification when processing a PHAR archive. A remote attacker could use\nthis issue to cause PHP to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2016-7414)\n\nIt was discovered that PH ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"php7.0 on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3095-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3095-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.5.9+dfsg-1ubuntu4.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.5.9+dfsg-1ubuntu4.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.5.9+dfsg-1ubuntu4.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.5.9+dfsg-1ubuntu4.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.5.9+dfsg-1ubuntu4.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.5.9+dfsg-1ubuntu4.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.5.9+dfsg-1ubuntu4.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.10-1ubuntu3.25\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.10-1ubuntu3.25\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.10-1ubuntu3.25\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.10-1ubuntu3.25\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.3.10-1ubuntu3.25\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.10-1ubuntu3.25\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.3.10-1ubuntu3.25\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php7.0\", ver:\"7.0.8-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-cgi\", ver:\"7.0.8-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-cli\", ver:\"7.0.8-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-curl\", ver:\"7.0.8-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-fpm\", ver:\"7.0.8-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-gd\", ver:\"7.0.8-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-mysql\", ver:\"7.0.8-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:06", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-02-22T00:00:00", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities-01 February-2017", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7628", "CVE-2016-8620", "CVE-2016-8623", "CVE-2016-5420", "CVE-2016-7714", "CVE-2016-7414", "CVE-2016-7647", "CVE-2016-4693", "CVE-2016-7594", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-7606", "CVE-2016-7667", "CVE-2016-8619", "CVE-2016-7620", "CVE-2016-7603", "CVE-2016-7655", "CVE-2016-7761", "CVE-2016-7637", "CVE-2016-7616", "CVE-2016-8625", "CVE-2016-8618", "CVE-2016-7622", "CVE-2016-4691", "CVE-2016-7636", "CVE-2016-7661", "CVE-2016-7141", "CVE-2016-7615", "CVE-2016-7629", "CVE-2016-7644", "CVE-2016-7643", "CVE-2016-8617", "CVE-2016-7624", "CVE-2016-1777", "CVE-2016-7413", "CVE-2016-7662", "CVE-2016-7617", "CVE-2016-7663", "CVE-2016-6304", "CVE-2016-7618", "CVE-2016-7619", "CVE-2016-7609", "CVE-2016-7627", "CVE-2016-8622", "CVE-2016-7416", "CVE-2016-7657", "CVE-2016-7602", "CVE-2016-7633", "CVE-2016-7625", "CVE-2016-7660", "CVE-2016-7411", "CVE-2016-8624", "CVE-2016-7417", "CVE-2016-7742", "CVE-2016-7621", "CVE-2016-6303", "CVE-2016-7600", "CVE-2016-7418", "CVE-2016-5421", "CVE-2016-7607", "CVE-2016-7605", "CVE-2016-7591", "CVE-2016-7595", "CVE-2016-7588", "CVE-2016-5419", "CVE-2016-7167", "CVE-2016-7612", "CVE-2016-8621", "CVE-2016-7608", "CVE-2016-7659", "CVE-2016-7412", "CVE-2016-7658"], "modified": "2019-05-03T00:00:00", "id": "OPENVAS:1361412562310810567", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810567", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-01 February-2017\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810567\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\",\n \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\", \"CVE-2016-7609\",\n \"CVE-2016-7628\", \"CVE-2016-7658\", \"CVE-2016-7659\", \"CVE-2016-7624\",\n \"CVE-2016-7605\", \"CVE-2016-7617\", \"CVE-2016-7647\", \"CVE-2016-7663\",\n \"CVE-2016-7627\", \"CVE-2016-7655\", \"CVE-2016-7588\", \"CVE-2016-7603\",\n \"CVE-2016-7595\", \"CVE-2016-7667\", \"CVE-2016-5419\", \"CVE-2016-5420\",\n \"CVE-2016-5421\", \"CVE-2016-7141\", \"CVE-2016-7167\", \"CVE-2016-8615\",\n \"CVE-2016-8616\", \"CVE-2016-8617\", \"CVE-2016-8618\", \"CVE-2016-8619\",\n \"CVE-2016-8620\", \"CVE-2016-8621\", \"CVE-2016-8622\", \"CVE-2016-8623\",\n \"CVE-2016-8624\", \"CVE-2016-8625\", \"CVE-2016-7633\", \"CVE-2016-7616\",\n \"CVE-2016-4691\", \"CVE-2016-7618\", \"CVE-2016-7622\", \"CVE-2016-7594\",\n \"CVE-2016-7643\", \"CVE-2016-7602\", \"CVE-2016-7608\", \"CVE-2016-7591\",\n \"CVE-2016-7657\", \"CVE-2016-7625\", \"CVE-2016-7714\", \"CVE-2016-7620\",\n \"CVE-2016-7606\", \"CVE-2016-7612\", \"CVE-2016-7607\", \"CVE-2016-7615\",\n \"CVE-2016-7621\", \"CVE-2016-7637\", \"CVE-2016-7644\", \"CVE-2016-7629\",\n \"CVE-2016-7619\", \"CVE-2016-1777\", \"CVE-2016-7600\", \"CVE-2016-7742\",\n \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-7661\", \"CVE-2016-4693\",\n \"CVE-2016-7636\", \"CVE-2016-7662\", \"CVE-2016-7660\", \"CVE-2016-7761\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 17:03:09 +0530 (Wed, 22 Feb 2017)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-01 February-2017\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For details\n refer the reference links.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code or cause a denial of service (memory corruption),\n gain access to potentially sensitive information, bypass certain protection\n mechanism and have other impacts.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.12.x through\n 10.12.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.12.2 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT207423\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.12\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\nif(\"Mac OS X\" >< osName)\n{\n if(osVer =~ \"^10\\.12\" && version_is_less(version:osVer, test_version:\"10.12.2\"))\n {\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.12.2\");\n security_message(data:report);\n exit(0);\n }\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-03-27T15:10:22", "description": "According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.11. It is, therefore, affected by multiple vulnerabilities :\n\n - An heap buffer overflow condition exists in the php_mysqlnd_rowp_read_text_protocol_aux() function within file ext/mysqlnd/mysqlnd_wireprotocol.c due to a failure to verify that a BIT field has the UNSIGNED_FLAG flag. An unauthenticated, remote attacker can exploit this, via specially crafted field metadata, to cause a denial of service condition. (CVE-2016-7412)\n\n - A use-after-free error exists in the wddx_stack_destroy() function within file ext/wddx/wddx.c when deserializing recordset elements. An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in the phar_parse_zipfile() function within file ext/phar/zip.c due to a failure to ensure that the uncompressed_filesize field is large enough. An unauthenticated, remote attacker can exploit this, via a specially crafted archive, to cause a denial of service condition. (CVE-2016-7414)\n\n - A stack-based buffer overflow condition exists in the ICU4C library, specifically within file common/locid.cpp in the msgfmt_format_message() function, due to a failure to properly restrict the locale length provided to the Locale class. An unauthenticated, remote attacker can exploit this, via a long first argument to a MessageFormatter::formatMessage() function call, to cause a denial of service condition. (CVE-2016-7416)\n\n - A flaw exists in the spl_array_get_dimension_ptr_ptr() function within file ext/spl/spl_array.c due to a failure to properly validate the return value and data type when deserializing SplArray. An unauthenticated, remote attacker can exploit this, via specially crafted serialized data, to cause a denial of service condition. (CVE-2016-7417)\n\n - An out-of-bounds read error exists in the php_wddx_push_element() function within file ext/wddx/wddx.c when handling an incorrect boolean element, which leads to mishandling the wddx_deserialize() call. An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7418)\n\n - An out-of-bounds access error exists in the phar_parse_tarfile() function within file ext/phar/tar.c when handling the verification of signatures. An unauthenticated, remote attacker can exploit this to cause an unspecified impact.\n\nNote that this software is reportedly affected by other vulnerabilities as well that have not been fixed yet in version 7.0.13.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "PHP 7.0.x < 7.0.11 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98835", "href": "https://www.tenable.com/plugins/was/98835", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:04:05", "description": "According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.11. It is, therefore, affected by multiple vulnerabilities :\n\n - An heap buffer overflow condition exists in the php_mysqlnd_rowp_read_text_protocol_aux() function within file ext/mysqlnd/mysqlnd_wireprotocol.c due to a failure to verify that a BIT field has the UNSIGNED_FLAG flag. An unauthenticated, remote attacker can exploit this, via specially crafted field metadata, to cause a denial of service condition. (CVE-2016-7412)\n\n - A use-after-free error exists in the wddx_stack_destroy() function within file ext/wddx/wddx.c when deserializing recordset elements.\n An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in the phar_parse_zipfile() function within file ext/phar/zip.c due to a failure to ensure that the uncompressed_filesize field is large enough. An unauthenticated, remote attacker can exploit this, via a specially crafted archive, to cause a denial of service condition. (CVE-2016-7414)\n\n - A stack-based buffer overflow condition exists in the ICU4C library, specifically within file common/locid.cpp in the msgfmt_format_message() function, due to a failure to properly restrict the locale length provided to the Locale class. An unauthenticated, remote attacker can exploit this, via a long first argument to a MessageFormatter::formatMessage() function call, to cause a denial of service condition. (CVE-2016-7416)\n\n - A flaw exists in the spl_array_get_dimension_ptr_ptr() function within file ext/spl/spl_array.c due to a failure to properly validate the return value and data type when deserializing SplArray. An unauthenticated, remote attacker can exploit this, via specially crafted serialized data, to cause a denial of service condition.\n (CVE-2016-7417)\n\n - An out-of-bounds read error exists in the php_wddx_push_element() function within file ext/wddx/wddx.c when handling an incorrect boolean element, which leads to mishandling the wddx_deserialize() call. An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7418)\n\n - An out-of-bounds access error exists in the phar_parse_tarfile() function within file ext/phar/tar.c when handling the verification of signatures. An unauthenticated, remote attacker can exploit this to cause an unspecified impact.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-22T00:00:00", "type": "nessus", "title": "PHP 7.0.x < 7.0.11 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_0_11.NASL", "href": "https://www.tenable.com/plugins/nessus/93657", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93657);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-7412\",\n \"CVE-2016-7413\",\n \"CVE-2016-7414\",\n \"CVE-2016-7416\",\n \"CVE-2016-7417\",\n \"CVE-2016-7418\"\n );\n script_bugtraq_id(\n 93004,\n 93005,\n 93006,\n 93007,\n 93008,\n 93011\n );\n\n script_name(english:\"PHP 7.0.x < 7.0.11 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 7.0.x prior to 7.0.11. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An heap buffer overflow condition exists in the\n php_mysqlnd_rowp_read_text_protocol_aux() function\n within file ext/mysqlnd/mysqlnd_wireprotocol.c due to\n a failure to verify that a BIT field has the\n UNSIGNED_FLAG flag. An unauthenticated, remote attacker\n can exploit this, via specially crafted field metadata,\n to cause a denial of service condition. (CVE-2016-7412)\n\n - A use-after-free error exists in the\n wddx_stack_destroy() function within file\n ext/wddx/wddx.c when deserializing recordset elements.\n An unauthenticated, remote attacker can exploit this,\n via a specially crafted wddxPacket XML document, to\n cause a denial of service condition. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in the\n phar_parse_zipfile() function within file ext/phar/zip.c\n due to a failure to ensure that the\n uncompressed_filesize field is large enough. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted archive, to cause a denial of service\n condition. (CVE-2016-7414)\n\n - A stack-based buffer overflow condition exists in the\n ICU4C library, specifically within file common/locid.cpp\n in the msgfmt_format_message() function, due to a\n failure to properly restrict the locale length provided\n to the Locale class. An unauthenticated, remote attacker\n can exploit this, via a long first argument to a\n MessageFormatter::formatMessage() function call, to\n cause a denial of service condition. (CVE-2016-7416)\n\n - A flaw exists in the spl_array_get_dimension_ptr_ptr()\n function within file ext/spl/spl_array.c due to a\n failure to properly validate the return value and data\n type when deserializing SplArray. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n serialized data, to cause a denial of service condition.\n (CVE-2016-7417)\n\n - An out-of-bounds read error exists in the\n php_wddx_push_element() function within file\n ext/wddx/wddx.c when handling an incorrect boolean\n element, which leads to mishandling the\n wddx_deserialize() call. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n wddxPacket XML document, to cause a denial of service\n condition. (CVE-2016-7418)\n\n - An out-of-bounds access error exists in the\n phar_parse_tarfile() function within file ext/phar/tar.c\n when handling the verification of signatures. An\n unauthenticated, remote attacker can exploit this to\n cause an unspecified impact.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://secure.php.net/ChangeLog-7.php#7.0.11\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.0.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7417\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^7(\\.0)?$\")\n audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^7\\.0\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 7.0.x\", port);\n\nif (version =~ \"^7\\.0\\.\" && ver_compare(ver:version, fix:\"7.0.11\", strict:FALSE) < 0){\n security_report_v4(\n port : port,\n extra :\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 7.0.11' +\n '\\n',\n severity:SECURITY_HOLE\n );\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:07:54", "description": "PHP reports :\n\n- Fixed bug #73007 (add locale length check)\n\n- Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\n\n- Fixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile)\n\n- Fixed bug #73029 (Missing type check when unserializing SplArray)\n\n- Fixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)\n\n- Fixed bug #72860 (wddx_deserialize use-after-free)\n\n- Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-17T00:00:00", "type": "nessus", "title": "FreeBSD : PHP -- multiple vulnerabilities (f471032a-8700-11e6-8d93-00248c0c745d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:php70", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F471032A870011E68D9300248C0C745D.NASL", "href": "https://www.tenable.com/plugins/nessus/94084", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94084);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"FreeBSD : PHP -- multiple vulnerabilities (f471032a-8700-11e6-8d93-00248c0c745d)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP reports :\n\n- Fixed bug #73007 (add locale length check)\n\n- Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\n\n- Fixed bug #72928 (Out of bound when verify signature of zip phar in\nphar_parse_zipfile)\n\n- Fixed bug #73029 (Missing type check when unserializing SplArray)\n\n- Fixed bug #73052 (Memory Corruption in During Deserialized-object\nDestruction)\n\n- Fixed bug #72860 (wddx_deserialize use-after-free)\n\n- Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-7.php#7.0.11\"\n );\n # https://vuxml.freebsd.org/freebsd/f471032a-8700-11e6-8d93-00248c0c745d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?556e252c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php70\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php70<7.0.11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:23", "description": "ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata (CVE-2016-7412).\n\nUse-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call (CVE-2016-7413).\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c (CVE-2016-7414).\n\next/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument (CVE-2016-7416).\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data (CVE-2016-7417).\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call (CVE-2016-7418).", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-13T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php70 (ALAS-2016-754)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php70", "p-cpe:/a:amazon:linux:php70-bcmath", "p-cpe:/a:amazon:linux:php70-cli", "p-cpe:/a:amazon:linux:php70-common", "p-cpe:/a:amazon:linux:php70-dba", "p-cpe:/a:amazon:linux:php70-dbg", "p-cpe:/a:amazon:linux:php70-debuginfo", "p-cpe:/a:amazon:linux:php70-devel", "p-cpe:/a:amazon:linux:php70-embedded", "p-cpe:/a:amazon:linux:php70-enchant", "p-cpe:/a:amazon:linux:php70-fpm", "p-cpe:/a:amazon:linux:php70-gd", "p-cpe:/a:amazon:linux:php70-gmp", "p-cpe:/a:amazon:linux:php70-imap", "p-cpe:/a:amazon:linux:php70-intl", "p-cpe:/a:amazon:linux:php70-json", "p-cpe:/a:amazon:linux:php70-ldap", "p-cpe:/a:amazon:linux:php70-mbstring", "p-cpe:/a:amazon:linux:php70-mcrypt", "p-cpe:/a:amazon:linux:php70-mysqlnd", "p-cpe:/a:amazon:linux:php70-odbc", "p-cpe:/a:amazon:linux:php70-opcache", "p-cpe:/a:amazon:linux:php70-pdo", "p-cpe:/a:amazon:linux:php70-pdo-dblib", "p-cpe:/a:amazon:linux:php70-pgsql", "p-cpe:/a:amazon:linux:php70-process", "p-cpe:/a:amazon:linux:php70-pspell", "p-cpe:/a:amazon:linux:php70-recode", "p-cpe:/a:amazon:linux:php70-snmp", "p-cpe:/a:amazon:linux:php70-soap", "p-cpe:/a:amazon:linux:php70-tidy", "p-cpe:/a:amazon:linux:php70-xml", "p-cpe:/a:amazon:linux:php70-xmlrpc", "p-cpe:/a:amazon:linux:php70-zip", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-754.NASL", "href": "https://www.tenable.com/plugins/nessus/94020", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-754.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94020);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"ALAS\", value:\"2016-754\");\n\n script_name(english:\"Amazon Linux AMI : php70 (ALAS-2016-754)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before\n7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag,\nwhich allows remote MySQL servers to cause a denial of service\n(heap-based buffer overflow) or possibly have unspecified other impact\nvia crafted field metadata (CVE-2016-7412).\n\nUse-after-free vulnerability in the wddx_stack_destroy function in\next/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows\nremote attackers to cause a denial of service or possibly have\nunspecified other impact via a wddxPacket XML document that lacks an\nend-tag for a recordset field element, leading to mishandling in a\nwddx_deserialize call (CVE-2016-7413).\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x\nbefore 7.0.11 does not ensure that the uncompressed_filesize field is\nlarge enough, which allows remote attackers to cause a denial of\nservice (out-of-bounds memory access) or possibly have unspecified\nother impact via a crafted PHAR archive, related to ext/phar/util.c\nand ext/phar/zip.c (CVE-2016-7414).\n\next/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x\nbefore 7.0.11 does not properly restrict the locale length provided to\nthe Locale class in the ICU library, which allows remote attackers to\ncause a denial of service (application crash) or possibly have\nunspecified other impact via a MessageFormatter::formatMessage call\nwith a long first argument (CVE-2016-7416).\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11\nproceeds with SplArray unserialization without validating a return\nvalue and data type, which allows remote attackers to cause a denial\nof service or possibly have unspecified other impact via crafted\nserialized data (CVE-2016-7417).\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before\n5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial\nof service (invalid pointer access and out-of-bounds read) or possibly\nhave unspecified other impact via an incorrect boolean element in a\nwddxPacket XML document, leading to mishandling in a wddx_deserialize\ncall (CVE-2016-7418).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-754.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php70' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pdo-dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php70-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-bcmath-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-cli-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-common-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-dba-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-dbg-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-debuginfo-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-devel-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-embedded-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-enchant-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-fpm-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-gd-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-gmp-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-imap-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-intl-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-json-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-ldap-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-mbstring-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-mcrypt-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-mysqlnd-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-odbc-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-opcache-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pdo-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pdo-dblib-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pgsql-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-process-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pspell-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-recode-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-snmp-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-soap-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-tidy-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-xml-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-xmlrpc-7.0.11-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-zip-7.0.11-1.16.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php70 / php70-bcmath / php70-cli / php70-common / php70-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:03:42", "description": "15 Sep 2016 **PHP version 5.6.26**\n\n**Core:**\n\n - Fixed bug php#72907 (NULL pointer deref, segfault in gc_remove_zval_from_buffer (zend_gc.c:260)). (Laruence)\n\n**Dba:**\n\n - Fixed bug php#71514 (Bad dba_replace condition because of wrong API usage). (cmb)\n\n - Fixed bug php#70825 (Cannot fetch multiple values with group in ini file). (cmb)\n\n**EXIF:**\n\n - Fixed bug php#72926 (Uninitialized Thumbail Data Leads To Memory Leakage in exif_process_IFD_in_TIFF). (Stas)\n\n**FTP:**\n\n - Fixed bug php#70195 (Cannot upload file using ftp_put to FTPES with require_ssl_reuse). (Benedict Singer)\n\n**GD:**\n\n - Fixed bug php#66005 (imagecopy does not support 1bit transparency on truecolor images). (cmb)\n\n - Fixed bug php#72913 (imagecopy() loses single-color transparency on palette images). (cmb)\n\n - Fixed bug php#68716 (possible resource leaks in\n _php_image_convert()). (cmb)\n\n**Intl:**\n\n - Fixed bug php#73007 (add locale length check). (Stas)\n\n**JSON:**\n\n - Fixed bug php#72787 (json_decode reads out of bounds).\n (Jakub Zelenka)\n\n**mbstring:**\n\n - Fixed bug php#66797 (mb_substr only takes 32-bit signed integer). (cmb)\n\n - Fixed bug php#72910 (Out of bounds heap read in mbc_to_code() / triggered by mb_ereg_match()). (Stas)\n\n**MSSQL:**\n\n - Fixed bug php#72039 (Use of uninitialised value on mssql_guid_string). (Kalle)\n\n**Mysqlnd:**\n\n - Fixed bug php#72293 (Heap overflow in mysqlnd related to BIT fields). (Stas)\n\n**Phar:**\n\n - Fixed bug php#72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile). (Stas)\n\n - Fixed bug php#73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile). (Stas)\n\n**PDO:**\n\n - Fixed bug php#60665 (call to empty() on NULL result using PDO::FETCH_LAZY returns false). (cmb)\n\n**PDO_pgsql:**\n\n - Implemented FR php#72633 (Postgres PDO lastInsertId() should work without specifying a sequence). (Pablo Santiago Sánchez, Matteo)\n\n - Fixed bug php#72759 (Regression in pgo_pgsql). (Anatol)\n\n**SPL:**\n\n - Fixed bug php#73029 (Missing type check when unserializing SplArray). (Stas)\n\n**Standard:**\n\n - Fixed bug php#72823 (strtr out-of-bound access). (cmb)\n\n - Fixed bug php#72278 (getimagesize returning FALSE on valid jpg). (cmb)\n\n - Fixed bug php#65550 (get_browser() incorrectly parses entries with '+' sign). (cmb)\n\n - Fixed bug php#71882 (Negative ftruncate() on php://memory exhausts memory). (cmb)\n\n - Fixed bug php#73011 (integer overflow in fgets cause heap corruption). (Stas)\n\n - Fixed bug php#73017 (memory corruption in wordwrap function). (Stas)\n\n - Fixed bug php#73045 (integer overflow in fgetcsv caused heap corruption). (Stas)\n\n - Fixed bug php#73052 (Memory Corruption in During Deserialized-object Destruction) (Stas)\n\n**Streams:**\n\n - Fixed bug php#72853 (stream_set_blocking doesn't work).\n (Laruence)\n\n**Wddx:**\n\n - Fixed bug php#72860 (wddx_deserialize use-after-free).\n (Stas)\n\n - Fixed bug php#73065 (Out-Of-Bounds Read in php_wddx_push_element). (Stas)\n\n**XML:**\n\n - Fixed bug php#72085 (SEGV on unknown address zif_xml_parse). (cmb)\n\n - Fixed bug php#72927 (integer overflow in xml_utf8_encode). (Stas)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-27T00:00:00", "type": "nessus", "title": "Fedora 24 : php (2016-62fc05fd68)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-62FC05FD68.NASL", "href": "https://www.tenable.com/plugins/nessus/93726", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-62fc05fd68.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93726);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"FEDORA\", value:\"2016-62fc05fd68\");\n\n script_name(english:\"Fedora 24 : php (2016-62fc05fd68)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"15 Sep 2016 **PHP version 5.6.26**\n\n**Core:**\n\n - Fixed bug php#72907 (NULL pointer deref, segfault in\n gc_remove_zval_from_buffer (zend_gc.c:260)). (Laruence)\n\n**Dba:**\n\n - Fixed bug php#71514 (Bad dba_replace condition because\n of wrong API usage). (cmb)\n\n - Fixed bug php#70825 (Cannot fetch multiple values with\n group in ini file). (cmb)\n\n**EXIF:**\n\n - Fixed bug php#72926 (Uninitialized Thumbail Data Leads\n To Memory Leakage in exif_process_IFD_in_TIFF). (Stas)\n\n**FTP:**\n\n - Fixed bug php#70195 (Cannot upload file using ftp_put to\n FTPES with require_ssl_reuse). (Benedict Singer)\n\n**GD:**\n\n - Fixed bug php#66005 (imagecopy does not support 1bit\n transparency on truecolor images). (cmb)\n\n - Fixed bug php#72913 (imagecopy() loses single-color\n transparency on palette images). (cmb)\n\n - Fixed bug php#68716 (possible resource leaks in\n _php_image_convert()). (cmb)\n\n**Intl:**\n\n - Fixed bug php#73007 (add locale length check). (Stas)\n\n**JSON:**\n\n - Fixed bug php#72787 (json_decode reads out of bounds).\n (Jakub Zelenka)\n\n**mbstring:**\n\n - Fixed bug php#66797 (mb_substr only takes 32-bit signed\n integer). (cmb)\n\n - Fixed bug php#72910 (Out of bounds heap read in\n mbc_to_code() / triggered by mb_ereg_match()). (Stas)\n\n**MSSQL:**\n\n - Fixed bug php#72039 (Use of uninitialised value on\n mssql_guid_string). (Kalle)\n\n**Mysqlnd:**\n\n - Fixed bug php#72293 (Heap overflow in mysqlnd related to\n BIT fields). (Stas)\n\n**Phar:**\n\n - Fixed bug php#72928 (Out of bound when verify signature\n of zip phar in phar_parse_zipfile). (Stas)\n\n - Fixed bug php#73035 (Out of bound when verify signature\n of tar phar in phar_parse_tarfile). (Stas)\n\n**PDO:**\n\n - Fixed bug php#60665 (call to empty() on NULL result\n using PDO::FETCH_LAZY returns false). (cmb)\n\n**PDO_pgsql:**\n\n - Implemented FR php#72633 (Postgres PDO lastInsertId()\n should work without specifying a sequence). (Pablo\n Santiago Sánchez, Matteo)\n\n - Fixed bug php#72759 (Regression in pgo_pgsql). (Anatol)\n\n**SPL:**\n\n - Fixed bug php#73029 (Missing type check when\n unserializing SplArray). (Stas)\n\n**Standard:**\n\n - Fixed bug php#72823 (strtr out-of-bound access). (cmb)\n\n - Fixed bug php#72278 (getimagesize returning FALSE on\n valid jpg). (cmb)\n\n - Fixed bug php#65550 (get_browser() incorrectly parses\n entries with '+' sign). (cmb)\n\n - Fixed bug php#71882 (Negative ftruncate() on\n php://memory exhausts memory). (cmb)\n\n - Fixed bug php#73011 (integer overflow in fgets cause\n heap corruption). (Stas)\n\n - Fixed bug php#73017 (memory corruption in wordwrap\n function). (Stas)\n\n - Fixed bug php#73045 (integer overflow in fgetcsv caused\n heap corruption). (Stas)\n\n - Fixed bug php#73052 (Memory Corruption in During\n Deserialized-object Destruction) (Stas)\n\n**Streams:**\n\n - Fixed bug php#72853 (stream_set_blocking doesn't work).\n (Laruence)\n\n**Wddx:**\n\n - Fixed bug php#72860 (wddx_deserialize use-after-free).\n (Stas)\n\n - Fixed bug php#73065 (Out-Of-Bounds Read in\n php_wddx_push_element). (Stas)\n\n**XML:**\n\n - Fixed bug php#72085 (SEGV on unknown address\n zif_xml_parse). (cmb)\n\n - Fixed bug php#72927 (integer overflow in\n xml_utf8_encode). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-62fc05fd68\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"php-5.6.26-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:03:33", "description": "15 Sep 2016 **PHP version 5.6.26**\n\n**Core:**\n\n - Fixed bug php#72907 (NULL pointer deref, segfault in gc_remove_zval_from_buffer (zend_gc.c:260)). (Laruence)\n\n**Dba:**\n\n - Fixed bug php#71514 (Bad dba_replace condition because of wrong API usage). (cmb)\n\n - Fixed bug php#70825 (Cannot fetch multiple values with group in ini file). (cmb)\n\n**EXIF:**\n\n - Fixed bug php#72926 (Uninitialized Thumbail Data Leads To Memory Leakage in exif_process_IFD_in_TIFF). (Stas)\n\n**FTP:**\n\n - Fixed bug php#70195 (Cannot upload file using ftp_put to FTPES with require_ssl_reuse). (Benedict Singer)\n\n**GD:**\n\n - Fixed bug php#66005 (imagecopy does not support 1bit transparency on truecolor images). (cmb)\n\n - Fixed bug php#72913 (imagecopy() loses single-color transparency on palette images). (cmb)\n\n - Fixed bug php#68716 (possible resource leaks in\n _php_image_convert()). (cmb)\n\n**Intl:**\n\n - Fixed bug php#73007 (add locale length check). (Stas)\n\n**JSON:**\n\n - Fixed bug php#72787 (json_decode reads out of bounds).\n (Jakub Zelenka)\n\n**mbstring:**\n\n - Fixed bug php#66797 (mb_substr only takes 32-bit signed integer). (cmb)\n\n - Fixed bug php#72910 (Out of bounds heap read in mbc_to_code() / triggered by mb_ereg_match()). (Stas)\n\n**MSSQL:**\n\n - Fixed bug php#72039 (Use of uninitialised value on mssql_guid_string). (Kalle)\n\n**Mysqlnd:**\n\n - Fixed bug php#72293 (Heap overflow in mysqlnd related to BIT fields). (Stas)\n\n**Phar:**\n\n - Fixed bug php#72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile). (Stas)\n\n - Fixed bug php#73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile). (Stas)\n\n**PDO:**\n\n - Fixed bug php#60665 (call to empty() on NULL result using PDO::FETCH_LAZY returns false). (cmb)\n\n**PDO_pgsql:**\n\n - Implemented FR php#72633 (Postgres PDO lastInsertId() should work without specifying a sequence). (Pablo Santiago Sánchez, Matteo)\n\n - Fixed bug php#72759 (Regression in pgo_pgsql). (Anatol)\n\n**SPL:**\n\n - Fixed bug php#73029 (Missing type check when unserializing SplArray). (Stas)\n\n**Standard:**\n\n - Fixed bug php#72823 (strtr out-of-bound access). (cmb)\n\n - Fixed bug php#72278 (getimagesize returning FALSE on valid jpg). (cmb)\n\n - Fixed bug php#65550 (get_browser() incorrectly parses entries with '+' sign). (cmb)\n\n - Fixed bug php#71882 (Negative ftruncate() on php://memory exhausts memory). (cmb)\n\n - Fixed bug php#73011 (integer overflow in fgets cause heap corruption). (Stas)\n\n - Fixed bug php#73017 (memory corruption in wordwrap function). (Stas)\n\n - Fixed bug php#73045 (integer overflow in fgetcsv caused heap corruption). (Stas)\n\n - Fixed bug php#73052 (Memory Corruption in During Deserialized-object Destruction) (Stas)\n\n**Streams:**\n\n - Fixed bug php#72853 (stream_set_blocking doesn't work).\n (Laruence)\n\n**Wddx:**\n\n - Fixed bug php#72860 (wddx_deserialize use-after-free).\n (Stas)\n\n - Fixed bug php#73065 (Out-Of-Bounds Read in php_wddx_push_element). (Stas)\n\n**XML:**\n\n - Fixed bug php#72085 (SEGV on unknown address zif_xml_parse). (cmb)\n\n - Fixed bug php#72927 (integer overflow in xml_utf8_encode). (Stas)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-28T00:00:00", "type": "nessus", "title": "Fedora 23 : php (2016-db71b72137)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-DB71B72137.NASL", "href": "https://www.tenable.com/plugins/nessus/93754", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-db71b72137.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93754);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"FEDORA\", value:\"2016-db71b72137\");\n\n script_name(english:\"Fedora 23 : php (2016-db71b72137)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"15 Sep 2016 **PHP version 5.6.26**\n\n**Core:**\n\n - Fixed bug php#72907 (NULL pointer deref, segfault in\n gc_remove_zval_from_buffer (zend_gc.c:260)). (Laruence)\n\n**Dba:**\n\n - Fixed bug php#71514 (Bad dba_replace condition because\n of wrong API usage). (cmb)\n\n - Fixed bug php#70825 (Cannot fetch multiple values with\n group in ini file). (cmb)\n\n**EXIF:**\n\n - Fixed bug php#72926 (Uninitialized Thumbail Data Leads\n To Memory Leakage in exif_process_IFD_in_TIFF). (Stas)\n\n**FTP:**\n\n - Fixed bug php#70195 (Cannot upload file using ftp_put to\n FTPES with require_ssl_reuse). (Benedict Singer)\n\n**GD:**\n\n - Fixed bug php#66005 (imagecopy does not support 1bit\n transparency on truecolor images). (cmb)\n\n - Fixed bug php#72913 (imagecopy() loses single-color\n transparency on palette images). (cmb)\n\n - Fixed bug php#68716 (possible resource leaks in\n _php_image_convert()). (cmb)\n\n**Intl:**\n\n - Fixed bug php#73007 (add locale length check). (Stas)\n\n**JSON:**\n\n - Fixed bug php#72787 (json_decode reads out of bounds).\n (Jakub Zelenka)\n\n**mbstring:**\n\n - Fixed bug php#66797 (mb_substr only takes 32-bit signed\n integer). (cmb)\n\n - Fixed bug php#72910 (Out of bounds heap read in\n mbc_to_code() / triggered by mb_ereg_match()). (Stas)\n\n**MSSQL:**\n\n - Fixed bug php#72039 (Use of uninitialised value on\n mssql_guid_string). (Kalle)\n\n**Mysqlnd:**\n\n - Fixed bug php#72293 (Heap overflow in mysqlnd related to\n BIT fields). (Stas)\n\n**Phar:**\n\n - Fixed bug php#72928 (Out of bound when verify signature\n of zip phar in phar_parse_zipfile). (Stas)\n\n - Fixed bug php#73035 (Out of bound when verify signature\n of tar phar in phar_parse_tarfile). (Stas)\n\n**PDO:**\n\n - Fixed bug php#60665 (call to empty() on NULL result\n using PDO::FETCH_LAZY returns false). (cmb)\n\n**PDO_pgsql:**\n\n - Implemented FR php#72633 (Postgres PDO lastInsertId()\n should work without specifying a sequence). (Pablo\n Santiago Sánchez, Matteo)\n\n - Fixed bug php#72759 (Regression in pgo_pgsql). (Anatol)\n\n**SPL:**\n\n - Fixed bug php#73029 (Missing type check when\n unserializing SplArray). (Stas)\n\n**Standard:**\n\n - Fixed bug php#72823 (strtr out-of-bound access). (cmb)\n\n - Fixed bug php#72278 (getimagesize returning FALSE on\n valid jpg). (cmb)\n\n - Fixed bug php#65550 (get_browser() incorrectly parses\n entries with '+' sign). (cmb)\n\n - Fixed bug php#71882 (Negative ftruncate() on\n php://memory exhausts memory). (cmb)\n\n - Fixed bug php#73011 (integer overflow in fgets cause\n heap corruption). (Stas)\n\n - Fixed bug php#73017 (memory corruption in wordwrap\n function). (Stas)\n\n - Fixed bug php#73045 (integer overflow in fgetcsv caused\n heap corruption). (Stas)\n\n - Fixed bug php#73052 (Memory Corruption in During\n Deserialized-object Destruction) (Stas)\n\n**Streams:**\n\n - Fixed bug php#72853 (stream_set_blocking doesn't work).\n (Laruence)\n\n**Wddx:**\n\n - Fixed bug php#72860 (wddx_deserialize use-after-free).\n (Stas)\n\n - Fixed bug php#73065 (Out-Of-Bounds Read in\n php_wddx_push_element). (Stas)\n\n**XML:**\n\n - Fixed bug php#72085 (SEGV on unknown address\n zif_xml_parse). (cmb)\n\n - Fixed bug php#72927 (integer overflow in\n xml_utf8_encode). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-db71b72137\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"php-5.6.26-1.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:10:32", "description": "According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.26. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in ext/standard/var_unserializer.re when destroying deserialized objects due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a deserialize call that references a partially constructed object, to corrupt memory, resulting in a denial of service condition. (CVE-2016-7411)\n\n - An heap buffer overflow condition exists in the php_mysqlnd_rowp_read_text_protocol_aux() function within file ext/mysqlnd/mysqlnd_wireprotocol.c due to a failure to verify that a BIT field has the UNSIGNED_FLAG flag. An unauthenticated, remote attacker can exploit this, via specially crafted field metadata, to cause a denial of service condition. (CVE-2016-7412)\n\n - A use-after-free error exists in the wddx_stack_destroy() function within file ext/wddx/wddx.c when deserializing recordset elements. An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in the phar_parse_zipfile() function within file ext/phar/zip.c due to a failure to ensure that the uncompressed_filesize field is large enough. An unauthenticated, remote attacker can exploit this, via a specially crafted archive, to cause a denial of service condition. (CVE-2016-7414)\n\n - A stack-based buffer overflow condition exists in the ICU4C library, specifically within file common/locid.cpp in the msgfmt_format_message() function, due to a failure to properly restrict the locale length provided to the Locale class. An unauthenticated, remote attacker can exploit this, via a long first argument to a MessageFormatter::formatMessage() function call, to cause a denial of service condition. (CVE-2016-7416)\n\n - A flaw exists in the spl_array_get_dimension_ptr_ptr() function within file ext/spl/spl_array.c due to a failure to properly validate the return value and data type when deserializing SplArray. An unauthenticated, remote attacker can exploit this, via specially crafted serialized data, to cause a denial of service condition. (CVE-2016-7417)\n\n - An out-of-bounds read error exists in the php_wddx_push_element() function within file ext/wddx/wddx.c when handling an incorrect boolean element, which leads to mishandling the wddx_deserialize() call. An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7418)\n\n - An out-of-bounds access error exists in the phar_parse_tarfile() function within file ext/phar/tar.c when handling the verification of signatures. An unauthenticated, remote attacker can exploit this to cause an unspecified impact.\n\n - An integer overflow condition exists in the fgetcsv() function when handling CSV field lengths due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the wordwrap() function within file ext/standard/string.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the fgets() function within file ext/standard/file.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the xml_utf8_encode() function within file ext/xml/xml.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to cause an unspecified impact.\n\n - A flaw exists in the exif_process_IFD_in_TIFF() function within file ext/exif/exif.c when handling uninitialized thumbnail data. An unauthenticated, remote attacker can exploit this to disclose memory contents.\n\nNote that the scanner has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.26 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98816", "href": "https://www.tenable.com/plugins/was/98816", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:22", "description": "This update for php53 fixes the following issues :\n\n - CVE-2016-7411: php5: Memory corruption when destructing deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing SplArray\n\n - CVE-2016-7418: NULL pointer dereference in php_wddx_push_element\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-06T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2461-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:php53", "p-cpe:/a:novell:suse_linux:php53-bcmath", "p-cpe:/a:novell:suse_linux:php53-bz2", "p-cpe:/a:novell:suse_linux:php53-calendar", "p-cpe:/a:novell:suse_linux:php53-ctype", "p-cpe:/a:novell:suse_linux:php53-curl", "p-cpe:/a:novell:suse_linux:php53-dba", "p-cpe:/a:novell:suse_linux:php53-dom", "p-cpe:/a:novell:suse_linux:php53-exif", "p-cpe:/a:novell:suse_linux:php53-fastcgi", "p-cpe:/a:novell:suse_linux:php53-fileinfo", "p-cpe:/a:novell:suse_linux:php53-ftp", "p-cpe:/a:novell:suse_linux:php53-gd", "p-cpe:/a:novell:suse_linux:php53-gettext", "p-cpe:/a:novell:suse_linux:php53-gmp", "p-cpe:/a:novell:suse_linux:php53-iconv", "p-cpe:/a:novell:suse_linux:php53-intl", "p-cpe:/a:novell:suse_linux:php53-json", "p-cpe:/a:novell:suse_linux:php53-ldap", "p-cpe:/a:novell:suse_linux:php53-mbstring", "p-cpe:/a:novell:suse_linux:php53-mcrypt", "p-cpe:/a:novell:suse_linux:php53-mysql", "p-cpe:/a:novell:suse_linux:php53-odbc", "p-cpe:/a:novell:suse_linux:php53-openssl", "p-cpe:/a:novell:suse_linux:php53-pcntl", "p-cpe:/a:novell:suse_linux:php53-pdo", "p-cpe:/a:novell:suse_linux:php53-pear", "p-cpe:/a:novell:suse_linux:php53-pgsql", "p-cpe:/a:novell:suse_linux:php53-pspell", "p-cpe:/a:novell:suse_linux:php53-shmop", "p-cpe:/a:novell:suse_linux:php53-snmp", "p-cpe:/a:novell:suse_linux:php53-soap", "p-cpe:/a:novell:suse_linux:php53-suhosin", "p-cpe:/a:novell:suse_linux:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:php53-sysvsem", "p-cpe:/a:novell:suse_linux:php53-sysvshm", "p-cpe:/a:novell:suse_linux:php53-tokenizer", "p-cpe:/a:novell:suse_linux:php53-wddx", "p-cpe:/a:novell:suse_linux:php53-xmlreader", "p-cpe:/a:novell:suse_linux:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:php53-xsl", "p-cpe:/a:novell:suse_linux:php53-zip", "p-cpe:/a:novell:suse_linux:php53-zlib", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-2461-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93895", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2461-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93895);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2461-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php53 fixes the following issues :\n\n - CVE-2016-7411: php5: Memory corruption when destructing\n deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not\n receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying\n signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in\n msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing\n SplArray\n\n - CVE-2016-7418: NULL pointer dereference in\n php_wddx_push_element\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7411/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7413/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7414/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7416/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7417/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7418/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162461-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?82e09090\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP2-LTSS:zypper in -t patch\nslessp2-php53-12776=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2:zypper in -t patch\ndbgsp2-php53-12776=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"apache2-mod_php53-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-bcmath-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-bz2-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-calendar-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-ctype-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-curl-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-dba-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-dom-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-exif-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-fastcgi-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-fileinfo-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-ftp-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-gd-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-gettext-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-gmp-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-iconv-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-intl-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-json-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-ldap-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-mbstring-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-mcrypt-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-mysql-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-odbc-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-openssl-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pcntl-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pdo-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pear-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pgsql-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pspell-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-shmop-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-snmp-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-soap-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-suhosin-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-sysvmsg-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-sysvsem-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-sysvshm-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-tokenizer-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-wddx-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xmlreader-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xmlrpc-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xmlwriter-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xsl-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-zip-5.3.17-58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-zlib-5.3.17-58.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:07:14", "description": "ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object (CVE-2016-7411).\n\next/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata (CVE-2016-7412).\n\nUse-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call (CVE-2016-7413).\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c (CVE-2016-7414).\n\next/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument (CVE-2016-7416).\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data (CVE-2016-7417).\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call (CVE-2016-7418).", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-13T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php56 (ALAS-2016-753)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php56", "p-cpe:/a:amazon:linux:php56-bcmath", "p-cpe:/a:amazon:linux:php56-cli", "p-cpe:/a:amazon:linux:php56-common", "p-cpe:/a:amazon:linux:php56-dba", "p-cpe:/a:amazon:linux:php56-dbg", "p-cpe:/a:amazon:linux:php56-debuginfo", "p-cpe:/a:amazon:linux:php56-devel", "p-cpe:/a:amazon:linux:php56-embedded", "p-cpe:/a:amazon:linux:php56-enchant", "p-cpe:/a:amazon:linux:php56-fpm", "p-cpe:/a:amazon:linux:php56-gd", "p-cpe:/a:amazon:linux:php56-gmp", "p-cpe:/a:amazon:linux:php56-imap", "p-cpe:/a:amazon:linux:php56-intl", "p-cpe:/a:amazon:linux:php56-ldap", "p-cpe:/a:amazon:linux:php56-mbstring", "p-cpe:/a:amazon:linux:php56-mcrypt", "p-cpe:/a:amazon:linux:php56-mssql", "p-cpe:/a:amazon:linux:php56-mysqlnd", "p-cpe:/a:amazon:linux:php56-odbc", "p-cpe:/a:amazon:linux:php56-opcache", "p-cpe:/a:amazon:linux:php56-pdo", "p-cpe:/a:amazon:linux:php56-pgsql", "p-cpe:/a:amazon:linux:php56-process", "p-cpe:/a:amazon:linux:php56-pspell", "p-cpe:/a:amazon:linux:php56-recode", "p-cpe:/a:amazon:linux:php56-snmp", "p-cpe:/a:amazon:linux:php56-soap", "p-cpe:/a:amazon:linux:php56-tidy", "p-cpe:/a:amazon:linux:php56-xml", "p-cpe:/a:amazon:linux:php56-xmlrpc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-753.NASL", "href": "https://www.tenable.com/plugins/nessus/94019", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-753.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94019);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"ALAS\", value:\"2016-753\");\n\n script_name(english:\"Amazon Linux AMI : php56 (ALAS-2016-753)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles\nobject-deserialization failures, which allows remote attackers to\ncause a denial of service (memory corruption) or possibly have\nunspecified other impact via an unserialize call that references a\npartially constructed object (CVE-2016-7411).\n\next/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before\n7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag,\nwhich allows remote MySQL servers to cause a denial of service\n(heap-based buffer overflow) or possibly have unspecified other impact\nvia crafted field metadata (CVE-2016-7412).\n\nUse-after-free vulnerability in the wddx_stack_destroy function in\next/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows\nremote attackers to cause a denial of service or possibly have\nunspecified other impact via a wddxPacket XML document that lacks an\nend-tag for a recordset field element, leading to mishandling in a\nwddx_deserialize call (CVE-2016-7413).\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x\nbefore 7.0.11 does not ensure that the uncompressed_filesize field is\nlarge enough, which allows remote attackers to cause a denial of\nservice (out-of-bounds memory access) or possibly have unspecified\nother impact via a crafted PHAR archive, related to ext/phar/util.c\nand ext/phar/zip.c (CVE-2016-7414).\n\next/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x\nbefore 7.0.11 does not properly restrict the locale length provided to\nthe Locale class in the ICU library, which allows remote attackers to\ncause a denial of service (application crash) or possibly have\nunspecified other impact via a MessageFormatter::formatMessage call\nwith a long first argument (CVE-2016-7416).\n\next/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11\nproceeds with SplArray unserialization without validating a return\nvalue and data type, which allows remote attackers to cause a denial\nof service or possibly have unspecified other impact via crafted\nserialized data (CVE-2016-7417).\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before\n5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial\nof service (invalid pointer access and out-of-bounds read) or possibly\nhave unspecified other impact via an incorrect boolean element in a\nwddxPacket XML document, leading to mishandling in a wddx_deserialize\ncall (CVE-2016-7418).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-753.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php56-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-bcmath-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-cli-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-common-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dba-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dbg-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-debuginfo-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-devel-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-embedded-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-enchant-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-fpm-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gd-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gmp-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-imap-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-intl-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-ldap-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mbstring-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mcrypt-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mssql-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mysqlnd-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-odbc-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-opcache-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pdo-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pgsql-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-process-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pspell-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-recode-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-snmp-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-soap-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-tidy-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xml-5.6.26-1.128.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xmlrpc-5.6.26-1.128.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-17T15:29:13", "description": "This update for php5 fixes the following security issues :\n\n - CVE-2016-7411: php5: Memory corruption when destructing deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing SplArray\n\n - CVE-2016-7418: NULL pointer dereference in php_wddx_push_element\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2477-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php5", "p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5", "p-cpe:/a:novell:suse_linux:php5-bcmath", "p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php5-bz2", "p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php5-calendar", "p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ctype", "p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php5-curl", "p-cpe:/a:novell:suse_linux:php5-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-dba", "p-cpe:/a:novell:suse_linux:php5-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5-debugsource", "p-cpe:/a:novell:suse_linux:php5-dom", "p-cpe:/a:novell:suse_linux:php5-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php5-enchant", "p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php5-exif", "p-cpe:/a:novell:suse_linux:php5-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fastcgi", "p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fileinfo", "p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fpm", "p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ftp", "p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gd", "p-cpe:/a:novell:suse_linux:php5-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gettext", "p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gmp", "p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-iconv", "p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php5-imap", "p-cpe:/a:novell:suse_linux:php5-imap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-intl", "p-cpe:/a:novell:suse_linux:php5-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-json", "p-cpe:/a:novell:suse_linux:php5-json-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ldap", "p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mbstring", "p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mcrypt", "p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mysql", "p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-odbc", "p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-opcache", "p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php5-openssl", "p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pcntl", "p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pdo", "p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pgsql", "p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-phar", "p-cpe:/a:novell:suse_linux:php5-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php5-posix", "p-cpe:/a:novell:suse_linux:php5-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pspell", "p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php5-shmop", "p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php5-snmp", "p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-soap", "p-cpe:/a:novell:suse_linux:php5-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sockets", "p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sqlite", "p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php5-suhosin", "p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvmsg", "p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvsem", "p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvshm", "p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-tokenizer", "p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php5-wddx", "p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlreader", "p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlrpc", "p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlwriter", "p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xsl", "p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-zip", "p-cpe:/a:novell:suse_linux:php5-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php5-zlib", "p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-2477-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119983", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2477-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119983);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2477-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php5 fixes the following security issues :\n\n - CVE-2016-7411: php5: Memory corruption when destructing\n deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not\n receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying\n signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in\n msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing\n SplArray\n\n - CVE-2016-7418: NULL pointer dereference in\n php_wddx_push_element\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7411/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7413/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7414/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7416/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7417/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7418/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162477-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e883a5d8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1446=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2016-1446=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debugsource-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-imap-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-imap-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-opcache-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-opcache-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-phar-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-phar-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-posix-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-posix-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-debuginfo-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-5.5.14-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-debuginfo-5.5.14-78.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:08:06", "description": "This update for php5 fixes the following security issues :\n\n - CVE-2016-7411: php5: Memory corruption when destructing deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing SplArray\n\n - CVE-2016-7418: NULL pointer dereference in php_wddx_push_element\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : php5 (openSUSE-2016-1193)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-firebird", "p-cpe:/a:novell:opensuse:php5-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-mssql", "p-cpe:/a:novell:opensuse:php5-mssql-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-opcache", "p-cpe:/a:novell:opensuse:php5-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-1193.NASL", "href": "https://www.tenable.com/plugins/nessus/94089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1193.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94089);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"openSUSE Security Update : php5 (openSUSE-2016-1193)\");\n script_summary(english:\"Check for the openSUSE-2016-1193 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php5 fixes the following security issues :\n\n - CVE-2016-7411: php5: Memory corruption when destructing\n deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not\n receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying\n signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in\n msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing\n SplArray\n\n - CVE-2016-7418: NULL pointer dereference in\n php_wddx_push_element\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999820\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"apache2-mod_php5-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"apache2-mod_php5-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-bcmath-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-bcmath-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-bz2-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-bz2-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-calendar-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-calendar-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-ctype-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-ctype-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-curl-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-curl-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-dba-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-dba-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-debugsource-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-devel-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-dom-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-dom-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-enchant-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-enchant-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-exif-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-exif-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-fastcgi-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-fastcgi-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-fileinfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-fileinfo-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-firebird-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-firebird-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-fpm-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-fpm-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-ftp-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-ftp-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-gd-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-gd-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-gettext-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-gettext-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-gmp-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-gmp-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-iconv-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-iconv-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-imap-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-imap-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-intl-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-intl-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-json-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-json-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-ldap-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-ldap-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mbstring-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mbstring-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mcrypt-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mcrypt-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mssql-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mssql-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mysql-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-mysql-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-odbc-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-odbc-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-opcache-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-opcache-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-openssl-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-openssl-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pcntl-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pcntl-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pdo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pdo-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pear-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pgsql-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pgsql-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-phar-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-phar-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-posix-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-posix-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pspell-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-pspell-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-readline-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-readline-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-shmop-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-shmop-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-snmp-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-snmp-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-soap-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-soap-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sockets-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sockets-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sqlite-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sqlite-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-suhosin-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-suhosin-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sysvmsg-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sysvmsg-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sysvsem-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sysvsem-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sysvshm-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-sysvshm-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-tidy-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-tidy-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-tokenizer-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-tokenizer-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-wddx-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-wddx-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xmlreader-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xmlreader-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xmlrpc-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xmlrpc-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xmlwriter-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xmlwriter-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xsl-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-xsl-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-zip-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-zip-debuginfo-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-zlib-5.5.14-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"php5-zlib-debuginfo-5.5.14-62.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:04:59", "description": "According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.26. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in ext/standard/var_unserializer.re when destroying deserialized objects due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a deserialize call that references a partially constructed object, to corrupt memory, resulting in a denial of service condition. (CVE-2016-7411)\n\n - An heap buffer overflow condition exists in the php_mysqlnd_rowp_read_text_protocol_aux() function within file ext/mysqlnd/mysqlnd_wireprotocol.c due to a failure to verify that a BIT field has the UNSIGNED_FLAG flag. An unauthenticated, remote attacker can exploit this, via specially crafted field metadata, to cause a denial of service condition. (CVE-2016-7412)\n\n - A use-after-free error exists in the wddx_stack_destroy() function within file ext/wddx/wddx.c when deserializing recordset elements.\n An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in the phar_parse_zipfile() function within file ext/phar/zip.c due to a failure to ensure that the uncompressed_filesize field is large enough. An unauthenticated, remote attacker can exploit this, via a specially crafted archive, to cause a denial of service condition. (CVE-2016-7414)\n\n - A stack-based buffer overflow condition exists in the ICU4C library, specifically within file common/locid.cpp in the msgfmt_format_message() function, due to a failure to properly restrict the locale length provided to the Locale class. An unauthenticated, remote attacker can exploit this, via a long first argument to a MessageFormatter::formatMessage() function call, to cause a denial of service condition. (CVE-2016-7416)\n\n - A flaw exists in the spl_array_get_dimension_ptr_ptr() function within file ext/spl/spl_array.c due to a failure to properly validate the return value and data type when deserializing SplArray. An unauthenticated, remote attacker can exploit this, via specially crafted serialized data, to cause a denial of service condition.\n (CVE-2016-7417)\n\n - An out-of-bounds read error exists in the php_wddx_push_element() function within file ext/wddx/wddx.c when handling an incorrect boolean element, which leads to mishandling the wddx_deserialize() call. An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7418)\n\n - An out-of-bounds access error exists in the phar_parse_tarfile() function within file ext/phar/tar.c when handling the verification of signatures. An unauthenticated, remote attacker can exploit this to cause an unspecified impact.\n\n - An integer overflow condition exists in the fgetcsv() function when handling CSV field lengths due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the wordwrap() function within file ext/standard/string.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the fgets() function within file ext/standard/file.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the xml_utf8_encode() function within file ext/xml/xml.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to cause an unspecified impact.\n\n - A flaw exists in the exif_process_IFD_in_TIFF() function within file ext/exif/exif.c when handling uninitialized thumbnail data. An unauthenticated, remote attacker can exploit this to disclose memory contents.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-22T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.26 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_6_26.NASL", "href": "https://www.tenable.com/plugins/nessus/93656", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93656);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-7411\",\n \"CVE-2016-7412\",\n \"CVE-2016-7413\",\n \"CVE-2016-7414\",\n \"CVE-2016-7416\",\n \"CVE-2016-7417\",\n \"CVE-2016-7418\"\n );\n script_bugtraq_id(\n 93004,\n 93005,\n 93006,\n 93007,\n 93008,\n 93009,\n 93011\n );\n\n script_name(english:\"PHP 5.6.x < 5.6.26 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 5.6.x prior to 5.6.26. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A flaw exists in ext/standard/var_unserializer.re when\n destroying deserialized objects due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a deserialize\n call that references a partially constructed object, to\n corrupt memory, resulting in a denial of service\n condition. (CVE-2016-7411)\n\n - An heap buffer overflow condition exists in the\n php_mysqlnd_rowp_read_text_protocol_aux() function\n within file ext/mysqlnd/mysqlnd_wireprotocol.c due to\n a failure to verify that a BIT field has the\n UNSIGNED_FLAG flag. An unauthenticated, remote attacker\n can exploit this, via specially crafted field metadata,\n to cause a denial of service condition. (CVE-2016-7412)\n\n - A use-after-free error exists in the\n wddx_stack_destroy() function within file\n ext/wddx/wddx.c when deserializing recordset elements.\n An unauthenticated, remote attacker can exploit this,\n via a specially crafted wddxPacket XML document, to\n cause a denial of service condition. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in the\n phar_parse_zipfile() function within file ext/phar/zip.c\n due to a failure to ensure that the\n uncompressed_filesize field is large enough. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted archive, to cause a denial of service\n condition. (CVE-2016-7414)\n\n - A stack-based buffer overflow condition exists in the\n ICU4C library, specifically within file common/locid.cpp\n in the msgfmt_format_message() function, due to a\n failure to properly restrict the locale length provided\n to the Locale class. An unauthenticated, remote attacker\n can exploit this, via a long first argument to a\n MessageFormatter::formatMessage() function call, to\n cause a denial of service condition. (CVE-2016-7416)\n\n - A flaw exists in the spl_array_get_dimension_ptr_ptr()\n function within file ext/spl/spl_array.c due to a\n failure to properly validate the return value and data\n type when deserializing SplArray. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n serialized data, to cause a denial of service condition.\n (CVE-2016-7417)\n\n - An out-of-bounds read error exists in the\n php_wddx_push_element() function within file\n ext/wddx/wddx.c when handling an incorrect boolean\n element, which leads to mishandling the\n wddx_deserialize() call. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n wddxPacket XML document, to cause a denial of service\n condition. (CVE-2016-7418)\n\n - An out-of-bounds access error exists in the\n phar_parse_tarfile() function within file ext/phar/tar.c\n when handling the verification of signatures. An\n unauthenticated, remote attacker can exploit this to\n cause an unspecified impact.\n\n - An integer overflow condition exists in the fgetcsv()\n function when handling CSV field lengths due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit this to corrupt memory, resulting\n in a denial of service condition or the execution of\n arbitrary code.\n\n - An integer overflow condition exists in the wordwrap()\n function within file ext/standard/string.c due to\n improper validation of certain input. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in a denial of service\n condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the fgets()\n function within file ext/standard/file.c due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit this to corrupt memory, resulting\n in a denial of service condition or the execution of\n arbitrary code.\n\n - An integer overflow condition exists in the\n xml_utf8_encode() function within file ext/xml/xml.c due\n to improper validation of certain input. An\n unauthenticated, remote attacker can exploit this to\n cause an unspecified impact.\n\n - A flaw exists in the exif_process_IFD_in_TIFF() function\n within file ext/exif/exif.c when handling uninitialized\n thumbnail data. An unauthenticated, remote attacker can\n exploit this to disclose memory contents.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://secure.php.net/ChangeLog-5.php#5.6.26\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.6.26 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7411\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.6)?$\")\n audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.6\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.6.x\", port);\n\nif (version =~ \"^5\\.6\\.\" && ver_compare(ver:version, fix:\"5.6.26\", strict:FALSE) < 0){\n security_report_v4(\n port : port,\n extra :\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.6.26' +\n '\\n',\n severity:SECURITY_HOLE\n );\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:04:30", "description": "New php packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-26T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-267-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:php", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2016-267-01.NASL", "href": "https://www.tenable.com/plugins/nessus/93687", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-267-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93687);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"SSA\", value:\"2016-267-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-267-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?39115ff5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.26\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:36", "description": "This update for php5 fixes the following security issues :\n\n - CVE-2016-7411: Memory corruption when destructing deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing SplArray\n\n - CVE-2016-7418: NULL pointer dereference in php_wddx_push_element", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : php5 (openSUSE-2016-1150)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-firebird", "p-cpe:/a:novell:opensuse:php5-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-mssql", "p-cpe:/a:novell:opensuse:php5-mssql-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-opcache", "p-cpe:/a:novell:opensuse:php5-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-1150.NASL", "href": "https://www.tenable.com/plugins/nessus/93853", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1150.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93853);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"openSUSE Security Update : php5 (openSUSE-2016-1150)\");\n script_summary(english:\"Check for the openSUSE-2016-1150 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php5 fixes the following security issues :\n\n - CVE-2016-7411: Memory corruption when destructing\n deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not\n receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying\n signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in\n msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing\n SplArray\n\n - CVE-2016-7418: NULL pointer dereference in\n php_wddx_push_element\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999820\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debugsource-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-devel-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pear-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-debuginfo-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-5.6.1-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-debuginfo-5.6.1-78.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:07:54", "description": "PHP reports :\n\n- Fixed bug #73007 (add locale length check)\n\n- Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\n\n- Fixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile)\n\n- Fixed bug #73029 (Missing type check when unserializing SplArray)\n\n- Fixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)\n\n- Fixed bug #72860 (wddx_deserialize use-after-free)\n\n- Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-17T00:00:00", "type": "nessus", "title": "FreeBSD : PHP -- multiple vulnerabilities (8d5180a6-86fe-11e6-8d93-00248c0c745d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:php56", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_8D5180A686FE11E68D9300248C0C745D.NASL", "href": "https://www.tenable.com/plugins/nessus/94083", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94083);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"FreeBSD : PHP -- multiple vulnerabilities (8d5180a6-86fe-11e6-8d93-00248c0c745d)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP reports :\n\n- Fixed bug #73007 (add locale length check)\n\n- Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\n\n- Fixed bug #72928 (Out of bound when verify signature of zip phar in\nphar_parse_zipfile)\n\n- Fixed bug #73029 (Missing type check when unserializing SplArray)\n\n- Fixed bug #73052 (Memory Corruption in During Deserialized-object\nDestruction)\n\n- Fixed bug #72860 (wddx_deserialize use-after-free)\n\n- Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.6.26\"\n );\n # https://vuxml.freebsd.org/freebsd/8d5180a6-86fe-11e6-8d93-00248c0c745d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b5b60f9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php56<5.6.26\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:25:27", "description": "The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP :\n\n - A flaw exists in ext/standard/var_unserializer.re when destroying deserialized objects due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a deserialize call that references a partially constructed object, to corrupt memory, resulting in a denial of service condition. (CVE-2016-7411)\n\n - An heap buffer overflow condition exists in the php_mysqlnd_rowp_read_text_protocol_aux() function within file ext/mysqlnd/mysqlnd_wireprotocol.c due to a failure to verify that a BIT field has the UNSIGNED_FLAG flag. An unauthenticated, remote attacker can exploit this, via specially crafted field metadata, to cause a denial of service condition. (CVE-2016-7412)\n\n - A use-after-free error exists in the wddx_stack_destroy() function within file ext/wddx/wddx.c when deserializing recordset elements.\n An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in the phar_parse_zipfile() function within file ext/phar/zip.c due to a failure to ensure that the uncompressed_filesize field is large enough. An unauthenticated, remote attacker can exploit this, via a specially crafted archive, to cause a denial of service condition. (CVE-2016-7414)\n\n - A stack-based buffer overflow condition exists in the ICU4C library, specifically within file common/locid.cpp in the msgfmt_format_message() function, due to a failure to properly restrict the locale length provided to the Locale class. An unauthenticated, remote attacker can exploit this, via a long first argument to a MessageFormatter::formatMessage() function call, to cause a denial of service condition. (CVE-2016-7416)\n\n - A flaw exists in the spl_array_get_dimension_ptr_ptr() function within file ext/spl/spl_array.c due to a failure to properly validate the return value and data type when deserializing SplArray. An unauthenticated, remote attacker can exploit this, via specially crafted serialized data, to cause a denial of service condition.\n (CVE-2016-7417)\n\n - An out-of-bounds read error exists in the php_wddx_push_element() function within file ext/wddx/wddx.c when handling an incorrect boolean element, which leads to mishandling the wddx_deserialize() call. An unauthenticated, remote attacker can exploit this, via a specially crafted wddxPacket XML document, to cause a denial of service condition. (CVE-2016-7418)\n\n - An out-of-bounds access error exists in the phar_parse_tarfile() function within file ext/phar/tar.c when handling the verification of signatures. An unauthenticated, remote attacker can exploit this to cause an unspecified impact.\n\n - An integer overflow condition exists in the fgetcsv() function when handling CSV field lengths due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the wordwrap() function within file ext/standard/string.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the fgets() function within file ext/standard/file.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the xml_utf8_encode() function within file ext/xml/xml.c due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to cause an unspecified impact.\n\n - A flaw exists in the exif_process_IFD_in_TIFF() function within file ext/exif/exif.c when handling uninitialized thumbnail data. An unauthenticated, remote attacker can exploit this to disclose memory contents.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-26T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter PHP < 5.6.26 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2020-10-09T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_PHP_5_6_26.NASL", "href": "https://www.tenable.com/plugins/nessus/101048", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101048);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\n \"CVE-2016-7411\",\n \"CVE-2016-7412\",\n \"CVE-2016-7413\",\n \"CVE-2016-7414\",\n \"CVE-2016-7416\",\n \"CVE-2016-7417\",\n \"CVE-2016-7418\"\n );\n script_bugtraq_id(\n 93004,\n 93005,\n 93006,\n 93007,\n 93008,\n 93009,\n 93011\n );\n\n script_name(english:\"Tenable SecurityCenter PHP < 5.6.26 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of PHP in SecurityCenter.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Tenable SecurityCenter application on the remote host contains a\nPHP library that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Tenable SecurityCenter application installed on the remote host\nis missing a security patch. It is, therefore, affected by multiple\nvulnerabilities in the bundled version of PHP :\n\n - A flaw exists in ext/standard/var_unserializer.re when\n destroying deserialized objects due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a deserialize\n call that references a partially constructed object, to\n corrupt memory, resulting in a denial of service\n condition. (CVE-2016-7411)\n\n - An heap buffer overflow condition exists in the\n php_mysqlnd_rowp_read_text_protocol_aux() function\n within file ext/mysqlnd/mysqlnd_wireprotocol.c due to\n a failure to verify that a BIT field has the\n UNSIGNED_FLAG flag. An unauthenticated, remote attacker\n can exploit this, via specially crafted field metadata,\n to cause a denial of service condition. (CVE-2016-7412)\n\n - A use-after-free error exists in the\n wddx_stack_destroy() function within file\n ext/wddx/wddx.c when deserializing recordset elements.\n An unauthenticated, remote attacker can exploit this,\n via a specially crafted wddxPacket XML document, to\n cause a denial of service condition. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in the\n phar_parse_zipfile() function within file ext/phar/zip.c\n due to a failure to ensure that the\n uncompressed_filesize field is large enough. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted archive, to cause a denial of service\n condition. (CVE-2016-7414)\n\n - A stack-based buffer overflow condition exists in the\n ICU4C library, specifically within file common/locid.cpp\n in the msgfmt_format_message() function, due to a\n failure to properly restrict the locale length provided\n to the Locale class. An unauthenticated, remote attacker\n can exploit this, via a long first argument to a\n MessageFormatter::formatMessage() function call, to\n cause a denial of service condition. (CVE-2016-7416)\n\n - A flaw exists in the spl_array_get_dimension_ptr_ptr()\n function within file ext/spl/spl_array.c due to a\n failure to properly validate the return value and data\n type when deserializing SplArray. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n serialized data, to cause a denial of service condition.\n (CVE-2016-7417)\n\n - An out-of-bounds read error exists in the\n php_wddx_push_element() function within file\n ext/wddx/wddx.c when handling an incorrect boolean\n element, which leads to mishandling the\n wddx_deserialize() call. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n wddxPacket XML document, to cause a denial of service\n condition. (CVE-2016-7418)\n\n - An out-of-bounds access error exists in the\n phar_parse_tarfile() function within file ext/phar/tar.c\n when handling the verification of signatures. An\n unauthenticated, remote attacker can exploit this to\n cause an unspecified impact.\n\n - An integer overflow condition exists in the fgetcsv()\n function when handling CSV field lengths due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit this to corrupt memory, resulting\n in a denial of service condition or the execution of\n arbitrary code.\n\n - An integer overflow condition exists in the wordwrap()\n function within file ext/standard/string.c due to\n improper validation of certain input. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in a denial of service\n condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in the fgets()\n function within file ext/standard/file.c due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit this to corrupt memory, resulting\n in a denial of service condition or the execution of\n arbitrary code.\n\n - An integer overflow condition exists in the\n xml_utf8_encode() function within file ext/xml/xml.c due\n to improper validation of certain input. An\n unauthenticated, remote attacker can exploit this to\n cause an unspecified impact.\n\n - A flaw exists in the exif_process_IFD_in_TIFF() function\n within file ext/exif/exif.c when handling uninitialized\n thumbnail data. An unauthenticated, remote attacker can\n exploit this to disclose memory contents.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.6.26\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to SecurityCenter version 5.4.1 or later. Alternatively,\ncontact the vendor for a patch.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"Score based on analysis of the vendor advisory.\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n \n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\", \"securitycenter_detect.nbin\");\n script_require_keys(\"Host/SecurityCenter/Version\", \"installed_sw/SecurityCenter\", \"Host/SecurityCenter/support/php/version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = 'PHP (within SecurityCenter)';\nfix = \"5.6.26\";\n\nsc_ver = get_kb_item(\"Host/SecurityCenter/Version\");\nport = 0;\nif(empty_or_null(sc_ver))\n{\n port = 443;\n install = get_single_install(app_name:\"SecurityCenter\", combined:TRUE, exit_if_unknown_ver:TRUE);\n sc_ver = install[\"version\"];\n}\nif (empty_or_null(sc_ver)) audit(AUDIT_NOT_INST, \"SecurityCenter\");\n\nversion = get_kb_item(\"Host/SecurityCenter/support/php/version\");\nif (empty_or_null(version)) audit(AUDIT_UNKNOWN_APP_VER, app);\n\nif (ver_compare(ver:version, minver:\"5.6.0\", fix:fix, strict:FALSE) < 0)\n{\n report =\n '\\n SecurityCenter version : ' + sc_ver +\n '\\n SecurityCenter PHP version : ' + version +\n '\\n Fixed PHP version : ' + fix +\n '\\n';\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app, version);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:39:45", "description": "Versions of PHP 5.6.x prior to 5.6.26 and 7.0.x prior to 7.0.11 are vulnerable to the following issues :\n\n - An overflow condition exists in the 'msgfmt_format_message()' function in 'common/locid.cpp' that is triggered when handling local strings. This may allow a remote attacker to cause a stack-based buffer overflow, resulting in a crash or potentially allowing the execution of arbitrary code.\n - An overflow condition exists in the 'php_mysqlnd_rowp_read_text_protocol_aux()' function in 'ext/mysqlnd/mysqlnd_wireprotocol.c' that is triggered when handling the BIT field. This may allow a context-dependent or Man-in-the-Middle (MitM) attacker to cause a heap-based buffer overflow, resulting in a crash or potentially allowing the execution of arbitrary code.\n - A use-after-free error exists in the 'wddx_stack_destroy()' function in 'ext/wddx/wddx.c' that is triggered when deserializing 'recordset' elements. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code.\n - An out-of-bounds access flaw exists in the 'phar_parse_zipfile()' function in 'ext/phar/zip.c' that is triggered when handling the uncompressed file size. This may allow a remote attacker to have an unspecified impact.\n - A flaw exists in the 'spl_array_get_dimension_ptr_ptr()' function in 'ext/spl/spl_array.c' that is triggered as types are not properly checked during the unserialization of 'SplArray'. This may allow a remote attacker to cause a crash or potentially have a more severe, unspecified impact.\n - An out-of-bounds access flaw exists in the 'phar_parse_tarfile()' function in 'ext/phar/tar.c' that is triggered during the verification of signatures. This may allow a remote attacker to have an unspecified impact.\n - A flaw is triggered as certain input is not properly validated when destroying deserialized objects. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.\n - An out-of-bounds read flaw exists in the 'php_wddx_push_element()' function in 'ext/wddx/wddx.c' that may allow a remote attacker to cause a crash or potentially disclose memory contents.\n - An integer overflow flaw exists in the 'fgetcsv()' function. The issue is triggered as certain input is not properly validated when handling CSV field lengths. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.\n - An integer overflow flaw exists in the 'wordwrap()' function in 'ext/standard/string.c'. The issue is triggered as certain input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.\n - An integer overflow flaw exists in the 'fgets()' function in 'ext/standard/file.c'. The issue is triggered as certain input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.\n - An integer overflow condition exists in the 'xml_utf8_encode()' function in 'ext/xml/xml.c'. The issue is triggered as certain input is not properly validated. This may allow a remote attacker to have an unspecified impact.\n - A flaw exists in the 'exif_process_IFD_in_TIFF()' function in 'ext/exif/exif.c' that is triggered during the handling of uninitialized thumbnail data. This may allow a remote attacker to disclose the contents of memory.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2016-09-26T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.26 / 7.0.x < 7.0.11 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7415"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "9580.PRM", "href": "https://www.tenable.com/plugins/nnm/9580", "sourceData": "Binary data 9580.prm", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-12T14:14:24", "description": "CVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an 'httpoxy' issue.\n\nCVE-2016-7124 ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.\n\nCVE-2016-7128 The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.\n\nCVE-2016-7129 The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.\n\nCVE-2016-7130 The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.\n\nCVE-2016-7131 ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.\n\nCVE-2016-7132 ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.\n\nCVE-2016-7411 ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.\n\nCVE-2016-7412 ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.\n\nCVE-2016-7413 Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call.\n\nCVE-2016-7414 The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.\n\nCVE-2016-7416 ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.\n\nCVE-2016-7417 ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.\n\nCVE-2016-7418 The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 5.4.45-0+deb7u6.\n\nWe recommend that you upgrade your php5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-20T00:00:00", "type": "nessus", "title": "Debian DLA-749-1 : php5 security update (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5385", "CVE-2016-7124", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libapache2-mod-php5", "p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter", "p-cpe:/a:debian:debian_linux:libphp5-embed", "p-cpe:/a:debian:debian_linux:php-pear", "p-cpe:/a:debian:debian_linux:php5", "p-cpe:/a:debian:debian_linux:php5-cgi", "p-cpe:/a:debian:debian_linux:php5-cli", "p-cpe:/a:debian:debian_linux:php5-common", "p-cpe:/a:debian:debian_linux:php5-curl", "p-cpe:/a:debian:debian_linux:php5-dbg", "p-cpe:/a:debian:debian_linux:php5-dev", "p-cpe:/a:debian:debian_linux:php5-enchant", "p-cpe:/a:debian:debian_linux:php5-fpm", "p-cpe:/a:debian:debian_linux:php5-gd", "p-cpe:/a:debian:debian_linux:php5-gmp", "p-cpe:/a:debian:debian_linux:php5-imap", "p-cpe:/a:debian:debian_linux:php5-interbase", "p-cpe:/a:debian:debian_linux:php5-intl", "p-cpe:/a:debian:debian_linux:php5-ldap", "p-cpe:/a:debian:debian_linux:php5-mcrypt", "p-cpe:/a:debian:debian_linux:php5-mysql", "p-cpe:/a:debian:debian_linux:php5-mysqlnd", "p-cpe:/a:debian:debian_linux:php5-odbc", "p-cpe:/a:debian:debian_linux:php5-pgsql", "p-cpe:/a:debian:debian_linux:php5-pspell", "p-cpe:/a:debian:debian_linux:php5-recode", "p-cpe:/a:debian:debian_linux:php5-snmp", "p-cpe:/a:debian:debian_linux:php5-sqlite", "p-cpe:/a:debian:debian_linux:php5-sybase", "p-cpe:/a:debian:debian_linux:php5-tidy", "p-cpe:/a:debian:debian_linux:php5-xmlrpc", "p-cpe:/a:debian:debian_linux:php5-xsl", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-749.NASL", "href": "https://www.tenable.com/plugins/nessus/96010", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-749-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96010);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5385\", \"CVE-2016-7124\", \"CVE-2016-7128\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\", \"CVE-2016-7132\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"Debian DLA-749-1 : php5 security update (httpoxy)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875\nsection 4.1.18 namespace conflicts and therefore does not protect\napplications from the presence of untrusted client data in the\nHTTP_PROXY environment variable, which might allow remote attackers to\nredirect an application's outbound HTTP traffic to an arbitrary proxy\nserver via a crafted Proxy header in an HTTP request, as demonstrated\nby (1) an application that makes a getenv('HTTP_PROXY') call or (2) a\nCGI configuration of PHP, aka an 'httpoxy' issue.\n\nCVE-2016-7124 ext/standard/var_unserializer.c in PHP before 5.6.25 and\n7.x before 7.0.10 mishandles certain invalid objects, which allows\nremote attackers to cause a denial of service or possibly have\nunspecified other impact via crafted serialized data that leads to a\n(1) __destruct call or (2) magic method call.\n\nCVE-2016-7128 The exif_process_IFD_in_TIFF function in ext/exif/exif.c\nin PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a\nthumbnail offset that exceeds the file size, which allows remote\nattackers to obtain sensitive information from process memory via a\ncrafted TIFF image.\n\nCVE-2016-7129 The php_wddx_process_data function in ext/wddx/wddx.c in\nPHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to\ncause a denial of service (segmentation fault) or possibly have\nunspecified other impact via an invalid ISO 8601 time value, as\ndemonstrated by a wddx_deserialize call that mishandles a dateTime\nelement in a wddxPacket XML document.\n\nCVE-2016-7130 The php_wddx_pop_element function in ext/wddx/wddx.c in\nPHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to\ncause a denial of service (NULL pointer dereference and application\ncrash) or possibly have unspecified other impact via an invalid base64\nbinary value, as demonstrated by a wddx_deserialize call that\nmishandles a binary element in a wddxPacket XML document.\n\nCVE-2016-7131 ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before\n7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have\nunspecified other impact via a malformed wddxPacket XML document that\nis mishandled in a wddx_deserialize call, as demonstrated by a tag\nthat lacks a < (less than) character.\n\nCVE-2016-7132 ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before\n7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have\nunspecified other impact via an invalid wddxPacket XML document that\nis mishandled in a wddx_deserialize call, as demonstrated by a stray\nelement inside a boolean element, leading to incorrect pop processing.\n\nCVE-2016-7411 ext/standard/var_unserializer.re in PHP before 5.6.26\nmishandles object-deserialization failures, which allows remote\nattackers to cause a denial of service (memory corruption) or possibly\nhave unspecified other impact via an unserialize call that references\na partially constructed object.\n\nCVE-2016-7412 ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26\nand 7.x before 7.0.11 does not verify that a BIT field has the\nUNSIGNED_FLAG flag, which allows remote MySQL servers to cause a\ndenial of service (heap-based buffer overflow) or possibly have\nunspecified other impact via crafted field metadata.\n\nCVE-2016-7413 Use-after-free vulnerability in the wddx_stack_destroy\nfunction in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via a wddxPacket XML document that lacks an\nend-tag for a recordset field element, leading to mishandling in a\nwddx_deserialize call.\n\nCVE-2016-7414 The ZIP signature-verification feature in PHP before\n5.6.26 and 7.x before 7.0.11 does not ensure that the\nuncompressed_filesize field is large enough, which allows remote\nattackers to cause a denial of service (out-of-bounds memory access)\nor possibly have unspecified other impact via a crafted PHAR archive,\nrelated to ext/phar/util.c and ext/phar/zip.c.\n\nCVE-2016-7416 ext/intl/msgformat/msgformat_format.c in PHP before\n5.6.26 and 7.x before 7.0.11 does not properly restrict the locale\nlength provided to the Locale class in the ICU library, which allows\nremote attackers to cause a denial of service (application crash) or\npossibly have unspecified other impact via a\nMessageFormatter::formatMessage call with a long first argument.\n\nCVE-2016-7417 ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before\n7.0.11 proceeds with SplArray unserialization without validating a\nreturn value and data type, which allows remote attackers to cause a\ndenial of service or possibly have unspecified other impact via\ncrafted serialized data.\n\nCVE-2016-7418 The php_wddx_push_element function in ext/wddx/wddx.c in\nPHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to\ncause a denial of service (invalid pointer access and out-of-bounds\nread) or possibly have unspecified other impact via an incorrect\nboolean element in a wddxPacket XML document, leading to mishandling\nin a wddx_deserialize call.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n5.4.45-0+deb7u6.\n\nWe recommend that you upgrade your php5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00024.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/php5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libphp5-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libphp5-embed\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php-pear\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cgi\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cli\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-common\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-curl\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dbg\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dev\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-enchant\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-fpm\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gd\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gmp\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-imap\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-interbase\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-intl\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-ldap\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mcrypt\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysql\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysqlnd\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-odbc\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pgsql\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pspell\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-recode\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-snmp\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sqlite\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sybase\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-tidy\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xmlrpc\", reference:\"5.4.45-0+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xsl\", reference:\"5.4.45-0+deb7u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-12T14:18:32", "description": "Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.26, which includes additional bug fixes. Please refer to the upstream changelog for more information :\n\n - https://php.net/ChangeLog-5.php#5.6.25\n - https://php.net/ChangeLog-5.php#5.6.26", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-10T00:00:00", "type": "nessus", "title": "Debian DSA-3689-1 : php5 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7126", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:php5", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3689.NASL", "href": "https://www.tenable.com/plugins/nessus/93914", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3689. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93914);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7126\", \"CVE-2016-7127\", \"CVE-2016-7128\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\", \"CVE-2016-7132\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"DSA\", value:\"3689\");\n\n script_name(english:\"Debian DSA-3689-1 : php5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.26, which includes additional bug fixes. Please refer to\nthe upstream changelog for more information :\n\n - https://php.net/ChangeLog-5.php#5.6.25\n - https://php.net/ChangeLog-5.php#5.6.26\"\n );\n # https://php.net/ChangeLog-5.php#5.6.25\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secure.php.net/ChangeLog-5.php#5.6.25\"\n );\n # https://php.net/ChangeLog-5.php#5.6.26\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secure.php.net/ChangeLog-5.php#5.6.26\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3689\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php5 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 5.6.26+dfsg-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-php5\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libphp5-embed\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php-pear\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-cgi\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-cli\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-common\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-curl\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-dbg\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-dev\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-enchant\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-fpm\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-gd\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-gmp\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-imap\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-interbase\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-intl\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-ldap\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mcrypt\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mysql\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mysqlnd\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-odbc\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-pgsql\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-phpdbg\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-pspell\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-readline\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-recode\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-snmp\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-sqlite\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-sybase\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-tidy\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-xmlrpc\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-xsl\", reference:\"5.6.26+dfsg-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-12T14:20:08", "description": "This update for php53 fixes the following security issues :\n\n - CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization\n\n - CVE-2016-7125: PHP Session Data Injection Vulnerability\n\n - CVE-2016-7126: select_colors write out-of-bounds\n\n - CVE-2016-7127: imagegammacorrect allowed arbitrary write access\n\n - CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF\n\n - CVE-2016-7129: wddx_deserialize allows illegal memory access\n\n - CVE-2016-7130: wddx_deserialize null dereference\n\n - CVE-2016-7131: wddx_deserialize null dereference with invalid xml\n\n - CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element\n\n - CVE-2016-7411: php5: Memory corruption when destructing deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing SplArray\n\n - CVE-2016-7418: NULL pointer dereference in php_wddx_push_element\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-06T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2459-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7126", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:php53", "p-cpe:/a:novell:suse_linux:php53-bcmath", "p-cpe:/a:novell:suse_linux:php53-bz2", "p-cpe:/a:novell:suse_linux:php53-calendar", "p-cpe:/a:novell:suse_linux:php53-ctype", "p-cpe:/a:novell:suse_linux:php53-curl", "p-cpe:/a:novell:suse_linux:php53-dba", "p-cpe:/a:novell:suse_linux:php53-dom", "p-cpe:/a:novell:suse_linux:php53-exif", "p-cpe:/a:novell:suse_linux:php53-fastcgi", "p-cpe:/a:novell:suse_linux:php53-fileinfo", "p-cpe:/a:novell:suse_linux:php53-ftp", "p-cpe:/a:novell:suse_linux:php53-gd", "p-cpe:/a:novell:suse_linux:php53-gettext", "p-cpe:/a:novell:suse_linux:php53-gmp", "p-cpe:/a:novell:suse_linux:php53-iconv", "p-cpe:/a:novell:suse_linux:php53-intl", "p-cpe:/a:novell:suse_linux:php53-json", "p-cpe:/a:novell:suse_linux:php53-ldap", "p-cpe:/a:novell:suse_linux:php53-mbstring", "p-cpe:/a:novell:suse_linux:php53-mcrypt", "p-cpe:/a:novell:suse_linux:php53-mysql", "p-cpe:/a:novell:suse_linux:php53-odbc", "p-cpe:/a:novell:suse_linux:php53-openssl", "p-cpe:/a:novell:suse_linux:php53-pcntl", "p-cpe:/a:novell:suse_linux:php53-pdo", "p-cpe:/a:novell:suse_linux:php53-pear", "p-cpe:/a:novell:suse_linux:php53-pgsql", "p-cpe:/a:novell:suse_linux:php53-pspell", "p-cpe:/a:novell:suse_linux:php53-shmop", "p-cpe:/a:novell:suse_linux:php53-snmp", "p-cpe:/a:novell:suse_linux:php53-soap", "p-cpe:/a:novell:suse_linux:php53-suhosin", "p-cpe:/a:novell:suse_linux:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:php53-sysvsem", "p-cpe:/a:novell:suse_linux:php53-sysvshm", "p-cpe:/a:novell:suse_linux:php53-tokenizer", "p-cpe:/a:novell:suse_linux:php53-wddx", "p-cpe:/a:novell:suse_linux:php53-xmlreader", "p-cpe:/a:novell:suse_linux:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:php53-xsl", "p-cpe:/a:novell:suse_linux:php53-zip", "p-cpe:/a:novell:suse_linux:php53-zlib", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-2459-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93894", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2459-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93894);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7126\", \"CVE-2016-7127\", \"CVE-2016-7128\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\", \"CVE-2016-7132\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2459-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php53 fixes the following security issues :\n\n - CVE-2016-7124: Create an Unexpected Object and Don't\n Invoke __wakeup() in Deserialization\n\n - CVE-2016-7125: PHP Session Data Injection Vulnerability\n\n - CVE-2016-7126: select_colors write out-of-bounds\n\n - CVE-2016-7127: imagegammacorrect allowed arbitrary write\n access\n\n - CVE-2016-7128: Memory Leakage In\n exif_process_IFD_in_TIFF\n\n - CVE-2016-7129: wddx_deserialize allows illegal memory\n access\n\n - CVE-2016-7130: wddx_deserialize null dereference\n\n - CVE-2016-7131: wddx_deserialize null dereference with\n invalid xml\n\n - CVE-2016-7132: wddx_deserialize null dereference in\n php_wddx_pop_element\n\n - CVE-2016-7411: php5: Memory corruption when destructing\n deserialized object\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not\n receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7414: Out of bounds heap read when verifying\n signature of zip phar in phar_parse_zipfile\n\n - CVE-2016-7416: Stack based buffer overflow in\n msgfmt_format_message\n\n - CVE-2016-7417: Missing type check when unserializing\n SplArray\n\n - CVE-2016-7418: NULL pointer dereference in\n php_wddx_push_element\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7124/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7125/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7126/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7128/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7129/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7131/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7132/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7411/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7413/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7414/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7416/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7417/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7418/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162459-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?576fb75e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5:zypper in -t patch sleclo50sp3-php53-12775=1\n\nSUSE Manager Proxy 2.1:zypper in -t patch slemap21-php53-12775=1\n\nSUSE Manager 2.1:zypper in -t patch sleman21-php53-12775=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-php53-12775=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-php53-12775=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-php53-12775=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-php53-12775=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-php53-12775=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-php53-12775=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-mod_php53-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-bcmath-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-bz2-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-calendar-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ctype-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-curl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-dba-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-dom-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-exif-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-fastcgi-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-fileinfo-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ftp-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gd-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gettext-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gmp-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-iconv-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-intl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-json-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ldap-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mbstring-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mcrypt-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mysql-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-odbc-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-openssl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pcntl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pdo-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pear-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pgsql-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pspell-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-shmop-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-snmp-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-soap-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-suhosin-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvmsg-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvsem-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvshm-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-tokenizer-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-wddx-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlreader-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlrpc-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlwriter-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xsl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-zip-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-zlib-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-mod_php53-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-bcmath-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-bz2-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-calendar-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-ctype-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-curl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-dba-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-dom-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-exif-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-fastcgi-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-fileinfo-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-ftp-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-gd-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-gettext-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-gmp-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-iconv-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-intl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-json-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-ldap-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-mbstring-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-mcrypt-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-mysql-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-odbc-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-openssl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pcntl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pdo-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pear-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pgsql-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pspell-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-shmop-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-snmp-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-soap-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-suhosin-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-sysvmsg-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-sysvsem-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-sysvshm-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-tokenizer-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-wddx-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xmlreader-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xmlrpc-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xmlwriter-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xsl-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-zip-5.3.17-84.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-zlib-5.3.17-84.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:46:34", "description": "According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.(CVE-2016-7478)\n\n - ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.(CVE-2016-7417)\n\n - ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.(CVE-2016-4342)\n\n - The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML documenti1/4Z(CVE-2016-7129)\n\n - Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.(CVE-2016-6296)\n\n - ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773.(CVE-2016-6295)\n\n - ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.(CVE-2016-6290)\n\n - Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL.(CVE-2016-6297)\n\n - The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.(CVE-2016-4343)\n\n - ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.(CVE-2016-7416)\n\n - ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a i1/4oe (less than) character.(CVE-2016-7131)\n\n - ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.(CVE-2016-7132)\n\n - The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML documenti1/4Z( CVE-2016-7130)\n\n - The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.(CVE-2016-7127)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-05-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : php (EulerOS-SA-2017-1067)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8876", "CVE-2016-4342", "CVE-2016-4343", "CVE-2016-5773", "CVE-2016-6290", "CVE-2016-6295", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-7127", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7478"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "p-cpe:/a:huawei:euleros:php-gd", "p-cpe:/a:huawei:euleros:php-ldap", "p-cpe:/a:huawei:euleros:php-mysql", "p-cpe:/a:huawei:euleros:php-odbc", "p-cpe:/a:huawei:euleros:php-pdo", "p-cpe:/a:huawei:euleros:php-pgsql", "p-cpe:/a:huawei:euleros:php-process", "p-cpe:/a:huawei:euleros:php-recode", "p-cpe:/a:huawei:euleros:php-soap", "p-cpe:/a:huawei:euleros:php-xml", "p-cpe:/a:huawei:euleros:php-xmlrpc", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1067.NASL", "href": "https://www.tenable.com/plugins/nessus/99914", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99914);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-4342\",\n \"CVE-2016-4343\",\n \"CVE-2016-6290\",\n \"CVE-2016-6295\",\n \"CVE-2016-6296\",\n \"CVE-2016-6297\",\n \"CVE-2016-7127\",\n \"CVE-2016-7129\",\n \"CVE-2016-7130\",\n \"CVE-2016-7131\",\n \"CVE-2016-7132\",\n \"CVE-2016-7416\",\n \"CVE-2016-7417\",\n \"CVE-2016-7478\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : php (EulerOS-SA-2017-1067)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Zend/zend_exceptions.c in PHP, possibly 5.x before\n 5.6.28 and 7.x before 7.0.13, allows remote attackers\n to cause a denial of service (infinite loop) via a\n crafted Exception object in serialized data, a related\n issue to CVE-2015-8876.(CVE-2016-7478)\n\n - ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before\n 7.0.11 proceeds with SplArray unserialization without\n validating a return value and data type, which allows\n remote attackers to cause a denial of service or\n possibly have unspecified other impact via crafted\n serialized data.(CVE-2016-7417)\n\n - ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x\n before 5.6.18, and 7.x before 7.0.3 mishandles\n zero-length uncompressed data, which allows remote\n attackers to cause a denial of service (heap memory\n corruption) or possibly have unspecified other impact\n via a crafted (1) TAR, (2) ZIP, or (3) PHAR\n archive.(CVE-2016-4342)\n\n - The php_wddx_process_data function in ext/wddx/wddx.c\n in PHP before 5.6.25 and 7.x before 7.0.10 allows\n remote attackers to cause a denial of service\n (segmentation fault) or possibly have unspecified other\n impact via an invalid ISO 8601 time value, as\n demonstrated by a wddx_deserialize call that mishandles\n a dateTime element in a wddxPacket XML\n documenti1/4Z(CVE-2016-7129)\n\n - Integer signedness error in the simplestring_addn\n function in simplestring.c in xmlrpc-epi through\n 0.54.2, as used in PHP before 5.5.38, 5.6.x before\n 5.6.24, and 7.x before 7.0.9, allows remote attackers\n to cause a denial of service (heap-based buffer\n overflow) or possibly have unspecified other impact via\n a long first argument to the PHP xmlrpc_encode_request\n function.(CVE-2016-6296)\n\n - ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before\n 5.6.24, and 7.x before 7.0.9 improperly interacts with\n the unserialize implementation and garbage collection,\n which allows remote attackers to cause a denial of\n service (use-after-free and application crash) or\n possibly have unspecified other impact via crafted\n serialized data, a related issue to\n CVE-2016-5773.(CVE-2016-6295)\n\n - ext/session/session.c in PHP before 5.5.38, 5.6.x\n before 5.6.24, and 7.x before 7.0.9 does not properly\n maintain a certain hash data structure, which allows\n remote attackers to cause a denial of service\n (use-after-free) or possibly have unspecified other\n impact via vectors related to session\n deserialization.(CVE-2016-6290)\n\n - Integer overflow in the php_stream_zip_opener function\n in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x\n before 5.6.24, and 7.x before 7.0.9 allows remote\n attackers to cause a denial of service (stack-based\n buffer overflow) or possibly have unspecified other\n impact via a crafted zip:// URL.(CVE-2016-6297)\n\n - The phar_make_dirstream function in\n ext/phar/dirstream.c in PHP before 5.6.18 and 7.x\n before 7.0.3 mishandles zero-size ././@LongLink files,\n which allows remote attackers to cause a denial of\n service (uninitialized pointer dereference) or possibly\n have unspecified other impact via a crafted TAR\n archive.(CVE-2016-4343)\n\n - ext/intl/msgformat/msgformat_format.c in PHP before\n 5.6.26 and 7.x before 7.0.11 does not properly restrict\n the locale length provided to the Locale class in the\n ICU library, which allows remote attackers to cause a\n denial of service (application crash) or possibly have\n unspecified other impact via a\n MessageFormatter::formatMessage call with a long first\n argument.(CVE-2016-7416)\n\n - ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before\n 7.0.10 allows remote attackers to cause a denial of\n service (NULL pointer dereference and application\n crash) or possibly have unspecified other impact via a\n malformed wddxPacket XML document that is mishandled in\n a wddx_deserialize call, as demonstrated by a tag that\n lacks a i1/4oe (less than) character.(CVE-2016-7131)\n\n - ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before\n 7.0.10 allows remote attackers to cause a denial of\n service (NULL pointer dereference and application\n crash) or possibly have unspecified other impact via an\n invalid wddxPacket XML document that is mishandled in a\n wddx_deserialize call, as demonstrated by a stray\n element inside a boolean element, leading to incorrect\n pop processing.(CVE-2016-7132)\n\n - The php_wddx_pop_element function in ext/wddx/wddx.c in\n PHP before 5.6.25 and 7.x before 7.0.10 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) or possibly have\n unspecified other impact via an invalid base64 binary\n value, as demonstrated by a wddx_deserialize call that\n mishandles a binary element in a wddxPacket XML\n documenti1/4Z( CVE-2016-7130)\n\n - The imagegammacorrect function in ext/gd/gd.c in PHP\n before 5.6.25 and 7.x before 7.0.10 does not properly\n validate gamma values, which allows remote attackers to\n cause a denial of service (out-of-bounds write) or\n possibly have unspecified other impact by providing\n different signs for the second and third\n arguments.(CVE-2016-7127)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1067\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?63b6a26f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-5.4.16-42.h27\",\n \"php-cli-5.4.16-42.h27\",\n \"php-common-5.4.16-42.h27\",\n \"php-gd-5.4.16-42.h27\",\n \"php-ldap-5.4.16-42.h27\",\n \"php-mysql-5.4.16-42.h27\",\n \"php-odbc-5.4.16-42.h27\",\n \"php-pdo-5.4.16-42.h27\",\n \"php-pgsql-5.4.16-42.h27\",\n \"php-process-5.4.16-42.h27\",\n \"php-recode-5.4.16-42.h27\",\n \"php-soap-5.4.16-42.h27\",\n \"php-xml-5.4.16-42.h27\",\n \"php-xmlrpc-5.4.16-42.h27\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-03-27T15:48:40", "description": "According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.(CVE-2016-7478)\n\n - ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.(CVE-2016-7417)\n\n - ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.(CVE-2016-4342)\n\n - The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML documenti1/4Z(CVE-2016-7129)\n\n - Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.(CVE-2016-6296)\n\n - ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773.(CVE-2016-6295)\n\n - ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.(CVE-2016-6290)\n\n - Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL.(CVE-2016-6297)\n\n - The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.(CVE-2016-4343)\n\n - ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.(CVE-2016-7416)\n\n - ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a i1/4oe (less than) character.(CVE-2016-7131)\n\n - ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.(CVE-2016-7132)\n\n - The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML documenti1/4Z( CVE-2016-7130)\n\n - The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.(CVE-2016-7127)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-05-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : php (EulerOS-SA-2017-1068)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8876", "CVE-2016-4342", "CVE-2016-4343", "CVE-2016-5773", "CVE-2016-6290", "CVE-2016-6295", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-7127", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7478"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "p-cpe:/a:huawei:euleros:php-gd", "p-cpe:/a:huawei:euleros:php-ldap", "p-cpe:/a:huawei:euleros:php-mysql", "p-cpe:/a:huawei:euleros:php-odbc", "p-cpe:/a:huawei:euleros:php-pdo", "p-cpe:/a:huawei:euleros:php-pgsql", "p-cpe:/a:huawei:euleros:php-process", "p-cpe:/a:huawei:euleros:php-recode", "p-cpe:/a:huawei:euleros:php-soap", "p-cpe:/a:huawei:euleros:php-xml", "p-cpe:/a:huawei:euleros:php-xmlrpc", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1068.NASL", "href": "https://www.tenable.com/plugins/nessus/99915", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99915);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-4342\",\n \"CVE-2016-4343\",\n \"CVE-2016-6290\",\n \"CVE-2016-6295\",\n \"CVE-2016-6296\",\n \"CVE-2016-6297\",\n \"CVE-2016-7127\",\n \"CVE-2016-7129\",\n \"CVE-2016-7130\",\n \"CVE-2016-7131\",\n \"CVE-2016-7132\",\n \"CVE-2016-7416\",\n \"CVE-2016-7417\",\n \"CVE-2016-7478\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : php (EulerOS-SA-2017-1068)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Zend/zend_exceptions.c in PHP, possibly 5.x before\n 5.6.28 and 7.x before 7.0.13, allows remote attackers\n to cause a denial of service (infinite loop) via a\n crafted Exception object in serialized data, a related\n issue to CVE-2015-8876.(CVE-2016-7478)\n\n - ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before\n 7.0.11 proceeds with SplArray unserialization without\n validating a return value and data type, which allows\n remote attackers to cause a denial of service or\n possibly have unspecified other impact via crafted\n serialized data.(CVE-2016-7417)\n\n - ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x\n before 5.6.18, and 7.x before 7.0.3 mishandles\n zero-length uncompressed data, which allows remote\n attackers to cause a denial of service (heap memory\n corruption) or possibly have unspecified other impact\n via a crafted (1) TAR, (2) ZIP, or (3) PHAR\n archive.(CVE-2016-4342)\n\n - The php_wddx_process_data function in ext/wddx/wddx.c\n in PHP before 5.6.25 and 7.x before 7.0.10 allows\n remote attackers to cause a denial of service\n (segmentation fault) or possibly have unspecified other\n impact via an invalid ISO 8601 time value, as\n demonstrated by a wddx_deserialize call that mishandles\n a dateTime element in a wddxPacket XML\n documenti1/4Z(CVE-2016-7129)\n\n - Integer signedness error in the simplestring_addn\n function in simplestring.c in xmlrpc-epi through\n 0.54.2, as used in PHP before 5.5.38, 5.6.x before\n 5.6.24, and 7.x before 7.0.9, allows remote attackers\n to cause a denial of service (heap-based buffer\n overflow) or possibly have unspecified other impact via\n a long first argument to the PHP xmlrpc_encode_request\n function.(CVE-2016-6296)\n\n - ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before\n 5.6.24, and 7.x before 7.0.9 improperly interacts with\n the unserialize implementation and garbage collection,\n which allows remote attackers to cause a denial of\n service (use-after-free and application crash) or\n possibly have unspecified other impact via crafted\n serialized data, a related issue to\n CVE-2016-5773.(CVE-2016-6295)\n\n - ext/session/session.c in PHP before 5.5.38, 5.6.x\n before 5.6.24, and 7.x before 7.0.9 does not properly\n maintain a certain hash data structure, which allows\n remote attackers to cause a denial of service\n (use-after-free) or possibly have unspecified other\n impact via vectors related to session\n deserialization.(CVE-2016-6290)\n\n - Integer overflow in the php_stream_zip_opener function\n in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x\n before 5.6.24, and 7.x before 7.0.9 allows remote\n attackers to cause a denial of service (stack-based\n buffer overflow) or possibly have unspecified other\n impact via a crafted zip:// URL.(CVE-2016-6297)\n\n - The phar_make_dirstream function in\n ext/phar/dirstream.c in PHP before 5.6.18 and 7.x\n before 7.0.3 mishandles zero-size ././@LongLink files,\n which allows remote attackers to cause a denial of\n service (uninitialized pointer dereference) or possibly\n have unspecified other impact via a crafted TAR\n archive.(CVE-2016-4343)\n\n - ext/intl/msgformat/msgformat_format.c in PHP before\n 5.6.26 and 7.x before 7.0.11 does not properly restrict\n the locale length provided to the Locale class in the\n ICU library, which allows remote attackers to cause a\n denial of service (application crash) or possibly have\n unspecified other impact via a\n MessageFormatter::formatMessage call with a long first\n argument.(CVE-2016-7416)\n\n - ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before\n 7.0.10 allows remote attackers to cause a denial of\n service (NULL pointer dereference and application\n crash) or possibly have unspecified other impact via a\n malformed wddxPacket XML document that is mishandled in\n a wddx_deserialize call, as demonstrated by a tag that\n lacks a i1/4oe (less than) character.(CVE-2016-7131)\n\n - ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before\n 7.0.10 allows remote attackers to cause a denial of\n service (NULL pointer dereference and application\n crash) or possibly have unspecified other impact via an\n invalid wddxPacket XML document that is mishandled in a\n wddx_deserialize call, as demonstrated by a stray\n element inside a boolean element, leading to incorrect\n pop processing.(CVE-2016-7132)\n\n - The php_wddx_pop_element function in ext/wddx/wddx.c in\n PHP before 5.6.25 and 7.x before 7.0.10 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) or possibly have\n unspecified other impact via an invalid base64 binary\n value, as demonstrated by a wddx_deserialize call that\n mishandles a binary element in a wddxPacket XML\n documenti1/4Z( CVE-2016-7130)\n\n - The imagegammacorrect function in ext/gd/gd.c in PHP\n before 5.6.25 and 7.x before 7.0.10 does not properly\n validate gamma values, which allows remote attackers to\n cause a denial of service (out-of-bounds write) or\n possibly have unspecified other impact by providing\n different signs for the second and third\n arguments.(CVE-2016-7127)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1068\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?69205e3c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-5.4.16-42.h27\",\n \"php-cli-5.4.16-42.h27\",\n \"php-common-5.4.16-42.h27\",\n \"php-gd-5.4.16-42.h27\",\n \"php-ldap-5.4.16-42.h27\",\n \"php-mysql-5.4.16-42.h27\",\n \"php-odbc-5.4.16-42.h27\",\n \"php-pdo-5.4.16-42.h27\",\n \"php-pgsql-5.4.16-42.h27\",\n \"php-process-5.4.16-42.h27\",\n \"php-recode-5.4.16-42.h27\",\n \"php-soap-5.4.16-42.h27\",\n \"php-xml-5.4.16-42.h27\",\n \"php-xmlrpc-5.4.16-42.h27\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-10-12T14:19:51", "description": "Taoguang Chen discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7124)\n\nTaoguang Chen discovered that PHP incorrectly handled invalid session names. A remote attacker could use this issue to inject arbitrary session data. (CVE-2016-7125)\n\nIt was discovered that PHP incorrectly handled certain gamma values in the imagegammacorrect function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7127)\n\nIt was discovered that PHP incorrectly handled certain crafted TIFF image thumbnails. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly expose sensitive information. (CVE-2016-7128)\n\nIt was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132, CVE-2016-7413)\n\nIt was discovered that PHP incorrectly handled certain memory operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7133)\n\nIt was discovered that PHP incorrectly handled long strings in curl_escape calls. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.\n(CVE-2016-7134)\n\nTaoguang Chen discovered that PHP incorrectly handled certain failures when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7411)\n\nIt was discovered that PHP incorrectly handled certain flags in the MySQL driver. Malicious remote MySQL servers could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7412)\n\nIt was discovered that PHP incorrectly handled ZIP file signature verification when processing a PHAR archive. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7414)\n\nIt was discovered that PHP incorrectly handled certain locale operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7416)\n\nIt was discovered that PHP incorrectly handled SplArray unserializing.\nA remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2016-7417)\n\nKe Liu discovered that PHP incorrectly handled unserializing wddxPacket XML documents with incorrect boolean elements. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7418).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-05T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : php5, php7.0 vulnerabilities (USN-3095-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7133", "CVE-2016-7134", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-curl", "p-cpe:/a:canonical:ubuntu_linux:php5-fpm", "p-cpe:/a:canonical:ubuntu_linux:php5-gd", "p-cpe:/a:canonical:ubuntu_linux:php5-mysqlnd", "p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi", "p-cpe:/a:canonical:ubuntu_linux:php7.0-cli", "p-cpe:/a:canonical:ubuntu_linux:php7.0-curl", "p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm", "p-cpe:/a:canonical:ubuntu_linux:php7.0-gd", "p-cpe:/a:canonical:ubuntu_linux:php7.0-mysql", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3095-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93864", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3095-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93864);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7127\", \"CVE-2016-7128\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\", \"CVE-2016-7132\", \"CVE-2016-7133\", \"CVE-2016-7134\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"USN\", value:\"3095-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : php5, php7.0 vulnerabilities (USN-3095-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Taoguang Chen discovered that PHP incorrectly handled certain invalid\nobjects when unserializing data. A remote attacker could use this\nissue to cause PHP to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2016-7124)\n\nTaoguang Chen discovered that PHP incorrectly handled invalid session\nnames. A remote attacker could use this issue to inject arbitrary\nsession data. (CVE-2016-7125)\n\nIt was discovered that PHP incorrectly handled certain gamma values in\nthe imagegammacorrect function. A remote attacker could use this issue\nto cause PHP to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2016-7127)\n\nIt was discovered that PHP incorrectly handled certain crafted TIFF\nimage thumbnails. A remote attacker could use this issue to cause PHP\nto crash, resulting in a denial of service, or possibly expose\nsensitive information. (CVE-2016-7128)\n\nIt was discovered that PHP incorrectly handled unserializing certain\nwddxPacket XML documents. A remote attacker could use this issue to\ncause PHP to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2016-7129, CVE-2016-7130, CVE-2016-7131,\nCVE-2016-7132, CVE-2016-7413)\n\nIt was discovered that PHP incorrectly handled certain memory\noperations. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7133)\n\nIt was discovered that PHP incorrectly handled long strings in\ncurl_escape calls. A remote attacker could use this issue to cause PHP\nto crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 16.04 LTS.\n(CVE-2016-7134)\n\nTaoguang Chen discovered that PHP incorrectly handled certain failures\nwhen unserializing data. A remote attacker could use this issue to\ncause PHP to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2016-7411)\n\nIt was discovered that PHP incorrectly handled certain flags in the\nMySQL driver. Malicious remote MySQL servers could use this issue to\ncause PHP to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2016-7412)\n\nIt was discovered that PHP incorrectly handled ZIP file signature\nverification when processing a PHAR archive. A remote attacker could\nuse this issue to cause PHP to crash, resulting in a denial of\nservice, or possibly execute arbitrary code. (CVE-2016-7414)\n\nIt was discovered that PHP incorrectly handled certain locale\noperations. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-7416)\n\nIt was discovered that PHP incorrectly handled SplArray unserializing.\nA remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2016-7417)\n\nKe Liu discovered that PHP incorrectly handled unserializing\nwddxPacket XML documents with incorrect boolean elements. A remote\nattacker could use this issue to cause PHP to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2016-7418).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3095-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.10-1ubuntu3.25\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.10-1ubuntu3.25\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-cli\", pkgver:\"5.3.10-1ubuntu3.25\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-curl\", pkgver:\"5.3.10-1ubuntu3.25\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-fpm\", pkgver:\"5.3.10-1ubuntu3.25\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-gd\", pkgver:\"5.3.10-1ubuntu3.25\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-mysqlnd\", pkgver:\"5.3.10-1ubuntu3.25\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.5.9+dfsg-1ubuntu4.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-cgi\", pkgver:\"5.5.9+dfsg-1ubuntu4.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-cli\", pkgver:\"5.5.9+dfsg-1ubuntu4.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-curl\", pkgver:\"5.5.9+dfsg-1ubuntu4.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-fpm\", pkgver:\"5.5.9+dfsg-1ubuntu4.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-gd\", pkgver:\"5.5.9+dfsg-1ubuntu4.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-mysqlnd\", pkgver:\"5.5.9+dfsg-1ubuntu4.20\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libapache2-mod-php7.0\", pkgver:\"7.0.8-0ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-cgi\", pkgver:\"7.0.8-0ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-cli\", pkgver:\"7.0.8-0ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-curl\", pkgver:\"7.0.8-0ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-fpm\", pkgver:\"7.0.8-0ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-gd\", pkgver:\"7.0.8-0ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-mysql\", pkgver:\"7.0.8-0ubuntu0.16.04.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / libapache2-mod-php7.0 / php5-cgi / php5-cli / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-17T14:22:56", "description": "According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.4.1. It is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists in x509_vfy.c due to improper handling of certificate revocation lists (CRLs). An unauthenticated, remote attacker can exploit this, via a specially crafted CRL, to cause a NULL pointer dereference, resulting in a crash of the service. (CVE-2016-7052)\n\n - A cross-site scripting (XSS) vulnerability exists within the JQuery UI dialog() function due to improper validation of input to the 'closeText' parameter before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-7103)\n\n - A denial of service vulnerability exists in PHP within file ext/standard/var_unserializer.c due to improper handling of certain invalid objects. An unauthenticated, remote attacker can exploit this, via specially crafted serialized data that leads to a __destruct() or magic() function call, to cause a denial of service condition or potentially execute arbitrary code. (CVE-2016-7124)\n\n - A flaw exists in PHP in file ext/session/session.c when handling session names. An unauthenticated, remote attacker can exploit this to inject arbitrary data into sessions. (CVE-2016-7125)\n\n - An integer truncation error exists in PHP in the select_colors() function in file ext/gd/libgd/gd_topal.c when handling the number of colors. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2016-7126)\n\n - An array-indexing error exists in PHP in the imagegammacorrect() function within file ext/gd/gd.c when handling negative gamma values. An unauthenticated, remote attacker can exploit this, by writing a NULL to an arbitrary memory location, to cause a crash or the execution of arbitrary code. (CVE-2016-7127)\n\n - A flaw exists in PHP in the exif_process_IFD_in_TIFF() function within file ext/exif/exif.c when handling TIFF image content. An unauthenticated, remote attacker can exploit this to disclose memory contents.\n (CVE-2016-7128)\n\n - A denial of service vulnerability exists in PHP in the php_wddx_process_data() function within file ext/wddx/wddx.c when deserializing invalid dateTime values. An unauthenticated, remote attacker can exploit this to cause a crash. (CVE-2016-7129)\n\n - A NULL pointer dereference flaw exists in PHP in the php_wddx_pop_element() function within file ext/wddx/wddx.c when handling Base64 binary values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-7130)\n\n - A NULL pointer dereference flaw exists in PHP in the php_wddx_deserialize_ex() function within file ext/wddx/wddx.c when handling invalid XML content. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-7131)\n\n - A NULL pointer dereference flaw exists in PHP in the php_wddx_pop_element() function within file ext/wddx/wddx.c. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n (CVE-2016-7132)\n\n - A buffer overflow condition exists in PHP in file ext/mysqlnd/mysqlnd_wireprotocol.c within the php_mysqlnd_rowp_read_text_protocol_aux() function when handling the BIT field. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a crash or the execution of arbitrary code. (CVE-2016-7412)\n\n - A use-after-free error exists in PHP in the wddx_stack_destroy() function within file ext/wddx/wddx.c when deserializing recordset elements.\n An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in PHP in the phar_parse_zipfile() function within file ext/phar/zip.c when handling the uncompressed file size. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2016-7414)\n\n - Multiple stack-based buffer overflow conditions exist in the International Components for Unicode for C/C++ (ICU4C) component in the msgfmt_format_message() function within file common/locid.cpp when handling locale strings. An unauthenticated, remote attacker can exploit these, via a long locale string, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-7415, CVE-2016-7416)\n\n - A flaw exists in PHP within file ext/spl/spl_array.c, specifically in the spl_array_get_dimension_ptr_ptr() function during the deserialization of SplArray, due to improper validation of types. An unauthenticated, remote attacker can exploit this to cause a crash or other unspecified impact. (CVE-2016-7417)\n\n - An out-of-bounds read error exists in PHP in the php_wddx_push_element() function within file ext/wddx/wddx.c. An unauthenticated, remote attacker can exploit this to cause a crash or the disclosure of memory contents. (CVE-2016-7418)\n\n - A use-after-free error exists in PHP within the unserialize() function in file ext/curl/curl_file.c. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-9137)\n\n - An integer overflow condition exists in PHP in the php_snmp_parse_oid() function in file ext/snmp/snmp.c.\n An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the sql_regcase() function within file ext/ereg/ereg.c when handling overly long strings. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the php_base64_encode() function within file ext/standard/base64.c when handling overly long strings. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the php_quot_print_encode() function within file ext/standard/quot_print.c when handling overly long strings. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code.\n\n - A use-after-free error exists in PHP in the unserialize() function within file ext/standard/var.c.\n An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.\n\n - A flaw exists in PHP in the php_ftp_fopen_connect() function within file ext/standard/ftp_fopen_wrapper.c due to silently downgrading to regular FTP even if a secure method has been requested. A man-in-the-middle (MitM) attacker can exploit this to downgrade the FTP communication.\n\n - An integer overflow condition exists in PHP in the php_url_encode() function within file ext/standard/url.c when handling overly long strings. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the php_uuencode() function in file ext/standard/uuencode.c.\n An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the bzdecompress() function within file ext/bz2/bz2.c. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the curl_escape() function within file ext/curl/interface.c when handling overly long escaped strings. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.\n\n - An out-of-bounds access error exists in PHP in file ext/phar/tar.c, specifically in the phar_parse_tarfile() function during the verification of signatures. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\n - A flaw exists in PHP when destroying deserialized objects due to improper validation of certain unspecified input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP within the fgetcsv() function due to improper validation of CSV field lengths. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the wordwrap() function within file ext/standard/string.c due to improper validation of certain unspecified input.\n An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the fgets() function within file ext/standard/file.c due to improper validation of certain unspecified input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the xml_utf8_encode() function within file ext/xml/xml.c due to improper validation of certain unspecified input. An unauthenticated, remote attacker can exploit this to cause an unspecified impact.\n\n - A flaw exists in PHP in the exif_process_IFD_in_TIFF() function within file ext/exif/exif.c when handling uninitialized thumbnail data. An unauthenticated, remote attacker can exploit this to disclose memory contents.\n\n - A flaw exists in PHP due to the parse_url() function returning the incorrect host. An unauthenticated, remote attacker can exploit this to bypass authentication or to conduct open redirection and server-side request forgery attacks, depending on how the function is implemented.\n\n - A NULL pointer dereference flaw exists in PHP in the SimpleXMLElement::asXML() function within file ext/simplexml/simplexml.c. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - An heap buffer overflow condition exists in PHP in the php_ereg_replace() function within file ext/ereg/ereg.c due to improper validation of certain unspecified input.\n An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.\n\n - A flaw exists in PHP in file ext/openssl/openssl.c within the openssl_random_pseudo_bytes() function when handling strings larger than 2GB. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - A flaw exists in PHP in the openssl_encrypt() function within file ext/openssl/openssl.c when handling strings larger than 2GB. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - An integer overflow condition exists in PHP in the imap_8bit() function within file ext/imap/php_imap.c due to improper validation of certain unspecified input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - A flaw exists in PHP in the _bc_new_num_ex() function within file ext/bcmath/libbcmath/src/init.c when handling values passed via the 'scale' parameter. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - A flaw exists in PHP in the php_resolve_path() function within file main/fopen_wrappers.c when handling negative size values passed via the 'filename' parameter. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - A flaw exists in PHP in the dom_document_save_html() function within file ext/dom/document.c due to missing NULL checks. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - An integer overflow condition exists in PHP in the mb_encode_*() function in file ext/mbstring/mbstring.c due to improper validation of the length of encoded data. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n\n - A NULL pointer dereference flaw exists in PHP in the CachingIterator() function within file ext/spl/spl_iterators.c when handling string conversion.\n An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - An integer overflow condition exists in PHP in the number_format() function within file ext/standard/math.c when handling 'decimals' and 'dec_point' parameters with values equal or close to 0x7FFFFFFF. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.\n\n - A overflow condition exists in PHP within file ext/intl/resourcebundle/resourcebundle_class.c, specifically in functions ResourceBundle::create() and ResourceBundle::getLocales(), due to improper validation of input passed via the 'bundlename' parameter. An unauthenticated, remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the php_pcre_replace_impl() function within file ext/pcre/php_pcre.c due to improper validation of certain unspecified input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n _php_imap_mail() function in file ext/imap/php_imap.c when handling overly long strings. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.\n\n - A flaw exists in PHP in the bzcompress() function when handling overly long strings. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - An integer overflow condition exists in PHP in the gdImageAALine() function within file ext/gd/libgd/gd.c due to improper validation of line limit values.\n An unauthenticated, remote attacker can exploit this to cause an out-of-bounds write or read, resulting in a denial of service condition, the disclosure of memory contents, or the execution of arbitrary code.\n\n - Multiple stored cross-site scripting (XSS) vulnerabilities exist in unspecified scripts due to improper validation of input before returning it to users. An unauthenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user's browser session.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-27T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter < 5.4.1 Multiple Vulnerabilities (TNS-2016-19)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7052", "CVE-2016-7103", "CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7126", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7415", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-9137"], "modified": "2020-10-09T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_5_4_1.NASL", "href": "https://www.tenable.com/plugins/nessus/96832", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96832);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\n \"CVE-2016-7052\",\n \"CVE-2016-7103\",\n \"CVE-2016-7124\",\n \"CVE-2016-7125\",\n \"CVE-2016-7126\",\n \"CVE-2016-7127\",\n \"CVE-2016-7128\",\n \"CVE-2016-7129\",\n \"CVE-2016-7130\",\n \"CVE-2016-7131\",\n \"CVE-2016-7132\",\n \"CVE-2016-7412\",\n \"CVE-2016-7413\",\n \"CVE-2016-7414\",\n \"CVE-2016-7415\",\n \"CVE-2016-7416\",\n \"CVE-2016-7417\",\n \"CVE-2016-7418\",\n \"CVE-2016-9137\"\n );\n script_bugtraq_id(\n 92552,\n 92564,\n 92755,\n 92756,\n 92757,\n 92758,\n 92764,\n 92767,\n 92768,\n 93004,\n 93005,\n 93006,\n 93007,\n 93008,\n 93011,\n 93022,\n 93171,\n 93577\n );\n\n script_name(english:\"Tenable SecurityCenter < 5.4.1 Multiple Vulnerabilities (TNS-2016-19)\");\n script_summary(english:\"Checks the SecurityCenter version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Tenable SecurityCenter\napplication installed on the remote host is prior to 5.4.1. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists in x509_vfy.c\n due to improper handling of certificate revocation lists\n (CRLs). An unauthenticated, remote attacker can exploit\n this, via a specially crafted CRL, to cause a NULL\n pointer dereference, resulting in a crash of the\n service. (CVE-2016-7052)\n\n - A cross-site scripting (XSS) vulnerability exists within\n the JQuery UI dialog() function due to improper\n validation of input to the 'closeText' parameter before\n returning it to users. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n request, to execute arbitrary script code in a user's\n browser session. (CVE-2016-7103)\n\n - A denial of service vulnerability exists in PHP within\n file ext/standard/var_unserializer.c due to improper\n handling of certain invalid objects. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n serialized data that leads to a __destruct() or magic()\n function call, to cause a denial of service condition or\n potentially execute arbitrary code. (CVE-2016-7124)\n\n - A flaw exists in PHP in file ext/session/session.c when\n handling session names. An unauthenticated, remote\n attacker can exploit this to inject arbitrary data into\n sessions. (CVE-2016-7125)\n\n - An integer truncation error exists in PHP in the\n select_colors() function in file ext/gd/libgd/gd_topal.c\n when handling the number of colors. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in the execution of arbitrary\n code. (CVE-2016-7126)\n\n - An array-indexing error exists in PHP in the\n imagegammacorrect() function within file ext/gd/gd.c\n when handling negative gamma values. An unauthenticated,\n remote attacker can exploit this, by writing a NULL to\n an arbitrary memory location, to cause a crash or the\n execution of arbitrary code. (CVE-2016-7127)\n\n - A flaw exists in PHP in the exif_process_IFD_in_TIFF()\n function within file ext/exif/exif.c when handling TIFF\n image content. An unauthenticated, remote attacker can\n exploit this to disclose memory contents.\n (CVE-2016-7128)\n\n - A denial of service vulnerability exists in PHP in the\n php_wddx_process_data() function within file\n ext/wddx/wddx.c when deserializing invalid dateTime\n values. An unauthenticated, remote attacker can exploit\n this to cause a crash. (CVE-2016-7129)\n\n - A NULL pointer dereference flaw exists in PHP in the\n php_wddx_pop_element() function within file\n ext/wddx/wddx.c when handling Base64 binary values. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2016-7130)\n\n - A NULL pointer dereference flaw exists in PHP in the\n php_wddx_deserialize_ex() function within file\n ext/wddx/wddx.c when handling invalid XML content. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2016-7131)\n\n - A NULL pointer dereference flaw exists in PHP in the\n php_wddx_pop_element() function within file\n ext/wddx/wddx.c. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition.\n (CVE-2016-7132)\n\n - A buffer overflow condition exists in PHP in file\n ext/mysqlnd/mysqlnd_wireprotocol.c within the\n php_mysqlnd_rowp_read_text_protocol_aux() function when\n handling the BIT field. An unauthenticated, remote\n attacker can exploit this to cause a heap-based buffer\n overflow, resulting in a crash or the execution of\n arbitrary code. (CVE-2016-7412)\n\n - A use-after-free error exists in PHP in the\n wddx_stack_destroy() function within file\n ext/wddx/wddx.c when deserializing recordset elements.\n An unauthenticated, remote attacker can exploit this to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2016-7413)\n\n - An out-of-bounds access error exists in PHP in the\n phar_parse_zipfile() function within file ext/phar/zip.c\n when handling the uncompressed file size. An\n unauthenticated, remote attacker can exploit this to\n have an unspecified impact. (CVE-2016-7414)\n\n - Multiple stack-based buffer overflow conditions exist in\n the International Components for Unicode for C/C++\n (ICU4C) component in the msgfmt_format_message()\n function within file common/locid.cpp when handling\n locale strings. An unauthenticated, remote attacker can\n exploit these, via a long locale string, to cause a\n denial of service condition or the execution of\n arbitrary code. (CVE-2016-7415, CVE-2016-7416)\n\n - A flaw exists in PHP within file ext/spl/spl_array.c,\n specifically in the spl_array_get_dimension_ptr_ptr()\n function during the deserialization of SplArray, due to\n improper validation of types. An unauthenticated, remote\n attacker can exploit this to cause a crash or other\n unspecified impact. (CVE-2016-7417)\n\n - An out-of-bounds read error exists in PHP in the\n php_wddx_push_element() function within file\n ext/wddx/wddx.c. An unauthenticated, remote attacker\n can exploit this to cause a crash or the disclosure\n of memory contents. (CVE-2016-7418)\n\n - A use-after-free error exists in PHP within the\n unserialize() function in file ext/curl/curl_file.c. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-9137)\n\n - An integer overflow condition exists in PHP in the\n php_snmp_parse_oid() function in file ext/snmp/snmp.c.\n An unauthenticated, remote attacker can exploit this to\n cause a heap-based buffer overflow, resulting in the\n execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n sql_regcase() function within file ext/ereg/ereg.c when\n handling overly long strings. An unauthenticated, remote\n attacker can exploit this to corrupt memory, resulting\n in the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n php_base64_encode() function within file\n ext/standard/base64.c when handling overly long\n strings. An unauthenticated, remote attacker can exploit\n this to corrupt memory, resulting in the execution of\n arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n php_quot_print_encode() function within file\n ext/standard/quot_print.c when handling overly long\n strings. An unauthenticated, remote attacker can\n exploit this to cause a heap-based buffer overflow,\n resulting in the execution of arbitrary code.\n\n - A use-after-free error exists in PHP in the\n unserialize() function within file ext/standard/var.c.\n An unauthenticated, remote attacker can exploit this to\n dereference already freed memory, resulting in the\n execution of arbitrary code.\n\n - A flaw exists in PHP in the php_ftp_fopen_connect()\n function within file ext/standard/ftp_fopen_wrapper.c\n due to silently downgrading to regular FTP even if a\n secure method has been requested. A man-in-the-middle\n (MitM) attacker can exploit this to downgrade the FTP\n communication.\n\n - An integer overflow condition exists in PHP in the\n php_url_encode() function within file ext/standard/url.c\n when handling overly long strings. An unauthenticated,\n remote attacker can exploit this to corrupt memory,\n resulting in the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n php_uuencode() function in file ext/standard/uuencode.c.\n An unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in the execution of arbitrary\n code.\n\n - An integer overflow condition exists in PHP in the\n bzdecompress() function within file ext/bz2/bz2.c. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in the execution of arbitrary\n code.\n\n - An integer overflow condition exists in PHP in the\n curl_escape() function within file ext/curl/interface.c\n when handling overly long escaped strings. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in the execution of arbitrary\n code.\n\n - An out-of-bounds access error exists in PHP in file\n ext/phar/tar.c, specifically in the phar_parse_tarfile()\n function during the verification of signatures. An\n unauthenticated, remote attacker can exploit this to\n have an unspecified impact.\n\n - A flaw exists in PHP when destroying deserialized\n objects due to improper validation of certain\n unspecified input. An unauthenticated, remote attacker\n can exploit this to corrupt memory, resulting in a\n denial of service condition or the execution of\n arbitrary code.\n\n - An integer overflow condition exists in PHP within the\n fgetcsv() function due to improper validation of CSV\n field lengths. An unauthenticated, remote attacker can\n exploit this to corrupt memory, resulting in a denial of\n service condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n wordwrap() function within file ext/standard/string.c\n due to improper validation of certain unspecified input.\n An unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in a denial of service\n condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n fgets() function within file ext/standard/file.c due to\n improper validation of certain unspecified input. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in a denial of service\n condition or the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n xml_utf8_encode() function within file ext/xml/xml.c due\n to improper validation of certain unspecified input. An\n unauthenticated, remote attacker can exploit this to\n cause an unspecified impact.\n\n - A flaw exists in PHP in the exif_process_IFD_in_TIFF()\n function within file ext/exif/exif.c when handling\n uninitialized thumbnail data. An unauthenticated, remote\n attacker can exploit this to disclose memory contents.\n\n - A flaw exists in PHP due to the parse_url() function\n returning the incorrect host. An unauthenticated, remote\n attacker can exploit this to bypass authentication or to\n conduct open redirection and server-side request forgery\n attacks, depending on how the function is implemented.\n\n - A NULL pointer dereference flaw exists in PHP in the\n SimpleXMLElement::asXML() function within file\n ext/simplexml/simplexml.c. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition.\n\n - An heap buffer overflow condition exists in PHP in the\n php_ereg_replace() function within file ext/ereg/ereg.c\n due to improper validation of certain unspecified input.\n An unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code.\n\n - A flaw exists in PHP in file ext/openssl/openssl.c\n within the openssl_random_pseudo_bytes() function when\n handling strings larger than 2GB. An unauthenticated,\n remote attacker can exploit this to cause a denial of\n service condition.\n\n - A flaw exists in PHP in the openssl_encrypt() function\n within file ext/openssl/openssl.c when handling strings\n larger than 2GB. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition.\n\n - An integer overflow condition exists in PHP in the\n imap_8bit() function within file ext/imap/php_imap.c due\n to improper validation of certain unspecified input. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in a denial of service\n condition or the execution of arbitrary code.\n\n - A flaw exists in PHP in the _bc_new_num_ex() function\n within file ext/bcmath/libbcmath/src/init.c when\n handling values passed via the 'scale' parameter. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition.\n\n - A flaw exists in PHP in the php_resolve_path() function\n within file main/fopen_wrappers.c when handling negative\n size values passed via the 'filename' parameter. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition.\n\n - A flaw exists in PHP in the dom_document_save_html()\n function within file ext/dom/document.c due to missing\n NULL checks. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition.\n\n - An integer overflow condition exists in PHP in the\n mb_encode_*() function in file ext/mbstring/mbstring.c\n due to improper validation of the length of encoded\n data. An unauthenticated, remote attacker can exploit\n this to corrupt memory, resulting in a denial of service\n condition or the execution of arbitrary code.\n\n - A NULL pointer dereference flaw exists in PHP in the\n CachingIterator() function within file\n ext/spl/spl_iterators.c when handling string conversion.\n An unauthenticated, remote attacker can exploit this to\n cause a denial of service condition.\n\n - An integer overflow condition exists in PHP in the\n number_format() function within file ext/standard/math.c\n when handling 'decimals' and 'dec_point' parameters with\n values equal or close to 0x7FFFFFFF. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service\n condition or the execution of arbitrary code.\n\n - A overflow condition exists in PHP within file\n ext/intl/resourcebundle/resourcebundle_class.c,\n specifically in functions ResourceBundle::create() and\n ResourceBundle::getLocales(), due to improper validation\n of input passed via the 'bundlename' parameter. An\n unauthenticated, remote attacker can exploit this to\n cause a stack-based buffer overflow, resulting in a\n denial of service condition or the execution of\n arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n php_pcre_replace_impl() function within file\n ext/pcre/php_pcre.c due to improper validation of\n certain unspecified input. An unauthenticated, remote\n attacker can exploit this to cause a heap-based buffer\n overflow, resulting in a denial of service condition or\n the execution of arbitrary code.\n\n - An integer overflow condition exists in PHP in the\n _php_imap_mail() function in file ext/imap/php_imap.c\n when handling overly long strings. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service\n condition or the execution of arbitrary code.\n\n - A flaw exists in PHP in the bzcompress() function when\n handling overly long strings. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition.\n\n - An integer overflow condition exists in PHP in the\n gdImageAALine() function within file ext/gd/libgd/gd.c\n due to improper validation of line limit values.\n An unauthenticated, remote attacker can exploit this to\n cause an out-of-bounds write or read, resulting in a\n denial of service condition, the disclosure of memory\n contents, or the execution of arbitrary code.\n\n - Multiple stored cross-site scripting (XSS)\n vulnerabilities exist in unspecified scripts due to\n improper validation of input before returning it to\n users. An unauthenticated, remote attacker can exploit\n these, via a specially crafted request, to execute\n arbitrary script code in a user's browser session.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2016-19\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tenable SecurityCenter version 5.4.1 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9137\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\", \"securitycenter_detect.nbin\");\n script_require_ports(\"Host/SecurityCenter/Version\", \"installed_sw/SecurityCenter\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nversion = get_kb_item(\"Host/SecurityCenter/Version\");\nif(empty_or_null(version))\n{\n install = get_single_install(app_name:\"SecurityCenter\", combined:TRUE, exit_if_unknown_ver:TRUE);\n version = install[\"version\"];\n}\nfix = \"5.4.1\";\n\nif ( version =~ \"^5\\.[0-3]([^0-9]|$)\" || version =~ \"^5\\.4\\.0([^0-9]|$)\" )\n{\n items = make_array(\"Installed version\", version,\n \"Fixed version\", fix\n );\n\n order = make_list(\"Installed version\", \"Fixed version\");\n report = report_items_str(report_items:items, ordered_fields:order);\n\n security_report_v4(severity:SECURITY_HOLE, port:0, extra:report, xss:TRUE);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, 'SecurityCenter', version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-12T13:09:09", "description": "This update for php7 fixes the following security issues :\n\n - CVE-2016-6128: Invalid color index not properly handled [bsc#987580]\n\n - CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032]\n\n - CVE-2016-6292: NULL pointer dereference in exif_process_user_comment [bsc#991422]\n\n - CVE-2016-6295: Use after free in SNMP with GC and unserialize() [bsc#991424]\n\n - CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426]\n\n - CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427]\n\n - CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428]\n\n - CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429]\n\n - CVE-2016-5399: Improper error handling in bzread() [bsc#991430]\n\n - CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437]\n\n - CVE-2016-6207: Integer overflow error within\n _gdContributionsAlloc() [bsc#991434]\n\n - CVE-2016-4473: Invalid free() instead of efree() in phar_extract_file()\n\n - CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization\n\n - CVE-2016-7125: PHP Session Data Injection Vulnerability\n\n - CVE-2016-7126: select_colors write out-of-bounds\n\n - CVE-2016-7127: imagegammacorrect allowed arbitrary write access\n\n - CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF\n\n - CVE-2016-7129: wddx_deserialize allowed illegal memory access\n\n - CVE-2016-7131: wddx_deserialize null dereference with invalid xml\n\n - CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element\n\n - CVE-2016-7133: memory allocator fails to realloc small block to large one\n\n - CVE-2016-7134: Heap overflow in the function curl_escape\n\n - CVE-2016-7130: wddx_deserialize null dereference\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7417: Missing type check when unserializing SplArray\n\n - CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n\n - CVE-2016-7418: NULL pointer dereference in php_wddx_push_element\n\n - CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : php7 (SUSE-SU-2016:2460-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4473", "CVE-2016-5399", "CVE-2016-6128", "CVE-2016-6161", "CVE-2016-6207", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6295", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7126", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7133", "CVE-2016-7134", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php7", "p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7", "p-cpe:/a:novell:suse_linux:php7-bcmath", "p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php7-bz2", "p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php7-calendar", "p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ctype", "p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php7-curl", "p-cpe:/a:novell:suse_linux:php7-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-dba", "p-cpe:/a:novell:suse_linux:php7-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debugsource", "p-cpe:/a:novell:suse_linux:php7-dom", "p-cpe:/a:novell:suse_linux:php7-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php7-enchant", "p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php7-exif", "p-cpe:/a:novell:suse_linux:php7-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fastcgi", "p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fpm", "p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ftp", "p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gd", "p-cpe:/a:novell:suse_linux:php7-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gettext", "p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gmp", "p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-iconv", "p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php7-imap", "p-cpe:/a:novell:suse_linux:php7-imap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-intl", "p-cpe:/a:novell:suse_linux:php7-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-json", "p-cpe:/a:novell:suse_linux:php7-json-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ldap", "p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mbstring", "p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mcrypt", "p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mysql", "p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-odbc", "p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-opcache", "p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php7-openssl", "p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pcntl", "p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pdo", "p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pgsql", "p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-phar", "p-cpe:/a:novell:suse_linux:php7-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-posix", "p-cpe:/a:novell:suse_linux:php7-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pspell", "p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php7-shmop", "p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php7-snmp", "p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-soap", "p-cpe:/a:novell:suse_linux:php7-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sockets", "p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sqlite", "p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvmsg", "p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvsem", "p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvshm", "p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php7-tokenizer", "p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php7-wddx", "p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlreader", "p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlrpc", "p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlwriter", "p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xsl", "p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zip", "p-cpe:/a:novell:suse_linux:php7-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zlib", "p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-2460-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119981", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2460-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119981);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-4473\", \"CVE-2016-5399\", \"CVE-2016-6128\", \"CVE-2016-6161\", \"CVE-2016-6207\", \"CVE-2016-6289\", \"CVE-2016-6290\", \"CVE-2016-6291\", \"CVE-2016-6292\", \"CVE-2016-6295\", \"CVE-2016-6296\", \"CVE-2016-6297\", \"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7126\", \"CVE-2016-7127\", \"CVE-2016-7128\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\", \"CVE-2016-7132\", \"CVE-2016-7133\", \"CVE-2016-7134\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n\n script_name(english:\"SUSE SLES12 Security Update : php7 (SUSE-SU-2016:2460-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php7 fixes the following security issues :\n\n - CVE-2016-6128: Invalid color index not properly handled\n [bsc#987580]\n\n - CVE-2016-6161: global out of bounds read when encoding\n gif from malformed input withgd2togif [bsc#988032]\n\n - CVE-2016-6292: NULL pointer dereference in\n exif_process_user_comment [bsc#991422]\n\n - CVE-2016-6295: Use after free in SNMP with GC and\n unserialize() [bsc#991424]\n\n - CVE-2016-6297: Stack-based buffer overflow vulnerability\n in php_stream_zip_opener [bsc#991426]\n\n - CVE-2016-6291: Out-of-bounds access in\n exif_process_IFD_in_MAKERNOTE [bsc#991427]\n\n - CVE-2016-6289: Integer overflow leads to buffer overflow\n in virtual_file_ex [bsc#991428]\n\n - CVE-2016-6290: Use after free in unserialize() with\n Unexpected Session Deserialization [bsc#991429]\n\n - CVE-2016-5399: Improper error handling in bzread()\n [bsc#991430]\n\n - CVE-2016-6296: Heap buffer overflow vulnerability in\n simplestring_addn in simplestring.c [bsc#991437]\n\n - CVE-2016-6207: Integer overflow error within\n _gdContributionsAlloc() [bsc#991434]\n\n - CVE-2016-4473: Invalid free() instead of efree() in\n phar_extract_file()\n\n - CVE-2016-7124: Create an Unexpected Object and Don't\n Invoke __wakeup() in Deserialization\n\n - CVE-2016-7125: PHP Session Data Injection Vulnerability\n\n - CVE-2016-7126: select_colors write out-of-bounds\n\n - CVE-2016-7127: imagegammacorrect allowed arbitrary write\n access\n\n - CVE-2016-7128: Memory Leakage In\n exif_process_IFD_in_TIFF\n\n - CVE-2016-7129: wddx_deserialize allowed illegal memory\n access\n\n - CVE-2016-7131: wddx_deserialize null dereference with\n invalid xml\n\n - CVE-2016-7132: wddx_deserialize null dereference in\n php_wddx_pop_element\n\n - CVE-2016-7133: memory allocator fails to realloc small\n block to large one\n\n - CVE-2016-7134: Heap overflow in the function curl_escape\n\n - CVE-2016-7130: wddx_deserialize null dereference\n\n - CVE-2016-7413: Use after free in wddx_deserialize\n\n - CVE-2016-7412: Heap overflow in mysqlnd when not\n receiving UNSIGNED_FLAG in BIT field\n\n - CVE-2016-7417: Missing type check when unserializing\n SplArray\n\n - CVE-2016-7416: Stack based buffer overflow in\n msgfmt_format_message\n\n - CVE-2016-7418: NULL pointer dereference in\n php_wddx_push_element\n\n - CVE-2016-7414: Out of bounds heap read when verifying\n signature of zip phar in phar_parse_zipfile\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=995512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4473/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5399/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6128/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6161/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6207/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6289/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6290/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6291/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6292/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6295/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6296/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6297/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7124/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7125/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7126/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7128/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7129/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7131/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7132/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7133/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7413/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7414/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7416/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7417/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7418/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162460-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?71cad87f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1434=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2016-1434=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php7-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php7-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bcmath-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bcmath-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bz2-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bz2-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-calendar-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-calendar-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ctype-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ctype-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-curl-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-curl-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dba-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dba-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-debugsource-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dom-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dom-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-enchant-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-enchant-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-exif-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-exif-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fastcgi-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fastcgi-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fileinfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fileinfo-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fpm-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fpm-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ftp-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ftp-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gd-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gd-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gettext-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gettext-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gmp-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gmp-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-iconv-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-iconv-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-imap-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-imap-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-intl-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-intl-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-json-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-json-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ldap-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ldap-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mbstring-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mbstring-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mcrypt-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mcrypt-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mysql-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mysql-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-odbc-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-odbc-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-opcache-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-opcache-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-openssl-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-openssl-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pcntl-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pcntl-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pdo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pdo-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pgsql-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pgsql-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-phar-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-phar-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-posix-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-posix-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pspell-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pspell-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-shmop-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-shmop-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-snmp-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-snmp-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-soap-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-soap-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sockets-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sockets-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sqlite-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sqlite-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvmsg-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvmsg-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvsem-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvsem-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvshm-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvshm-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-tokenizer-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-tokenizer-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-wddx-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-wddx-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlreader-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlreader-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlrpc-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlrpc-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlwriter-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlwriter-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xsl-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xsl-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zip-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zip-debuginfo-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zlib-7.0.7-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zlib-debuginfo-7.0.7-15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php7\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-12T14:15:03", "description": "The remote host is affected by the vulnerability described in GLSA-201611-22 (PHP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.\n Impact :\n\n An attacker can possibly execute arbitrary code or create a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "GLSA-201611-22 : PHP: Multiple vulnerabilities (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8865", "CVE-2016-3074", "CVE-2016-4071", "CVE-2016-4072", "CVE-2016-4073", "CVE-2016-4537", "CVE-2016-4538", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-4544", "CVE-2016-5385", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6294", "CVE-2016-6295", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7126", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7133", "CVE-2016-7134", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:php", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201611-22.NASL", "href": "https://www.tenable.com/plugins/nessus/95421", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201611-22.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95421);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8865\", \"CVE-2016-3074\", \"CVE-2016-4071\", \"CVE-2016-4072\", \"CVE-2016-4073\", \"CVE-2016-4537\", \"CVE-2016-4538\", \"CVE-2016-4539\", \"CVE-2016-4540\", \"CVE-2016-4541\", \"CVE-2016-4542\", \"CVE-2016-4543\", \"CVE-2016-4544\", \"CVE-2016-5385\", \"CVE-2016-6289\", \"CVE-2016-6290\", \"CVE-2016-6291\", \"CVE-2016-6292\", \"CVE-2016-6294\", \"CVE-2016-6295\", \"CVE-2016-6296\", \"CVE-2016-6297\", \"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7126\", \"CVE-2016-7127\", \"CVE-2016-7128\", \"CVE-2016-7129\", \"CVE-2016-7130\", \"CVE-2016-7131\", \"CVE-2016-7132\", \"CVE-2016-7133\", \"CVE-2016-7134\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\", \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\");\n script_xref(name:\"GLSA\", value:\"201611-22\");\n\n script_name(english:\"GLSA-201611-22 : PHP: Multiple vulnerabilities (httpoxy)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201611-22\n(PHP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in PHP. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n An attacker can possibly execute arbitrary code or create a Denial of\n Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201611-22\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All PHP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev=lang/php-5.6.28'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/php\", unaffected:make_list(\"ge 5.6.28\"), vulnerable:make_list(\"lt 5.6.28\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PHP\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:52", "description": "The remote host is running a version of macOS that is 10.12.x prior to 10.12.2. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - apache_mod_php\n - AppleGraphicsPowerManagement\n - Assets\n - Audio\n - Bluetooth\n - CoreCapture\n - CoreFoundation\n - CoreGraphics\n - CoreMedia External Displays\n - CoreMedia Playback\n - CoreStorage\n - CoreText\n - curl\n - Directory Services\n - Disk Images\n - FontParser\n - Foundation\n - Grapher\n - ICU\n - ImageIO\n - Intel Graphics Driver\n - IOFireWireFamily\n - IOAcceleratorFamily\n - IOHIDFamily\n - IOKit\n - IOSurface\n - Kernel\n - kext tools\n - libarchive\n - LibreSSL\n - OpenLDAP\n - OpenPAM\n - OpenSSL\n - Power Management\n - Security\n - syslog\n - WiFi\n - xar\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.\n\nFurthermore, CVE-2016-6304, CVE-2016-7596, and CVE-2016-7604 also affect Mac OS X versions 10.10.5 and 10.11.6. However, this plugin does not check those versions.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "macOS 10.12.x < 10.12.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1777", "CVE-2016-1823", "CVE-2016-4688", "CVE-2016-4691", "CVE-2016-4693", "CVE-2016-5419", "CVE-2016-5420", "CVE-2016-5421", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-7141", "CVE-2016-7167", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7588", "CVE-2016-7591", "CVE-2016-7594", "CVE-2016-7595", "CVE-2016-7596", "CVE-2016-7600", "CVE-2016-7602", "CVE-2016-7603", "CVE-2016-7604", "CVE-2016-7605", "CVE-2016-7606", "CVE-2016-7607", "CVE-2016-7608", "CVE-2016-7609", "CVE-2016-7612", "CVE-2016-7615", "CVE-2016-7616", "CVE-2016-7617", "CVE-2016-7618", "CVE-2016-7619", "CVE-2016-7620", "CVE-2016-7621", "CVE-2016-7622", "CVE-2016-7624", "CVE-2016-7625", "CVE-2016-7627", "CVE-2016-7628", "CVE-2016-7629", "CVE-2016-7633", "CVE-2016-7636", "CVE-2016-7637", "CVE-2016-7643", "CVE-2016-7644", "CVE-2016-7655", "CVE-2016-7657", "CVE-2016-7658", "CVE-2016-7659", "CVE-2016-7660", "CVE-2016-7661", "CVE-2016-7662", "CVE-2016-7663", "CVE-2016-7714", "CVE-2016-7742", "CVE-2016-7761", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8619", "CVE-2016-8620", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-8625"], "modified": "2020-01-07T00:00:00", "cpe": ["cpe:/o:apple:macos"], "id": "MACOS_10_12_2.NASL", "href": "https://www.tenable.com/plugins/nessus/95917", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95917);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2020/01/07\");\n\n script_cve_id(\n \"CVE-2016-1777\",\n \"CVE-2016-1823\",\n \"CVE-2016-4688\",\n \"CVE-2016-4691\",\n \"CVE-2016-4693\",\n \"CVE-2016-5419\",\n \"CVE-2016-5420\",\n \"CVE-2016-5421\",\n \"CVE-2016-6303\",\n \"CVE-2016-6304\",\n \"CVE-2016-7141\",\n \"CVE-2016-7167\",\n \"CVE-2016-7411\",\n \"CVE-2016-7412\",\n \"CVE-2016-7413\",\n \"CVE-2016-7414\",\n \"CVE-2016-7416\",\n \"CVE-2016-7417\",\n \"CVE-2016-7418\",\n \"CVE-2016-7588\",\n \"CVE-2016-7591\",\n \"CVE-2016-7594\",\n \"CVE-2016-7595\",\n \"CVE-2016-7596\",\n \"CVE-2016-7600\",\n \"CVE-2016-7602\",\n \"CVE-2016-7603\",\n \"CVE-2016-7604\",\n \"CVE-2016-7605\",\n \"CVE-2016-7606\",\n \"CVE-2016-7607\",\n \"CVE-2016-7608\",\n \"CVE-2016-7609\",\n \"CVE-2016-7612\",\n \"CVE-2016-7615\",\n \"CVE-2016-7616\",\n \"CVE-2016-7617\",\n \"CVE-2016-7618\",\n \"CVE-2016-7619\",\n \"CVE-2016-7620\",\n \"CVE-2016-7621\",\n \"CVE-2016-7622\",\n \"CVE-2016-7624\",\n \"CVE-2016-7625\",\n \"CVE-2016-7627\",\n \"CVE-2016-7628\",\n \"CVE-2016-7629\",\n \"CVE-2016-7633\",\n \"CVE-2016-7636\",\n \"CVE-2016-7637\",\n \"CVE-2016-7643\",\n \"CVE-2016-7644\",\n \"CVE-2016-7655\",\n \"CVE-2016-7657\",\n \"CVE-2016-7658\",\n \"CVE-2016-7659\",\n \"CVE-2016-7660\",\n \"CVE-2016-7661\",\n \"CVE-2016-7662\",\n \"CVE-2016-7663\",\n \"CVE-2016-7714\",\n \"CVE-2016-7742\",\n \"CVE-2016-7761\",\n \"CVE-2016-8615\",\n \"CVE-2016-8616\",\n \"CVE-2016-8617\",\n \"CVE-2016-8618\",\n \"CVE-2016-8619\",\n \"CVE-2016-8620\",\n \"CVE-2016-8621\",\n \"CVE-2016-8622\",\n \"CVE-2016-8623\",\n \"CVE-2016-8624\",\n \"CVE-2016-8625\"\n );\n script_bugtraq_id(\n 85054,\n 90698,\n 92292,\n 92306,\n 92309,\n 92754,\n 92975,\n 92984,\n 93004,\n 93005,\n 93006,\n 93007,\n 93008,\n 93009,\n 93011,\n 93150,\n 94094,\n 94096,\n 94097,\n 94098,\n 94100,\n 94101,\n 94102,\n 94103,\n 94105,\n 94106,\n 94107,\n 94572,\n 94903,\n 94904,\n 94905,\n 94906\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-12-13-1\");\n\n script_name(english:\"macOS 10.12.x < 10.12.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of macOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS that is 10.12.x prior to\n10.12.2. It is, therefore, affected by multiple vulnerabilities in the\nfollowing components :\n\n - apache_mod_php\n - AppleGraphicsPowerManagement\n - Assets\n - Audio\n - Bluetooth\n - CoreCapture\n - CoreFoundation\n - CoreGraphics\n - CoreMedia External Displays\n - CoreMedia Playback\n - CoreStorage\n - CoreText\n - curl\n - Directory Services\n - Disk Images\n - FontParser\n - Foundation\n - Grapher\n - ICU\n - ImageIO\n - Intel Graphics Driver\n - IOFireWireFamily\n - IOAcceleratorFamily\n - IOHIDFamily\n - IOKit\n - IOSurface\n - Kernel\n - kext tools\n - libarchive\n - LibreSSL\n - OpenLDAP\n - OpenPAM\n - OpenSSL\n - Power Management\n - Security\n - syslog\n - WiFi\n - xar\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\n\nFurthermore, CVE-2016-6304, CVE-2016-7596, and CVE-2016-7604 also\naffect Mac OS X versions 10.10.5 and 10.11.6. However, this plugin\ndoes not check those versions.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207423\");\n # http://lists.apple.com/archives/security-announce/2016/Dec/msg00003.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?38dabd46\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS version 10.12.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7644\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras_apple.inc\");\n\napp_info = vcf::apple::get_macos_info();\n\nvcf::apple::check_macos_restrictions(restrictions:['10.12']);\n\nconstraints = [{ \"fixed_version\" : \"10.12.2\" }];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:32", "description": "\n\nPHP reports:\n\n\nFixed bug #73007 (add locale length check)\nFixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\nFixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile)\nFixed bug #73029 (Missing type check when unserializing SplArray)\nFixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)\nFixed bug #72860 (wddx_deserialize use-after-free)\nFixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)\n\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-15T00:00:00", "type": "freebsd", "title": "PHP -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-09-15T00:00:00", "id": "F471032A-8700-11E6-8D93-00248C0C745D", "href": "https://vuxml.freebsd.org/freebsd/f471032a-8700-11e6-8d93-00248c0c745d.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-19T15:51:32", "description": "\n\nPHP reports:\n\n\nFixed bug #73007 (add locale length check)\nFixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\nFixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile)\nFixed bug #73029 (Missing type check when unserializing SplArray)\nFixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)\nFixed bug #72860 (wddx_deserialize use-after-free)\nFixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)\n\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-16T00:00:00", "type": "freebsd", "title": "PHP -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-09-16T00:00:00", "id": "8D5180A6-86FE-11E6-8D93-00248C0C745D", "href": "https://vuxml.freebsd.org/freebsd/8d5180a6-86fe-11e6-8d93-00248c0c745d.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-10-14T17:27:48", "description": "This update for php5 fixes the following security issues:\n\n * CVE-2016-7411: php5: Memory corruption when destructing deserialized\n object\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2016-10-14T16:11:34", "type": "suse", "title": "Security update for php5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2016-10-14T16:11:34", "id": "OPENSUSE-SU-2016:2540-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00031.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-11-01T17:27:52", "description": "This update for php5 fixes the following security issues:\n\n * CVE-2016-7411: php5: Memory corruption when destructing deserialized\n object\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n", "cvss3": {}, "published": "2016-11-01T16:07:21", "type": "suse", "title": "Security update for php5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2016-11-01T16:07:21", "id": "SUSE-SU-2016:2477-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00000.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-04T17:27:47", "description": "This update for php5 fixes the following security issues:\n\n * CVE-2016-7411: Memory corruption when destructing deserialized object\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n", "cvss3": {}, "published": "2016-10-04T16:10:25", "type": "suse", "title": "Security update for php5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2016-10-04T16:10:25", "id": "OPENSUSE-SU-2016:2444-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00002.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-06T01:27:34", "description": "This update for php53 fixes the following issues:\n\n * CVE-2016-7411: php5: Memory corruption when destructing deserialized\n object\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n", "cvss3": {}, "published": "2016-10-06T01:08:31", "type": "suse", "title": "Security update for php53 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2016-10-06T01:08:31", "id": "SUSE-SU-2016:2461-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00008.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-07T21:27:37", "description": "This update for php5 fixes the following security issues:\n\n * CVE-2016-7411: php5: Memory corruption when destructing deserialized\n object\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n", "cvss3": {}, "published": "2016-10-07T21:12:50", "type": "suse", "title": "Security update for php5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2016-10-07T21:12:50", "id": "SUSE-SU-2016:2477-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00017.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-05T17:27:35", "description": "This update for php53 fixes the following security issues:\n\n * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup()\n in Deserialization\n * CVE-2016-7125: PHP Session Data Injection Vulnerability\n * CVE-2016-7126: select_colors write out-of-bounds\n * CVE-2016-7127: imagegammacorrect allowed arbitrary write access\n * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF\n * CVE-2016-7129: wddx_deserialize allows illegal memory access\n * CVE-2016-7130: wddx_deserialize null dereference\n * CVE-2016-7131: wddx_deserialize null dereference with invalid xml\n * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element\n * CVE-2016-7411: php5: Memory corruption when destructing deserialized\n object\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n\n", "cvss3": {}, "published": "2016-10-05T18:12:21", "type": "suse", "title": "Security update for php53 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-7414", "CVE-2016-7127", "CVE-2016-7131", "CVE-2016-7125", "CVE-2016-7130", "CVE-2016-7129", "CVE-2016-7413", "CVE-2016-7126", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7124", "CVE-2016-7417", "CVE-2016-7128", "CVE-2016-7418", "CVE-2016-7132", "CVE-2016-7412"], "modified": "2016-10-05T18:12:21", "id": "SUSE-SU-2016:2459-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:41:08", "description": "This update for php7 fixes the following security issues:\n\n * CVE-2016-6128: Invalid color index not properly handled [bsc#987580]\n * CVE-2016-6161: global out of bounds read when encoding gif from\n malformed input withgd2togif [bsc#988032]\n * CVE-2016-6292: Null pointer dereference in exif_process_user_comment\n [bsc#991422]\n * CVE-2016-6295: Use after free in SNMP with GC and unserialize()\n [bsc#991424]\n * CVE-2016-6297: Stack-based buffer overflow vulnerability in\n php_stream_zip_opener [bsc#991426]\n * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE\n [bsc#991427]\n * CVE-2016-6289: Integer overflow leads to buffer overflow in\n virtual_file_ex [bsc#991428]\n * CVE-2016-6290: Use after free in unserialize() with Unexpected Session\n Deserialization [bsc#991429]\n * CVE-2016-5399: Improper error handling in bzread() [bsc#991430]\n * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn\n in simplestring.c [bsc#991437]\n * CVE-2016-6207: Integer overflow error within _gdContributionsAlloc()\n [bsc#991434]\n * CVE-2016-4473: Invalid free() instead of efree() in phar_extract_file()\n * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup()\n in Deserialization\n * CVE-2016-7125: PHP Session Data Injection Vulnerability\n * CVE-2016-7126: select_colors write out-of-bounds\n * CVE-2016-7127: imagegammacorrect allowed arbitrary write access\n * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF\n * CVE-2016-7129: wddx_deserialize allowed illegal memory access\n * CVE-2016-7131: wddx_deserialize null dereference with invalid xml\n * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element\n * CVE-2016-7133: memory allocator fails to realloc small block to large one\n * CVE-2016-7134: Heap overflow in the function curl_escape\n * CVE-2016-7130: wddx_deserialize null dereference\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n\n", "cvss3": {}, "published": "2016-10-05T21:08:45", "type": "suse", "title": "Security update for php7 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5399", "CVE-2016-7414", "CVE-2016-6290", "CVE-2016-7127", "CVE-2016-7133", "CVE-2016-4473", "CVE-2016-7131", "CVE-2016-7125", "CVE-2016-7134", "CVE-2016-7130", "CVE-2016-7129", "CVE-2016-6128", "CVE-2016-7413", "CVE-2016-7126", "CVE-2016-6161", "CVE-2016-6207", "CVE-2016-6295", "CVE-2016-6297", "CVE-2016-6292", "CVE-2016-7416", "CVE-2016-6289", "CVE-2016-7124", "CVE-2016-7417", "CVE-2016-7128", "CVE-2016-7418", "CVE-2016-7132", "CVE-2016-6291", "CVE-2016-6296", "CVE-2016-7412"], "modified": "2016-10-05T21:08:45", "id": "SUSE-SU-2016:2460-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00007.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:41:09", "description": "This update for php7 fixes the following security issues:\n\n * CVE-2016-6128: Invalid color index not properly handled [bsc#987580]\n * CVE-2016-6161: global out of bounds read when encoding gif from\n malformed input withgd2togif [bsc#988032]\n * CVE-2016-6292: Null pointer dereference in exif_process_user_comment\n [bsc#991422]\n * CVE-2016-6295: Use after free in SNMP with GC and unserialize()\n [bsc#991424]\n * CVE-2016-6297: Stack-based buffer overflow vulnerability in\n php_stream_zip_opener [bsc#991426]\n * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE\n [bsc#991427]\n * CVE-2016-6289: Integer overflow leads to buffer overflow in\n virtual_file_ex [bsc#991428]\n * CVE-2016-6290: Use after free in unserialize() with Unexpected Session\n Deserialization [bsc#991429]\n * CVE-2016-5399: Improper error handling in bzread() [bsc#991430]\n * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn\n in simplestring.c [bsc#991437]\n * CVE-2016-6207: Integer overflow error within _gdContributionsAlloc()\n [bsc#991434]\n * CVE-2016-4473: Invalid free() instead of efree() in phar_extract_file()\n * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup()\n in Deserialization\n * CVE-2016-7125: PHP Session Data Injection Vulnerability\n * CVE-2016-7126: select_colors write out-of-bounds\n * CVE-2016-7127: imagegammacorrect allowed arbitrary write access\n * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF\n * CVE-2016-7129: wddx_deserialize allowed illegal memory access\n * CVE-2016-7131: wddx_deserialize null dereference with invalid xml\n * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element\n * CVE-2016-7133: memory allocator fails to realloc small block to large one\n * CVE-2016-7134: Heap overflow in the function curl_escape\n * CVE-2016-7130: wddx_deserialize null dereference\n * CVE-2016-7413: Use after free in wddx_deserialize\n * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG\n in BIT field\n * CVE-2016-7417: Missing type check when unserializing SplArray\n * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n * CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n * CVE-2016-7414: Out of bounds heap read when verifying signature of zip\n phar in phar_parse_zipfile\n\n", "cvss3": {}, "published": "2016-11-01T16:21:27", "type": "suse", "title": "Security update for php7 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5399", "CVE-2016-7414", "CVE-2016-6290", "CVE-2016-7127", "CVE-2016-7133", "CVE-2016-4473", "CVE-2016-7131", "CVE-2016-7125", "CVE-2016-7134", "CVE-2016-7130", "CVE-2016-7129", "CVE-2016-6128", "CVE-2016-7413", "CVE-2016-7126", "CVE-2016-6161", "CVE-2016-6207", "CVE-2016-6295", "CVE-2016-6297", "CVE-2016-6292", "CVE-2016-7416", "CVE-2016-6289", "CVE-2016-7124", "CVE-2016-7417", "CVE-2016-7128", "CVE-2016-7418", "CVE-2016-7132", "CVE-2016-6291", "CVE-2016-6296", "CVE-2016-7412"], "modified": "2016-11-01T16:21:27", "id": "SUSE-SU-2016:2460-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00002.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Memory Corruption in During Deserialized-object Destruction) (CVE-2016-7411). Heap overflow in mysqlnd related to BIT fields) (CVE-2016-7412). wddx_deserialize use-after-free (CVE-2016-7413). Out of bound when verify signature of zip phar in phar_parse_zipfile) (CVE-2016-7414). Missing locale length check in php-intl (CVE-2016-7416). Missing type check when unserializing SplArray) (CVE-2016-7417). Out-Of-Bounds Read in php_wddx_push_element) (CVE-2016-7418). The php package has been updated to version 5.6.26, which fixes these issues and other bugs. See the upstream ChangeLog for more details. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-09-25T15:45:31", "type": "mageia", "title": "Updated php packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-09-25T15:45:31", "id": "MGASA-2016-0319", "href": "https://advisories.mageia.org/MGASA-2016-0319.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2021-07-28T14:46:45", "description": "New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/php-5.6.26-i586-1_slack14.2.txz: Upgraded.\n This release fixes bugs and security issues.\n For more information, see:\n https://php.net/ChangeLog-5.php#5.6.26\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.26-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.26-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.26-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.26-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.26-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.26-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.26-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.26-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nc35c9a2ecb0efe18d30ac9afd09f2f18 php-5.6.26-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n5d717620237618ae0da8306fb0e103a6 php-5.6.26-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nc86df189624511380930799eedf7147a php-5.6.26-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n2c306082ce746cccc2c43a975dbf723e php-5.6.26-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nfe9dc583d44d71b359a52f787a3a3586 php-5.6.26-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n42ba7fa4b436381f508e21fa48c66d40 php-5.6.26-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n56a547e8bc4db3c91d6bfa5c31592175 n/php-5.6.26-i586-1.txz\n\nSlackware x86_64 -current package:\n28256516f8df30cc31d6937c9447853b n/php-5.6.26-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.6.26-i586-1_slack14.2.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-23T23:31:48", "type": "slackware", "title": "[slackware-security] php", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-09-23T23:31:48", "id": "SSA-2016-267-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.449886", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-27T03:58:11", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: php-5.6.26-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-09-27T03:58:11", "id": "FEDORA:048C660748C7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HCPYXRCCP6O73RVWR5XSFZK2TBUYIY3M/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-28T04:52:34", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: php-5.6.26-1.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-09-28T04:52:34", "id": "FEDORA:B0F3260776C0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2OAOLNCQKFGIGAQBUCUAYISLRZSQCLEW/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2016-09-18T17:22:34", "description": "- CVE-2016-7411 (arbitrary code execution)\n\nA memory Corruption vulnerability was found in php's unserialize method.\nThis happened during the deserialized-object Destruction.\n\n- CVE-2016-7412 (arbitrary code execution)\n\nPhp's mysqlnd extension assumes the `flags` returned for a BIT field\nnecessarily contains UNSIGNED_FLAG; this might not be the case, with a\nrogue mysql server, or a MITM attack. A malicious mysql server or MITM\ncan return field metadata for BIT fields that does not contain the\nUNSIGNED_FLAG, which leads to a heap overflow.\n\n- CVE-2016-7413 (arbitrary code execution)\n\nWhen WDDX tries to deserialize "recordset" element, use after free\nhappens if close tag for the field is not found. This happens only when\nfield names are set.\n\n- CVE-2016-7414 (arbitrary code execution)\n\nThe entry.uncompressed_filesize* method does not properly verify the\ninput parameters. An attacker can create a signature.bin with size less\nthan 8, when this value is passed to phar_verify_signature as sig_len a\nheap buffer overflow occurs.\n\n- CVE-2016-7416 (arbitrary code execution)\n\nBig locale string causes stack based overflow inside libicu.\n\n- CVE-2016-7417 (insufficient validation)\n\nThe return value of spl_array_get_hash_table is not properly checked and\nused on spl_array_get_dimension_ptr_ptr.\n\n- CVE-2016-7418 (denial of service)\n\nAn attacker can trigger an Out-Of-Bounds Read in php_wddx_push_element\nof wddx.c. A DoS (null pointer dereference) vulnerability can be\ntriggered in the wddx_deserialize function by providing a maliciously\ncrafted XML string.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-18T00:00:00", "type": "archlinux", "title": "php: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7414", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7412"], "modified": "2016-09-18T00:00:00", "id": "ASA-201609-16", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "ibm": [{"lastseen": "2021-12-30T21:49:19", "description": "## Summary\n\nMultiple vulnerabilities have been identified in php that is embedded in the IBM FSM. This fix addresses these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-7124_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7124>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by the improper handling of invalid objects by ext/standard/var_unserializer.c. An attacker could exploit this vulnerability using specially crafted serialized data to cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116959_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116959>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n**CVEID:** [_CVE-2016-7125_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7125>)** \nDESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by the skipping of invalid session names that triggers incorrect parsing by ext/session/session.c. An attacker could exploit this vulnerability using control of a session name to inject and execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116958_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116958>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-7126_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7126>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by the failure to properly validate the number of colors by the imagetruecolortopalette function. An attacker could exploit this vulnerability using a large value in the third argument to cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7127_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7127>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by the failure to properly validate gamma values by the imagegammacorrect functions. By providing different signs for the second and third arguments, an attacker could exploit this vulnerability to cause an out-of-bounds write. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116956_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116956>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7128_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7128>)** \nDESCRIPTION:** PHP could allow a remote attacker to obtain sensitive information, caused by the improper handling of the case of a thumbnail offset that exceeds the file size by the exif_process_IFD_in_TIFF function. An attacker could exploit this vulnerability using a specially crafted TIFF image to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116955_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116955>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-7129_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7129>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by an error in the php_wddx_process_data function. An attacker could exploit this vulnerability using an invalid ISO 8601 time value to cause a segmentation fault. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116954_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116954>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7130_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7130>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by a NULL pointer dereference in the php_wddx_pop_element function. An attacker could exploit this vulnerability using an invalid base64 binary value to cause the application to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116960_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116960>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7131_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7131>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by a NULL pointer dereference in ext/wddx/wddx.c. An attacker could exploit this vulnerability using an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call to cause the application to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116953_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116953>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7132_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7132>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by a NULL pointer dereference in ext/wddx/wddx.c. An attacker could exploit this vulnerability using an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call to cause the application to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116952_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116952>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-7411_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411>)** \nDESCRIPTION:** PHP could allow a remote or local attacker to execute arbitrary code on the system, caused by a memory corruption error during deserialized object destruction. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116949_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116949>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-7413_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413>)** \nDESCRIPTION:** PHP could allow a remote or local attacker to execute arbitrary code on the system, caused by a use-after-free in wddx_deserialize(). An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116947_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116947>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-7417_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417>)** \nDESCRIPTION:** PHP could allow a remote or local attacker to execute arbitrary code on the system, caused by a memory corruption error when unserializing SplArray. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116945_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116945>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-7418_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418>)** \nDESCRIPTION:** PHP could allow a remote or local attacker to execute arbitrary code on the system, caused by an out-of-bounds memory read in php_wddx_push_element(). An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116948_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116948>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nFlex System Manager 1.3.4.x \nFlex System Manager 1.3.3.x \nFlex System Manager 1.3.2.x\n\n## Remediation/Fixes\n\nIBM recommends updating the FSM using the instructions referenced in this table. \n \n\n\nProduct | \n\nVRMF | \n\nAPAR | \n\nRemediation \n---|---|---|--- \nFlex System Manager| \n\n1.3.4.x | \n\nIT17653\n\n| Install [fsmfix1.3.4.0_IT17534_IT17536_IT17537_IT17653](<https://www-945.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.4.0_IT17534_IT17536_IT17537_IT17653&function=fixId&parent=Flex%20System%20Manager%20Node>) \nFlex System Manager| \n\n1.3.3.x | \n\nIT17653\n\n| Install [fsmfix1.3.3.0_IT17534_IT17536_IT17537_IT17653](<https://www-945.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.3.0_IT17534_IT17536_IT17537_IT17653&function=fixId&parent=Flex%20System%20Manager%20Node>) \nFlex System Manager| \n\n1.3.2.x | \n\nIT17653\n\n| Install [fsmfix1.3.2.0_IT17534_IT17536_IT17537_IT17653](<https://www-945.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.2.0_IT17534_IT17536_IT17537_IT17653&function=fixId&parent=Flex%20System%20Manager%20Node>) \n \nFor a complete list of FSM security bulletins refer to this technote: [http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex-_-NULL-_-E](<http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex-_-NULL-_-E>) \n \nFor 1.1.x.x, 1.2.x.x, 1.3.0.x and 1.3.1.x IBM recommends upgrading to a fixed, supported version/release of the product. \n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n14 November 2016 : Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Internal Use Only\n\nAdvisory 6950, PRID 85873\n\n[{\"Product\":{\"code\":\"HW94A\",\"label\":\"Flex System Manager Node\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-18T01:34:05", "type": "ibm", "title": "Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple php vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7126", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7411", "CVE-2016-7413", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2018-06-18T01:34:05", "id": "A0EA016F41D5759AF2A1F81E351FC3DA0740A826D3D11695A17D1C4719F64489", "href": "https://www.ibm.com/support/pages/node/630005", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2022-03-15T05:47:58", "description": "Package : php5\nVersion : 5.4.45-0+deb7u6\nCVE ID : CVE-2016-5385 CVE-2016-7124 CVE-2016-7128 CVE-2016-7129\n CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7411\n CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416\n CVE-2016-7417 CVE-2016-7418\n\n\nCVE-2016-5385\n PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18\n namespace conflicts and therefore does not protect applications from\n the presence of untrusted client data in the HTTP_PROXY environment\n variable, which might allow remote attackers to redirect an application's\n outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy\n header in an HTTP request, as demonstrated by (1) an application that\n makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP,\n aka an "httpoxy" issue.\n\nCVE-2016-7124\n ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10\n mishandles certain invalid objects, which allows remote attackers to cause\n a denial of service or possibly have unspecified other impact via crafted\n serialized data that leads to a (1) __destruct call or (2) magic method\n call.\n\nCVE-2016-7128\n The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before\n 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset\n that exceeds the file size, which allows remote attackers to obtain\n sensitive information from process memory via a crafted TIFF image.\n\nCVE-2016-7129\n The php_wddx_process_data function in ext/wddx/wddx.c in PHP before\n 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial\n of service (segmentation fault) or possibly have unspecified other\n impact via an invalid ISO 8601 time value, as demonstrated by\n a wddx_deserialize call that mishandles a dateTime element in\n a wddxPacket XML document.\n\nCVE-2016-7130\n The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before\n 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a\n denial of service (NULL pointer dereference and application crash)\n or possibly have unspecified other impact via an invalid base64\n binary value, as demonstrated by a wddx_deserialize call that\n mishandles a binary element in a wddxPacket XML document.\n\nCVE-2016-7131\n ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows\n remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) or possibly have unspecified\n other impact via a malformed wddxPacket XML document that is\n mishandled in a wddx_deserialize call, as demonstrated by a tag\n that lacks a < (less than) character.\n\nCVE-2016-7132\n ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows\n remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) or possibly have unspecified\n other impact via an invalid wddxPacket XML document that is\n mishandled in a wddx_deserialize call, as demonstrated by\n a stray element inside a boolean element, leading to incorrect\n pop processing.\n\nCVE-2016-7411\n ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles\n object-deserialization failures, which allows remote attackers\n to cause a denial of service (memory corruption) or possibly\n have unspecified other impact via an unserialize call that\n references a partially constructed object.\n\nCVE-2016-7412\n ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x\n before 7.0.11 does not verify that a BIT field has the\n UNSIGNED_FLAG flag, which allows remote MySQL servers to cause\n a denial of service (heap-based buffer overflow) or possibly\n have unspecified other impact via crafted field metadata.\n\nCVE-2016-7413\n Use-after-free vulnerability in the wddx_stack_destroy function in\n ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows\n remote attackers to cause a denial of service or possibly have\n unspecified other impact via a wddxPacket XML document that lacks\n an end-tag for a recordset field element, leading to mishandling\n in a wddx_deserialize call.\n\nCVE-2016-7414\n The ZIP signature-verification feature in PHP before 5.6.26 and 7.x\n before 7.0.11 does not ensure that the uncompressed_filesize field\n is large enough, which allows remote attackers to cause a denial of\n service (out-of-bounds memory access) or possibly have unspecified\n other impact via a crafted PHAR archive, related to ext/phar/util.c\n and ext/phar/zip.c.\n\nCVE-2016-7416\n ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x\n before 7.0.11 does not properly restrict the locale length provided\n to the Locale class in the ICU library, which allows remote attackers\n to cause a denial of service (application crash) or possibly have\n unspecified other impact via a MessageFormatter::formatMessage call\n with a long first argument.\n\nCVE-2016-7417\n ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11\n proceeds with SplArray unserialization without validating a\n return value and data type, which allows remote attackers to\n cause a denial of service or possibly have unspecified other\n impact via crafted serialized data.\n\nCVE-2016-7418\n The php_wddx_push_element function in ext/wddx/wddx.c in PHP before\n 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a\n denial of service (invalid pointer access and out-of-bounds read)\n or possibly have unspecified other impact via an incorrect boolean\n element in a wddxPacket XML document, leading to mishandling in\n a wddx_deserialize call.\n\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n5.4.45-0+deb7u6.\n\nWe recommend that you upgrade your php5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-16T21:48:18", "type": "debian", "title": "[SECURITY] [DLA 749-1] php5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5385", "CVE-2016-7124", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-12-16T21:48:18", "id": "DEBIAN:DLA-749-1:7CC58", "href": "https://lists.debian.org/debian-lts-announce/2016/12/msg00024.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T15:50:47", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3689-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nOctober 08, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : php5\nCVE ID : CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 \n CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131\n CVE-2016-7132 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413\n CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418\n\nSeveral vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.26, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:\n\n https://php.net/ChangeLog-5.php#5.6.25\n https://php.net/ChangeLog-5.php#5.6.26\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.26+dfsg-0+deb8u1.\n\nWe recommend that you upgrade your php5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-10-08T13:53:04", "type": "debian", "title": "[SECURITY] [DSA 3689-1] php5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7126", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-10-08T13:53:04", "id": "DEBIAN:DSA-3689-1:75CF1", "href": "https://lists.debian.org/debian-security-announce/2016/msg00270.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-09T06:35:38", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3689-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nOctober 08, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : php5\nCVE ID : CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 \n CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131\n CVE-2016-7132 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413\n CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418\n\nSeveral vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.26, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:\n\n https://php.net/ChangeLog-5.php#5.6.25\n https://php.net/ChangeLog-5.php#5.6.26\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.26+dfsg-0+deb8u1.\n\nWe recommend that you upgrade your php5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-10-08T13:53:04", "type": "debian", "title": "[SECURITY] [DSA 3689-1] php5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7126", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-10-08T13:53:04", "id": "DEBIAN:DSA-3689-1:80BAA", "href": "https://lists.debian.org/debian-security-announce/2016/msg00270.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:59", "description": "USN-3095-1 PHP vulnerabilities\n\n# \n\nMedium\n\n# Vendor\n\nPHP\n\n# Versions Affected\n\n * Cloud Foundry PHP buildpack versions prior to 4.3.21 \n * Note: The PHP buildpack is patched from upstream PHP source \n\n# Description\n\nTaoguang Chen discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-7124](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7124>))\n\nTaoguang Chen discovered that PHP incorrectly handled invalid session names. A remote attacker could use this issue to inject arbitrary session data. ([CVE-2016-7125](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7125>))\n\nIt was discovered that PHP incorrectly handled certain gamma values in the imagegammacorrect function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-7127](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7127>))\n\nIt was discovered that PHP incorrectly handled certain crafted TIFF image thumbnails. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly expose sensitive information. ([CVE-2016-7128](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7128>))\n\nIt was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-7129](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7129>), [CVE-2016-7130](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7130>), [CVE-2016-7131](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7131>), [CVE-2016-7132](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7132>), [CVE-2016-7413](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7413>))\n\nTaoguang Chen discovered that PHP incorrectly handled certain failures when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-7411](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7411>))\n\nIt was discovered that PHP incorrectly handled certain flags in the MySQL driver. Malicious remote MySQL servers could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-7412](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7412>))\n\nIt was discovered that PHP incorrectly handled ZIP file signature verification when processing a PHAR archive. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (C[VE-2016-7414](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7414>))\n\nIt was discovered that PHP incorrectly handled certain locale operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-7416](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7416>))\n\nIt was discovered that PHP incorrectly handled SplArray unserializing. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-7417](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7417>))\n\nKe Liu discovered that PHP incorrectly handled unserializing wddxPacket XML documents with incorrect boolean elements. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-7418](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7418>))\n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * Upgrade the PHP Buildpack to v4.3.21 or later [2] and restage all applications that use automated buildpack detection. \n\n# Credit\n\nTaoguang Chen, Ke Liu, et. al.\n\n# References\n\n * [1] <https://www.ubuntu.com/usn/usn-3095-1/>\n * [2] <https://github.com/cloudfoundry/php-buildpack/releases>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-10-04T00:00:00", "type": "cloudfoundry", "title": "USN-3095-1 PHP vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7414", "CVE-2016-7127", "CVE-2016-7131", "CVE-2016-7125", "CVE-2016-7130", "CVE-2016-7129", "CVE-2016-7413", "CVE-2016-7416", "CVE-2016-7411", "CVE-2016-7124", "CVE-2016-7417", "CVE-2016-7128", "CVE-2016-7418", "CVE-2016-7132", "CVE-2016-7412"], "modified": "2016-10-04T00:00:00", "id": "CFOUNDRY:FC4FB717C57CFF4AE1D36C279949AE09", "href": "https://www.cloudfoundry.org/blog/usn-3095-1/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T12:23:21", "description": "Taoguang Chen discovered that PHP incorrectly handled certain invalid \nobjects when unserializing data. A remote attacker could use this issue to \ncause PHP to crash, resulting in a denial of service, or possibly execute \narbitrary code. (CVE-2016-7124)\n\nTaoguang Chen discovered that PHP incorrectly handled invalid session \nnames. A remote attacker could use this issue to inject arbitrary session \ndata. (CVE-2016-7125)\n\nIt was discovered that PHP incorrectly handled certain gamma values in the \nimagegammacorrect function. A remote attacker could use this issue to cause \nPHP to crash, resulting in a denial of service, or possibly execute \narbitrary code. (CVE-2016-7127)\n\nIt was discovered that PHP incorrectly handled certain crafted TIFF image \nthumbnails. A remote attacker could use this issue to cause PHP to crash, \nresulting in a denial of service, or possibly expose sensitive information. \n(CVE-2016-7128)\n\nIt was discovered that PHP incorrectly handled unserializing certain \nwddxPacket XML documents. A remote attacker could use this issue to cause \nPHP to crash, resulting in a denial of service, or possibly execute \narbitrary code. (CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, \nCVE-2016-7132, CVE-2016-7413)\n\nIt was discovered that PHP incorrectly handled certain memory operations. A \nremote attacker could use this issue to cause PHP to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. This issue only \naffected Ubuntu 16.04 LTS. (CVE-2016-7133)\n\nIt was discovered that PHP incorrectly handled long strings in curl_escape \ncalls. A remote attacker could use this issue to cause PHP to crash, \nresulting in a denial of service, or possibly execute arbitrary code. This \nissue only affected Ubuntu 16.04 LTS. (CVE-2016-7134)\n\nTaoguang Chen discovered that PHP incorrectly handled certain failures when \nunserializing data. A remote attacker could use this issue to cause PHP to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \n(CVE-2016-7411)\n\nIt was discovered that PHP incorrectly handled certain flags in the MySQL \ndriver. Malicious remote MySQL servers could use this issue to cause PHP to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. (CVE-2016-7412)\n\nIt was discovered that PHP incorrectly handled ZIP file signature \nverification when processing a PHAR archive. A remote attacker could use \nthis issue to cause PHP to crash, resulting in a denial of service, or \npossibly execute arbitrary code. (CVE-2016-7414)\n\nIt was discovered that PHP incorrectly handled certain locale operations. A \nremote attacker could use this issue to cause PHP to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. (CVE-2016-7416)\n\nIt was discovered that PHP incorrectly handled SplArray unserializing. A \nremote attacker could use this issue to cause PHP to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. (CVE-2016-7417)\n\nKe Liu discovered that PHP incorrectly handled unserializing wddxPacket XML \ndocuments with incorrect boolean elements. A remote attacker could use this \nissue to cause PHP to crash, resulting in a denial of service, or possibly \nexecute arbitrary code. (CVE-2016-7418)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-10-04T00:00:00", "type": "ubuntu", "title": "PHP vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7413", "CVE-2016-7133", "CVE-2016-7124", "CVE-2016-7127", "CVE-2016-7411", "CVE-2016-7417", "CVE-2016-7134", "CVE-2016-7418", "CVE-2016-7130", "CVE-2016-7128", "CVE-2016-7412", "CVE-2016-7125", "CVE-2016-7131", "CVE-2016-7414", "CVE-2016-7132", "CVE-2016-7129", "CVE-2016-7416"], "modified": "2016-10-04T00:00:00", "id": "USN-3095-1", "href": "https://ubuntu.com/security/notices/USN-3095-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T20:37:49", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nThe following packages have been upgraded to a later upstream version: rh-php70-php (7.0.27). (BZ#1518843)\n\nSecurity Fix(es):\n\n* php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field (CVE-2016-7412)\n\n* php: Use after free in wddx_deserialize (CVE-2016-7413)\n\n* php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile (CVE-2016-7414)\n\n* php: Stack based buffer overflow in msgfmt_format_message (CVE-2016-7416)\n\n* php: Missing type check when unserializing SplArray (CVE-2016-7417)\n\n* php: Null pointer dereference in php_wddx_push_element (CVE-2016-7418)\n\n* php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object (CVE-2016-7479)\n\n* php: Invalid read when wddx decodes empty boolean element (CVE-2016-9935)\n\n* php: Use After Free in unserialize() (CVE-2016-9936)\n\n* php: Wrong calculation in exif_convert_any_to_int function (CVE-2016-10158)\n\n* php: Integer overflow in phar_parse_pharfile (CVE-2016-10159)\n\n* php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive (CVE-2016-10160)\n\n* php: Out-of-bounds heap read on unserialize in finish_nested_data() (CVE-2016-10161)\n\n* php: Null pointer dereference when unserializing PHP object (CVE-2016-10162)\n\n* gd: DoS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)\n\n* gd: Integer overflow in gd_io.c (CVE-2016-10168)\n\n* php: Use of uninitialized memory in unserialize() (CVE-2017-5340)\n\n* php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890)\n\n* oniguruma: Out-of-bounds stack read in match_at() during regular expression searching (CVE-2017-9224)\n\n* oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation (CVE-2017-9226)\n\n* oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching (CVE-2017-9227)\n\n* oniguruma: Out-of-bounds heap write in bitset_set_range() (CVE-2017-9228)\n\n* oniguruma: Invalid pointer dereference in left_adjust_char_head() (CVE-2017-9229)\n\n* php: Incorrect WDDX deserialization of boolean parameters leads to DoS (CVE-2017-11143)\n\n* php: Incorrect return value check of OpenSSL sealing function leads to crash (CVE-2017-11144)\n\n* php: Out-of-bounds read in phar_parse_pharfile (CVE-2017-11147)\n\n* php: Stack-based buffer over-read in msgfmt_parse_message function (CVE-2017-11362)\n\n* php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c (CVE-2017-11628)\n\n* php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12932)\n\n* php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12934)\n\n* php: reflected XSS in .phar 404 page (CVE-2018-5712)\n\n* php, gd: Stack overflow in gdImageFillToBorder on truecolor images (CVE-2016-9933)\n\n* php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow (CVE-2016-9934)\n\n* php: wddx_deserialize() heap out-of-bound read via php_parse_date() (CVE-2017-11145)\n\n* php: buffer over-read in finish_nested_data function (CVE-2017-12933)\n\n* php: Out-of-bound read in timelib_meridian() (CVE-2017-16642)\n\n* php: Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c (CVE-2018-5711)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor details, see the Red Hat Software Collections 3.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-03T03:21:11", "type": "redhat", "title": "(RHSA-2018:1296) Moderate: rh-php70-php security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-10162", "CVE-2016-10167", "CVE-2016-10168", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7479", "CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935", "CVE-2016-9936", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11147", "CVE-2017-11362", "CVE-2017-11628", "CVE-2017-12932", "CVE-2017-12933", "CVE-2017-12934", "CVE-2017-16642", "CVE-2017-5340", "CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229", "CVE-2018-5711", "CVE-2018-5712"], "modified": "2018-06-12T21:28:23", "id": "RHSA-2018:1296", "href": "https://access.redhat.com/errata/RHSA-2018:1296", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:06:15", "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn attacker can possibly execute arbitrary code or create a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PHP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev=lang/php-5.6.28\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-30T00:00:00", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8865", "CVE-2016-3074", "CVE-2016-4071", "CVE-2016-4072", "CVE-2016-4073", "CVE-2016-4537", "CVE-2016-4538", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-4544", "CVE-2016-5385", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6294", "CVE-2016-6295", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7126", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7133", "CVE-2016-7134", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418"], "modified": "2016-11-30T00:00:00", "id": "GLSA-201611-22", "href": "https://security.gentoo.org/glsa/201611-22", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudlinux": [{"lastseen": "2021-07-28T16:33:52", "description": "- Fix bug #69720: Null pointer dereference in phar_get_fp_offset()\n- Fix bug #70728: Type Confusion Vulnerability in PHP_to_XMLRPC_worker()\n- Fix bug #70661: Use After Free Vulnerability in WDDX Packet Deserialization\n- Fix bug #70741: Session WDDX Packet Deserialization Type Confusion Vulnerability\n- Fix bug #71459: Integer overflow in iptcembed()\n- Fix bug #71039: exec functions ignore length but look for NULL termination\n- Fix bug #71354: Heap corruption in tar/zip/phar parser.\n- Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()\n- Fix bug #71323: Output of stream_get_meta_data can be falsified by its input\n- Fix bug #71498: Out-of-Bound Read in phar_parse_zipfile()\n- Fix bug #71587: Use-After-Free / Double-Free in WDDX Deserialize\n- Fix bug #71860: Invalid memory write in phar on filename with \\0 in name\n- Fix bug #71798: Integer Overflow in php_raw_url_encode\n- Fix bug #72837: integer overflow in bzdecompress caused heap corruption\n- Fix bug #72681: PHP Session Data Injection Vulnerability\n- Fix bug #72807: integer overflow in curl_escape caused heap corruption\n- Fix bug #72838: Integer overflow lead to heap corruption in sql_regcase\n- Fix bug #72697: select_colors write out-of-bounds\n- Fix bug #72730: imagegammacorrect allows arbitrary write access\n- Fix bug #72836: integer overflow in base64_decode caused heap corruption\n- Fix bug #72848: integer overflow in quoted_printable_encode caused heap corruption\n- Fix bug #72849: integer overflow in urlencode caused heap corruption\n- Fix bug #72850: integer overflow in php_uuencode caused heap corruption\n- Fix bug #72771: ftps:// wrapper is vulnerable to protocol downgrade attack\n- Fix bug #72749: wddx_deserialize allows illegal memory access\n- Fix bug #72750: wddx_deserialize null dereference\n- Fix bug #72790: wddx_deserialize null dereference with invalid xml\n- Fix bug #72799: wddx_deserialize null dereference in php_wddx_pop_element\n- Fix bug #73189: Memcpy negative size parameter php_resolve_path\n- Fix bug #73150: missing NULL check in dom_document_save_html\n- Fix bug #73284: heap overflow in php_ereg_replace function\n- Fix bug #73218: stack-buffer-overflow through "ResourceBundle" methods\n- Fix bug #73208: integer overflow in imap_8bit caused heap corruption\n- Fix bug #73082: string length overflow in mb_encode_* function\n- Fix bug #73174: heap overflow in php_pcre_replace_impl\n- Fix bug #73276: crash in openssl_random_pseudo_bytes function\n- Fix bug #73275: crash in openssl_encrypt function\n- Fix bug #73017: memory corruption in wordwrap function\n- Fix bug #73240: Write out of bounds at number_format\n- Fix bug #73073: CachingIterator null dereference when convert to string\n- Fix bug #73293: NULL pointer dereference in SimpleXMLElement::asXML()\n- Fix bug #73356: crash in bzcompress function\n- Fix bug #72696: imagefilltoborder stackoverflow on truecolor images\n- Fix bug #73418: Integer Overflow in "_php_imap_mail" leads Heap Overflow\n- Fix bug #73144: Use-after-free in ArrayObject Deserialization\n- Fix bug #73192: parse_url return wrong hostname\n- Fix bug #73331: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow\n- Fix bug #73452: Segfault (Regression for #69152)\n- Fix bug #73631: Invalid read when wddx decodes empty boolean element\n- Fix bug #67587: Redirection loop on nginx with FPM\n- Fix bug #71465: PHAR doesn't know about litespeed\n- Fix bug #73737: FPE when parsing a tag format\n- Fix bug #73868: Fix DOS vulnerability in gdImageCreateFromGd2Ctx()\n- Fix bug #73869: Signed Integer Overflow gd_io.c\n- Fix bug #73773: Seg fault when loading hostile phar\n- Fix bug #70436: Use After Free Vulnerability in unserialize()\n- Fix bug #74603: PHP INI Parsing Stack Buffer Overflow Vulnerability\n- Fix bug #72535: arcfour encryption stream filter crashes php\n- Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's\n GC algorithm and unseria\n- Fix bug #72455: Heap Overflow due to integer overflows\n- Fix bug #74782: Reflected XSS in .phar 404 page\n- Fix bug #71335: Type Confusion in WDDX Packet Deserialization\n- Fix bug #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value\n- Fix bug #76249: stream filter convert.iconv leads to infinite loop on\n invalid sequence\n- Fix bug #76248: Malicious LDAP-Server Response causes Crash\n- Fix bug #76129: fix for CVE-2018-5712 may not be complete\n- Fix bug #75981: stack-buffer-overflow while parsing HTTP response\n- Fix bug #74385: Locale::parseLocale() broken with some arguments\n- Fix bug #76335: "link(): Bad file descriptor" with non-ASCII path\n- Fix bug #76383: array_map on $GLOBALS returns IS_INDIRECT\n- Fix bug #73342: Vulnerability in php-fpm by changing stdin to non-blocking\n- Fix bug #76505: array_merge_recursive() is duplicating sub-array keys\n- Fix bug #76532: Integer overflow and excessive memory usage in mb_strimwidth\n- Fix bug #76548: pg_fetch_result did not fetch the next row\n- Fix bug #76488: Memory leak when fetching a BLOB field\n- Fix bug #76665: SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle\n- Fix bug #75402: Possible Memory Leak using PDO::CURSOR_SCROLL option\n- Fix bug #76517: --with-gettext= causes configure to misjudges there is no getcwd\n- Fix bug #72443: Installing shared extensions: cp: cannot stat 'modules/*':\n No such file or dire\n- Fix bug #68175: RegexIterator pregFlags are NULL instead of 0\n- Fix bug #55146: iconv_mime_decode_headers() skips some headers\n- Fix bug #63839: iconv_mime_decode_headers function is skipping headers\n- Fix bug #60494: iconv_mime_decode does ignore special characters\n- Fix bug #68180: iconv_mime_decode can return extra characters in a header\n- Fix bug #73457: Wrong error message when fopen FTP wrapped fails to open\n data connection\n- Fix bug #74454: Wrong exception being thrown when using ReflectionMethod\n- Fix bug #74764: Bindto IPv6 works with file_get_contents but fails with\n stream_socket_client\n- Fix bug #75273: php_zlib_inflate_filter() may not update bytes_consumed\n- Fix bug #75696: posix_getgrnam fails to print details of group\n- Fix bug #76480: Use curl_multi_wait() so that timeouts are respected\n- Fix bug #76800: foreach inconsistent if array modified during loop\n- Fix bug #76886: Can't build xmlrpc with expat\n- Fix bug #76901: method_exists on SPL iterator passthrough method corrupts memory\n- Fix bug #77242: heap out of bounds read in xmlrpc_decode()\n- Fix bug #77247: heap buffer overflow in phar_detect_phar_fname_ext\n- Fix bug #77270: imagecolormatch Out Of Bounds Write on Heap\n- Fix bug #77370: Buffer overflow on mb regex functions - fetch_token\n- Fix bug #77380: Global out of bounds read in xmlrpc base64 code\n- Fix bug #77630: rename() across the device may allow unwanted access\n during processing\n- Fix bug #77494: Disabling class causes segfault on member access\n- Fix bug #77431: openFile() silently truncates after a null byte\n- Fix bug #51068: DirectoryIterator glob:// don't support current path\n relative queries\n- Fix bug #77396: Null Pointer Dereference in phar_create_or_parse_filename\n- Fix bug #77540: Invalid Read on exif_process_SOFn\n- Fix bug #77390: feof might hang on TLS streams in case of fragmented TLS records\n- Fix bug #77586: phar_tar_writeheaders_int() buffer overflow\n- Fix bug #77546: iptcembed broken function\n- Fix bug #77563: Uninitialized read in exif_process_IFD_in_MAKERNOTE\n- Fix bug #76557: heap-buffer-overflow (READ of size 48) while reading exif data\n- Fix bug #77024: SplFileObject::__toString() may return array\n- Fix bug #77945: Segmentation fault when constructing SoapClient with WSDL_CACHE_BOTH\n- Fix bug #77697: Crash on Big_Endian platform\n- Fix bug #77943: imageantialias($image, false); does not work\n- Fix bug #77944: Wrong meta pdo_type for bigint on LLP64\n- Fix bug #76717: var_export() does not create a parsable value for PHP_INT_MIN\n- Fix bug #77921: static.php.net doesn't work anymore\n- Fix bug #77934: php-fpm kill -USR2 not working\n- Fix bug #77700: Writing truecolor images as GIF ignores interlace flag\n- Fix bug #77765: FTP stream wrapper should set the directory as executable\n- Fix bug #50020: DateInterval:createDateFromString() silently fails\n- Fix bug #77742: bcpow() implementation related to gcc compiler optimization\n- Fix bug #77967: Bypassing open_basedir restrictions via file uris\n- Fix bug #77973: Uninitialized read in gdImageCreateFromXbm\n- Fix bug #77988: heap-buffer-overflow on php_jpg_get16\n- Fix bug #78192: SegFault when reuse statement after schema has changed\n- Fix bug #77124: FTP with SSL memory leak\n- Fix bug #78256: heap-buffer-overflow on exif_process_user_comment\n- Fix bug #78222: heap-buffer-overflow on exif_scan_thumbnail\n- Fix bug #77946: Bad cURL resources returned by curl_multi_info_read()\n- Fix bug #78333: Exif crash (bus error) due to wrong alignment and invalid cast\n- Fix bug #69100: Bus error from stream_copy_to_stream (file -> SSL stream)\n with invalid length\n- Fix bug #76342: file_get_contents waits twice specified timeout\n- Fix bug #76859: stream_get_line skips data if used with data-generating filter\n- Fix bug #78579: mb_decode_numericentity: args number inconsistency\n- Fix bug #78910: Heap-buffer-overflow READ in exif\n- Fix bug #78878: Buffer underflow in bc_shift_addsub\n- Fix bug #78793: Use-after-free in exif parsing under memory sanitizer\n- Fix bug #78863: DirectoryIterator class silently truncates after a null byte\n- Fix bug #79099: OOB read in php_strip_tags_ex\n- Fix bug #79082: Files added to tar with Phar::buildFromIterator have\n all-access permissions\n- Fix bug #79329: get_headers() silently truncates after a null byte\n- Fix bug #79282: Use-of-uninitialized-value in exif\n- Fix bug #61597: SimpleXMLElement doesn't include both @attributes and\n textContent in properties\n- Fix bug #74940: DateTimeZone loose comparison always true until properties\n are initialized.\n- Fix bug #79296: ZipArchive::open fails on empty file (libzip 1.6.0)\n- Fix bug #79330: shell_exec() silently truncates after a null byte\n- Fix bug #79364: When copy empty array, next key is unspecified.\n- Fix bug #79396: DateTime hour incorrect during DST jump forward using setTime\n- Fix bug #79410: system() swallows last chunk if it is exactly 4095 bytes\n without newline\n- Fix bug #79424: php_zip_glob uses gl_pathc after call to globfree\n- Fix bug #79465: OOB Read in urldecode() (CVE-2020-7067)\n- Fix bug #78221: DOMNode::normalize() doesn't remove empty text nodes\n- Fix bug #78875: Long filenames cause OOM and temp files are not cleaned\n (CVE-2019-11048)\n- Fix bug #78876: Long variables in multipart/form-data cause OOM and temp\n files are not cleaned (CVE-2019-11048)\n- Fix bug #79514: Memory leaks while including unexistent file\n- Fix bug #79528: Different object of the same xml between 7.4.5 and 7.4.4\n- Fix bug #62890: default_socket_timeout=-1 causes connection to timeout\n- Fix bug #70362: Can't copy() large 'data://' with open_basedir\n- Fix bug #73527: Invalid memory access in php_filter_strip\n- Fix bug #74267: segfault with streams and invalid data\n- Fix bug #79787: mb_strimwidth does not trim string\n- Fix bug #79877: getimagesize function silently truncates after a null byte\n- Fix bug #68447: grapheme_extract take an extra trailing character\n- Fix bug #68825: Inconsistent exception in DirectoryIterator::getLinkTarget()\n- Fix bug #74145: wddx parsing empty boolean tag leads to SIGSEGV (CVE-2017-11143)\n- Fix bug #74651: negative-size-param (-1) in memcpy in zif_openssl_seal()\n (CVE-2017-11144)\n- Fix bug #74435: Buffer over-read into uninitialized memory (CVE-2017-7890)\n- Fix bug #73093: Unserialize Exception object can lead to infinite loop\n (CVE-2016-7478)\n- Fix bug #72520: Stack-based buffer overflow vulnerability in php_stream_zip_opener\n (CVE-2016-6297)\n- Fix bug #73825: Heap out of bounds read on unserialize in finish_nested_data()\n (CVE-2016-10161)\n- Fix bug #60491: Session module is adoptive (CVE-2011-4718)\n- Fix bug #69253: ZIP Integer Overflow leads to writing past heap boundary\n (CVE-2015-2331)\n- Fix bug #69418: CVE-2006-7243 fix regressions in 5.4+ (CVE-2015-4025)\n- Fix bug #68598: pcntl_exec() should not allow null char (CVE-2015-4026)\n- Fix bug #69207: move_uploaded_file allows nulls in path (CVE-2015-2348)\n- Fix bug #69218: potential remote code execution with apache 2.4 apache2handler\n (CVE-2015-3330)\n- Fix bug #69719: Incorrect handling of paths with NULs, related to bug 69353\n (CVE-2015-4598)\n- Fix bug #69353: Missing null byte checks for paths in various PHP extensions\n (CVE-2015-3411)\n- Fix bugs #70168, #70169, #70166, #70155: Use After Free Vulnerability in\n unserialize() with\n SplObjectStorage, SplDoublyLinkedList, SPLArrayObject, SPLArrayObject (CVE-2015-6831)\n- Fix bug #70019: Files extracted from archive may be placed outside of\n destination directory (CVE-2015-6833)\n- Fix bug #70388: SOAP serialize_function_call() type confusion / RCE (CVE-2015-6836)\n- Fix bug #69782: NULL pointer dereference (CVE-2015-6837, CVE-2015-6838)\n- Fix bug #70433: Uninitialized pointer in phar_make_dirstream when zip entry\n filename is \"/\" (CVE-2015-7804)\n- Fix bug #69923: Buffer overflow and stack smashing error in phar_fix_filepath\n (CVE-2015-5590)\n- Fix bug #71488: Stack overflow when decompressing tar archives (CVE-2016-2554)\n- Fix bug #72061: Out-of-bounds reads in zif_grapheme_stripos with negative offset\n (CVE-2016-4541, CVE-2016-4540)\n- Fix bug #72094: Out of bounds heap read access in exif header processing\n (CVE-2016-4542)\n- Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition\n (CVE-2016-4537)\n- Fix bug #71331: Uninitialized pointer in phar_make_dirstream() (CVE-2016-4343)\n- Fix bug #72241: get_icu_value_internal out-of-bounds read (CVE-2016-5093)\n- Fix bug #72135: Integer Overflow in php_html_entities() (CVE-2016-5094)\n- Fix bug #72114: Integer underflow / arbitrary null write in fread/gzread\n (CVE-2016-5096)\n- Fix bug #72339: Integer Overflow in _gd2GetHeader() resulting in heap overflow\n (CVE-2016-5766)\n- Fix bug #72340: Double Free Courruption in wddx_deserialize (CVE-2016-5772)\n- Fix bug #72613: Inadequate error handling in bzread() (CVE-2016-5399)\n- Fix bug #70480: php_url_parse_ex() buffer overflow read (CVE-2016-6288)\n- Fix bug #72513: Stack-based buffer overflow vulnerability in virtual_file_ex\n (CVE-2016-6289)\n- Fix bug #72562: Use After Free in unserialize() with Unexpected Session\n Deserialization (CVE-2016-6290)\n- Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE (CVE-2016-6291)\n- Fix bug #72533: locale_accept_from_http out-of-bounds access (CVE-2016-6294)\n- Fix bug #69975: PHP segfaults when accessing nvarchar(max) defined columns\n (CVE-2015-8879)\n- Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c\n (CVE-2016-6296)\n- Fix bug #72293: Heap overflow in mysqlnd related to BIT fields (CVE-2016-7412)\n- Fix bug #72860: wddx_deserialize use-after-free (CVE-2016-7413)\n- Fix bug #72928: Out of bound when verify signature of zip phar in phar_parse_zipfile\n (CVE-2016-7414)\n- Fix bug #73007: SEH buffer overflow msgfmt_format_message (CVE-2016-7416)\n- Fix bug #73029: Missing type check when unserializing SplArray (CVE-2016-7417)\n- Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c (CVE-2016-7418)\n- Fix bug #73280: Stack Buffer Overflow in GD dynamicGetbuf (CVE-2016-8670)\n- Fix bug #73764: Crash while loading hostile phar archive (CVE-2016-10159)\n- Fix bug #73768: Memory corruption when loading hostile phar (CVE-2016-10160)\n- Fix bug #72627: Memory Leakage In exif_process_IFD_in_TIFF (CVE-2016-7128)\n- Fix bug #70350: ZipArchive::extractTo allows for directory traversal when\n creating directories (CVE-2014-9767)\n- Fix bug #70081: SoapClient info leak / null pointer dereference via multiple\n type confusions (CVE-2015-8835)\n- Fix bug #70121: unserialize() could lead to unexpected methods execution / NULL\n pointer deref (CVE-2015-8876)\n- Fix bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut\n (CVE-2016-4073)\n- Fix bug #70014: openssl_random_pseudo_bytes() is not cryptographically secure\n (CVE-2015-8867)\n- Fix bug #77371: heap buffer overflow in mb regex functions - compile_string_node\n (CVE-2019-9023)\n- Fix bug #77381: heap buffer overflow in multibyte match_at (CVE-2019-9023)\n- Fix bug #77382: heap buffer overflow due to incorrect length in expand_case_fold_string\n (CVE-2019-9023)\n- Fix bug #77385: buffer overflow in fetch_token (CVE-2019-9023)\n- Fix bug #77394: Buffer overflow in multibyte case folding - unicode (CVE-2019-9023)\n- Fix vulnerabilities with oniguruma: CVE-2017-9226, CVE-2017-9224, CVE-2017-9227,\n CVE-2017-9228, CVE-2019-13224\n- Fix general vulneravilities: CVE-2014-9653, CVE-2015-0235, CVE-2015-3152,\n CVE-2016-3074\n- Fix bug #79699: PHP parses encoded cookie names so malicious `__Host-` cookies\n can be sent (CVE-2020-7070)\n- Fix bug #80007: Potential type confusion in unixtojd() parameter parsing", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-10-15T12:00:00", "type": "cloudlinux", "title": "Fix of 227 CVE", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7243", "CVE-2011-4718", "CVE-2014-9653", "CVE-2014-9767", "CVE-2015-0235", "CVE-2015-2331", "CVE-2015-2348", "CVE-2015-3152", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4598", "CVE-2015-5590", "CVE-2015-6831", "CVE-2015-6833", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7804", "CVE-2015-8835", "CVE-2015-8867", "CVE-2015-8876", "CVE-2015-8879", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-2554", "CVE-2016-3074", "CVE-2016-4073", "CVE-2016-4343", "CVE-2016-4537", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096", "CVE-2016-5399", "CVE-2016-5766", "CVE-2016-5772", "CVE-2016-6288", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6294", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-7128", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7478", "CVE-2016-8670", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2018-5712", "CVE-2019-11048", "CVE-2019-13224", "CVE-2019-9023", "CVE-2020-7067", "CVE-2020-7070"], "modified": "2020-10-15T12:00:00", "id": "CLSA-2020:1605798462", "href": "https://repo.cloudlinux.com/centos6-els/updateinfo.xml", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "apple": [{"lastseen": "2020-12-24T20:42:29", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite\n\nReleased December 13, 2016\n\n**apache_mod_php**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A remote attacker may cause an unexpected application termination or arbitrary code execution\n\nDescription: Multiple issues existed in PHP before 5.6.26. These were addressed by updating PHP to version 5.6.26.\n\nCVE-2016-7411\n\nCVE-2016-7412\n\nCVE-2016-7413\n\nCVE-2016-7414\n\nCVE-2016-7416\n\nCVE-2016-7417\n\nCVE-2016-7418\n\n**AppleGraphicsPowerManagement**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-7609: daybreaker@Minionz working with Trend Micro's Zero Day Initiative\n\n**Assets**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local attacker may modify downloaded mobile assets\n\nDescription: A permissions issue existed in mobile assets. This issue was addressed through improved access restrictions.\n\nCVE-2016-7628: Marcel Bresink of Marcel Bresink Software-Systeme\n\nEntry updated December 15, 2016\n\n**Audio**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent\n\nCVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.1, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7596: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group\n\nEntry updated December 14, 2016\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-7605: daybreaker of Minionz\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2016-7617: Radu Motspan working with Trend Micro's Zero Day Initiative, Ian Beer of Google Project Zero\n\n**CoreCapture**\n\nAvailable for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved state management.\n\nCVE-2016-7604: daybreaker of Minionz\n\nEntry updated December 14, 2016\n\n**CoreFoundation**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing malicious strings may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of strings. This issue was addressed through improved bounds checking.\n\nCVE-2016-7663: an anonymous researcher\n\n**CoreGraphics**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted font file may lead to unexpected application termination\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-7627: TRAPMINE Inc. & Meysam Firouzi @R00tkitSMM\n\n**CoreMedia External Displays**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local application may be able to execute arbitrary code in the context of the mediaserver daemon\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2016-7655: Keen Lab working with Trend Micro\u2019s Zero Day Initiative\n\n**CoreMedia Playback**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted .mp4 file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7588: dragonltx of Huawei 2012 Laboratories\n\n**CoreStorage**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-7603: daybreaker@Minionz working with Trend Micro's Zero Day Initiative\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.\n\nCVE-2016-7595: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted string may lead to a denial of service\n\nDescription: An issue when rendering overlapping ranges was addressed through improved validation.\n\nCVE-2016-7667: Nasser Al-Hadhrami (@fast_hack), Saif Al-Hinai (welcom_there) of Digital Unit (dgunit.com)\n\nEntry added December 15, 2016\n\n**curl**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.\n\nCVE-2016-5419\n\nCVE-2016-5420\n\nCVE-2016-5421\n\nCVE-2016-7141\n\nCVE-2016-7167\n\nCVE-2016-8615\n\nCVE-2016-8616\n\nCVE-2016-8617\n\nCVE-2016-8618\n\nCVE-2016-8619\n\nCVE-2016-8620\n\nCVE-2016-8621\n\nCVE-2016-8622\n\nCVE-2016-8623\n\nCVE-2016-8624\n\nCVE-2016-8625\n\n**Directory Services**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to gain root privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7633: Ian Beer of Google Project Zero\n\n**Disk Images**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7616: daybreaker@Minionz working with Trend Micro's Zero Day Initiative\n\n**FontParser**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.\n\nCVE-2016-4691: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\n**Foundation**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7618: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\n**Grapher**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7622: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\n**ICU**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7594: Andr\u00e9 Bargull\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7602: daybreaker@Minionz working with Trend Micro's Zero Day Initiative\n\n**IOFireWireFamily**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local attacker may be able to read kernel memory\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7608: Brandon Azad\n\n**IOAcceleratorFamily**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: A shared memory issue was addressed through improved memory handling.\n\nCVE-2016-7624 : Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative\n\n**IOHIDFamily**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local application with system privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7591: daybreaker of Minionz\n\n**IOKit**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to read kernel memory\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7657: Keen Lab working with Trend Micro\u2019s Zero Day Initiative\n\n**IOKit**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: A shared memory issue was addressed through improved memory handling.\n\nCVE-2016-7625: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative\n\n**IOKit**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: A shared memory issue was addressed through improved memory handling.\n\nCVE-2016-7714: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative\n\nEntry added January 25, 2017\n\n**IOSurface**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: A shared memory issue was addressed through improved memory handling.\n\nCVE-2016-7620: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2016-7606: @cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com)\n\nCVE-2016-7612: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to read kernel memory\n\nDescription: An insufficient initialization issue was addressed by properly initializing memory returned to user space.\n\nCVE-2016-7607: Brandon Azad\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2016-7615: The UK's National Cyber Security Centre (NCSC)\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7621: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to gain root privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7637: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local application with system privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7644: Ian Beer of Google Project Zero\n\n**Kernel**\n\n****Available for: macOS Sierra 10.12.1\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2016-7647: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry added May 17, 2017\n\n**kext tools**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7629: @cocoahuke\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2016-7619: an anonymous researcher\n\n**LibreSSL**\n\nAvailable for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6\n\nImpact: An attacker with a privileged network position may be able to cause a denial of service\n\nDescription: A denial of service issue in unbounded OCSP growth was addressed through improved memory handling.\n\nCVE-2016-6304\n\nEntry updated December 14, 2016\n\n**OpenLDAP**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm\n\nDescription: RC4 was removed as a default cipher.\n\nCVE-2016-1777: Pepi Zawodsky\n\n**OpenPAM**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local unprivileged user may gain access to privileged applications\n\nDescription: PAM authentication within sandboxed applications failed insecurely. This was addressed with improved error handling.\n\nCVE-2016-7600: Perette Barella of DeviousFish.com\n\n**OpenSSL**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: An overflow issue existed in MDC2_Update(). This issue was addressed through improved input validation.\n\nCVE-2016-6303\n\n**OpenSSL**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker with a privileged network position may be able to cause a denial of service\n\nDescription: A denial of service issue in unbounded OCSP growth was addressed through improved memory handling.\n\nCVE-2016-6304\n\n**Power Management**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to gain root privileges\n\nDescription: An issue in mach port name references was addressed through improved validation.\n\nCVE-2016-7661: Ian Beer of Google Project Zero\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker may be able to exploit weaknesses in the 3DES cryptographic algorithm\n\nDescription: 3DES was removed as a default cipher.\n\nCVE-2016-4693: Ga\u00ebtan Leurent and Karthikeyan Bhargavan from INRIA Paris\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker in a privileged network position may be able to cause a denial of service\n\nDescription: A validation issue existed in the handling of OCSP responder URLs. This issue was addressed by verifying OCSP revocation status after CA validation and limiting the number of OCSP requests per certificate.\n\nCVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Certificates may be unexpectedly evaluated as trusted\n\nDescription: A certificate evaluation issue existed in certificate validation. This issue was addressed through additional validation of certificates.\n\nCVE-2016-7662: Apple\n\n**syslog**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to gain root privileges\n\nDescription: An issue in mach port name references was addressed through improved validation.\n\nCVE-2016-7660: Ian Beer of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A malicious local user may be able to view sensitive network configuration information\n\nDescription: Network configuration was unexpectedly global. This issue was addressed by moving sensitive network configuration to per-user settings.\n\nCVE-2016-7761: Peter Loos, Karlsruhe, Germany\n\nEntry added January 24, 2017\n\n**xar**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Opening a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: The use of an uninitialized variable was addressed through improved validation.\n\nCVE-2016-7742: Gareth Evans of Context Information Security\n\nEntry added January 10, 2017\n\nmacOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite includes the security content of [Safari 10.0.2](<https://support.apple.com/kb/HT207421>).\n", "edition": 4, "cvss3": {"exploitabilityScore": 0.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-07-27T08:14:17", "title": "About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7628", "CVE-2016-8620", "CVE-2016-8623", "CVE-2016-5420", "CVE-2016-7714", "CVE-2016-7414", "CVE-2016-7647", "CVE-2016-4693", "CVE-2016-7594", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-7606", "CVE-2016-7667", "CVE-2016-8619", "CVE-2016-7620", "CVE-2016-7603", "CVE-2016-7655", "CVE-2016-7761", "CVE-2016-7637", "CVE-2016-7616", "CVE-2016-8625", "CVE-2016-8618", "CVE-2016-7622", "CVE-2016-4691", "CVE-2016-7636", "CVE-2016-7661", "CVE-2016-7141", "CVE-2016-7615", "CVE-2016-7629", "CVE-2016-7644", "CVE-2016-7643", "CVE-2016-8617", "CVE-2016-7624", "CVE-2016-1777", "CVE-2016-7413", "CVE-2016-7662", "CVE-2016-7617", "CVE-2016-7663", "CVE-2016-6304", "CVE-2016-7618", "CVE-2016-7619", "CVE-2016-7609", "CVE-2016-7627", "CVE-2016-8622", "CVE-2016-7416", "CVE-2016-7657", "CVE-2016-7602", "CVE-2016-7633", "CVE-2016-7625", "CVE-2016-7604", "CVE-2016-7660", "CVE-2016-7411", "CVE-2016-8624", "CVE-2016-7417", "CVE-2016-7742", "CVE-2016-7621", "CVE-2016-6303", "CVE-2016-7600", "CVE-2016-7418", "CVE-2016-5421", "CVE-2016-7596", "CVE-2016-7607", "CVE-2016-7605", "CVE-2016-7591", "CVE-2016-7595", "CVE-2016-7588", "CVE-2016-5419", "CVE-2016-7167", "CVE-2016-7612", "CVE-2016-8621", "CVE-2016-7608", "CVE-2016-7659", "CVE-2016-7412", "CVE-2016-7658"], "modified": "2020-07-27T08:14:17", "id": "APPLE:HT207423", "href": "https://support.apple.com/kb/HT207423", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-11T19:31:18", "description": "# About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite\n\nThis document describes the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite\n\nReleased December 13, 2016\n\n**apache_mod_php**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A remote attacker may cause an unexpected application termination or arbitrary code execution\n\nDescription: Multiple issues existed in PHP before 5.6.26. These were addressed by updating PHP to version 5.6.26.\n\nCVE-2016-7411\n\nCVE-2016-7412\n\nCVE-2016-7413\n\nCVE-2016-7414\n\nCVE-2016-7416\n\nCVE-2016-7417\n\nCVE-2016-7418\n\n**AppleGraphicsPowerManagement**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-7609: daybreaker@Minionz working with Trend Micro's Zero Day Initiative\n\n**Assets**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local attacker may modify downloaded mobile assets\n\nDescription: A permissions issue existed in mobile assets. This issue was addressed through improved access restrictions.\n\nCVE-2016-7628: Marcel Bresink of Marcel Bresink Software-Systeme\n\nEntry updated December 15, 2016\n\n**Audio**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent\n\nCVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.1, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7596: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group\n\nEntry updated December 14, 2016\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-7605: daybreaker of Minionz\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2016-7617: Radu Motspan working with Trend Micro's Zero Day Initiative, Ian Beer of Google Project Zero\n\n**CoreCapture**\n\nAvailable for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved state management.\n\nCVE-2016-7604: daybreaker of Minionz\n\nEntry updated December 14, 2016\n\n**CoreFoundation**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing malicious strings may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of strings. This issue was addressed through improved bounds checking.\n\nCVE-2016-7663: an anonymous researcher\n\n**CoreGraphics**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted font file may lead to unexpected application termination\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-7627: TRAPMINE Inc. & Meysam Firouzi @R00tkitSMM\n\n**CoreMedia External Displays**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local application may be able to execute arbitrary code in the context of the mediaserver daemon\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2016-7655: Keen Lab working with Trend Micro\u2019s Zero Day Initiative\n\n**CoreMedia Playback**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted .mp4 file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7588: dragonltx of Huawei 2012 Laboratories\n\n**CoreStorage**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-7603: daybreaker@Minionz working with Trend Micro's Zero Day Initiative\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.\n\nCVE-2016-7595: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted string may lead to a denial of service\n\nDescription: An issue when rendering overlapping ranges was addressed through improved validation.\n\nCVE-2016-7667: Nasser Al-Hadhrami (@fast_hack), Saif Al-Hinai (welcom_there) of Digital Unit (dgunit.com)\n\nEntry added December 15, 2016\n\n**curl**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.\n\nCVE-2016-5419\n\nCVE-2016-5420\n\nCVE-2016-5421\n\nCVE-2016-7141\n\nCVE-2016-7167\n\nCVE-2016-8615\n\nCVE-2016-8616\n\nCVE-2016-8617\n\nCVE-2016-8618\n\nCVE-2016-8619\n\nCVE-2016-8620\n\nCVE-2016-8621\n\nCVE-2016-8622\n\nCVE-2016-8623\n\nCVE-2016-8624\n\nCVE-2016-8625\n\n**Directory Services**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to gain root privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7633: Ian Beer of Google Project Zero\n\n**Disk Images**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7616: daybreaker@Minionz working with Trend Micro's Zero Day Initiative\n\n**FontParser**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.\n\nCVE-2016-4691: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\n**Foundation**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7618: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\n**Grapher**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7622: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\n**ICU**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7594: Andr\u00e9 Bargull\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7602: daybreaker@Minionz working with Trend Micro's Zero Day Initiative\n\n**IOFireWireFamily**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local attacker may be able to read kernel memory\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7608: Brandon Azad\n\n**IOAcceleratorFamily**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: A shared memory issue was addressed through improved memory handling.\n\nCVE-2016-7624 : Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative\n\n**IOHIDFamily**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local application with system privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7591: daybreaker of Minionz\n\n**IOKit**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to read kernel memory\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7657: Keen Lab working with Trend Micro\u2019s Zero Day Initiative\n\n**IOKit**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: A shared memory issue was addressed through improved memory handling.\n\nCVE-2016-7625: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative\n\n**IOKit**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: A shared memory issue was addressed through improved memory handling.\n\nCVE-2016-7714: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative\n\nEntry added January 25, 2017\n\n**IOSurface**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: A shared memory issue was addressed through improved memory handling.\n\nCVE-2016-7620: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2016-7606: @cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com)\n\nCVE-2016-7612: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to read kernel memory\n\nDescription: An insufficient initialization issue was addressed by properly initializing memory returned to user space.\n\nCVE-2016-7607: Brandon Azad\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2016-7615: The UK's National Cyber Security Centre (NCSC)\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7621: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to gain root privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7637: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local application with system privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7644: Ian Beer of Google Project Zero\n\n**Kernel**\n\n****Available for: macOS Sierra 10.12.1\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2016-7647: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry added May 17, 2017\n\n**kext tools**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7629: @cocoahuke\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2016-7619: an anonymous researcher\n\n**LibreSSL**\n\nAvailable for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6\n\nImpact: An attacker with a privileged network position may be able to cause a denial of service\n\nDescription: A denial of service issue in unbounded OCSP growth was addressed through improved memory handling.\n\nCVE-2016-6304\n\nEntry updated December 14, 2016\n\n**OpenLDAP**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm\n\nDescription: RC4 was removed as a default cipher.\n\nCVE-2016-1777: Pepi Zawodsky\n\n**OpenPAM**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local unprivileged user may gain access to privileged applications\n\nDescription: PAM authentication within sandboxed applications failed insecurely. This was addressed with improved error handling.\n\nCVE-2016-7600: Perette Barella of DeviousFish.com\n\n**OpenSSL**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: An overflow issue existed in MDC2_Update(). This issue was addressed through improved input validation.\n\nCVE-2016-6303\n\n**OpenSSL**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker with a privileged network position may be able to cause a denial of service\n\nDescription: A denial of service issue in unbounded OCSP growth was addressed through improved memory handling.\n\nCVE-2016-6304\n\n**Power Management**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to gain root privileges\n\nDescription: An issue in mach port name references was addressed through improved validation.\n\nCVE-2016-7661: Ian Beer of Google Project Zero\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker may be able to exploit weaknesses in the 3DES cryptographic algorithm\n\nDescription: 3DES was removed as a default cipher.\n\nCVE-2016-4693: Ga\u00ebtan Leurent and Karthikeyan Bhargavan from INRIA Paris\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker in a privileged network position may be able to cause a denial of service\n\nDescription: A validation issue existed in the handling of OCSP responder URLs. This issue was addressed by verifying OCSP revocation status after CA validation and limiting the number of OCSP requests per certificate.\n\nCVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Certificates may be unexpectedly evaluated as trusted\n\nDescription: A certificate evaluation issue existed in certificate validation. This issue was addressed through additional validation of certificates.\n\nCVE-2016-7662: Apple\n\n**syslog**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to gain root privileges\n\nDescription: An issue in mach port name references was addressed through improved validation.\n\nCVE-2016-7660: Ian Beer of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A malicious local user may be able to view sensitive network configuration information\n\nDescription: Network configuration was unexpectedly global. This issue was addressed by moving sensitive network configuration to per-user settings.\n\nCVE-2016-7761: Peter Loos, Karlsruhe, Germany\n\nEntry added January 24, 2017\n\n**xar**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Opening a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: The use of an uninitialized variable was addressed through improved validation.\n\nCVE-2016-7742: Gareth Evans of Context Information Security\n\nEntry added January 10, 2017\n\nmacOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite includes the security content of [Safari 10.0.2](<https://support.apple.com/kb/HT207421>).\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: July 27, 2020\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-13T00:00:00", "type": "apple", "title": "About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1777", "CVE-2016-4691", "CVE-2016-4693", "CVE-2016-5419", "CVE-2016-5420", "CVE-2016-5421", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-7141", "CVE-2016-7167", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7588", "CVE-2016-7591", "CVE-2016-7594", "CVE-2016-7595", "CVE-2016-7596", "CVE-2016-7600", "CVE-2016-7602", "CVE-2016-7603", "CVE-2016-7604", "CVE-2016-7605", "CVE-2016-7606", "CVE-2016-7607", "CVE-2016-7608", "CVE-2016-7609", "CVE-2016-7612", "CVE-2016-7615", "CVE-2016-7616", "CVE-2016-7617", "CVE-2016-7618", "CVE-2016-7619", "CVE-2016-7620", "CVE-2016-7621", "CVE-2016-7622", "CVE-2016-7624", "CVE-2016-7625", "CVE-2016-7627", "CVE-2016-7628", "CVE-2016-7629", "CVE-2016-7633", "CVE-2016-7636", "CVE-2016-7637", "CVE-2016-7643", "CVE-2016-7644", "CVE-2016-7647", "CVE-2016-7655", "CVE-2016-7657", "CVE-2016-7658", "CVE-2016-7659", "CVE-2016-7660", "CVE-2016-7661", "CVE-2016-7662", "CVE-2016-7663", "CVE-2016-7667", "CVE-2016-7714", "CVE-2016-7742", "CVE-2016-7761", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8619", "CVE-2016-8620", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-8625"], "modified": "2016-12-13T00:00:00", "id": "APPLE:F15BAD0991243C5F3BD7A363EA796E0C", "href": "https://support.apple.com/kb/HT207423", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}