SOL17028 - PHP vulnerabilities CVE-2015-3411 and CVE-2015-3412
2015-08-03T00:00:00
ID SOL17028 Type f5 Reporter f5 Modified 2016-05-27T00:00:00
Description
Vulnerability Recommended Actions
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
F5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.
To mitigate this vulnerability, you should permit access to F5 products only over a secure network, and limit login access to trusted users. For additional information, refer to SOL13092: Overview of securing access to the BIG-IP system.
Supplemental Information
SOL9970: Subscribing to email notifications regarding F5 products
SOL9957: Creating a custom RSS feed to view new and updated documents
SOL4918: Overview of the F5 critical issue hotfix policy
{"reporter": "f5", "published": "2015-08-03T00:00:00", "cvelist": ["CVE-2015-3411", "CVE-2015-3412"], "title": "SOL17028 - PHP vulnerabilities CVE-2015-3411 and CVE-2015-3412", "type": "f5", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/000/sol17028.html", "bulletinFamily": "software", "enchantments": {"score": {"value": 5.3, "vector": "NONE", "modified": "2016-09-26T17:23:25", "rev": 2}, "dependencies": {"references": [{"type": "f5", "idList": ["F5:K17028"]}, {"type": "cve", "idList": ["CVE-2015-3412", "CVE-2015-3411"]}, {"type": "nessus", "idList": ["F5_BIGIP_SOL17028.NASL", "SUSE_SU-2015-1265-1.NASL", "PHP_5_4_40.NASL", "OPENSUSE-2015-471.NASL", "PHP_5_6_8.NASL", "SUSE_SU-2015-1253-1.NASL", "DEBIAN_DLA-307.NASL", "UBUNTU_USN-2658-1.NASL", "PHP_5_5_24.NASL", "ORACLELINUX_ELSA-2015-1218.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1197-1", "SUSE-SU-2015:1253-2", "SUSE-SU-2016:1638-1", "SUSE-SU-2015:1253-1", "SUSE-SU-2015:1265-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310850662", "OPENVAS:1361412562310122874", "OPENVAS:1361412562310805657", "OPENVAS:1361412562310842265", "OPENVAS:1361412562310122871", "OPENVAS:1361412562310871388", "OPENVAS:1361412562310850783", "OPENVAS:1361412562310882219", "OPENVAS:1361412562310805656", "OPENVAS:1361412562310123083"]}, {"type": "redhat", "idList": ["RHSA-2015:1187", "RHSA-2015:1135", "RHSA-2015:1066", "RHSA-2015:1186", "RHSA-2015:1218"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32315", "SECURITYVULNS:VULN:14580"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1135", "ELSA-2015-1066", "ELSA-2015-1186", "ELSA-2015-1218"]}, {"type": "ubuntu", "idList": ["USN-2658-1"]}, {"type": "debian", "idList": ["DEBIAN:DLA-307-1:2C3AB"]}, {"type": "centos", "idList": ["CESA-2015:1135", "CESA-2015:1218"]}], "modified": "2016-09-26T17:23:25", "rev": 2}, "vulnersScore": 5.3}, "modified": "2016-05-27T00:00:00", "affectedSoftware": [{"version": "10.2.4", "name": "BIG-IP PSM", "operator": "le"}, {"version": "11.6.0", "name": "BIG-IP Link Controller", "operator": "le"}, {"version": "11.3.0", "name": "BIG-IP Edge Gateway", "operator": "le"}, {"version": "4.5.0", "name": "BIG-IQ Device", "operator": "le"}, {"version": "11.6.0", "name": "BIG-IP GTM", "operator": "le"}, {"version": "11.6.0", "name": "BIG-IP PEM", "operator": "le"}, {"version": "3.1.1", "name": "Enterprise Manager", "operator": "le"}, {"version": "10.2.4", "name": "BIG-IP APM", "operator": "le"}, {"version": "11.6.0", "name": "BIG-IP Analytics", "operator": "le"}, {"version": "11.3.0", "name": "BIG-IP WebAccelerator", "operator": "le"}, {"version": "11.6.0", "name": "BIG-IP ASM", "operator": "le"}, {"version": "10.2.4", "name": "BIG-IP LTM", "operator": "le"}, {"version": "11.4.1", "name": "BIG-IP PSM", "operator": "le"}, {"version": "11.6.0", "name": "BIG-IP LTM", "operator": "le"}, {"version": "11.6.0", "name": "BIG-IP AAM", "operator": "le"}, {"version": "10.2.4", "name": "BIG-IP ASM", "operator": "le"}, {"version": "10.2.4", "name": "BIG-IP WebAccelerator", "operator": "le"}, {"version": "10.2.4", "name": "BIG-IP Link Controller", "operator": "le"}, {"version": "11.6.0", "name": "BIG-IP AFM", "operator": "le"}, {"version": "4.5.0", "name": "BIG-IQ Cloud", "operator": "le"}, {"version": "10.2.4", "name": "BIG-IP Edge Gateway", "operator": "le"}, {"version": "11.6.0", "name": "BIG-IP APM", "operator": "le"}, {"version": "10.2.4", "name": "BIG-IP WOM", "operator": "le"}, {"version": "4.5.0", "name": "BIG-IQ Security", "operator": "le"}, {"version": "10.2.4", "name": "BIG-IP GTM", "operator": "le"}, {"version": "4.5.0", "name": "BIG-IQ ADC", "operator": "le"}, {"version": "11.3.0", "name": "BIG-IP WOM", "operator": "le"}], "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/", "score": 6.4}, "viewCount": 90, "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. \n \nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should permit access to F5 products only over a secure network, and limit login access to trusted users. For additional information, refer to SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n", "references": ["https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13123.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/9000/500/sol9502.html", "https://support.f5.com/kb/en-us/solutions/public/10000/000/sol10025.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "id": "SOL17028", "lastseen": "2016-09-26T17:23:25"}
{"f5": [{"lastseen": "2019-04-09T03:14:28", "bulletinFamily": "software", "cvelist": ["CVE-2015-3411", "CVE-2015-3412"], "description": "\nF5 Product Development has assigned ID 534837, ID 534838 (BIG-IP), ID 528817 (BIG-IQ), and ID 525232 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth ](<http://www.f5.com/support/support-tools/big-ip-ihealth/>)may list Heuristic H17028 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control plane \nBIG-IP AAM| 11.4.0 - 11.6.0| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control plane \nBIG-IP AFM| 11.3.0 - 11.6.0| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control plane \nBIG-IP Analytics| 11.0.0 - 11.6.0| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP APM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP ASM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control plane \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| PHP framework, Control plane \nBIG-IP GTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 11.6.1 \n11.5.4| Low| PHP framework, Control plane \nBIG-IP Link Controller| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control plane \nBIG-IP PEM| 11.3.0 - 11.6.0| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control plane \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| PHP framework, Control plane \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| PHP framework, Control plane \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| PHP framework, Control plane \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| PHP framework, Control plane \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| PHP framework, Control plane \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| PHP framework, Control plane \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| PHP framework, Control plane \nBIG-IQ ADC| 4.5.0| None| Low| PHP framework, Control plane \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. \n \nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability, you should permit access to F5 products only over a secure network, and limit login access to trusted users. For additional information, refer to [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "edition": 1, "modified": "2017-04-06T18:51:00", "published": "2015-08-04T01:26:00", "id": "F5:K17028", "href": "https://support.f5.com/csp/article/K17028", "title": "PHP vulnerabilities CVE-2015-3411 and CVE-2015-3412", "type": "f5", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "cve": [{"lastseen": "2021-02-02T06:21:24", "description": "PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 2.5}, "published": "2016-05-16T10:59:00", "title": "CVE-2015-3411", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3411"], "modified": "2019-04-22T17:48:00", "cpe": ["cpe:/a:php:php:5.5.15", "cpe:/a:php:php:5.6.0", "cpe:/a:php:php:5.5.10", "cpe:/a:php:php:5.5.12", "cpe:/a:php:php:5.6.3", "cpe:/a:php:php:5.6.1", "cpe:/a:php:php:5.5.21", "cpe:/a:php:php:5.5.13", "cpe:/a:php:php:5.5.20", "cpe:/a:php:php:5.5.4", "cpe:/a:php:php:5.5.7", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:php:php:5.6.7", "cpe:/a:php:php:5.6.4", "cpe:/a:php:php:5.5.19", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/a:php:php:5.5.3", "cpe:/a:php:php:5.5.18", "cpe:/a:php:php:5.5.16", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:php:php:5.5.0", "cpe:/a:php:php:5.5.1", "cpe:/a:php:php:5.5.23", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/a:php:php:5.5.22", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:php:php:5.6.6", "cpe:/a:php:php:5.5.5", "cpe:/a:php:php:5.5.17", "cpe:/a:php:php:5.4.39", "cpe:/a:php:php:5.5.2", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1", "cpe:/a:php:php:5.6.5", "cpe:/a:php:php:5.5.8", "cpe:/a:php:php:5.5.11", "cpe:/a:php:php:5.5.6", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/a:php:php:5.5.14", "cpe:/a:php:php:5.5.9", "cpe:/a:php:php:5.6.2"], "id": "CVE-2015-3411", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3411", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.39:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:24", "description": "PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-05-16T10:59:00", "title": "CVE-2015-3412", "type": "cve", "cwe": ["CWE-200", "CWE-254"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3412"], "modified": "2019-04-22T17:48:00", "cpe": ["cpe:/a:php:php:5.5.15", "cpe:/a:php:php:5.6.0", "cpe:/a:php:php:5.5.10", "cpe:/a:php:php:5.5.12", "cpe:/a:php:php:5.6.3", "cpe:/a:php:php:5.6.1", "cpe:/a:php:php:5.5.21", "cpe:/a:php:php:5.5.13", "cpe:/a:php:php:5.5.20", "cpe:/a:php:php:5.5.4", "cpe:/a:php:php:5.5.7", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:php:php:5.6.7", "cpe:/a:php:php:5.6.4", "cpe:/a:php:php:5.5.19", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/a:php:php:5.5.3", "cpe:/a:php:php:5.5.18", "cpe:/a:php:php:5.5.16", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:php:php:5.5.0", "cpe:/a:php:php:5.5.1", "cpe:/a:php:php:5.5.23", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/a:php:php:5.5.22", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:php:php:5.6.6", "cpe:/a:php:php:5.5.5", "cpe:/a:php:php:5.5.17", "cpe:/a:php:php:5.4.39", "cpe:/a:php:php:5.5.2", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1", "cpe:/a:php:php:5.6.5", "cpe:/a:php:php:5.5.8", "cpe:/a:php:php:5.5.11", "cpe:/a:php:php:5.5.6", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/a:php:php:5.5.14", "cpe:/a:php:php:5.5.9", "cpe:/a:php:php:5.6.2"], "id": "CVE-2015-3412", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3412", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.39:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-02-01T02:04:53", "description": "CVE-2015-3411 It was found that certain PHP functions did not properly\nhandle file names containing a NULL character. A remote attacker could\npossibly use this flaw to make a PHP script access unexpected files\nand bypass intended file system access restrictions for CVE-2015-3411.\n\nCVE-2015-3412 It was found that certain PHP functions did not properly\nhandle file names containing a NULL character. A remote attacker could\npossibly use this flaw to make a PHP script access unexpected files\nand bypass intended file system access restrictions for CVE-2015-3412.", "edition": 29, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "published": "2016-02-19T00:00:00", "title": "F5 Networks BIG-IP : PHP vulnerabilities (K17028)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3411", "CVE-2015-3412"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL17028.NASL", "href": "https://www.tenable.com/plugins/nessus/88847", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K17028.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88847);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2015-3411\", \"CVE-2015-3412\");\n script_bugtraq_id(75250, 75255);\n\n script_name(english:\"F5 Networks BIG-IP : PHP vulnerabilities (K17028)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2015-3411 It was found that certain PHP functions did not properly\nhandle file names containing a NULL character. A remote attacker could\npossibly use this flaw to make a PHP script access unexpected files\nand bypass intended file system access restrictions for CVE-2015-3411.\n\nCVE-2015-3412 It was found that certain PHP functions did not properly\nhandle file names containing a NULL character. A remote attacker could\npossibly use this flaw to make a PHP script access unexpected files\nand bypass intended file system access restrictions for CVE-2015-3412.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K17028\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K17028.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K17028\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.6.0\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.5.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.1\",\"11.5.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-20T14:44:28", "description": "The PHP script interpreter was updated to fix various security \nissues :\n\nCVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization\ntype confusion.\n\nCVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type\nconfusion issues in unserialize() with various SOAP methods.\n\nCVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type\nconfusion issue after unserialize.\n\nCVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.\n\nCVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist()\nthat could result in a heap overflow.\n\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227],\n[bnc#935232]: Added missing null byte checks for paths in various PHP\nextensions.\n\nCVE-2015-4148 [bnc#933227]: Fixed a SoapClient's do_soap_call() type\nconfusion after unserialize() information disclosure.\n\nAlso the following bug were fixed :\n\nfix a segmentation fault in odbc_fetch_array [bnc#935074]\n\nfix timezone map [bnc#919080]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-07-21T00:00:00", "title": "SUSE SLES11 Security Update : PHP (SUSE-SU-2015:1265-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4602", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "modified": "2015-07-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:php53-shmop", "p-cpe:/a:novell:suse_linux:php53-snmp", "p-cpe:/a:novell:suse_linux:php53-sysvsem", "p-cpe:/a:novell:suse_linux:php53-dba", "p-cpe:/a:novell:suse_linux:php53-pear", "p-cpe:/a:novell:suse_linux:php53-xsl", "p-cpe:/a:novell:suse_linux:php53-calendar", "p-cpe:/a:novell:suse_linux:php53-openssl", "p-cpe:/a:novell:suse_linux:php53", "p-cpe:/a:novell:suse_linux:php53-dom", "p-cpe:/a:novell:suse_linux:php53-odbc", "p-cpe:/a:novell:suse_linux:php53-ctype", "p-cpe:/a:novell:suse_linux:php53-zip", "p-cpe:/a:novell:suse_linux:php53-pgsql", "p-cpe:/a:novell:suse_linux:php53-pcntl", "p-cpe:/a:novell:suse_linux:php53-pspell", "p-cpe:/a:novell:suse_linux:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:php53-gmp", "p-cpe:/a:novell:suse_linux:php53-gd", "p-cpe:/a:novell:suse_linux:php53-curl", "p-cpe:/a:novell:suse_linux:php53-gettext", "p-cpe:/a:novell:suse_linux:php53-iconv", "p-cpe:/a:novell:suse_linux:php53-bz2", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:php53-zlib", "p-cpe:/a:novell:suse_linux:php53-bcmath", "p-cpe:/a:novell:suse_linux:php53-fastcgi", "p-cpe:/a:novell:suse_linux:php53-json", "p-cpe:/a:novell:suse_linux:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:php53-mbstring", "p-cpe:/a:novell:suse_linux:php53-ldap", "p-cpe:/a:novell:suse_linux:php53-xmlreader", "p-cpe:/a:novell:suse_linux:php53-suhosin", "p-cpe:/a:novell:suse_linux:php53-ftp", "p-cpe:/a:novell:suse_linux:php53-soap", "p-cpe:/a:novell:suse_linux:php53-sysvshm", "p-cpe:/a:novell:suse_linux:php53-fileinfo", "p-cpe:/a:novell:suse_linux:php53-mcrypt", "p-cpe:/a:novell:suse_linux:php53-intl", "p-cpe:/a:novell:suse_linux:php53-wddx", "p-cpe:/a:novell:suse_linux:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:php53-tokenizer", "p-cpe:/a:novell:suse_linux:php53-pdo", "p-cpe:/a:novell:suse_linux:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:php53-mysql", "p-cpe:/a:novell:suse_linux:php53-exif"], "id": "SUSE_SU-2015-1265-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84897", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1265-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84897);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\", \"CVE-2015-4643\", \"CVE-2015-4644\");\n script_bugtraq_id(74413, 75103, 75244, 75246, 75249, 75250, 75251, 75252, 75255, 75291, 75292);\n\n script_name(english:\"SUSE SLES11 Security Update : PHP (SUSE-SU-2015:1265-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The PHP script interpreter was updated to fix various security \nissues :\n\nCVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization\ntype confusion.\n\nCVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type\nconfusion issues in unserialize() with various SOAP methods.\n\nCVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type\nconfusion issue after unserialize.\n\nCVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.\n\nCVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist()\nthat could result in a heap overflow.\n\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227],\n[bnc#935232]: Added missing null byte checks for paths in various PHP\nextensions.\n\nCVE-2015-4148 [bnc#933227]: Fixed a SoapClient's do_soap_call() type\nconfusion after unserialize() information disclosure.\n\nAlso the following bug were fixed :\n\nfix a segmentation fault in odbc_fetch_array [bnc#935074]\n\nfix timezone map [bnc#919080]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935275\"\n );\n # https://download.suse.com/patch/finder/?keywords=81cfeb3c78f7d93b7833bcf7ec9abc68\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?629b8b77\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3411/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4148/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4598/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4600/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4601/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4643/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4644/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151265-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?91636cf9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11 SP3 :\n\nzypper in -t patch sdksp3-apache2-mod_php53=10811\n\nSUSE Linux Enterprise Server 11 SP3 for VMware :\n\nzypper in -t patch slessp3-apache2-mod_php53=10811\n\nSUSE Linux Enterprise Server 11 SP3 :\n\nzypper in -t patch slessp3-apache2-mod_php53=10811\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-mod_php53-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-bcmath-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-bz2-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-calendar-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-ctype-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-curl-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-dba-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-dom-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-exif-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-fastcgi-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-fileinfo-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-ftp-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-gd-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-gettext-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-gmp-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-iconv-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-intl-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-json-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-ldap-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-mbstring-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-mcrypt-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-mysql-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-odbc-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-openssl-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pcntl-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pdo-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pear-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pgsql-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pspell-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-shmop-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-snmp-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-soap-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-suhosin-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-sysvmsg-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-sysvsem-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-sysvshm-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-tokenizer-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-wddx-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xmlreader-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xmlrpc-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xmlwriter-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xsl-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-zip-5.3.17-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-zlib-5.3.17-0.43.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PHP\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:28:36", "description": "The PHP script interpreter was updated to receive various security\nfixes :\n\n - CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class\n unserialization type confusion.\n\n - CVE-2015-4599, CVE-2015-4600, CVE-2015-4601\n [bnc#935226]: Fixed type confusion issues in\n unserialize() with various SOAP methods.\n\n - CVE-2015-4603 [bnc#935234]: Fixed\n exception::getTraceAsString type confusion issue after\n unserialize.\n\n - CVE-2015-4644 [bnc#935274]: Fixed a crash in\n php_pgsql_meta_data.\n\n - CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in\n ftp_genlist() that could result in a heap overflow.\n\n - CVE-2015-3411, CVE-2015-3412, CVE-2015-4598\n [bnc#935227], [bnc#935232]: Added missing null byte\n checks for paths in various PHP extensions.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-07-07T00:00:00", "title": "openSUSE Security Update : php5 (openSUSE-2015-471)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4605", "CVE-2015-4602", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "modified": "2015-07-07T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-mssql-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-opcache", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:php5-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5-mssql", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-firebird", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-ldap"], "id": "OPENSUSE-2015-471.NASL", "href": "https://www.tenable.com/plugins/nessus/84557", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-471.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84557);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4598\", \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\", \"CVE-2015-4604\", \"CVE-2015-4605\", \"CVE-2015-4643\", \"CVE-2015-4644\");\n\n script_name(english:\"openSUSE Security Update : php5 (openSUSE-2015-471)\");\n script_summary(english:\"Check for the openSUSE-2015-471 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The PHP script interpreter was updated to receive various security\nfixes :\n\n - CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class\n unserialization type confusion.\n\n - CVE-2015-4599, CVE-2015-4600, CVE-2015-4601\n [bnc#935226]: Fixed type confusion issues in\n unserialize() with various SOAP methods.\n\n - CVE-2015-4603 [bnc#935234]: Fixed\n exception::getTraceAsString type confusion issue after\n unserialize.\n\n - CVE-2015-4644 [bnc#935274]: Fixed a crash in\n php_pgsql_meta_data.\n\n - CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in\n ftp_genlist() that could result in a heap overflow.\n\n - CVE-2015-3411, CVE-2015-3412, CVE-2015-4598\n [bnc#935227], [bnc#935232]: Added missing null byte\n checks for paths in various PHP extensions.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=935224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=935225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=935226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=935227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=935232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=935234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=935274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=935275\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_php5-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_php5-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bcmath-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bcmath-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bz2-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bz2-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-calendar-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-calendar-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ctype-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ctype-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-curl-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-curl-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dba-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dba-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-debugsource-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-devel-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dom-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dom-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-enchant-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-enchant-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-exif-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-exif-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fastcgi-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fastcgi-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fileinfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fileinfo-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-firebird-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-firebird-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fpm-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fpm-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ftp-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ftp-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gd-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gd-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gettext-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gettext-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gmp-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gmp-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-iconv-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-iconv-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-imap-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-imap-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-intl-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-intl-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-json-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-json-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ldap-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ldap-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mbstring-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mbstring-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mcrypt-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mcrypt-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mssql-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mssql-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mysql-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mysql-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-odbc-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-odbc-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-openssl-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-openssl-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pcntl-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pcntl-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pdo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pdo-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pear-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pgsql-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pgsql-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-phar-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-phar-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-posix-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-posix-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pspell-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pspell-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-readline-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-readline-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-shmop-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-shmop-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-snmp-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-snmp-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-soap-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-soap-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sockets-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sockets-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sqlite-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sqlite-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-suhosin-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-suhosin-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvmsg-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvmsg-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvsem-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvsem-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvshm-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvshm-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tidy-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tidy-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tokenizer-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tokenizer-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-wddx-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-wddx-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlreader-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlreader-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlrpc-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlrpc-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlwriter-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlwriter-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xsl-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xsl-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zip-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zip-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zlib-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zlib-debuginfo-5.4.20-61.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debugsource-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-devel-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pear-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-debuginfo-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-5.6.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-debuginfo-5.6.1-30.6\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:22:47", "description": "This security update of PHP fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data\n remote DOS Vulnerability.\n\n - CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check\n path validity.\n\n - CVE-2015-4022 [bnc#931772]: Fixed and overflow in\n ftp_genlist() that resulted in a heap overflow.\n\n - CVE-2015-4021 [bnc#931769]: Fixed memory corruption in\n phar_parse_tarfile when entry filename starts with NULL.\n\n - CVE-2015-4148 [bnc#933227]: Fixed SoapClient's\n do_soap_call() type confusion after unserialize()\n information disclosure.\n\n - CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class\n unserialization type confusion.\n\n - CVE-2015-4599, CVE-2015-4600, CVE-2015-4601\n [bnc#935226]: Fixed type confusion issues in\n unserialize() with various SOAP methods.\n\n - CVE-2015-4603 [bnc#935234]: Fixed\n exception::getTraceAsString type confusion issue after\n unserialize.\n\n - CVE-2015-4644 [bnc#935274]: Fixed a crash in\n php_pgsql_meta_data.\n\n - CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in\n ftp_genlist() that could result in a heap overflow.\n\n - CVE-2015-3411, CVE-2015-3412, CVE-2015-4598\n [bnc#935227], [bnc#935232]: Added missing null byte\n checks for paths in various PHP extensions.\n\nBugs fixed :\n\n - configure php-fpm with --localstatedir=/var [bnc#927147]\n\n - fix timezone map [bnc#919080]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-02T00:00:00", "title": "SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1253-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "modified": "2019-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php5-tokenizer", "p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php5-bcmath", "p-cpe:/a:novell:suse_linux:php5-zip", "p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlrpc", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fpm", "p-cpe:/a:novell:suse_linux:php5-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php5-json-debuginfo", "p-cpe:/a:novell:suse_linux:php5-calendar", "p-cpe:/a:novell:suse_linux:php5-odbc", "p-cpe:/a:novell:suse_linux:php5-intl", "p-cpe:/a:novell:suse_linux:php5-gettext", "p-cpe:/a:novell:suse_linux:php5-openssl", "p-cpe:/a:novell:suse_linux:php5-iconv", "p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo", "p-cpe:/a:novell:suse_linux:php5-bz2", "p-cpe:/a:novell:suse_linux:php5-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvmsg", "p-cpe:/a:novell:suse_linux:php5-suhosin", "p-cpe:/a:novell:suse_linux:php5-sqlite", "p-cpe:/a:novell:suse_linux:php5-debugsource", "p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sockets", "p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pgsql", "p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mbstring", "p-cpe:/a:novell:suse_linux:apache2-mod_php5", "p-cpe:/a:novell:suse_linux:php5-ctype", "p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pspell", "p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php5-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5", "p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php5-enchant", "p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gd", "p-cpe:/a:novell:suse_linux:php5-mcrypt", "p-cpe:/a:novell:suse_linux:php5-sysvsem", "p-cpe:/a:novell:suse_linux:php5-soap", "p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ldap", "p-cpe:/a:novell:suse_linux:php5-mysql", "p-cpe:/a:novell:suse_linux:php5-sysvshm", "p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fastcgi", "p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gmp", "p-cpe:/a:novell:suse_linux:php5-xmlwriter", "p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php5-wddx", "p-cpe:/a:novell:suse_linux:php5-exif", "p-cpe:/a:novell:suse_linux:php5-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlreader", "p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php5-curl", "p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php5-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fileinfo", "p-cpe:/a:novell:suse_linux:php5-dba", "p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php5-snmp", "p-cpe:/a:novell:suse_linux:php5-ftp", "p-cpe:/a:novell:suse_linux:php5-zlib", "p-cpe:/a:novell:suse_linux:php5-dom", "p-cpe:/a:novell:suse_linux:php5-xsl", "p-cpe:/a:novell:suse_linux:php5-pdo", "p-cpe:/a:novell:suse_linux:php5-pcntl", "p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php5-json", "p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php5-shmop"], "id": "SUSE_SU-2015-1253-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119968", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1253-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119968);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4026\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\", \"CVE-2015-4643\", \"CVE-2015-4644\");\n script_bugtraq_id(74413, 74700, 74902, 74903, 75056, 75103, 75244, 75246, 75249, 75250, 75251, 75252, 75255, 75291, 75292);\n\n script_name(english:\"SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1253-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This security update of PHP fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data\n remote DOS Vulnerability.\n\n - CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check\n path validity.\n\n - CVE-2015-4022 [bnc#931772]: Fixed and overflow in\n ftp_genlist() that resulted in a heap overflow.\n\n - CVE-2015-4021 [bnc#931769]: Fixed memory corruption in\n phar_parse_tarfile when entry filename starts with NULL.\n\n - CVE-2015-4148 [bnc#933227]: Fixed SoapClient's\n do_soap_call() type confusion after unserialize()\n information disclosure.\n\n - CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class\n unserialization type confusion.\n\n - CVE-2015-4599, CVE-2015-4600, CVE-2015-4601\n [bnc#935226]: Fixed type confusion issues in\n unserialize() with various SOAP methods.\n\n - CVE-2015-4603 [bnc#935234]: Fixed\n exception::getTraceAsString type confusion issue after\n unserialize.\n\n - CVE-2015-4644 [bnc#935274]: Fixed a crash in\n php_pgsql_meta_data.\n\n - CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in\n ftp_genlist() that could result in a heap overflow.\n\n - CVE-2015-3411, CVE-2015-3412, CVE-2015-4598\n [bnc#935227], [bnc#935232]: Added missing null byte\n checks for paths in various PHP extensions.\n\nBugs fixed :\n\n - configure php-fpm with --localstatedir=/var [bnc#927147]\n\n - fix timezone map [bnc#919080]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=927147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3411/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4021/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4022/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4024/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4026/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4148/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4598/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4600/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4601/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4643/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4644/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151253-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a92dac74\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-322=1\n\nSUSE Linux Enterprise Module for Web Scripting 12 :\n\nzypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-322=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debugsource-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-debuginfo-5.5.14-30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T13:25:58", "description": "According to its banner, the version of PHP 5.5.x running on the\nremote web server is prior to 5.5.24. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An unspecified use-after-free error exists in the\n _zend_shared_memdup() function within file\n ext/opcache/zend_shared_alloc.c that allows an\n unauthenticated, remote attacker to have an unspecified\n impact. (CVE-2015-1351)\n\n - A NULL pointer dereference flaw exists in the\n build_tablename() function within file pgsql.c in the\n PostgreSQL extension due to a failure to validate token\n extraction for table names. An authenticated, remote\n attacker can exploit this, via a crafted name, to cause\n a denial of service condition. (CVE-2015-1352)\n\n - An out-of-bounds read error exists in the Phar component\n due to improper validation of user-supplied input when\n handling phar parsing during unserialize() function\n calls. An unauthenticated, remote attacker can exploit\n this to cause a denial of service condition or the\n disclosure of memory contents. (CVE-2015-2783)\n\n - A memory corruption issue exists in the\n phar_parse_metadata() function in file ext/phar/phar.c\n due to improper validation of user-supplied input when\n parsing a specially crafted TAR archive. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2015-3307)\n\n - Multiple stack-based buffer overflow conditions exist in\n the phar_set_inode() function in file phar_internal.h\n when handling archive files, such as tar, zip, or phar\n files. An unauthenticated, remote attacker can exploit\n these to cause a denial of service condition or the\n execution or arbitrary code. (CVE-2015-3329)\n\n - A flaw exists in the Apache2handler SAPI component when\n handling pipelined HTTP requests that allows an\n unauthenticated, remote attacker to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2015-3330)\n\n - A flaw exists in multiple functions due to a failure to\n check for NULL byte (%00) sequences in a path when\n processing or reading a file. An unauthenticated, remote\n attacker can exploit this, via specially crafted input\n to an application calling those functions, to bypass\n intended restrictions and disclose potentially\n sensitive information. (CVE-2015-3411, CVE-2015-3412)\n\n - A type confusion error exists in multiple functions\n within file ext/soap/soap.c that is triggered when\n calling unserialize(). An unauthenticated, remote\n attacker can exploit this to disclose memory contents,\n cause a denial of service condition, or execute\n arbitrary code. (CVE-2015-4599, CVE-2015-4600)\n\n - Multiple type confusion errors exist within files\n ext/soap/php_encoding.c, ext/soap/php_http.c, and\n ext/soap/soap.c that allow an unauthenticated, remote\n attacker to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2015-4601)\n\n - A type confusion error exists in the\n __PHP_Incomplete_Class() function within file\n ext/standard/incomplete_class.c that allows an\n unauthenticated, remote attacker to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2015-4602)\n\n - A type confusion error exists in the\n exception::getTraceAsString() function within file\n Zend/zend_exceptions.c that allows a remote attacker to\n execute arbitrary code. (CVE-2015-4603)\n\n - A denial of service vulnerability exists due to a flaw\n in the bundled libmagic library, specifically in the\n mget() function within file softmagic.c. The function\n fails to maintain a certain pointer relationship. An\n unauthenticated, remote attacker can exploit this, via a\n crafted string, to crash the application.\n (CVE-2015-4604)\n\n - A denial of service vulnerability exists due to a flaw\n in the bundled libmagic library, specifically in the\n mcopy() function within file softmagic.c. The function\n fails to properly handle an offset that exceeds\n 'bytecnt'. An unauthenticated, remote attacker can\n exploit this, via a crafted string, to crash the\n application. (CVE-2015-4605)\n\n - A flaw exists in the ZEND_VM_HELPER_EX() function within\n file /Zend/zend_vm_def.h when handling a __get()\n function call. An unauthenticated, remote attacker can\n exploit this to cause a cause a denial of service\n condition.\n\n - A type confusion error exists in the\n php_stream_url_wrap_http_ex() function within file\n ext/standard/http_fopen_wrapper.c that allows an\n unauthenticated, remote attacker to execute arbitrary\n code.\n\n - A use-after-free error exists in the php_curl() function\n within file ext/curl/interface.c that allows an\n unauthenticated, remote attacker to execute arbitrary\n code.\n\n - A use-after-free error exists in the SPL component,\n specifically in the spl_object_storage_get_gc() function\n within file ext/spl/spl_observer.c. An unauthenticated,\n remote attacker can exploit this to execute arbitrary\n code.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-04-23T00:00:00", "title": "PHP 5.5.x < 5.5.24 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-1352", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4602", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-1351", "CVE-2015-4599"], "modified": "2015-04-23T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_5_24.NASL", "href": "https://www.tenable.com/plugins/nessus/83034", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83034);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2015-1351\",\n \"CVE-2015-1352\",\n \"CVE-2015-2783\",\n \"CVE-2015-3307\",\n \"CVE-2015-3329\",\n \"CVE-2015-3330\",\n \"CVE-2015-3411\",\n \"CVE-2015-3412\",\n \"CVE-2015-4599\",\n \"CVE-2015-4600\",\n \"CVE-2015-4601\",\n \"CVE-2015-4602\",\n \"CVE-2015-4603\",\n \"CVE-2015-4604\",\n \"CVE-2015-4605\"\n );\n script_bugtraq_id(\n 71929,\n 71932,\n 74204,\n 74239,\n 74240,\n 74413,\n 74703,\n 75233,\n 75241,\n 75246,\n 75249,\n 75250,\n 75251,\n 75252,\n 75255\n );\n\n script_name(english:\"PHP 5.5.x < 5.5.24 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of PHP.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.5.x running on the\nremote web server is prior to 5.5.24. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An unspecified use-after-free error exists in the\n _zend_shared_memdup() function within file\n ext/opcache/zend_shared_alloc.c that allows an\n unauthenticated, remote attacker to have an unspecified\n impact. (CVE-2015-1351)\n\n - A NULL pointer dereference flaw exists in the\n build_tablename() function within file pgsql.c in the\n PostgreSQL extension due to a failure to validate token\n extraction for table names. An authenticated, remote\n attacker can exploit this, via a crafted name, to cause\n a denial of service condition. (CVE-2015-1352)\n\n - An out-of-bounds read error exists in the Phar component\n due to improper validation of user-supplied input when\n handling phar parsing during unserialize() function\n calls. An unauthenticated, remote attacker can exploit\n this to cause a denial of service condition or the\n disclosure of memory contents. (CVE-2015-2783)\n\n - A memory corruption issue exists in the\n phar_parse_metadata() function in file ext/phar/phar.c\n due to improper validation of user-supplied input when\n parsing a specially crafted TAR archive. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2015-3307)\n\n - Multiple stack-based buffer overflow conditions exist in\n the phar_set_inode() function in file phar_internal.h\n when handling archive files, such as tar, zip, or phar\n files. An unauthenticated, remote attacker can exploit\n these to cause a denial of service condition or the\n execution or arbitrary code. (CVE-2015-3329)\n\n - A flaw exists in the Apache2handler SAPI component when\n handling pipelined HTTP requests that allows an\n unauthenticated, remote attacker to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2015-3330)\n\n - A flaw exists in multiple functions due to a failure to\n check for NULL byte (%00) sequences in a path when\n processing or reading a file. An unauthenticated, remote\n attacker can exploit this, via specially crafted input\n to an application calling those functions, to bypass\n intended restrictions and disclose potentially\n sensitive information. (CVE-2015-3411, CVE-2015-3412)\n\n - A type confusion error exists in multiple functions\n within file ext/soap/soap.c that is triggered when\n calling unserialize(). An unauthenticated, remote\n attacker can exploit this to disclose memory contents,\n cause a denial of service condition, or execute\n arbitrary code. (CVE-2015-4599, CVE-2015-4600)\n\n - Multiple type confusion errors exist within files\n ext/soap/php_encoding.c, ext/soap/php_http.c, and\n ext/soap/soap.c that allow an unauthenticated, remote\n attacker to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2015-4601)\n\n - A type confusion error exists in the\n __PHP_Incomplete_Class() function within file\n ext/standard/incomplete_class.c that allows an\n unauthenticated, remote attacker to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2015-4602)\n\n - A type confusion error exists in the\n exception::getTraceAsString() function within file\n Zend/zend_exceptions.c that allows a remote attacker to\n execute arbitrary code. (CVE-2015-4603)\n\n - A denial of service vulnerability exists due to a flaw\n in the bundled libmagic library, specifically in the\n mget() function within file softmagic.c. The function\n fails to maintain a certain pointer relationship. An\n unauthenticated, remote attacker can exploit this, via a\n crafted string, to crash the application.\n (CVE-2015-4604)\n\n - A denial of service vulnerability exists due to a flaw\n in the bundled libmagic library, specifically in the\n mcopy() function within file softmagic.c. The function\n fails to properly handle an offset that exceeds\n 'bytecnt'. An unauthenticated, remote attacker can\n exploit this, via a crafted string, to crash the\n application. (CVE-2015-4605)\n\n - A flaw exists in the ZEND_VM_HELPER_EX() function within\n file /Zend/zend_vm_def.h when handling a __get()\n function call. An unauthenticated, remote attacker can\n exploit this to cause a cause a denial of service\n condition.\n\n - A type confusion error exists in the\n php_stream_url_wrap_http_ex() function within file\n ext/standard/http_fopen_wrapper.c that allows an\n unauthenticated, remote attacker to execute arbitrary\n code.\n\n - A use-after-free error exists in the php_curl() function\n within file ext/curl/interface.c that allows an\n unauthenticated, remote attacker to execute arbitrary\n code.\n\n - A use-after-free error exists in the SPL component,\n specifically in the spl_object_storage_get_gc() function\n within file ext/spl/spl_observer.c. An unauthenticated,\n remote attacker can exploit this to execute arbitrary\n code.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.5.24\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to PHP version 5.5.24 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.5)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.5\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.5.x\", port);\n\nif (version =~ \"^5\\.5\\.([0-9]|1[0-9]|2[0-3])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version +\n '\\n Fixed version : 5.5.24' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T13:26:08", "description": "According to its banner, the version of PHP 5.6.x running on the\nremote web server is prior to 5.6.8. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An unspecified use-after-free error exists in the\n _zend_shared_memdup() function within file\n ext/opcache/zend_shared_alloc.c that allows an\n unauthenticated, remote attacker to have an unspecified\n impact. (CVE-2015-1351)\n\n - A NULL pointer dereference flaw exists in the\n build_tablename() function within file pgsql.c in the\n PostgreSQL extension due to a failure to validate token\n extraction for table names. An authenticated, remote\n attacker can exploit this, via a crafted name, to cause\n a denial of service condition. (CVE-2015-1352)\n\n - An out-of-bounds read error exists in the Phar component\n due to improper validation of user-supplied input when\n handling phar parsing during unserialize() function\n calls. An unauthenticated, remote attacker can exploit\n this to cause a denial of service condition or the\n disclosure of memory contents. (CVE-2015-2783)\n\n - A memory corruption issue exists in the\n phar_parse_metadata() function in file ext/phar/phar.c\n due to improper validation of user-supplied input when\n parsing a specially crafted TAR archive. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2015-3307)\n\n - Multiple stack-based buffer overflow conditions exist in\n the phar_set_inode() function in file phar_internal.h\n when handling archive files, such as tar, zip, or phar\n files. An unauthenticated, remote attacker can exploit\n these to cause a denial of service condition or the\n execution or arbitrary code. (CVE-2015-3329)\n\n - A flaw exists in the Apache2handler SAPI component when\n handling pipelined HTTP requests that allows an\n unauthenticated, remote attacker to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2015-3330)\n\n - A flaw exists in multiple functions due to a failure to\n check for NULL byte (%00) sequences in a path when\n processing or reading a file. An unauthenticated, remote\n attacker can exploit this, via specially crafted input\n to an application calling those functions, to bypass\n intended restrictions and disclose potentially\n sensitive information. (CVE-2015-3411, CVE-2015-3412)\n\n - A type confusion error exists in multiple functions\n within file ext/soap/soap.c that is triggered when\n calling unserialize(). An unauthenticated, remote\n attacker can exploit this to disclose memory contents,\n cause a denial of service condition, or execute\n arbitrary code. (CVE-2015-4599, CVE-2015-4600)\n\n - Multiple type confusion errors exist within files\n ext/soap/php_encoding.c, ext/soap/php_http.c, and\n ext/soap/soap.c that allow an unauthenticated, remote\n attacker to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2015-4601)\n\n - A type confusion error exists in the\n __PHP_Incomplete_Class() function within file\n ext/standard/incomplete_class.c that allows an\n unauthenticated, remote attacker to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2015-4602)\n\n - A type confusion error exists in the\n exception::getTraceAsString() function within file\n Zend/zend_exceptions.c that allows a remote attacker to\n execute arbitrary code. (CVE-2015-4603)\n\n - A denial of service vulnerability exists due to a flaw\n in the bundled libmagic library, specifically in the\n mget() function within file softmagic.c. The function\n fails to maintain a certain pointer relationship. An\n unauthenticated, remote attacker can exploit this, via a\n crafted string, to crash the application.\n (CVE-2015-4604)\n\n - A denial of service vulnerability exists due to a flaw\n in the bundled libmagic library, specifically in the\n mcopy() function within file softmagic.c. The function\n fails to properly handle an offset that exceeds\n 'bytecnt'. An unauthenticated, remote attacker can\n exploit this, via a crafted string, to crash the\n application. (CVE-2015-4605)\n\n - A use-after-free error exists in the sqlite3_close()\n function within file /ext/sqlite3/sqlite3.c when closing\n database connections. An unauthenticated, remote\n attacker can exploit this to execute arbitrary code.\n\n - A flaw exists in the ZEND_VM_HELPER_EX() function within\n file /Zend/zend_vm_def.h when handling a __get()\n function call. An unauthenticated, remote attacker can\n exploit this to cause a cause a denial of service\n condition.\n\n - A type confusion error exists in the\n php_stream_url_wrap_http_ex() function within file\n ext/standard/http_fopen_wrapper.c that allows an\n unauthenticated, remote attacker to execute arbitrary\n code.\n\n - A use-after-free error exists in the php_curl() function\n within file ext/curl/interface.c that allows an\n unauthenticated, remote attacker to execute arbitrary\n code.\n\n - A use-after-free error exists in the SPL component,\n specifically in the spl_object_storage_get_gc() function\n within file ext/spl/spl_observer.c. An unauthenticated,\n remote attacker can exploit this to execute arbitrary\n code.\n\n - A NULL pointer dereference flaw exists within file\n /ext/ereg/regex/regcomp.c that allows an\n unauthenticated, remote attacker attacker to cause a\n denial of service condition.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-04-23T00:00:00", "title": "PHP 5.6.x < 5.6.8 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-1352", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4602", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-1351", "CVE-2015-4599"], "modified": "2015-04-23T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_6_8.NASL", "href": "https://www.tenable.com/plugins/nessus/83035", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83035);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2015-1351\",\n \"CVE-2015-1352\",\n \"CVE-2015-2783\",\n \"CVE-2015-3307\",\n \"CVE-2015-3329\",\n \"CVE-2015-3330\",\n \"CVE-2015-3411\",\n \"CVE-2015-3412\",\n \"CVE-2015-4599\",\n \"CVE-2015-4600\",\n \"CVE-2015-4601\",\n \"CVE-2015-4602\",\n \"CVE-2015-4603\",\n \"CVE-2015-4604\",\n \"CVE-2015-4605\"\n );\n script_bugtraq_id(\n 71929,\n 71932,\n 74204,\n 74239,\n 74240,\n 74413,\n 74703,\n 75233,\n 75241,\n 75246,\n 75249,\n 75250,\n 75251,\n 75252,\n 75255\n );\n\n script_name(english:\"PHP 5.6.x < 5.6.8 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of PHP.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.6.x running on the\nremote web server is prior to 5.6.8. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An unspecified use-after-free error exists in the\n _zend_shared_memdup() function within file\n ext/opcache/zend_shared_alloc.c that allows an\n unauthenticated, remote attacker to have an unspecified\n impact. (CVE-2015-1351)\n\n - A NULL pointer dereference flaw exists in the\n build_tablename() function within file pgsql.c in the\n PostgreSQL extension due to a failure to validate token\n extraction for table names. An authenticated, remote\n attacker can exploit this, via a crafted name, to cause\n a denial of service condition. (CVE-2015-1352)\n\n - An out-of-bounds read error exists in the Phar component\n due to improper validation of user-supplied input when\n handling phar parsing during unserialize() function\n calls. An unauthenticated, remote attacker can exploit\n this to cause a denial of service condition or the\n disclosure of memory contents. (CVE-2015-2783)\n\n - A memory corruption issue exists in the\n phar_parse_metadata() function in file ext/phar/phar.c\n due to improper validation of user-supplied input when\n parsing a specially crafted TAR archive. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2015-3307)\n\n - Multiple stack-based buffer overflow conditions exist in\n the phar_set_inode() function in file phar_internal.h\n when handling archive files, such as tar, zip, or phar\n files. An unauthenticated, remote attacker can exploit\n these to cause a denial of service condition or the\n execution or arbitrary code. (CVE-2015-3329)\n\n - A flaw exists in the Apache2handler SAPI component when\n handling pipelined HTTP requests that allows an\n unauthenticated, remote attacker to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2015-3330)\n\n - A flaw exists in multiple functions due to a failure to\n check for NULL byte (%00) sequences in a path when\n processing or reading a file. An unauthenticated, remote\n attacker can exploit this, via specially crafted input\n to an application calling those functions, to bypass\n intended restrictions and disclose potentially\n sensitive information. (CVE-2015-3411, CVE-2015-3412)\n\n - A type confusion error exists in multiple functions\n within file ext/soap/soap.c that is triggered when\n calling unserialize(). An unauthenticated, remote\n attacker can exploit this to disclose memory contents,\n cause a denial of service condition, or execute\n arbitrary code. (CVE-2015-4599, CVE-2015-4600)\n\n - Multiple type confusion errors exist within files\n ext/soap/php_encoding.c, ext/soap/php_http.c, and\n ext/soap/soap.c that allow an unauthenticated, remote\n attacker to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2015-4601)\n\n - A type confusion error exists in the\n __PHP_Incomplete_Class() function within file\n ext/standard/incomplete_class.c that allows an\n unauthenticated, remote attacker to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2015-4602)\n\n - A type confusion error exists in the\n exception::getTraceAsString() function within file\n Zend/zend_exceptions.c that allows a remote attacker to\n execute arbitrary code. (CVE-2015-4603)\n\n - A denial of service vulnerability exists due to a flaw\n in the bundled libmagic library, specifically in the\n mget() function within file softmagic.c. The function\n fails to maintain a certain pointer relationship. An\n unauthenticated, remote attacker can exploit this, via a\n crafted string, to crash the application.\n (CVE-2015-4604)\n\n - A denial of service vulnerability exists due to a flaw\n in the bundled libmagic library, specifically in the\n mcopy() function within file softmagic.c. The function\n fails to properly handle an offset that exceeds\n 'bytecnt'. An unauthenticated, remote attacker can\n exploit this, via a crafted string, to crash the\n application. (CVE-2015-4605)\n\n - A use-after-free error exists in the sqlite3_close()\n function within file /ext/sqlite3/sqlite3.c when closing\n database connections. An unauthenticated, remote\n attacker can exploit this to execute arbitrary code.\n\n - A flaw exists in the ZEND_VM_HELPER_EX() function within\n file /Zend/zend_vm_def.h when handling a __get()\n function call. An unauthenticated, remote attacker can\n exploit this to cause a cause a denial of service\n condition.\n\n - A type confusion error exists in the\n php_stream_url_wrap_http_ex() function within file\n ext/standard/http_fopen_wrapper.c that allows an\n unauthenticated, remote attacker to execute arbitrary\n code.\n\n - A use-after-free error exists in the php_curl() function\n within file ext/curl/interface.c that allows an\n unauthenticated, remote attacker to execute arbitrary\n code.\n\n - A use-after-free error exists in the SPL component,\n specifically in the spl_object_storage_get_gc() function\n within file ext/spl/spl_observer.c. An unauthenticated,\n remote attacker can exploit this to execute arbitrary\n code.\n\n - A NULL pointer dereference flaw exists within file\n /ext/ereg/regex/regcomp.c that allows an\n unauthenticated, remote attacker attacker to cause a\n denial of service condition.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.6.8\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to PHP version 5.6.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.6)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.6\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.6.x\", port);\n\nif (version =~ \"^5\\.6\\.[0-7]($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version +\n '\\n Fixed version : 5.6.8' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T13:25:54", "description": "According to its banner, the version of PHP 5.4.x running on the\nremote web server is prior to 5.4.40. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An out-of-bounds read error exists in the GetCode_()\n function within file gd_gif_in.c that allows an\n unauthenticated, remote attacker to cause a denial of\n service condition or the disclosure of memory contents.\n (CVE-2014-9709)\n\n - A NULL pointer dereference flaw exists in the\n build_tablename() function within file pgsql.c in the\n PostgreSQL extension due to a failure to validate token\n extraction for table names. An authenticated, remote\n attacker can exploit this, via a crafted name, to cause\n a denial of service condition. (CVE-2015-1352)\n\n - A use-after-free error exists in the\n phar_rename_archive() function within file\n phar_object.c. An unauthenticated, remote attacker can\n exploit this, by attempting to rename a phar archive to\n an already existing file name, to cause a denial of\n service condition. (CVE-2015-2301)\n\n - An out-of-bounds read error exists in the Phar component\n due to improper validation of user-supplied input when\n handling phar parsing during unserialize() function\n calls. An unauthenticated, remote attacker can exploit\n this to cause a denial of service condition or the\n disclosure of memory contents. (CVE-2015-2783)\n\n - A memory corruption issue exists in the\n phar_parse_metadata() function in file ext/phar/phar.c\n due to improper validation of user-supplied input when\n parsing a specially crafted TAR archive. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2015-3307)\n\n - Multiple stack-based buffer overflow conditions exist in\n the phar_set_inode() function in file phar_internal.h\n when handling archive files, such as tar, zip, or phar\n files. An unauthenticated, remote attacker can exploit\n these to cause a denial of service condition or the\n execution or arbitrary code. (CVE-2015-3329)\n\n - A flaw exists in the Apache2handler SAPI component when\n handling pipelined HTTP requests that allows an\n unauthenticated, remote attacker to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2015-3330)\n\n - A flaw exists in multiple functions due to a failure to\n check for NULL byte (%00) sequences in a path when\n processing or reading a file. An unauthenticated, remote\n attacker can exploit this, via specially crafted input\n to an application calling those functions, to bypass\n intended restrictions and disclose potentially\n sensitive information. (CVE-2015-3411, CVE-2015-3412)\n\n - A type confusion error exists in multiple functions\n within file ext/soap/soap.c that is triggered when\n calling unserialize(). An unauthenticated, remote\n attacker can exploit this to disclose memory contents,\n cause a denial of service condition, or execute\n arbitrary code. (CVE-2015-4599, CVE-2015-4600)\n\n - Multiple type confusion errors exist within files\n ext/soap/php_encoding.c, ext/soap/php_http.c, and\n ext/soap/soap.c that allow an unauthenticated, remote\n attacker to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2015-4601)\n\n - A type confusion error exists in the\n __PHP_Incomplete_Class() function within file\n ext/standard/incomplete_class.c that allows an\n unauthenticated, remote attacker to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2015-4602)\n\n - A type confusion error exists in the\n exception::getTraceAsString() function within file\n Zend/zend_exceptions.c that allows a remote attacker to\n execute arbitrary code. (CVE-2015-4603)\n\n - A denial of service vulnerability exists due to a flaw\n in the bundled libmagic library, specifically in the\n mget() function within file softmagic.c. The function\n fails to maintain a certain pointer relationship. An\n unauthenticated, remote attacker can exploit this, via a\n crafted string, to crash the application.\n (CVE-2015-4604)\n\n - A denial of service vulnerability exists due to a flaw\n in the bundled libmagic library, specifically in the\n mcopy() function within file softmagic.c. The function\n fails to properly handle an offset that exceeds\n 'bytecnt'. An unauthenticated, remote attacker can\n exploit this, via a crafted string, to crash the\n application. (CVE-2015-4605)\n\n - A use-after-free error exists in the sqlite3_close()\n function within file /ext/sqlite3/sqlite3.c when closing\n database connections. An unauthenticated, remote\n attacker can exploit this to execute arbitrary code.\n\n - A type confusion error exists in the\n php_stream_url_wrap_http_ex() function within file\n ext/standard/http_fopen_wrapper.c that allows an\n unauthenticated, remote attacker to execute arbitrary\n code.\n\n - A use-after-free error exists in the php_curl() function\n within file ext/curl/interface.c that allows an\n unauthenticated, remote attacker to execute arbitrary\n code.\n\n - A NULL pointer dereference flaw exists within file\n /ext/ereg/regex/regcomp.c that allows an\n unauthenticated, remote attacker attacker to cause a\n denial of service condition.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-04-23T00:00:00", "title": "PHP 5.4.x < 5.4.40 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-1352", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4602", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599"], "modified": "2015-04-23T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_4_40.NASL", "href": "https://www.tenable.com/plugins/nessus/83033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83033);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2014-9709\",\n \"CVE-2015-1352\",\n \"CVE-2015-2301\",\n \"CVE-2015-2783\",\n \"CVE-2015-3307\",\n \"CVE-2015-3329\",\n \"CVE-2015-3330\",\n \"CVE-2015-3411\",\n \"CVE-2015-3412\",\n \"CVE-2015-4599\",\n \"CVE-2015-4600\",\n \"CVE-2015-4601\",\n \"CVE-2015-4602\",\n \"CVE-2015-4603\",\n \"CVE-2015-4604\",\n \"CVE-2015-4605\"\n );\n script_bugtraq_id(\n 71932,\n 73037,\n 73306,\n 74204,\n 74239,\n 74240,\n 74413,\n 74703,\n 75233,\n 75241,\n 75246,\n 75249,\n 75250,\n 75251,\n 75252,\n 75255\n );\n\n script_name(english:\"PHP 5.4.x < 5.4.40 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of PHP.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.4.x running on the\nremote web server is prior to 5.4.40. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An out-of-bounds read error exists in the GetCode_()\n function within file gd_gif_in.c that allows an\n unauthenticated, remote attacker to cause a denial of\n service condition or the disclosure of memory contents.\n (CVE-2014-9709)\n\n - A NULL pointer dereference flaw exists in the\n build_tablename() function within file pgsql.c in the\n PostgreSQL extension due to a failure to validate token\n extraction for table names. An authenticated, remote\n attacker can exploit this, via a crafted name, to cause\n a denial of service condition. (CVE-2015-1352)\n\n - A use-after-free error exists in the\n phar_rename_archive() function within file\n phar_object.c. An unauthenticated, remote attacker can\n exploit this, by attempting to rename a phar archive to\n an already existing file name, to cause a denial of\n service condition. (CVE-2015-2301)\n\n - An out-of-bounds read error exists in the Phar component\n due to improper validation of user-supplied input when\n handling phar parsing during unserialize() function\n calls. An unauthenticated, remote attacker can exploit\n this to cause a denial of service condition or the\n disclosure of memory contents. (CVE-2015-2783)\n\n - A memory corruption issue exists in the\n phar_parse_metadata() function in file ext/phar/phar.c\n due to improper validation of user-supplied input when\n parsing a specially crafted TAR archive. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2015-3307)\n\n - Multiple stack-based buffer overflow conditions exist in\n the phar_set_inode() function in file phar_internal.h\n when handling archive files, such as tar, zip, or phar\n files. An unauthenticated, remote attacker can exploit\n these to cause a denial of service condition or the\n execution or arbitrary code. (CVE-2015-3329)\n\n - A flaw exists in the Apache2handler SAPI component when\n handling pipelined HTTP requests that allows an\n unauthenticated, remote attacker to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2015-3330)\n\n - A flaw exists in multiple functions due to a failure to\n check for NULL byte (%00) sequences in a path when\n processing or reading a file. An unauthenticated, remote\n attacker can exploit this, via specially crafted input\n to an application calling those functions, to bypass\n intended restrictions and disclose potentially\n sensitive information. (CVE-2015-3411, CVE-2015-3412)\n\n - A type confusion error exists in multiple functions\n within file ext/soap/soap.c that is triggered when\n calling unserialize(). An unauthenticated, remote\n attacker can exploit this to disclose memory contents,\n cause a denial of service condition, or execute\n arbitrary code. (CVE-2015-4599, CVE-2015-4600)\n\n - Multiple type confusion errors exist within files\n ext/soap/php_encoding.c, ext/soap/php_http.c, and\n ext/soap/soap.c that allow an unauthenticated, remote\n attacker to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2015-4601)\n\n - A type confusion error exists in the\n __PHP_Incomplete_Class() function within file\n ext/standard/incomplete_class.c that allows an\n unauthenticated, remote attacker to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2015-4602)\n\n - A type confusion error exists in the\n exception::getTraceAsString() function within file\n Zend/zend_exceptions.c that allows a remote attacker to\n execute arbitrary code. (CVE-2015-4603)\n\n - A denial of service vulnerability exists due to a flaw\n in the bundled libmagic library, specifically in the\n mget() function within file softmagic.c. The function\n fails to maintain a certain pointer relationship. An\n unauthenticated, remote attacker can exploit this, via a\n crafted string, to crash the application.\n (CVE-2015-4604)\n\n - A denial of service vulnerability exists due to a flaw\n in the bundled libmagic library, specifically in the\n mcopy() function within file softmagic.c. The function\n fails to properly handle an offset that exceeds\n 'bytecnt'. An unauthenticated, remote attacker can\n exploit this, via a crafted string, to crash the\n application. (CVE-2015-4605)\n\n - A use-after-free error exists in the sqlite3_close()\n function within file /ext/sqlite3/sqlite3.c when closing\n database connections. An unauthenticated, remote\n attacker can exploit this to execute arbitrary code.\n\n - A type confusion error exists in the\n php_stream_url_wrap_http_ex() function within file\n ext/standard/http_fopen_wrapper.c that allows an\n unauthenticated, remote attacker to execute arbitrary\n code.\n\n - A use-after-free error exists in the php_curl() function\n within file ext/curl/interface.c that allows an\n unauthenticated, remote attacker to execute arbitrary\n code.\n\n - A NULL pointer dereference flaw exists within file\n /ext/ereg/regex/regcomp.c that allows an\n unauthenticated, remote attacker attacker to cause a\n denial of service condition.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.4.40\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to PHP version 5.4.40 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.4)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.4\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.4.x\", port);\n\nif (version =~ \"^5\\.4\\.([0-9]|[1-3][0-9])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version +\n '\\n Fixed version : 5.4.40' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:28:55", "description": "Neal Poole and Tomas Hoger discovered that PHP incorrectly handled\nNULL bytes in file paths. A remote attacker could possibly use this\nissue to bypass intended restrictions and create or obtain access to\nsensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025,\nCVE-2015-4026, CVE-2015-4598)\n\nEmmanuel Law discovered that the PHP phar extension incorrectly\nhandled filenames starting with a NULL byte. A remote attacker could\nuse this issue with a crafted tar archive to cause a denial of\nservice. (CVE-2015-4021)\n\nMax Spelsberg discovered that PHP incorrectly handled the LIST command\nwhen connecting to remote FTP servers. A malicious FTP server could\npossibly use this issue to execute arbitrary code. (CVE-2015-4022,\nCVE-2015-4643)\n\nShusheng Liu discovered that PHP incorrectly handled certain malformed\nform data. A remote attacker could use this issue with crafted form\ndata to cause CPU consumption, leading to a denial of service.\n(CVE-2015-4024)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly\nvalidated data types. A remote attacker could use this issue with\ncrafted serialized data to possibly execute arbitrary code.\n(CVE-2015-4147)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly\nvalidated that the uri property is a string. A remote attacker could\nuse this issue with crafted serialized data to possibly obtain\nsensitive information. (CVE-2015-4148)\n\nTaoguang Chen discovered that PHP incorrectly validated data types in\nmultiple locations. A remote attacker could possibly use these issues\nto obtain sensitive information or cause a denial of service.\n(CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was discovered that the PHP Fileinfo component incorrectly handled\ncertain files. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service. This issue only affected\nUbuntu 15.04. (CVE-2015-4604, CVE-2015-4605)\n\nIt was discovered that PHP incorrectly handled table names in\nphp_pgsql_meta_data. A local attacker could possibly use this issue to\ncause PHP to crash, resulting in a denial of service. (CVE-2015-4644).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-07-07T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : php5 vulnerabilities (USN-2658-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "modified": "2015-07-07T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "cpe:/o:canonical:ubuntu_linux:14.10", "p-cpe:/a:canonical:ubuntu_linux:php5-fpm", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2658-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84563", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2658-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84563);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\", \"CVE-2015-4604\", \"CVE-2015-4605\", \"CVE-2015-4643\", \"CVE-2015-4644\");\n script_bugtraq_id(73357, 74413, 74700, 74902, 74903, 74904, 75056, 75103, 75233, 75241, 75244, 75246, 75249, 75250, 75251, 75252, 75255, 75291, 75292);\n script_xref(name:\"USN\", value:\"2658-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : php5 vulnerabilities (USN-2658-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Neal Poole and Tomas Hoger discovered that PHP incorrectly handled\nNULL bytes in file paths. A remote attacker could possibly use this\nissue to bypass intended restrictions and create or obtain access to\nsensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025,\nCVE-2015-4026, CVE-2015-4598)\n\nEmmanuel Law discovered that the PHP phar extension incorrectly\nhandled filenames starting with a NULL byte. A remote attacker could\nuse this issue with a crafted tar archive to cause a denial of\nservice. (CVE-2015-4021)\n\nMax Spelsberg discovered that PHP incorrectly handled the LIST command\nwhen connecting to remote FTP servers. A malicious FTP server could\npossibly use this issue to execute arbitrary code. (CVE-2015-4022,\nCVE-2015-4643)\n\nShusheng Liu discovered that PHP incorrectly handled certain malformed\nform data. A remote attacker could use this issue with crafted form\ndata to cause CPU consumption, leading to a denial of service.\n(CVE-2015-4024)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly\nvalidated data types. A remote attacker could use this issue with\ncrafted serialized data to possibly execute arbitrary code.\n(CVE-2015-4147)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly\nvalidated that the uri property is a string. A remote attacker could\nuse this issue with crafted serialized data to possibly obtain\nsensitive information. (CVE-2015-4148)\n\nTaoguang Chen discovered that PHP incorrectly validated data types in\nmultiple locations. A remote attacker could possibly use these issues\nto obtain sensitive information or cause a denial of service.\n(CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was discovered that the PHP Fileinfo component incorrectly handled\ncertain files. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service. This issue only affected\nUbuntu 15.04. (CVE-2015-4604, CVE-2015-4605)\n\nIt was discovered that PHP incorrectly handled table names in\nphp_pgsql_meta_data. A local attacker could possibly use this issue to\ncause PHP to crash, resulting in a denial of service. (CVE-2015-4644).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2658-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|14\\.10|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.10-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.10-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-cli\", pkgver:\"5.3.10-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-fpm\", pkgver:\"5.3.10-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.5.9+dfsg-1ubuntu4.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-cgi\", pkgver:\"5.5.9+dfsg-1ubuntu4.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-cli\", pkgver:\"5.5.9+dfsg-1ubuntu4.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-fpm\", pkgver:\"5.5.9+dfsg-1ubuntu4.11\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.5.12+dfsg-2ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"php5-cgi\", pkgver:\"5.5.12+dfsg-2ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"php5-cli\", pkgver:\"5.5.12+dfsg-2ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"php5-fpm\", pkgver:\"5.5.12+dfsg-2ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.6.4+dfsg-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"php5-cgi\", pkgver:\"5.6.4+dfsg-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"php5-cli\", pkgver:\"5.6.4+dfsg-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"php5-fpm\", pkgver:\"5.6.4+dfsg-4ubuntu6.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / php5-cgi / php5-cli / php5-fpm\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:43:37", "description": " - CVE-2015-3307 The phar_parse_metadata function in\n ext/phar/phar.c in PHP before 5.4.40, 5.5.x before\n 5.5.24, and 5.6.x before 5.6.8 allows remote attackers\n to cause a denial of service (heap metadata corruption)\n or possibly have unspecified other impact via a crafted\n tar archive.\n\n - CVE-2015-3411 + CVE-2015-3412 Fixed bug #69353 (Missing\n null byte checks for paths in various PHP extensions)\n\n - CVE-2015-4021 The phar_parse_tarfile function in\n ext/phar/tar.c in PHP before 5.4.41, 5.5.x before\n 5.5.25, and 5.6.x before 5.6.9 does not verify that the\n first character of a filename is different from the \\0\n character, which allows remote attackers to cause a\n denial of service (integer underflow and memory\n corruption) via a crafted entry in a tar archive.\n\n - CVE-2015-4022 Integer overflow in the ftp_genlist\n function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x\n before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP\n servers to execute arbitrary code via a long reply to a\n LIST command, leading to a heap-based buffer overflow.\n\n - CVE-2015-4025 PHP before 5.4.41, 5.5.x before 5.5.25,\n and 5.6.x before 5.6.9 truncates a pathname upon\n encountering a \\x00 character in certain situations,\n which allows remote attackers to bypass intended\n extension restrictions and access files or directories\n with unexpected names via a crafted argument to (1)\n set_include_path, (2) tempnam, (3) rmdir, or (4)\n readlink. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2006-7243.\n\n - CVE-2015-4026 The pcntl_exec implementation in PHP\n before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before\n 5.6.9 truncates a pathname upon encountering a \\x00\n character, which might allow remote attackers to bypass\n intended extension restrictions and execute files with\n unexpected names via a crafted first argument. NOTE:\n this vulnerability exists because of an incomplete fix\n for CVE-2006-7243.\n\n - CVE-2015-4147 The SoapClient::__call method in\n ext/soap/soap.c in PHP before 5.4.39, 5.5.x before\n 5.5.23, and 5.6.x before 5.6.7 does not verify that\n __default_headers is an array, which allows remote\n attackers to execute arbitrary code by providing crafted\n serialized data with an unexpected data type, related to\n a 'type confusion' issue.\n\n - CVE-2015-4148 The do_soap_call function in\n ext/soap/soap.c in PHP before 5.4.39, 5.5.x before\n 5.5.23, and 5.6.x before 5.6.7 does not verify that the\n uri property is a string, which allows remote attackers\n to obtain sensitive information by providing crafted\n serialized data with an int data type, related to a\n 'type confusion' issue.\n\n - CVE-2015-4598 Incorrect handling of paths with NULs\n\n - CVE-2015-4599 Type confusion vulnerability in\n exception::getTraceAsString\n\n - CVE-2015-4600 + CVE-2015-4601 Added type checks\n\n - CVE-2015-4602 Type Confusion Infoleak Vulnerability in\n unserialize() with SoapFault\n\n - CVE-2015-4604 + CVE-2015-4605 denial of service when\n processing a crafted file with Fileinfo (already fixed\n in CVE-2015-temp-68819.patch)\n\n - CVE-2015-4643 Improved fix for bug #69545 (Integer\n overflow in ftp_genlist() resulting in heap overflow)\n\n - CVE-2015-4644 Fixed bug #69667 (segfault in\n php_pgsql_meta_data)\n\n - CVE-2015-5589 Segfault in Phar::convertToData on invalid\n file\n\n - CVE-2015-5590 Buffer overflow and stack smashing error\n in phar_fix_filepath\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-09-08T00:00:00", "title": "Debian DLA-307-1 : php5 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2006-7243", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-5590", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-5589", "CVE-2015-4643"], "modified": "2015-09-08T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:php5-pspell", "p-cpe:/a:debian:debian_linux:php-pear", "p-cpe:/a:debian:debian_linux:php5-xsl", "p-cpe:/a:debian:debian_linux:php5-mcrypt", "p-cpe:/a:debian:debian_linux:php5-gd", "p-cpe:/a:debian:debian_linux:php5-interbase", "p-cpe:/a:debian:debian_linux:php5-mysql", "p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter", "p-cpe:/a:debian:debian_linux:php5-intl", "p-cpe:/a:debian:debian_linux:php5-dbg", "p-cpe:/a:debian:debian_linux:php5-xmlrpc", "p-cpe:/a:debian:debian_linux:php5-dev", "p-cpe:/a:debian:debian_linux:php5-sybase", "p-cpe:/a:debian:debian_linux:php5-enchant", "p-cpe:/a:debian:debian_linux:php5-recode", "p-cpe:/a:debian:debian_linux:php5-cli", "p-cpe:/a:debian:debian_linux:php5-cgi", "p-cpe:/a:debian:debian_linux:php5-pgsql", "p-cpe:/a:debian:debian_linux:php5-sqlite", "p-cpe:/a:debian:debian_linux:php5-odbc", "p-cpe:/a:debian:debian_linux:php5-common", "p-cpe:/a:debian:debian_linux:php5-gmp", "p-cpe:/a:debian:debian_linux:php5", "p-cpe:/a:debian:debian_linux:php5-curl", "p-cpe:/a:debian:debian_linux:php5-snmp", "p-cpe:/a:debian:debian_linux:php5-imap", "p-cpe:/a:debian:debian_linux:libapache2-mod-php5", "p-cpe:/a:debian:debian_linux:php5-tidy", "p-cpe:/a:debian:debian_linux:php5-ldap"], "id": "DEBIAN_DLA-307.NASL", "href": "https://www.tenable.com/plugins/nessus/85808", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-307-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85808);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3307\", \"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4025\", \"CVE-2015-4026\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4604\", \"CVE-2015-4605\", \"CVE-2015-4643\", \"CVE-2015-4644\", \"CVE-2015-5589\", \"CVE-2015-5590\");\n script_bugtraq_id(73357, 74413, 74700, 74703, 74902, 74904, 75056, 75103, 75233, 75241, 75244, 75246, 75249, 75250, 75251, 75255, 75291, 75292, 75970, 75974);\n\n script_name(english:\"Debian DLA-307-1 : php5 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2015-3307 The phar_parse_metadata function in\n ext/phar/phar.c in PHP before 5.4.40, 5.5.x before\n 5.5.24, and 5.6.x before 5.6.8 allows remote attackers\n to cause a denial of service (heap metadata corruption)\n or possibly have unspecified other impact via a crafted\n tar archive.\n\n - CVE-2015-3411 + CVE-2015-3412 Fixed bug #69353 (Missing\n null byte checks for paths in various PHP extensions)\n\n - CVE-2015-4021 The phar_parse_tarfile function in\n ext/phar/tar.c in PHP before 5.4.41, 5.5.x before\n 5.5.25, and 5.6.x before 5.6.9 does not verify that the\n first character of a filename is different from the \\0\n character, which allows remote attackers to cause a\n denial of service (integer underflow and memory\n corruption) via a crafted entry in a tar archive.\n\n - CVE-2015-4022 Integer overflow in the ftp_genlist\n function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x\n before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP\n servers to execute arbitrary code via a long reply to a\n LIST command, leading to a heap-based buffer overflow.\n\n - CVE-2015-4025 PHP before 5.4.41, 5.5.x before 5.5.25,\n and 5.6.x before 5.6.9 truncates a pathname upon\n encountering a \\x00 character in certain situations,\n which allows remote attackers to bypass intended\n extension restrictions and access files or directories\n with unexpected names via a crafted argument to (1)\n set_include_path, (2) tempnam, (3) rmdir, or (4)\n readlink. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2006-7243.\n\n - CVE-2015-4026 The pcntl_exec implementation in PHP\n before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before\n 5.6.9 truncates a pathname upon encountering a \\x00\n character, which might allow remote attackers to bypass\n intended extension restrictions and execute files with\n unexpected names via a crafted first argument. NOTE:\n this vulnerability exists because of an incomplete fix\n for CVE-2006-7243.\n\n - CVE-2015-4147 The SoapClient::__call method in\n ext/soap/soap.c in PHP before 5.4.39, 5.5.x before\n 5.5.23, and 5.6.x before 5.6.7 does not verify that\n __default_headers is an array, which allows remote\n attackers to execute arbitrary code by providing crafted\n serialized data with an unexpected data type, related to\n a 'type confusion' issue.\n\n - CVE-2015-4148 The do_soap_call function in\n ext/soap/soap.c in PHP before 5.4.39, 5.5.x before\n 5.5.23, and 5.6.x before 5.6.7 does not verify that the\n uri property is a string, which allows remote attackers\n to obtain sensitive information by providing crafted\n serialized data with an int data type, related to a\n 'type confusion' issue.\n\n - CVE-2015-4598 Incorrect handling of paths with NULs\n\n - CVE-2015-4599 Type confusion vulnerability in\n exception::getTraceAsString\n\n - CVE-2015-4600 + CVE-2015-4601 Added type checks\n\n - CVE-2015-4602 Type Confusion Infoleak Vulnerability in\n unserialize() with SoapFault\n\n - CVE-2015-4604 + CVE-2015-4605 denial of service when\n processing a crafted file with Fileinfo (already fixed\n in CVE-2015-temp-68819.patch)\n\n - CVE-2015-4643 Improved fix for bug #69545 (Integer\n overflow in ftp_genlist() resulting in heap overflow)\n\n - CVE-2015-4644 Fixed bug #69667 (segfault in\n php_pgsql_meta_data)\n\n - CVE-2015-5589 Segfault in Phar::convertToData on invalid\n file\n\n - CVE-2015-5590 Buffer overflow and stack smashing error\n in phar_fix_filepath\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/09/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/php5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php-pear\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cgi\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cli\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-common\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-curl\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dbg\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dev\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-enchant\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gd\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gmp\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-imap\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-interbase\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-intl\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-ldap\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mcrypt\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mysql\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-odbc\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pgsql\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pspell\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-recode\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-snmp\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sqlite\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sybase\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-tidy\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xmlrpc\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xsl\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:48:49", "description": "A flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount\nof CPU time. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application\nusing the exif_read_data() function to crash or, possibly, execute\narbitrary code with the privileges of the user running that PHP\napplication. (CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was\nfound in the way PHP's FTP extension parsed file listing FTP server\nresponses. A malicious FTP server could use this flaw to cause a PHP\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the\nunserialize() function could cause a PHP application to crash or,\npossibly, execute arbitrary code. (CVE-2015-0273, CVE-2015-2787,\nCVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file\nnames containing a NULL character. A remote attacker could possibly\nuse this flaw to make a PHP script access unexpected files and bypass\nintended file system access restrictions. (CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension\nparsed Phar archives. A specially crafted archive could cause PHP to\ncrash or, possibly, execute arbitrary code when opened.\n(CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329,\nCVE-2015-4021)\n\nA heap buffer overflow flaw was found in the\nenchant_broker_request_dict() function of PHP's enchant extension. An\nattacker able to make a PHP application enchant dictionaries could\npossibly cause it to crash. (CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application\nusing the imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy()\nfunction in the PHP ZTS module. This flaw could possibly cause a PHP\napplication to crash. (CVE-2014-9425)\n\nAfter installing the updated packages, the httpd daemon must be\nrestarted for the update to take effect.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-07-13T00:00:00", "title": "Scientific Linux Security Update : php on SL6.x i386/x86_64 (20150709)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "modified": "2015-07-13T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:php-embedded", "p-cpe:/a:fermilab:scientific_linux:php-enchant", "p-cpe:/a:fermilab:scientific_linux:php-pgsql", "p-cpe:/a:fermilab:scientific_linux:php-pspell", "p-cpe:/a:fermilab:scientific_linux:php-xmlrpc", "p-cpe:/a:fermilab:scientific_linux:php-mbstring", "p-cpe:/a:fermilab:scientific_linux:php", "p-cpe:/a:fermilab:scientific_linux:php-cli", "p-cpe:/a:fermilab:scientific_linux:php-common", "p-cpe:/a:fermilab:scientific_linux:php-dba", "p-cpe:/a:fermilab:scientific_linux:php-debuginfo", "p-cpe:/a:fermilab:scientific_linux:php-soap", "p-cpe:/a:fermilab:scientific_linux:php-pdo", "p-cpe:/a:fermilab:scientific_linux:php-fpm", "p-cpe:/a:fermilab:scientific_linux:php-recode", "p-cpe:/a:fermilab:scientific_linux:php-snmp", "p-cpe:/a:fermilab:scientific_linux:php-odbc", "p-cpe:/a:fermilab:scientific_linux:php-imap", "p-cpe:/a:fermilab:scientific_linux:php-tidy", "p-cpe:/a:fermilab:scientific_linux:php-ldap", "p-cpe:/a:fermilab:scientific_linux:php-xml", "p-cpe:/a:fermilab:scientific_linux:php-process", "p-cpe:/a:fermilab:scientific_linux:php-bcmath", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:php-gd", "p-cpe:/a:fermilab:scientific_linux:php-mysql", "p-cpe:/a:fermilab:scientific_linux:php-zts", "p-cpe:/a:fermilab:scientific_linux:php-intl", "p-cpe:/a:fermilab:scientific_linux:php-devel"], "id": "SL_20150709_PHP_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/84661", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84661);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9425\", \"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2015-0232\", \"CVE-2015-0273\", \"CVE-2015-2301\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3307\", \"CVE-2015-3329\", \"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4026\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\");\n\n script_name(english:\"Scientific Linux Security Update : php on SL6.x i386/x86_64 (20150709)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount\nof CPU time. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application\nusing the exif_read_data() function to crash or, possibly, execute\narbitrary code with the privileges of the user running that PHP\napplication. (CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was\nfound in the way PHP's FTP extension parsed file listing FTP server\nresponses. A malicious FTP server could use this flaw to cause a PHP\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the\nunserialize() function could cause a PHP application to crash or,\npossibly, execute arbitrary code. (CVE-2015-0273, CVE-2015-2787,\nCVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file\nnames containing a NULL character. A remote attacker could possibly\nuse this flaw to make a PHP script access unexpected files and bypass\nintended file system access restrictions. (CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension\nparsed Phar archives. A specially crafted archive could cause PHP to\ncrash or, possibly, execute arbitrary code when opened.\n(CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329,\nCVE-2015-4021)\n\nA heap buffer overflow flaw was found in the\nenchant_broker_request_dict() function of PHP's enchant extension. An\nattacker able to make a PHP application enchant dictionaries could\npossibly cause it to crash. (CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application\nusing the imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy()\nfunction in the PHP ZTS module. This flaw could possibly cause a PHP\napplication to crash. (CVE-2014-9425)\n\nAfter installing the updated packages, the httpd daemon must be\nrestarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1507&L=scientific-linux-errata&F=&S=&P=6144\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f988acda\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"php-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-bcmath-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-cli-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-common-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-dba-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-debuginfo-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-devel-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-embedded-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-enchant-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-fpm-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-gd-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-imap-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-intl-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-ldap-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-mbstring-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-mysql-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-odbc-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-pdo-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-pgsql-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-process-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-pspell-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-recode-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-snmp-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-soap-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-tidy-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-xml-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-xmlrpc-5.3.3-46.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-zts-5.3.3-46.el6_6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-31T18:37:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4602", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-13T00:00:00", "id": "OPENVAS:1361412562310850783", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850783", "type": "openvas", "title": "SUSE: Security Advisory for PHP (SUSE-SU-2015:1265-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850783\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 15:34:07 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4148\", \"CVE-2015-4598\",\n \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\",\n \"CVE-2015-4603\", \"CVE-2015-4643\", \"CVE-2015-4644\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for PHP (SUSE-SU-2015:1265-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'PHP'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The PHP script interpreter was updated to fix various security issues:\n\n * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class\n unserialization type confusion.\n\n * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type\n confusion issues in unserialize() with various SOAP methods.\n\n * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type\n confusion issue after unserialize.\n\n * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.\n\n * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in\n ftp_genlist() that could result in a heap overflow.\n\n * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227],\n [bnc#935232]: Added missing null byte checks for paths in various\n PHP extensions.\n\n * CVE-2015-4148 [bnc#933227]: Fixed a SoapClient's do_soap_call() type\n confusion after unserialize() information disclosure.\n\n Also the following bug were fixed:\n\n * fix a segmentation fault in odbc_fetch_array [bnc#935074]\n\n * fix timezone map [bnc#919080]\");\n\n script_tag(name:\"affected\", value:\"PHP on SUSE Linux Enterprise Server 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:1265-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php53\", rpm:\"apache2-mod_php53~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53\", rpm:\"php53~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-bcmath\", rpm:\"php53-bcmath~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-bz2\", rpm:\"php53-bz2~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-calendar\", rpm:\"php53-calendar~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-ctype\", rpm:\"php53-ctype~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-curl\", rpm:\"php53-curl~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-dba\", rpm:\"php53-dba~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-dom\", rpm:\"php53-dom~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-exif\", rpm:\"php53-exif~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-fastcgi\", rpm:\"php53-fastcgi~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-fileinfo\", rpm:\"php53-fileinfo~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-ftp\", rpm:\"php53-ftp~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-gd\", rpm:\"php53-gd~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-gettext\", rpm:\"php53-gettext~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-gmp\", rpm:\"php53-gmp~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-iconv\", rpm:\"php53-iconv~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-intl\", rpm:\"php53-intl~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-json\", rpm:\"php53-json~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-ldap\", rpm:\"php53-ldap~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-mbstring\", rpm:\"php53-mbstring~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-mcrypt\", rpm:\"php53-mcrypt~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-mysql\", rpm:\"php53-mysql~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-odbc\", rpm:\"php53-odbc~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-openssl\", rpm:\"php53-openssl~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-pcntl\", rpm:\"php53-pcntl~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-pdo\", rpm:\"php53-pdo~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-pear\", rpm:\"php53-pear~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-pgsql\", rpm:\"php53-pgsql~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-pspell\", rpm:\"php53-pspell~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-shmop\", rpm:\"php53-shmop~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-snmp\", rpm:\"php53-snmp~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-soap\", rpm:\"php53-soap~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-suhosin\", rpm:\"php53-suhosin~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-sysvmsg\", rpm:\"php53-sysvmsg~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-sysvsem\", rpm:\"php53-sysvsem~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-sysvshm\", rpm:\"php53-sysvshm~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-tokenizer\", rpm:\"php53-tokenizer~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-wddx\", rpm:\"php53-wddx~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-xmlreader\", rpm:\"php53-xmlreader~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-xmlrpc\", rpm:\"php53-xmlrpc~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-xmlwriter\", rpm:\"php53-xmlwriter~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-xsl\", rpm:\"php53-xsl~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-zip\", rpm:\"php53-zip~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php53-zlib\", rpm:\"php53-zlib~5.3.17~0.43.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:37:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4605", "CVE-2015-4602", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-07-07T00:00:00", "id": "OPENVAS:1361412562310850662", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850662", "type": "openvas", "title": "openSUSE: Security Advisory for php5 (openSUSE-SU-2015:1197-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850662\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4598\", \"CVE-2015-4599\",\n \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\",\n \"CVE-2015-4604\", \"CVE-2015-4605\", \"CVE-2015-4643\", \"CVE-2015-4644\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:19:20 +0200 (Tue, 07 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for php5 (openSUSE-SU-2015:1197-1)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php5'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The PHP script interpreter was updated to\n receive various security fixes:\n\n * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization\n type confusion.\n\n * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type\n confusion issues in unserialize() with various SOAP methods.\n\n * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type\n confusion issue after unserialize.\n\n * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.\n\n * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist()\n that could result in a heap overflow.\n\n * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]:\n Added missing null byte checks for paths in various PHP extensions.\");\n\n script_tag(name:\"affected\", value:\"php5 on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:1197-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5-debuginfo\", rpm:\"apache2-mod_php5-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath-debuginfo\", rpm:\"php5-bcmath-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2-debuginfo\", rpm:\"php5-bz2-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar-debuginfo\", rpm:\"php5-calendar-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype-debuginfo\", rpm:\"php5-ctype-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl-debuginfo\", rpm:\"php5-curl-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba-debuginfo\", rpm:\"php5-dba-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debuginfo\", rpm:\"php5-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debugsource\", rpm:\"php5-debugsource~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom-debuginfo\", rpm:\"php5-dom-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant\", rpm:\"php5-enchant~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant-debuginfo\", rpm:\"php5-enchant-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif-debuginfo\", rpm:\"php5-exif-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi-debuginfo\", rpm:\"php5-fastcgi-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo\", rpm:\"php5-fileinfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo-debuginfo\", rpm:\"php5-fileinfo-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-firebird\", rpm:\"php5-firebird~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-firebird-debuginfo\", rpm:\"php5-firebird-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm\", rpm:\"php5-fpm~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm-debuginfo\", rpm:\"php5-fpm-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp-debuginfo\", rpm:\"php5-ftp-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd-debuginfo\", rpm:\"php5-gd-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext-debuginfo\", rpm:\"php5-gettext-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp-debuginfo\", rpm:\"php5-gmp-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv-debuginfo\", rpm:\"php5-iconv-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap-debuginfo\", rpm:\"php5-imap-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl\", rpm:\"php5-intl~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl-debuginfo\", rpm:\"php5-intl-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json-debuginfo\", rpm:\"php5-json-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap-debuginfo\", rpm:\"php5-ldap-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring-debuginfo\", rpm:\"php5-mbstring-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt-debuginfo\", rpm:\"php5-mcrypt-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql\", rpm:\"php5-mssql~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql-debuginfo\", rpm:\"php5-mssql-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql-debuginfo\", rpm:\"php5-mysql-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc-debuginfo\", rpm:\"php5-odbc-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl-debuginfo\", rpm:\"php5-openssl-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl-debuginfo\", rpm:\"php5-pcntl-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo-debuginfo\", rpm:\"php5-pdo-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql-debuginfo\", rpm:\"php5-pgsql-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar\", rpm:\"php5-phar~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar-debuginfo\", rpm:\"php5-phar-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix-debuginfo\", rpm:\"php5-posix-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell-debuginfo\", rpm:\"php5-pspell-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline-debuginfo\", rpm:\"php5-readline-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop-debuginfo\", rpm:\"php5-shmop-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp-debuginfo\", rpm:\"php5-snmp-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap-debuginfo\", rpm:\"php5-soap-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets-debuginfo\", rpm:\"php5-sockets-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite-debuginfo\", rpm:\"php5-sqlite-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin-debuginfo\", rpm:\"php5-suhosin-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg-debuginfo\", rpm:\"php5-sysvmsg-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem-debuginfo\", rpm:\"php5-sysvsem-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm-debuginfo\", rpm:\"php5-sysvshm-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy-debuginfo\", rpm:\"php5-tidy-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer-debuginfo\", rpm:\"php5-tokenizer-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx-debuginfo\", rpm:\"php5-wddx-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader-debuginfo\", rpm:\"php5-xmlreader-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc-debuginfo\", rpm:\"php5-xmlrpc-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter-debuginfo\", rpm:\"php5-xmlwriter-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl-debuginfo\", rpm:\"php5-xsl-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip-debuginfo\", rpm:\"php5-zip-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib-debuginfo\", rpm:\"php5-zlib-debuginfo~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.4.20~61.5\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2783", "CVE-2015-3329", "CVE-2015-1352", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4602", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599"], "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-06-17T00:00:00", "id": "OPENVAS:1361412562310805656", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805656", "type": "openvas", "title": "PHP Multiple Vulnerabilities - 03 - Jun15 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln03_june15_win.nasl 2015-06-17 16:00:15 July$\n#\n# PHP Multiple Vulnerabilities - 03 - Jun15 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805656\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-3329\", \"CVE-2015-3307\", \"CVE-2015-2783\", \"CVE-2015-1352\",\n \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4602\", \"CVE-2015-4603\",\n \"CVE-2015-4604\", \"CVE-2015-4605\", \"CVE-2015-3411\", \"CVE-2015-3412\");\n script_bugtraq_id(74240, 74239, 74703, 75251, 75252, 74413, 75249, 75241, 75233,\n 75255, 75250);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-17 16:00:15 +0530 (Wed, 17 Jun 2015)\");\n script_name(\"PHP Multiple Vulnerabilities - 03 - Jun15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Multiple stack-based buffer overflows in the 'phar_set_inode' function in\n phar_internal.h script in PHP.\n\n - Vulnerabilities in 'phar_parse_metadata' and 'phar_parse_pharfile' functions\n in ext/phar/phar.c script in PHP.\n\n - A NULL pointer dereference flaw in the 'build_tablename' function in\n 'ext/pgsql/pgsql.c' script that is triggered when handling NULL return values\n for 'token'\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to cause a denial of service, to obtain sensitive\n information from process memory and to execute arbitrary code via crafted\n dimensions.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.4.40, 5.5.x before\n 5.5.24, and 5.6.x before 5.6.8\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP 5.4.40 or 5.5.24 or 5.6.8\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=69085\");\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2015/06/01/4\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n script_xref(name:\"URL\", value:\"http://www.php.net\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(phpVer =~ \"^5\\.5\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.5.0\", test_version2:\"5.5.23\"))\n {\n fix = \"5.5.24\";\n VULN = TRUE;\n }\n}\n\nif(phpVer =~ \"^5\\.6\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.6.0\", test_version2:\"5.6.7\"))\n {\n fix = \"5.6.8\";\n VULN = TRUE;\n }\n}\n\nif(phpVer =~ \"^5\\.4\")\n{\n if(version_is_less(version:phpVer, test_version:\"5.4.40\"))\n {\n fix = \"5.4.40\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = 'Installed Version: ' + phpVer + '\\n' +\n 'Fixed Version: ' + fix + '\\n';\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2783", "CVE-2015-3329", "CVE-2015-1352", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4602", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599"], "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-06-17T00:00:00", "id": "OPENVAS:1361412562310805657", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805657", "type": "openvas", "title": "PHP Multiple Vulnerabilities - 03 - Jun15 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln03_june15_lin.nasl 2015-06-17 16:00:15 July$\n#\n# PHP Multiple Vulnerabilities - 03 - Jun15 (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805657\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-3329\", \"CVE-2015-3307\", \"CVE-2015-2783\", \"CVE-2015-1352\",\n \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4602\", \"CVE-2015-4603\",\n \"CVE-2015-4604\", \"CVE-2015-4605\", \"CVE-2015-3411\", \"CVE-2015-3412\");\n script_bugtraq_id(74240, 74239, 74703, 75251, 75252, 74413, 75249, 75241, 75233,\n 75255, 75250);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-17 16:00:15 +0530 (Wed, 17 Jun 2015)\");\n script_name(\"PHP Multiple Vulnerabilities - 03 - Jun15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Multiple stack-based buffer overflows in the 'phar_set_inode' function in\n phar_internal.h script in PHP.\n\n - Vulnerabilities in 'phar_parse_metadata' and 'phar_parse_pharfile' functions\n in ext/phar/phar.c script in PHP.\n\n - A NULL pointer dereference flaw in the 'build_tablename' function in\n 'ext/pgsql/pgsql.c' script that is triggered when handling NULL return values\n for 'token'.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to cause a denial of service, to obtain sensitive\n information from process memory and to execute arbitrary code via crafted\n dimensions.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.4.40, 5.5.x before\n 5.5.24, and 5.6.x before 5.6.8\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP 5.4.40 or 5.5.24 or 5.6.8\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=69085\");\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2015/06/01/4\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n script_xref(name:\"URL\", value:\"http://www.php.net\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(phpVer =~ \"^5\\.5\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.5.0\", test_version2:\"5.5.23\"))\n {\n fix = \"5.5.24\";\n VULN = TRUE;\n }\n}\n\nif(phpVer =~ \"^5\\.6\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.6.0\", test_version2:\"5.6.7\"))\n {\n fix = \"5.6.8\";\n VULN = TRUE;\n }\n}\n\nif(phpVer =~ \"^5\\.4\")\n{\n if(version_is_less(version:phpVer, test_version:\"5.4.40\"))\n {\n fix = \"5.4.40\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = 'Installed Version: ' + phpVer + '\\n' +\n 'Fixed Version: ' + fix + '\\n';\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-4644", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4598", "CVE-2015-4643"], "description": "Oracle Linux Local Security Checks ELSA-2015-1186", "modified": "2019-03-14T00:00:00", "published": "2016-02-05T00:00:00", "id": "OPENVAS:1361412562310122871", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122871", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1186", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1186.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122871\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 14:01:40 +0200 (Fri, 05 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1186\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1186 - php55-php security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1186\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1186.html\");\n script_cve_id(\"CVE-2015-4643\", \"CVE-2015-4644\", \"CVE-2015-2783\", \"CVE-2015-3307\", \"CVE-2015-3329\", \"CVE-2015-3330\", \"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\", \"CVE-2015-4598\", \"CVE-2015-4602\", \"CVE-2015-4603\", \"CVE-2015-4604\", \"CVE-2015-4605\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"php55-php\", rpm:\"php55-php~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-bcmath\", rpm:\"php55-php-bcmath~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-cli\", rpm:\"php55-php-cli~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-common\", rpm:\"php55-php-common~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-dba\", rpm:\"php55-php-dba~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-devel\", rpm:\"php55-php-devel~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-enchant\", rpm:\"php55-php-enchant~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-fpm\", rpm:\"php55-php-fpm~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-gd\", rpm:\"php55-php-gd~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-gmp\", rpm:\"php55-php-gmp~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-intl\", rpm:\"php55-php-intl~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-ldap\", rpm:\"php55-php-ldap~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-mbstring\", rpm:\"php55-php-mbstring~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-mysqlnd\", rpm:\"php55-php-mysqlnd~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-odbc\", rpm:\"php55-php-odbc~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-opcache\", rpm:\"php55-php-opcache~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-pdo\", rpm:\"php55-php-pdo~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-pgsql\", rpm:\"php55-php-pgsql~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-process\", rpm:\"php55-php-process~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-pspell\", rpm:\"php55-php-pspell~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-recode\", rpm:\"php55-php-recode~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-snmp\", rpm:\"php55-php-snmp~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-soap\", rpm:\"php55-php-soap~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-xml\", rpm:\"php55-php-xml~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-xmlrpc\", rpm:\"php55-php-xmlrpc~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-07-07T00:00:00", "id": "OPENVAS:1361412562310842265", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842265", "type": "openvas", "title": "Ubuntu Update for php5 USN-2658-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for php5 USN-2658-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842265\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:44:17 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4025\", \"CVE-2015-4026\",\n \"CVE-2015-4598\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4643\",\n \"CVE-2015-4024\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4599\",\n \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\",\n \"CVE-2015-4604\", \"CVE-2015-4605\", \"CVE-2015-4644\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for php5 USN-2658-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php5'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Neal Poole and Tomas Hoger discovered that\nPHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly\nuse this issue to bypass intended restrictions and create or obtain access to\nsensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-4598)\n\nEmmanuel Law discovered that the PHP phar extension incorrectly handled\nfilenames starting with a NULL byte. A remote attacker could use this issue\nwith a crafted tar archive to cause a denial of service. (CVE-2015-4021)\n\nMax Spelsberg discovered that PHP incorrectly handled the LIST command\nwhen connecting to remote FTP servers. A malicious FTP server could\npossibly use this issue to execute arbitrary code. (CVE-2015-4022,\nCVE-2015-4643)\n\nShusheng Liu discovered that PHP incorrectly handled certain malformed form\ndata. A remote attacker could use this issue with crafted form data to\ncause CPU consumption, leading to a denial of service. (CVE-2015-4024)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\ndata types. A remote attacker could use this issue with crafted serialized\ndata to possibly execute arbitrary code. (CVE-2015-4147)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\nthat the uri property is a string. A remote attacker could use this issue\nwith crafted serialized data to possibly obtain sensitive information.\n(CVE-2015-4148)\n\nTaoguang Chen discovered that PHP incorrectly validated data types in\nmultiple locations. A remote attacker could possibly use these issues to\nobtain sensitive information or cause a denial of service. (CVE-2015-4599,\nCVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was discovered that the PHP Fileinfo component incorrectly handled\ncertain files. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service. This issue only affected Ubuntu\n15.04. (CVE-2015-4604, CVE-2015-4605)\n\nIt was discovered that PHP incorrectly handled table names in\nphp_pgsql_meta_data. A local attacker could possibly use this issue to\ncause PHP to crash, resulting in a denial of service. (CVE-2015-4644)\");\n script_tag(name:\"affected\", value:\"php5 on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2658-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2658-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.5.12+dfsg-2ubuntu4.6\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.5.12+dfsg-2ubuntu4.6\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.5.12+dfsg-2ubuntu4.6\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.5.12+dfsg-2ubuntu4.6\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.5.9+dfsg-1ubuntu4.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.5.9+dfsg-1ubuntu4.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.5.9+dfsg-1ubuntu4.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.5.9+dfsg-1ubuntu4.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.10-1ubuntu3.19\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.10-1ubuntu3.19\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.10-1ubuntu3.19\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.3.10-1ubuntu3.19\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "description": "Check the version of php", "modified": "2019-03-08T00:00:00", "published": "2015-07-10T00:00:00", "id": "OPENVAS:1361412562310882219", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882219", "type": "openvas", "title": "CentOS Update for php CESA-2015:1218 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2015:1218 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882219\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2014-9425\", \"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2015-0232\",\n \"CVE-2015-0273\", \"CVE-2015-2301\", \"CVE-2015-2783\", \"CVE-2015-2787\",\n \"CVE-2015-3307\", \"CVE-2015-3329\", \"CVE-2015-3411\", \"CVE-2015-3412\",\n \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4026\",\n \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\",\n \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-10 06:08:37 +0200 (Fri, 10 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for php CESA-2015:1218 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of php\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language\n commonly used with the Apache HTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\");\n script_tag(name:\"affected\", value:\"php on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1218\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-July/021237.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zts\", rpm:\"php-zts~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "description": "Oracle Linux Local Security Checks ELSA-2015-1218", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123083", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1218", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1218.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123083\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:09 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1218\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1218 - php security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1218\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1218.html\");\n script_cve_id(\"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2015-0232\", \"CVE-2015-0273\", \"CVE-2015-2301\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3307\", \"CVE-2015-3329\", \"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4026\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\", \"CVE-2014-9425\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-zts\", rpm:\"php-zts~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-07-10T00:00:00", "id": "OPENVAS:1361412562310871388", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871388", "type": "openvas", "title": "RedHat Update for php RHSA-2015:1218-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for php RHSA-2015:1218-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871388\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2014-9425\", \"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2015-0232\",\n \"CVE-2015-0273\", \"CVE-2015-2301\", \"CVE-2015-2783\", \"CVE-2015-2787\",\n \"CVE-2015-3307\", \"CVE-2015-3329\", \"CVE-2015-3411\", \"CVE-2015-3412\",\n \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4026\",\n \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\",\n \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-10 06:07:32 +0200 (Fri, 10 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for php RHSA-2015:1218-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting\n language commonly used with the Apache HTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\");\n script_tag(name:\"affected\", value:\"php on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1218-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-July/msg00005.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2014-9427", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-2305", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4602", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2014-9652", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-1351", "CVE-2015-4599", "CVE-2015-0231"], "description": "Oracle Linux Local Security Checks ELSA-2015-1066", "modified": "2019-03-14T00:00:00", "published": "2016-02-05T00:00:00", "id": "OPENVAS:1361412562310122874", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122874", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1066", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1066.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122874\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 14:01:42 +0200 (Fri, 05 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1066\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1066 - php54 security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1066\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1066.html\");\n script_cve_id(\"CVE-2014-9427\", \"CVE-2015-1351\", \"CVE-2015-2305\", \"CVE-2014-8142\", \"CVE-2014-9652\", \"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2015-0231\", \"CVE-2015-0232\", \"CVE-2015-0273\", \"CVE-2015-2301\", \"CVE-2015-2348\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3307\", \"CVE-2015-3329\", \"CVE-2015-3330\", \"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\", \"CVE-2015-4604\", \"CVE-2015-4605\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"php54\", rpm:\"php54~2.0~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php\", rpm:\"php54-php~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-bcmath\", rpm:\"php54-php-bcmath~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-cli\", rpm:\"php54-php-cli~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-common\", rpm:\"php54-php-common~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-dba\", rpm:\"php54-php-dba~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-devel\", rpm:\"php54-php-devel~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-enchant\", rpm:\"php54-php-enchant~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-fpm\", rpm:\"php54-php-fpm~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-gd\", rpm:\"php54-php-gd~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-intl\", rpm:\"php54-php-intl~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-ldap\", rpm:\"php54-php-ldap~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-mbstring\", rpm:\"php54-php-mbstring~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-mysqlnd\", rpm:\"php54-php-mysqlnd~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-odbc\", rpm:\"php54-php-odbc~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pdo\", rpm:\"php54-php-pdo~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pecl-zendopcache\", rpm:\"php54-php-pecl-zendopcache~7.0.4~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pgsql\", rpm:\"php54-php-pgsql~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-process\", rpm:\"php54-php-process~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pspell\", rpm:\"php54-php-pspell~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-recode\", rpm:\"php54-php-recode~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-snmp\", rpm:\"php54-php-snmp~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-soap\", rpm:\"php54-php-soap~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-xml\", rpm:\"php54-php-xml~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-xmlrpc\", rpm:\"php54-php-xmlrpc~5.4.40~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-runtime\", rpm:\"php54-runtime~2.0~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-scldevel\", rpm:\"php54-scldevel~2.0~1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"php54\", rpm:\"php54~2.0~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php\", rpm:\"php54-php~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-bcmath\", rpm:\"php54-php-bcmath~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-cli\", rpm:\"php54-php-cli~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-common\", rpm:\"php54-php-common~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-dba\", rpm:\"php54-php-dba~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-devel\", rpm:\"php54-php-devel~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-enchant\", rpm:\"php54-php-enchant~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-fpm\", rpm:\"php54-php-fpm~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-gd\", rpm:\"php54-php-gd~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-imap\", rpm:\"php54-php-imap~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-intl\", rpm:\"php54-php-intl~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-ldap\", rpm:\"php54-php-ldap~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-mbstring\", rpm:\"php54-php-mbstring~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-mysqlnd\", rpm:\"php54-php-mysqlnd~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-odbc\", rpm:\"php54-php-odbc~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pdo\", rpm:\"php54-php-pdo~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pecl-zendopcache\", rpm:\"php54-php-pecl-zendopcache~7.0.4~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pgsql\", rpm:\"php54-php-pgsql~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-process\", rpm:\"php54-php-process~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pspell\", rpm:\"php54-php-pspell~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-recode\", rpm:\"php54-php-recode~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-snmp\", rpm:\"php54-php-snmp~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-soap\", rpm:\"php54-php-soap~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-tidy\", rpm:\"php54-php-tidy~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-xml\", rpm:\"php54-php-xml~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-xmlrpc\", rpm:\"php54-php-xmlrpc~5.4.40~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-runtime\", rpm:\"php54-runtime~2.0~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-scldevel\", rpm:\"php54-scldevel~2.0~1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:13:25", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4602", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "description": "The PHP script interpreter was updated to fix various security issues:\n\n * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class\n unserialization type confusion.\n * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type\n confusion issues in unserialize() with various SOAP methods.\n * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type\n confusion issue after unserialize.\n * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.\n * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in\n ftp_genlist() that could result in a heap overflow.\n * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227],\n [bnc#935232]: Added missing null byte checks for paths in various\n PHP extensions.\n * CVE-2015-4148 [bnc#933227]: Fixed a SoapClient's do_soap_call() type\n confusion after unserialize() information disclosure.\n\n Also the following bug were fixed:\n\n * fix a segmentation fault in odbc_fetch_array [bnc#935074]\n * fix timezone map [bnc#919080]\n\n Security Issues:\n\n * CVE-2015-3411\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3411\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3411</a>>\n * CVE-2015-3412\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3412\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3412</a>>\n * CVE-2015-4148\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4148\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4148</a>>\n * CVE-2015-4598\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4598\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4598</a>>\n * CVE-2015-4599\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4599\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4599</a>>\n * CVE-2015-4600\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4600\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4600</a>>\n * CVE-2015-4601\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4601\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4601</a>>\n * CVE-2015-4602\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4602\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4602</a>>\n * CVE-2015-4603\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4603\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4603</a>>\n * CVE-2015-4643\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643</a>>\n * CVE-2015-4644\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644</a>>\n\n", "edition": 1, "modified": "2015-07-17T20:09:41", "published": "2015-07-17T20:09:41", "id": "SUSE-SU-2015:1265-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00030.html", "type": "suse", "title": "Security update for PHP (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:28:47", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4605", "CVE-2015-4602", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "description": "The PHP script interpreter was updated to receive various security fixes:\n\n * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization\n type confusion.\n * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type\n confusion issues in unserialize() with various SOAP methods.\n * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type\n confusion issue after unserialize.\n * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.\n * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist()\n that could result in a heap overflow.\n * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]:\n Added missing null byte checks for paths in various PHP extensions.\n\n", "edition": 1, "modified": "2015-07-06T10:05:40", "published": "2015-07-06T10:05:40", "id": "OPENSUSE-SU-2015:1197-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00012.html", "title": "Security update for php5 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:28:40", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "description": "This security update of PHP fixes the following issues:\n\n Security issues fixed:\n\n * CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS\n Vulnerability.\n * CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity.\n * CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that\n resulted in a heap overflow.\n * CVE-2015-4021 [bnc#931769]: Fixed memory corruption in\n phar_parse_tarfile when entry filename starts with NULL.\n * CVE-2015-4148 [bnc#933227]: Fixed SoapClient's do_soap_call() type\n confusion after unserialize() information disclosure.\n * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization\n type confusion.\n * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type\n confusion issues in unserialize() with various SOAP methods.\n * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type\n confusion issue after unserialize.\n * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.\n * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist()\n that could result in a heap overflow.\n * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]:\n Added missing null byte checks for paths in various PHP extensions.\n\n Bugs fixed:\n\n * configure php-fpm with --localstatedir=/var [bnc#927147]\n * fix timezone map [bnc#919080]\n\n", "edition": 1, "modified": "2015-07-17T11:08:12", "published": "2015-07-17T11:08:12", "id": "SUSE-SU-2015:1253-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00027.html", "type": "suse", "title": "Security update for php5 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:43:58", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "description": "This security update of PHP fixes the following issues:\n\n Security issues fixed:\n\n * CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS\n Vulnerability.\n * CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity.\n * CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that\n resulted in a heap overflow.\n * CVE-2015-4021 [bnc#931769]: Fixed memory corruption in\n phar_parse_tarfile when entry filename starts with NULL.\n * CVE-2015-4148 [bnc#933227]: Fixed SoapClient's do_soap_call() type\n confusion after unserialize() information disclosure.\n * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization\n type confusion.\n * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type\n confusion issues in unserialize() with various SOAP methods.\n * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type\n confusion issue after unserialize.\n * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.\n * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist()\n that could result in a heap overflow.\n * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]:\n Added missing null byte checks for paths in various PHP extensions.\n\n Bugs fixed:\n\n * configure php-fpm with --localstatedir=/var [bnc#927147]\n * fix timezone map [bnc#919080]\n\n", "edition": 1, "modified": "2015-07-17T10:12:10", "published": "2015-07-17T10:12:10", "id": "SUSE-SU-2015:1253-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00026.html", "title": "Security update for php5 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:09:51", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2014-9767", "CVE-2016-4342", "CVE-2015-2783", "CVE-2015-8873", "CVE-2015-5161", "CVE-2015-3329", "CVE-2014-3478", "CVE-2016-4540", "CVE-2016-4538", "CVE-2015-4644", "CVE-2015-8879", "CVE-2015-1352", "CVE-2016-3185", "CVE-2016-4544", "CVE-2015-2301", "CVE-2014-3515", "CVE-2014-3479", "CVE-2015-8867", "CVE-2014-9709", "CVE-2014-4670", "CVE-2015-2305", "CVE-2016-4543", "CVE-2014-3668", "CVE-2015-0273", "CVE-2016-4542", "CVE-2016-4541", "CVE-2014-3480", "CVE-2014-8142", "CVE-2015-4148", "CVE-2006-7243", "CVE-2014-0207", "CVE-2016-2554", "CVE-2014-3669", "CVE-2015-4024", "CVE-2015-8835", "CVE-2015-4021", "CVE-2014-3487", "CVE-2014-3597", "CVE-2015-6836", "CVE-2015-3152", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-6833", "CVE-2014-4721", "CVE-2016-4070", "CVE-2014-4698", "CVE-2015-8874", "CVE-2015-3411", "CVE-2015-4116", "CVE-2014-4049", "CVE-2015-6831", "CVE-2014-3670", "CVE-2015-5590", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2016-4539", "CVE-2015-6837", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-4073", "CVE-2015-7803", "CVE-2014-5459", "CVE-2015-4603", "CVE-2015-4599", "CVE-2016-5096", "CVE-2015-4598", "CVE-2015-8866", "CVE-2015-5589", "CVE-2016-3141", "CVE-2015-4643", "CVE-2015-8838", "CVE-2016-4346", "CVE-2015-0231", "CVE-2016-5114", "CVE-2004-1019", "CVE-2016-3142", "CVE-2015-6838", "CVE-2016-4537"], "edition": 1, "description": "This update for php53 to version 5.3.17 fixes the following issues:\n\n These security issues were fixed:\n - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010).\n - CVE-2016-5094: Don't create strings with lengths outside int range\n (bnc#982011).\n - CVE-2016-5095: Don't create strings with lengths outside int range\n (bnc#982012).\n - CVE-2016-5096: int/size_t confusion in fread (bsc#982013).\n - CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162).\n - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP\n mishandles driver behavior for SQL_WVARCHAR columns, which allowed\n remote attackers to cause a denial of service (application crash) in\n opportunistic circumstances by leveraging use of the odbc_fetch_array\n function to access a certain type of Microsoft SQL Server table\n (bsc#981050).\n - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert\n function in ext/spl/spl_heap.c in PHP allowed remote attackers to\n execute arbitrary code by triggering a failed SplMinHeap::compare\n operation (bsc#980366).\n - CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed\n remote attackers to cause a denial of service via a crafted\n imagefilltoborder call (bsc#980375).\n - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c\n in PHP allowed remote attackers to cause a denial of service\n (segmentation fault) via recursive method calls (bsc#980373).\n - CVE-2016-4540: The grapheme_stripos function in\n ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via a negative offset (bsc#978829).\n - CVE-2016-4541: The grapheme_strpos function in\n ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via a negative offset (bsc#978829.\n - CVE-2016-4542: The exif_process_IFD_TAG function in ext/exif/exif.c in\n PHP did not properly construct spprintf arguments, which allowed remote\n attackers to cause a denial of service (out-of-bounds read) or possibly\n have unspecified other impact via crafted header data (bsc#978830).\n - CVE-2016-4543: The exif_process_IFD_in_JPEG function in ext/exif/exif.c\n in PHP did not validate IFD sizes, which allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header data (bsc#978830.\n - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c\n in PHP did not validate TIFF start data, which allowed remote attackers\n to cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header data (bsc#978830.\n - CVE-2016-4537: The bcpowmod function in ext/bcmath/bcmath.c in PHP\n accepted a negative integer for the scale argument, which allowed remote\n attackers to cause a denial of service or possibly have unspecified\n other impact via a crafted call (bsc#978827).\n - CVE-2016-4538: The bcpowmod function in ext/bcmath/bcmath.c in PHP\n modified certain data structures without considering whether they are\n copies of the _zero_, _one_, or _two_ global variable, which allowed\n remote attackers to cause a denial of service or possibly have\n unspecified other impact via a crafted call (bsc#978827).\n - CVE-2016-4539: The xml_parse_into_struct function in ext/xml/xml.c in\n PHP allowed remote attackers to cause a denial of service (buffer\n under-read and segmentation fault) or possibly have unspecified other\n impact via crafted XML data in the second argument, leading to a parser\n level of zero (bsc#978828).\n - CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles zero-length\n uncompressed data, which allowed remote attackers to cause a denial of\n service (heap memory corruption) or possibly have unspecified other\n impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive (bsc#977991).\n - CVE-2016-4346: Integer overflow in the str_pad function in\n ext/standard/string.c in PHP allowed remote attackers to cause a denial\n of service or possibly have unspecified other impact via a long string,\n leading to a heap-based buffer overflow (bsc#977994).\n - CVE-2016-4073: Multiple integer overflows in the mbfl_strcut function in\n ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed remote attackers to\n cause a denial of service (application crash) or possibly execute\n arbitrary code via a crafted mb_strcut call (bsc#977003).\n - CVE-2015-8867: The openssl_random_pseudo_bytes function in\n ext/openssl/openssl.c in PHP incorrectly relied on the deprecated\n RAND_pseudo_bytes function, which made it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors\n (bsc#977005).\n - CVE-2016-4070: Integer overflow in the php_raw_url_encode function in\n ext/standard/url.c in PHP allowed remote attackers to cause a denial of\n service (application crash) via a long string to the rawurlencode\n function (bsc#976997).\n - CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM is used, did not\n isolate each thread from libxml_disable_entity_loader changes in other\n threads, which allowed remote attackers to conduct XML External Entity\n (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document,\n a related issue to CVE-2015-5161 (bsc#976996).\n - CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a client SSL option to\n mean that SSL is optional, which allowed man-in-the-middle attackers to\n spoof servers via a cleartext-downgrade attack, a related issue to\n CVE-2015-3152 (bsc#973792).\n - CVE-2015-8835: The make_http_soap_request function in\n ext/soap/php_http.c in PHP did not properly retrieve keys, which allowed\n remote attackers to cause a denial of service (NULL pointer dereference,\n type confusion, and application crash) or possibly execute arbitrary\n code via crafted serialized data representing a numerically indexed\n _cookies array, related to the SoapClient::__call method in\n ext/soap/soap.c (bsc#973351).\n - CVE-2016-3141: Use-after-free vulnerability in wddx.c in the WDDX\n extension in PHP allowed remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly have unspecified\n other impact by triggering a wddx_deserialize call on XML data\n containing a crafted var element (bsc#969821).\n - CVE-2016-3142: The phar_parse_zipfile function in zip.c in the PHAR\n extension in PHP allowed remote attackers to obtain sensitive\n information from process memory or cause a denial of service\n (out-of-bounds read and application crash) by placing a PK\\x05\\x06\n signature at an invalid location (bsc#971912).\n - CVE-2014-9767: Directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c in PHP\n ext/zip/ext_zip.cpp in HHVM allowed remote attackers to create arbitrary\n empty directories via a crafted ZIP archive (bsc#971612).\n - CVE-2016-3185: The make_http_soap_request function in\n ext/soap/php_http.c in PHP allowed remote attackers to obtain sensitive\n information from process memory or cause a denial of service (type\n confusion and application crash) via crafted serialized _cookies data,\n related to the SoapClient::__call method in ext/soap/soap.c (bsc#971611).\n - CVE-2016-2554: Stack-based buffer overflow in ext/phar/tar.c in PHP\n allowed remote attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a crafted TAR\n archive (bsc#968284).\n - CVE-2015-7803: The phar_get_entry_data function in ext/phar/util.c in\n PHP allowed remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) via a .phar file with a crafted TAR\n archive entry in which the Link indicator references a file that did not\n exist (bsc#949961).\n - CVE-2015-6831: Multiple use-after-free vulnerabilities in SPL in PHP\n allowed remote attackers to execute arbitrary code via vectors involving\n (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList,\n which are mishandled during unserialization (bsc#942291).\n - CVE-2015-6833: Directory traversal vulnerability in the PharData class\n in PHP allowed remote attackers to write to arbitrary files via a ..\n (dot dot) in a ZIP archive entry that is mishandled during an extractTo\n call (bsc#942296.\n - CVE-2015-6836: The SoapClient __call method in ext/soap/soap.c in PHP\n did not properly manage headers, which allowed remote attackers to\n execute arbitrary code via crafted serialized data that triggers a "type\n confusion" in the serialize_function_call function (bsc#945428).\n - CVE-2015-6837: The xsl_ext_function_php function in\n ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider\n the possibility of a NULL valuePop return value proceeding with a free\n operation during initial error checking, which allowed remote attackers\n to cause a denial of service (NULL pointer dereference and application\n crash) via a crafted XML document, a different vulnerability than\n CVE-2015-6838 (bsc#945412).\n - CVE-2015-6838: The xsl_ext_function_php function in\n ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider\n the possibility of a NULL valuePop return value proceeding with a free\n operation after the principal argument loop, which allowed remote\n attackers to cause a denial of service (NULL pointer dereference and\n application crash) via a crafted XML document, a different vulnerability\n than CVE-2015-6837 (bsc#945412).\n - CVE-2015-5590: Stack-based buffer overflow in the phar_fix_filepath\n function in ext/phar/phar.c in PHP allowed remote attackers to cause a\n denial of service or possibly have unspecified other impact via a large\n length value, as demonstrated by mishandling of an e-mail attachment by\n the imap PHP extension (bsc#938719).\n - CVE-2015-5589: The phar_convert_to_other function in\n ext/phar/phar_object.c in PHP did not validate a file pointer a close\n operation, which allowed remote attackers to cause a denial of service\n (segmentation fault) or possibly have unspecified other impact via a\n crafted TAR archive that is mishandled in a Phar::convertToData call\n (bsc#938721).\n - CVE-2015-4602: The __PHP_Incomplete_Class function in\n ext/standard/incomplete_class.c in PHP allowed remote attackers to cause\n a denial of service (application crash) or possibly execute arbitrary\n code via an unexpected data type, related to a "type confusion" issue\n (bsc#935224).\n - CVE-2015-4599: The SoapFault::__toString method in ext/soap/soap.c in\n PHP allowed remote attackers to obtain sensitive information, cause a\n denial of service (application crash), or possibly execute arbitrary\n code via an unexpected data type, related to a "type confusion" issue\n (bsc#935226).\n - CVE-2015-4600: The SoapClient implementation in PHP allowed remote\n attackers to cause a denial of service (application crash) or possibly\n execute arbitrary code via an unexpected data type, related to "type\n confusion" issues in the (1) SoapClient::__getLastRequest, (2)\n SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders,\n (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies,\n and (6) SoapClient::__setCookie methods (bsc#935226).\n - CVE-2015-4601: PHP allowed remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code via an unexpected\n data type, related to "type confusion" issues in (1)\n ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3)\n ext/soap/soap.c, a different issue than CVE-2015-4600 (bsc#935226.\n - CVE-2015-4603: The exception::getTraceAsString function in\n Zend/zend_exceptions.c in PHP allowed remote attackers to execute\n arbitrary code via an unexpected data type, related to a "type\n confusion" issue (bsc#935234).\n - CVE-2015-4644: The php_pgsql_meta_data function in pgsql.c in the\n PostgreSQL (aka pgsql) extension in PHP did not validate token\n extraction for table names, which might allowed remote attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) via a crafted name. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2015-1352 (bsc#935274).\n - CVE-2015-4643: Integer overflow in the ftp_genlist function in\n ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary\n code via a long reply to a LIST command, leading to a heap-based buffer\n overflow. NOTE: this vulnerability exists because of an incomplete fix\n for CVE-2015-4022 (bsc#935275).\n - CVE-2015-3411: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read or write to arbitrary\n files via crafted input to an application that calls (1) a DOMDocument\n load method, (2) the xmlwriter_open_uri function, (3) the finfo_file\n function, or (4) the hash_hmac_file function, as demonstrated by a\n filename\\0.xml attack that bypasses an intended configuration in which\n client users may read only .xml files (bsc#935227).\n - CVE-2015-3412: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read arbitrary files via\n crafted input to an application that calls the\n stream_resolve_include_path function in ext/standard/streamsfuncs.c, as\n demonstrated by a filename\\0.extension attack that bypasses an intended\n configuration in which client users may read files with only one\n specific extension (bsc#935229).\n - CVE-2015-4598: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read or write to arbitrary\n files via crafted input to an application that calls (1) a DOMDocument\n save method or (2) the GD imagepsloadfont function, as demonstrated by a\n filename\\0.html attack that bypasses an intended configuration in which\n client users may write to only .html files (bsc#935232).\n - CVE-2015-4148: The do_soap_call function in ext/soap/soap.c in PHP did\n not verify that the uri property is a string, which allowed remote\n attackers to obtain sensitive information by providing crafted\n serialized data with an int data type, related to a "type confusion"\n issue (bsc#933227).\n - CVE-2015-4024: Algorithmic complexity vulnerability in the\n multipart_buffer_headers function in main/rfc1867.c in PHP allowed\n remote attackers to cause a denial of service (CPU consumption) via\n crafted form data that triggers an improper order-of-growth outcome\n (bsc#931421).\n - CVE-2015-4026: The pcntl_exec implementation in PHP truncates a pathname\n upon encountering a \\x00 character, which might allowed remote attackers\n to bypass intended extension restrictions and execute files with\n unexpected names via a crafted first argument. NOTE: this vulnerability\n exists because of an incomplete fix for CVE-2006-7243 (bsc#931776).\n - CVE-2015-4022: Integer overflow in the ftp_genlist function in\n ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary\n code via a long reply to a LIST command, leading to a heap-based buffer\n overflow (bsc#931772).\n - CVE-2015-4021: The phar_parse_tarfile function in ext/phar/tar.c in PHP\n did not verify that the first character of a filename is different from\n the \\0 character, which allowed remote attackers to cause a denial of\n service (integer underflow and memory corruption) via a crafted entry in\n a tar archive (bsc#931769).\n - CVE-2015-3329: Multiple stack-based buffer overflows in the\n phar_set_inode function in phar_internal.h in PHP allowed remote\n attackers to execute arbitrary code via a crafted length value in a (1)\n tar, (2) phar, or (3) ZIP archive (bsc#928506).\n - CVE-2015-2783: ext/phar/phar.c in PHP allowed remote attackers to obtain\n sensitive information from process memory or cause a denial of service\n (buffer over-read and application crash) via a crafted length value in\n conjunction with crafted serialized data in a phar archive, related to\n the phar_parse_metadata and phar_parse_pharfile functions (bsc#928511).\n - CVE-2015-2787: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages use of the unset function within an __wakeup function, a\n related issue to CVE-2015-0231 (bsc#924972).\n - CVE-2014-9709: The GetCode_ function in gd_gif_in.c in GD 2.1.1 and\n earlier, as used in PHP allowed remote attackers to cause a denial of\n service (buffer over-read and application crash) via a crafted GIF image\n that is improperly handled by the gdImageCreateFromGif function\n (bsc#923945).\n - CVE-2015-2301: Use-after-free vulnerability in the phar_rename_archive\n function in phar_object.c in PHP allowed remote attackers to cause a\n denial of service or possibly have unspecified other impact via vectors\n that trigger an attempted renaming of a Phar archive to the name of an\n existing file (bsc#922452).\n - CVE-2015-2305: Integer overflow in the regcomp implementation in the\n Henry Spencer BSD regex library (aka rxspencer) 32-bit platforms might\n have allowed context-dependent attackers to execute arbitrary code via a\n large regular expression that leads to a heap-based buffer overflow\n (bsc#921950).\n - CVE-2014-9705: Heap-based buffer overflow in the\n enchant_broker_request_dict function in ext/enchant/enchant.c in PHP\n allowed remote attackers to execute arbitrary code via vectors that\n trigger creation of multiple dictionaries (bsc#922451).\n - CVE-2015-0273: Multiple use-after-free vulnerabilities in\n ext/date/php_date.c in PHP allowed remote attackers to execute arbitrary\n code via crafted serialized input containing a (1) R or (2) r type\n specifier in (a) DateTimeZone data handled by the\n php_date_timezone_initialize_from_hash function or (b) DateTime data\n handled by the php_date_initialize_from_hash function (bsc#918768).\n - CVE-2014-9652: The mconvert function in softmagic.c in file as used in\n the Fileinfo component in PHP did not properly handle a certain\n string-length field during a copy of a truncated version of a Pascal\n string, which might allowed remote attackers to cause a denial of\n service (out-of-bounds memory access and application crash) via a\n crafted file (bsc#917150).\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate keys within the serialized\n properties of an object, a different vulnerability than CVE-2004-1019\n (bsc#910659).\n - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate numerical keys within the\n serialized properties of an object. NOTE: this vulnerability exists\n because of an incomplete fix for CVE-2014-8142 (bsc#910659).\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate keys within the serialized\n properties of an object, a different vulnerability than CVE-2004-1019\n (bsc#910659).\n - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in\n PHP allowed remote attackers to execute arbitrary code or cause a denial\n of service (uninitialized pointer free and application crash) via\n crafted EXIF data in a JPEG image (bsc#914690).\n - CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF\n extension in PHP operates on floating-point arrays incorrectly, which\n allowed remote attackers to cause a denial of service (heap memory\n corruption and application crash) or possibly execute arbitrary code via\n a crafted JPEG image with TIFF thumbnail data that is improperly handled\n by the exif_thumbnail function (bsc#902357).\n - CVE-2014-3669: Integer overflow in the object_custom function in\n ext/standard/var_unserializer.c in PHP allowed remote attackers to cause\n a denial of service (application crash) or possibly execute arbitrary\n code via an argument to the unserialize function that triggers\n calculation of a large length value (bsc#902360).\n - CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the\n mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in\n PHP allowed remote attackers to cause a denial of service (application\n crash) via (1) a crafted first argument to the xmlrpc_set_type function\n or (2) a crafted argument to the xmlrpc_decode function, related to an\n out-of-bounds read operation (bsc#902368).\n - CVE-2014-5459: The PEAR_REST class in REST.php in PEAR in PHP allowed\n local users to write to arbitrary files via a symlink attack on a (1)\n rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to\n the retrieveCacheFirst and useLocalCache functions (bsc#893849).\n - CVE-2014-3597: Multiple buffer overflows in the php_parserr function in\n ext/standard/dns.c in PHP allowed remote DNS servers to cause a denial\n of service (application crash) or possibly execute arbitrary code via a\n crafted DNS record, related to the dns_get_record function and the\n dn_expand function. NOTE: this issue exists because of an incomplete fix\n for CVE-2014-4049 (bsc#893853).\n - CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in\n the SPL component in PHP allowed context-dependent attackers to cause a\n denial of service or possibly have unspecified other impact via crafted\n iterator usage within applications in certain web-hosting environments\n (bsc#886059).\n - CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in\n the SPL component in PHP allowed context-dependent attackers to cause a\n denial of service or possibly have unspecified other impact via crafted\n ArrayIterator usage within applications in certain web-hosting\n environments (bsc#886060).\n - CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP\n did not ensure use of the string data type for the PHP_AUTH_PW,\n PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might\n allowed context-dependent attackers to obtain sensitive information from\n process memory by using the integer data type with crafted values,\n related to a "type confusion" vulnerability, as demonstrated by reading\n a private SSL key in an Apache HTTP Server web-hosting environment with\n mod_ssl and a PHP 5.3.x mod_php (bsc#885961).\n - CVE-2014-0207: The cdf_read_short_sector function in cdf.c in file as\n used in the Fileinfo component in PHP allowed remote attackers to cause\n a denial of service (assertion failure and application exit) via a\n crafted CDF file (bsc#884986).\n - CVE-2014-3478: Buffer overflow in the mconvert function in softmagic.c\n in file as used in the Fileinfo component in PHP allowed remote\n attackers to cause a denial of service (application crash) via a crafted\n Pascal string in a FILE_PSTRING conversion (bsc#884987).\n - CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file as\n used in the Fileinfo component in PHP relies on incorrect sector-size\n data, which allowed remote attackers to cause a denial of service\n (application crash) via a crafted stream offset in a CDF file\n (bsc#884989).\n - CVE-2014-3480: The cdf_count_chain function in cdf.c in file as used in\n the Fileinfo component in PHP did not properly validate sector-count\n data, which allowed remote attackers to cause a denial of service\n (application crash) via a crafted CDF file (bsc#884990).\n - CVE-2014-3487: The cdf_read_property_info function in file as used in\n the Fileinfo component in PHP did not properly validate a stream offset,\n which allowed remote attackers to cause a denial of service (application\n crash) via a crafted CDF file (bsc#884991).\n - CVE-2014-3515: The SPL component in PHP incorrectly anticipates that\n certain data structures will have the array data type after\n unserialization, which allowed remote attackers to execute arbitrary\n code via a crafted string that triggers use of a Hashtable destructor,\n related to "type confusion" issues in (1) ArrayObject and (2)\n SPLObjectStorage (bsc#884992).\n\n These non-security issues were fixed:\n - bnc#935074: compare with SQL_NULL_DATA correctly\n - bnc#935074: fix segfault in odbc_fetch_array\n - bnc#919080: fix timezone map\n - bnc#925109: unserialize SoapClient type confusion\n\n", "modified": "2016-06-21T13:08:17", "published": "2016-06-21T13:08:17", "id": "SUSE-SU-2016:1638-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00041.html", "title": "Security update for php53 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-12-11T13:31:03", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2783", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4598", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605", "CVE-2015-4643", "CVE-2015-4644"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4025, CVE-2015-4026, CVE-2015-3411,\nCVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2783,\nCVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2015-4604,\nCVE-2015-4605)\n\nAll rh-php56-php users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service must be restarted for the\nupdate to take effect.\n", "modified": "2018-06-13T01:28:27", "published": "2015-06-25T04:00:00", "id": "RHSA-2015:1187", "href": "https://access.redhat.com/errata/RHSA-2015:1187", "type": "redhat", "title": "(RHSA-2015:1187) Important: rh-php56-php security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:31:35", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2783", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4598", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605", "CVE-2015-4643", "CVE-2015-4644"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4025, CVE-2015-4026, CVE-2015-3411,\nCVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2783,\nCVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2015-4604,\nCVE-2015-4605)\n\nAll php55-php users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service must be restarted for the\nupdate to take effect.\n", "modified": "2018-06-13T01:28:16", "published": "2015-06-25T04:00:00", "id": "RHSA-2015:1186", "href": "https://access.redhat.com/errata/RHSA-2015:1186", "type": "redhat", "title": "(RHSA-2015:1186) Important: php55-php security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:32", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9425", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-2301", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "modified": "2018-06-07T08:58:11", "published": "2015-07-09T04:00:00", "id": "RHSA-2015:1218", "href": "https://access.redhat.com/errata/RHSA-2015:1218", "type": "redhat", "title": "(RHSA-2015:1218) Moderate: php security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:33:20", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8142", "CVE-2014-9427", "CVE-2014-9652", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-1351", "CVE-2015-2301", "CVE-2015-2305", "CVE-2015-2348", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605", "CVE-2015-8935"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The php54 packages provide a recent stable release of PHP with\nthe PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a\nnumber of additional utilities.\n\nThe php54 packages have been upgraded to upstream version 5.4.40, which\nprovides a number of bug fixes over the version shipped in Red Hat Software\nCollections 1. (BZ#1168193)\n\nThe following security issues were fixed in the php54-php component:\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2783,\nCVE-2015-3307, CVE-2015-3329)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA heap buffer overflow flaw was found in PHP's regular expression\nextension. An attacker able to make PHP process a specially crafted regular\nexpression pattern could cause it to crash and possibly execute arbitrary\ncode. (CVE-2015-2305)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA use-after-free flaw was found in PHP's phar (PHP Archive) extension.\nAn attacker able to trigger certain error condition in phar archive\nprocessing could possibly use this flaw to disclose certain portions of\nserver memory. (CVE-2015-2301)\n\nAn ouf-of-bounds read flaw was found in the way the File Information\n(fileinfo) extension processed certain Pascal strings. A remote attacker\ncould cause a PHP application to crash if it used fileinfo to identify the\ntype of the attacker-supplied file. (CVE-2014-9652)\n\nIt was found that PHP move_uploaded_file() function did not properly handle\nfile names with a NULL character. A remote attacker could possibly use this\nflaw to make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348)\n\nA flaw was found in the way PHP handled malformed source files when running\nin CGI mode. A specially crafted PHP file could cause PHP CGI to crash.\n(CVE-2014-9427)\n\nThe following security issue was fixed in the php54-php-pecl-zendopcache\ncomponent:\n\nA use-after-free flaw was found in PHP's OPcache extension. This flaw could\npossibly lead to a disclosure of a portion of the server memory.\n(CVE-2015-1351)\n\nAll php54 users are advised to upgrade to these updated packages, which\ncorrect these issues. After installing the updated packages, the httpd\nservice must be restarted for the update to take effect.\n", "modified": "2018-06-13T01:28:17", "published": "2015-06-04T04:00:00", "id": "RHSA-2015:1066", "href": "https://access.redhat.com/errata/RHSA-2015:1066", "type": "redhat", "title": "(RHSA-2015:1066) Important: php54 security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:32:51", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8142", "CVE-2014-9652", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-2301", "CVE-2015-2348", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605", "CVE-2015-4643"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption.\n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "modified": "2018-04-12T03:33:12", "published": "2015-06-23T04:00:00", "id": "RHSA-2015:1135", "href": "https://access.redhat.com/errata/RHSA-2015:1135", "type": "redhat", "title": "(RHSA-2015:1135) Important: php security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:45", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-4644", "CVE-2015-1352", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4598", "CVE-2015-4643"], "description": "[5.5.21-4]\n- fix more functions accept paths with NUL character #1213407\n[5.5.21-3]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4025, CVE-2015-4026, #1213407\n- fileinfo: fix denial of service when processing a crafted\n file #1213442\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix buffer over-read in metadata parsing CVE-2015-2783\n- phar: invalid pointer free() in phar_tar_process_metadata()\n CVE-2015-3307\n- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- pgsql: fix NULL pointer dereference CVE-2015-1352\n- soap: fix type confusion through unserialize #1222538\n- apache2handler: fix pipelined request executed in deinitialized\n interpreter under httpd 2.4 CVE-2015-3330", "edition": 4, "modified": "2016-02-04T00:00:00", "published": "2016-02-04T00:00:00", "id": "ELSA-2015-1186", "href": "http://linux.oracle.com/errata/ELSA-2015-1186.html", "title": "php55-php security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:05", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "description": "[5.3.3-46]\n- fix gzfile accept paths with NUL character #1213407\n- fix patch for CVE-2015-4024\n[5.3.3-45]\n- fix more functions accept paths with NUL character #1213407\n[5.3.3-44]\n- soap: missing fix for #1222538 and #1204868\n[5.3.3-43]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4026, #1213407\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix buffer over-read in metadata parsing CVE-2015-2783\n- phar: invalid pointer free() in phar_tar_process_metadata()\n CVE-2015-3307\n- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- soap: more fix type confusion through unserialize #1222538\n[5.3.3-42]\n- soap: more fix type confusion through unserialize #1204868\n[5.3.3-41]\n- core: fix double in zend_ts_hash_graceful_destroy CVE-2014-9425\n- core: fix use-after-free in unserialize CVE-2015-2787\n- exif: fix free on unitialized pointer CVE-2015-0232\n- gd: fix buffer read overflow in gd_gif.c CVE-2014-9709\n- date: fix use after free vulnerability in unserialize CVE-2015-0273\n- enchant: fix heap buffer overflow in enchant_broker_request_dict\n CVE-2014-9705\n- phar: use after free in phar_object.c CVE-2015-2301\n- soap: fix type confusion through unserialize", "edition": 4, "modified": "2015-07-09T00:00:00", "published": "2015-07-09T00:00:00", "id": "ELSA-2015-1218", "href": "http://linux.oracle.com/errata/ELSA-2015-1218.html", "title": "php security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:20", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2014-9427", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-2305", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4602", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2014-9652", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-1351", "CVE-2015-4599", "CVE-2015-0231"], "description": "php54\n[2.0-1]\n- fix incorrect selinux contexts #1194332\nphp54-php\n[5.4.40-1]\n- rebase to PHP 5.4.40 for various security fix #1209887\n[5.4.37-1]\n- rebase to PHP 5.4.37\n[5.4.36-1]\n- rebase to PHP 5.4.36 #1168193\n- fix package name in description\n- php-fpm own session dir\nphp54-php-pecl-zendopcache\n[7.0.4-3]\n- fix use after free CVE-2015-1351\n[7.0.4-2]\n- add upstream patch for failed test\n[7.0.4-1]\n- Update to 7.0.4\n[7.0.3-1]\n- update to 7.0.3 #1055927", "edition": 4, "modified": "2016-02-04T00:00:00", "published": "2016-02-04T00:00:00", "id": "ELSA-2015-1066", "href": "http://linux.oracle.com/errata/ELSA-2015-1066.html", "title": "php54 security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:15", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2013-7345", "CVE-2015-2783", "CVE-2015-3329", "CVE-2014-3478", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-3587", "CVE-2012-1571", "CVE-2014-9709", "CVE-2014-4670", "CVE-2014-3668", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2014-3669", "CVE-2015-4024", "CVE-2015-4021", "CVE-2014-3538", "CVE-2014-5120", "CVE-2014-3597", "CVE-2014-3710", "CVE-2015-4602", "CVE-2015-4026", "CVE-2014-4698", "CVE-2015-4147", "CVE-2015-3411", "CVE-2014-4049", "CVE-2015-4604", "CVE-2014-3670", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2014-2497", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-0231"], "description": "[5.4.16-36]\n- fix more functions accept paths with NUL character #1213407\n[5.4.16-35]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4025, CVE-2015-4026, #1213407\n- fileinfo: fix denial of service when processing a crafted\n file #1213442\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix buffer over-read in metadata parsing CVE-2015-2783\n- phar: invalid pointer free() in phar_tar_process_metadata()\n CVE-2015-3307\n- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- soap: fix type confusion through unserialize #1222538\n- apache2handler: fix pipelined request executed in deinitialized\n interpreter under httpd 2.4 CVE-2015-3330\n[5.4.16-34]\n- fix memory corruption in fileinfo module on big endian\n machines #1082624\n- fix segfault in pdo_odbc on x86_64 #1159892\n- fix segfault in gmp allocator #1154760\n[5.4.16-33]\n- core: use after free vulnerability in unserialize()\n CVE-2014-8142 and CVE-2015-0231\n- core: fix use-after-free in unserialize CVE-2015-2787\n- core: fix NUL byte injection in file name argument of\n move_uploaded_file() CVE-2015-2348\n- date: use after free vulnerability in unserialize CVE-2015-0273\n- enchant: fix heap buffer overflow in enchant_broker_request_dict\n CVE-2014-9705\n- exif: free called on unitialized pointer CVE-2015-0232\n- fileinfo: fix out of bounds read in mconvert CVE-2014-9652\n- gd: fix buffer read overflow in gd_gif_in.c CVE-2014-9709\n- phar: use after free in phar_object.c CVE-2015-2301\n- soap: fix type confusion through unserialize\n[5.4.16-31]\n- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710\n[5.4.16-29]\n- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668\n- core: fix integer overflow in unserialize() CVE-2014-3669\n- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670\n[5.4.16-27]\n- gd: fix NULL pointer dereference in gdImageCreateFromXpm().\n CVE-2014-2497\n- gd: fix NUL byte injection in file names. CVE-2014-5120\n- fileinfo: fix extensive backtracking in regular expression\n (incomplete fix for CVE-2013-7345). CVE-2014-3538\n- fileinfo: fix mconvert incorrect handling of truncated\n pascal string size. CVE-2014-3478\n- fileinfo: fix cdf_read_property_info\n (incomplete fix for CVE-2012-1571). CVE-2014-3587\n- spl: fix use-after-free in ArrayIterator due to object\n change during sorting. CVE-2014-4698\n- spl: fix use-after-free in SPL Iterators. CVE-2014-4670\n- network: fix segfault in dns_get_record\n (incomplete fix for CVE-2014-4049). CVE-2014-3597\n[5.4.16-25]\n- fix segfault after startup on aarch64 (#1107567)\n- compile php with -O3 on ppc64le (#1123499)", "edition": 4, "modified": "2015-06-23T00:00:00", "published": "2015-06-23T00:00:00", "id": "ELSA-2015-1135", "href": "http://linux.oracle.com/errata/ELSA-2015-1135.html", "title": "php security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-4601", "CVE-2015-4027", "CVE-2015-4644", "CVE-2015-4605", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4028", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "description": "Code execution, DoS conditions, poisoned NULL byte vulnereability, information disclosure.", "edition": 1, "modified": "2015-07-13T00:00:00", "published": "2015-07-13T00:00:00", "id": "SECURITYVULNS:VULN:14580", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14580", "title": "PHP multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:00", "bulletinFamily": "software", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2658-1\r\nJuly 06, 2015\r\n\r\nphp5 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.04\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in PHP.\r\n\r\nSoftware Description:\r\n- php5: HTML-embedded scripting language interpreter\r\n\r\nDetails:\r\n\r\nNeal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL\r\nbytes in file paths. A remote attacker could possibly use this issue to\r\nbypass intended restrictions and create or obtain access to sensitive\r\nfiles. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026,\r\nCVE-2015-4598)\r\n\r\nEmmanuel Law discovered that the PHP phar extension incorrectly handled\r\nfilenames starting with a NULL byte. A remote attacker could use this issue\r\nwith a crafted tar archive to cause a denial of service. (CVE-2015-4021)\r\n\r\nMax Spelsberg discovered that PHP incorrectly handled the LIST command\r\nwhen connecting to remote FTP servers. A malicious FTP server could\r\npossibly use this issue to execute arbitrary code. (CVE-2015-4022,\r\nCVE-2015-4643)\r\n\r\nShusheng Liu discovered that PHP incorrectly handled certain malformed form\r\ndata. A remote attacker could use this issue with crafted form data to\r\ncause CPU consumption, leading to a denial of service. (CVE-2015-4024)\r\n\r\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\r\ndata types. A remote attacker could use this issue with crafted serialized\r\ndata to possibly execute arbitrary code. (CVE-2015-4147)\r\n\r\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\r\nthat the uri property is a string. A remote attacker could use this issue\r\nwith crafted serialized data to possibly obtain sensitive information.\r\n(CVE-2015-4148)\r\n\r\nTaoguang Chen discovered that PHP incorrectly validated data types in\r\nmultiple locations. A remote attacker could possibly use these issues to\r\nobtain sensitive information or cause a denial of service. (CVE-2015-4599,\r\nCVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\r\n\r\nIt was discovered that the PHP Fileinfo component incorrectly handled\r\ncertain files. A remote attacker could use this issue to cause PHP to\r\ncrash, resulting in a denial of service. This issue only affected Ubuntu\r\n15.04. (CVE-2015-4604, CVE-2015-4605)\r\n\r\nIt was discovered that PHP incorrectly handled table names in\r\nphp_pgsql_meta_data. A local attacker could possibly use this issue to\r\ncause PHP to crash, resulting in a denial of service. (CVE-2015-4644)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.04:\r\n libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.2\r\n php5-cgi 5.6.4+dfsg-4ubuntu6.2\r\n php5-cli 5.6.4+dfsg-4ubuntu6.2\r\n php5-fpm 5.6.4+dfsg-4ubuntu6.2\r\n\r\nUbuntu 14.10:\r\n libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.6\r\n php5-cgi 5.5.12+dfsg-2ubuntu4.6\r\n php5-cli 5.5.12+dfsg-2ubuntu4.6\r\n php5-fpm 5.5.12+dfsg-2ubuntu4.6\r\n\r\nUbuntu 14.04 LTS:\r\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.11\r\n php5-cgi 5.5.9+dfsg-1ubuntu4.11\r\n php5-cli 5.5.9+dfsg-1ubuntu4.11\r\n php5-fpm 5.5.9+dfsg-1ubuntu4.11\r\n\r\nUbuntu 12.04 LTS:\r\n libapache2-mod-php5 5.3.10-1ubuntu3.19\r\n php5-cgi 5.3.10-1ubuntu3.19\r\n php5-cli 5.3.10-1ubuntu3.19\r\n php5-fpm 5.3.10-1ubuntu3.19\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2658-1\r\n CVE-2015-3411, CVE-2015-3412, CVE-2015-4021, CVE-2015-4022,\r\n CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147,\r\n CVE-2015-4148, CVE-2015-4598, CVE-2015-4599, CVE-2015-4600,\r\n CVE-2015-4601, CVE-2015-4602, CVE-2015-4603, CVE-2015-4604,\r\n CVE-2015-4605, CVE-2015-4643, CVE-2015-4644\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.2\r\n https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.6\r\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.11\r\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.19\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-07-13T00:00:00", "published": "2015-07-13T00:00:00", "id": "SECURITYVULNS:DOC:32315", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32315", "title": "[USN-2658-1] PHP vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:41:01", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "description": "Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL \nbytes in file paths. A remote attacker could possibly use this issue to \nbypass intended restrictions and create or obtain access to sensitive \nfiles. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, \nCVE-2015-4598)\n\nEmmanuel Law discovered that the PHP phar extension incorrectly handled \nfilenames starting with a NULL byte. A remote attacker could use this issue \nwith a crafted tar archive to cause a denial of service. (CVE-2015-4021)\n\nMax Spelsberg discovered that PHP incorrectly handled the LIST command \nwhen connecting to remote FTP servers. A malicious FTP server could \npossibly use this issue to execute arbitrary code. (CVE-2015-4022, \nCVE-2015-4643)\n\nShusheng Liu discovered that PHP incorrectly handled certain malformed form \ndata. A remote attacker could use this issue with crafted form data to \ncause CPU consumption, leading to a denial of service. (CVE-2015-4024)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated \ndata types. A remote attacker could use this issue with crafted serialized \ndata to possibly execute arbitrary code. (CVE-2015-4147)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated \nthat the uri property is a string. A remote attacker could use this issue \nwith crafted serialized data to possibly obtain sensitive information. \n(CVE-2015-4148)\n\nTaoguang Chen discovered that PHP incorrectly validated data types in \nmultiple locations. A remote attacker could possibly use these issues to \nobtain sensitive information or cause a denial of service. (CVE-2015-4599, \nCVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was discovered that the PHP Fileinfo component incorrectly handled \ncertain files. A remote attacker could use this issue to cause PHP to \ncrash, resulting in a denial of service. This issue only affected Ubuntu \n15.04. (CVE-2015-4604, CVE-2015-4605)\n\nIt was discovered that PHP incorrectly handled table names in \nphp_pgsql_meta_data. A local attacker could possibly use this issue to \ncause PHP to crash, resulting in a denial of service. (CVE-2015-4644)", "edition": 5, "modified": "2015-07-06T00:00:00", "published": "2015-07-06T00:00:00", "id": "USN-2658-1", "href": "https://ubuntu.com/security/notices/USN-2658-1", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:11:29", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2006-7243", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-5590", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-5589", "CVE-2015-4643"], "description": "Package : php5\nVersion : 5.3.3.1-7+squeeze27\nCVE ID : CVE-2015-3307 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021\n CVE-2015-4022 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147\n CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600\n CVE-2015-4601 CVE-2015-4602 CVE-2015-4604 CVE-2015-4605\n CVE-2015-4643 CVE-2015-4644 CVE-2015-5589 CVE-2015-5590\n\n * CVE-2015-3307\n The phar_parse_metadata function in ext/phar/phar.c in PHP before\n 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote\n attackers to cause a denial of service (heap metadata corruption)\n or possibly have unspecified other impact via a crafted tar archive.\n * CVE-2015-3411 + CVE-2015-3412\n Fixed bug #69353 (Missing null byte checks for paths in various\n PHP extensions)\n * CVE-2015-4021\n The phar_parse_tarfile function in ext/phar/tar.c in PHP\n before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9\n does not verify that the first character of a filename is\n different from the \\0 character, which allows remote attackers\n to cause a denial of service (integer underflow and memory\n corruption) via a crafted entry in a tar archive.\n * CVE-2015-4022\n Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP\n before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows\n remote FTP servers to execute arbitrary code via a long reply to a\n LIST command, leading to a heap-based buffer overflow.\n * CVE-2015-4025\n PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9\n truncates a pathname upon encountering a \\x00 character in certain\n situations, which allows remote attackers to bypass intended\n extension restrictions and access files or directories with\n unexpected names via a crafted argument to (1) set_include_path,\n (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability\n exists because of an incomplete fix for CVE-2006-7243.\n * CVE-2015-4026\n The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before\n 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering\n a \\x00 character, which might allow remote attackers to bypass\n intended extension restrictions and execute files with unexpected\n names via a crafted first argument. NOTE: this vulnerability exists\n because of an incomplete fix for CVE-2006-7243.\n * CVE-2015-4147\n The SoapClient::__call method in ext/soap/soap.c in PHP before\n 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not\n verify that __default_headers is an array, which allows remote\n attackers to execute arbitrary code by providing crafted\n serialized data with an unexpected data type, related to a "type\n confusion" issue.\n * CVE-2015-4148\n The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39,\n 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that\n the uri property is a string, which allows remote attackers to\n obtain sensitive information by providing crafted serialized data\n with an int data type, related to a "type confusion" issue.\n * CVE-2015-4598\n Incorrect handling of paths with NULs\n * CVE-2015-4599\n Type confusion vulnerability in exception::getTraceAsString\n * CVE-2015-4600 + CVE-2015-4601\n Added type checks\n * CVE-2015-4602\n Type Confusion Infoleak Vulnerability in unserialize() with SoapFault\n * CVE-2015-4604 + CVE-2015-4605\n denial of service when processing a crafted file with Fileinfo\n (already fixed in CVE-2015-temp-68819.patch)\n * CVE-2015-4643\n Improved fix for bug #69545 (Integer overflow in ftp_genlist()\n resulting in heap overflow)\n * CVE-2015-4644\n Fixed bug #69667 (segfault in php_pgsql_meta_data)\n * CVE-2015-5589\n Segfault in Phar::convertToData on invalid file\n * CVE-2015-5590\n Buffer overflow and stack smashing error in phar_fix_filepath\n\n\n", "edition": 9, "modified": "2015-09-07T20:30:38", "published": "2015-09-07T20:30:38", "id": "DEBIAN:DLA-307-1:2C3AB", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201509/msg00002.html", "title": "[SECURITY] [DLA 307-1] php5 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:26:23", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "description": "**CentOS Errata and Security Advisory** CESA-2015:1218\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-July/033275.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-embedded\nphp-enchant\nphp-fpm\nphp-gd\nphp-imap\nphp-intl\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-process\nphp-pspell\nphp-recode\nphp-snmp\nphp-soap\nphp-tidy\nphp-xml\nphp-xmlrpc\nphp-zts\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1218.html", "edition": 3, "modified": "2015-07-09T19:23:41", "published": "2015-07-09T19:23:41", "href": "http://lists.centos.org/pipermail/centos-announce/2015-July/033275.html", "id": "CESA-2015:1218", "title": "php security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:28:17", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643", "CVE-2015-0231"], "description": "**CentOS Errata and Security Advisory** CESA-2015:1135\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption.\n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-June/033229.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-embedded\nphp-enchant\nphp-fpm\nphp-gd\nphp-intl\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-mysqlnd\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-process\nphp-pspell\nphp-recode\nphp-snmp\nphp-soap\nphp-xml\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1135.html", "edition": 5, "modified": "2015-06-24T03:28:02", "published": "2015-06-24T03:28:02", "href": "http://lists.centos.org/pipermail/centos-announce/2015-June/033229.html", "id": "CESA-2015:1135", "title": "php security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudlinux": [{"lastseen": "2021-01-27T22:26:52", "bulletinFamily": "unix", "cvelist": ["CVE-2006-7243", "CVE-2011-4718", "CVE-2014-9653", "CVE-2014-9767", "CVE-2015-0235", "CVE-2015-2331", "CVE-2015-2348", "CVE-2015-3152", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4598", "CVE-2015-5590", "CVE-2015-6831", "CVE-2015-6833", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7804", "CVE-2015-8835", "CVE-2015-8867", "CVE-2015-8876", "CVE-2015-8879", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-2554", "CVE-2016-3074", "CVE-2016-4073", "CVE-2016-4343", "CVE-2016-4537", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096", "CVE-2016-5399", "CVE-2016-5766", "CVE-2016-5772", "CVE-2016-6288", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6294", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-7128", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7478", "CVE-2016-8670", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2018-5712", "CVE-2019-11048", "CVE-2019-13224", "CVE-2019-9023", "CVE-2020-7067", "CVE-2020-7070"], "description": "- Fix bug #69720: Null pointer dereference in phar_get_fp_offset()\n- Fix bug #70728: Type Confusion Vulnerability in PHP_to_XMLRPC_worker()\n- Fix bug #70661: Use After Free Vulnerability in WDDX Packet Deserialization\n- Fix bug #70741: Session WDDX Packet Deserialization Type Confusion Vulnerability\n- Fix bug #71459: Integer overflow in iptcembed()\n- Fix bug #71039: exec functions ignore length but look for NULL termination\n- Fix bug #71354: Heap corruption in tar/zip/phar parser.\n- Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()\n- Fix bug #71323: Output of stream_get_meta_data can be falsified by its input\n- Fix bug #71498: Out-of-Bound Read in phar_parse_zipfile()\n- Fix bug #71587: Use-After-Free / Double-Free in WDDX Deserialize\n- Fix bug #71860: Invalid memory write in phar on filename with \\0 in name\n- Fix bug #71798: Integer Overflow in php_raw_url_encode\n- Fix bug #72837: integer overflow in bzdecompress caused heap corruption\n- Fix bug #72681: PHP Session Data Injection Vulnerability\n- Fix bug #72807: integer overflow in curl_escape caused heap corruption\n- Fix bug #72838: Integer overflow lead to heap corruption in sql_regcase\n- Fix bug #72697: select_colors write out-of-bounds\n- Fix bug #72730: imagegammacorrect allows arbitrary write access\n- Fix bug #72836: integer overflow in base64_decode caused heap corruption\n- Fix bug #72848: integer overflow in quoted_printable_encode caused heap corruption\n- Fix bug #72849: integer overflow in urlencode caused heap corruption\n- Fix bug #72850: integer overflow in php_uuencode caused heap corruption\n- Fix bug #72771: ftps:// wrapper is vulnerable to protocol downgrade attack\n- Fix bug #72749: wddx_deserialize allows illegal memory access\n- Fix bug #72750: wddx_deserialize null dereference\n- Fix bug #72790: wddx_deserialize null dereference with invalid xml\n- Fix bug #72799: wddx_deserialize null dereference in php_wddx_pop_element\n- Fix bug #73189: Memcpy negative size parameter php_resolve_path\n- Fix bug #73150: missing NULL check in dom_document_save_html\n- Fix bug #73284: heap overflow in php_ereg_replace function\n- Fix bug #73218: stack-buffer-overflow through "ResourceBundle" methods\n- Fix bug #73208: integer overflow in imap_8bit caused heap corruption\n- Fix bug #73082: string length overflow in mb_encode_* function\n- Fix bug #73174: heap overflow in php_pcre_replace_impl\n- Fix bug #73276: crash in openssl_random_pseudo_bytes function\n- Fix bug #73275: crash in openssl_encrypt function\n- Fix bug #73017: memory corruption in wordwrap function\n- Fix bug #73240: Write out of bounds at number_format\n- Fix bug #73073: CachingIterator null dereference when convert to string\n- Fix bug #73293: NULL pointer dereference in SimpleXMLElement::asXML()\n- Fix bug #73356: crash in bzcompress function\n- Fix bug #72696: imagefilltoborder stackoverflow on truecolor images\n- Fix bug #73418: Integer Overflow in "_php_imap_mail" leads Heap Overflow\n- Fix bug #73144: Use-after-free in ArrayObject Deserialization\n- Fix bug #73192: parse_url return wrong hostname\n- Fix bug #73331: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow\n- Fix bug #73452: Segfault (Regression for #69152)\n- Fix bug #73631: Invalid read when wddx decodes empty boolean element\n- Fix bug #67587: Redirection loop on nginx with FPM\n- Fix bug #71465: PHAR doesn't know about litespeed\n- Fix bug #73737: FPE when parsing a tag format\n- Fix bug #73868: Fix DOS vulnerability in gdImageCreateFromGd2Ctx()\n- Fix bug #73869: Signed Integer Overflow gd_io.c\n- Fix bug #73773: Seg fault when loading hostile phar\n- Fix bug #70436: Use After Free Vulnerability in unserialize()\n- Fix bug #74603: PHP INI Parsing Stack Buffer Overflow Vulnerability\n- Fix bug #72535: arcfour encryption stream filter crashes php\n- Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's\n GC algorithm and unseria\n- Fix bug #72455: Heap Overflow due to integer overflows\n- Fix bug #74782: Reflected XSS in .phar 404 page\n- Fix bug #71335: Type Confusion in WDDX Packet Deserialization\n- Fix bug #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value\n- Fix bug #76249: stream filter convert.iconv leads to infinite loop on\n invalid sequence\n- Fix bug #76248: Malicious LDAP-Server Response causes Crash\n- Fix bug #76129: fix for CVE-2018-5712 may not be complete\n- Fix bug #75981: stack-buffer-overflow while parsing HTTP response\n- Fix bug #74385: Locale::parseLocale() broken with some arguments\n- Fix bug #76335: "link(): Bad file descriptor" with non-ASCII path\n- Fix bug #76383: array_map on $GLOBALS returns IS_INDIRECT\n- Fix bug #73342: Vulnerability in php-fpm by changing stdin to non-blocking\n- Fix bug #76505: array_merge_recursive() is duplicating sub-array keys\n- Fix bug #76532: Integer overflow and excessive memory usage in mb_strimwidth\n- Fix bug #76548: pg_fetch_result did not fetch the next row\n- Fix bug #76488: Memory leak when fetching a BLOB field\n- Fix bug #76665: SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle\n- Fix bug #75402: Possible Memory Leak using PDO::CURSOR_SCROLL option\n- Fix bug #76517: --with-gettext= causes configure to misjudges there is no getcwd\n- Fix bug #72443: Installing shared extensions: cp: cannot stat 'modules/*':\n No such file or dire\n- Fix bug #68175: RegexIterator pregFlags are NULL instead of 0\n- Fix bug #55146: iconv_mime_decode_headers() skips some headers\n- Fix bug #63839: iconv_mime_decode_headers function is skipping headers\n- Fix bug #60494: iconv_mime_decode does ignore special characters\n- Fix bug #68180: iconv_mime_decode can return extra characters in a header\n- Fix bug #73457: Wrong error message when fopen FTP wrapped fails to open\n data connection\n- Fix bug #74454: Wrong exception being thrown when using ReflectionMethod\n- Fix bug #74764: Bindto IPv6 works with file_get_contents but fails with\n stream_socket_client\n- Fix bug #75273: php_zlib_inflate_filter() may not update bytes_consumed\n- Fix bug #75696: posix_getgrnam fails to print details of group\n- Fix bug #76480: Use curl_multi_wait() so that timeouts are respected\n- Fix bug #76800: foreach inconsistent if array modified during loop\n- Fix bug #76886: Can't build xmlrpc with expat\n- Fix bug #76901: method_exists on SPL iterator passthrough method corrupts memory\n- Fix bug #77242: heap out of bounds read in xmlrpc_decode()\n- Fix bug #77247: heap buffer overflow in phar_detect_phar_fname_ext\n- Fix bug #77270: imagecolormatch Out Of Bounds Write on Heap\n- Fix bug #77370: Buffer overflow on mb regex functions - fetch_token\n- Fix bug #77380: Global out of bounds read in xmlrpc base64 code\n- Fix bug #77630: rename() across the device may allow unwanted access\n during processing\n- Fix bug #77494: Disabling class causes segfault on member access\n- Fix bug #77431: openFile() silently truncates after a null byte\n- Fix bug #51068: DirectoryIterator glob:// don't support current path\n relative queries\n- Fix bug #77396: Null Pointer Dereference in phar_create_or_parse_filename\n- Fix bug #77540: Invalid Read on exif_process_SOFn\n- Fix bug #77390: feof might hang on TLS streams in case of fragmented TLS records\n- Fix bug #77586: phar_tar_writeheaders_int() buffer overflow\n- Fix bug #77546: iptcembed broken function\n- Fix bug #77563: Uninitialized read in exif_process_IFD_in_MAKERNOTE\n- Fix bug #76557: heap-buffer-overflow (READ of size 48) while reading exif data\n- Fix bug #77024: SplFileObject::__toString() may return array\n- Fix bug #77945: Segmentation fault when constructing SoapClient with WSDL_CACHE_BOTH\n- Fix bug #77697: Crash on Big_Endian platform\n- Fix bug #77943: imageantialias($image, false); does not work\n- Fix bug #77944: Wrong meta pdo_type for bigint on LLP64\n- Fix bug #76717: var_export() does not create a parsable value for PHP_INT_MIN\n- Fix bug #77921: static.php.net doesn't work anymore\n- Fix bug #77934: php-fpm kill -USR2 not working\n- Fix bug #77700: Writing truecolor images as GIF ignores interlace flag\n- Fix bug #77765: FTP stream wrapper should set the directory as executable\n- Fix bug #50020: DateInterval:createDateFromString() silently fails\n- Fix bug #77742: bcpow() implementation related to gcc compiler optimization\n- Fix bug #77967: Bypassing open_basedir restrictions via file uris\n- Fix bug #77973: Uninitialized read in gdImageCreateFromXbm\n- Fix bug #77988: heap-buffer-overflow on php_jpg_get16\n- Fix bug #78192: SegFault when reuse statement after schema has changed\n- Fix bug #77124: FTP with SSL memory leak\n- Fix bug #78256: heap-buffer-overflow on exif_process_user_comment\n- Fix bug #78222: heap-buffer-overflow on exif_scan_thumbnail\n- Fix bug #77946: Bad cURL resources returned by curl_multi_info_read()\n- Fix bug #78333: Exif crash (bus error) due to wrong alignment and invalid cast\n- Fix bug #69100: Bus error from stream_copy_to_stream (file -> SSL stream)\n with invalid length\n- Fix bug #76342: file_get_contents waits twice specified timeout\n- Fix bug #76859: stream_get_line skips data if used with data-generating filter\n- Fix bug #78579: mb_decode_numericentity: args number inconsistency\n- Fix bug #78910: Heap-buffer-overflow READ in exif\n- Fix bug #78878: Buffer underflow in bc_shift_addsub\n- Fix bug #78793: Use-after-free in exif parsing under memory sanitizer\n- Fix bug #78863: DirectoryIterator class silently truncates after a null byte\n- Fix bug #79099: OOB read in php_strip_tags_ex\n- Fix bug #79082: Files added to tar with Phar::buildFromIterator have\n all-access permissions\n- Fix bug #79329: get_headers() silently truncates after a null byte\n- Fix bug #79282: Use-of-uninitialized-value in exif\n- Fix bug #61597: SimpleXMLElement doesn't include both @attributes and\n textContent in properties\n- Fix bug #74940: DateTimeZone loose comparison always true until properties\n are initialized.\n- Fix bug #79296: ZipArchive::open fails on empty file (libzip 1.6.0)\n- Fix bug #79330: shell_exec() silently truncates after a null byte\n- Fix bug #79364: When copy empty array, next key is unspecified.\n- Fix bug #79396: DateTime hour incorrect during DST jump forward using setTime\n- Fix bug #79410: system() swallows last chunk if it is exactly 4095 bytes\n without newline\n- Fix bug #79424: php_zip_glob uses gl_pathc after call to globfree\n- Fix bug #79465: OOB Read in urldecode() (CVE-2020-7067)\n- Fix bug #78221: DOMNode::normalize() doesn't remove empty text nodes\n- Fix bug #78875: Long filenames cause OOM and temp files are not cleaned\n (CVE-2019-11048)\n- Fix bug #78876: Long variables in multipart/form-data cause OOM and temp\n files are not cleaned (CVE-2019-11048)\n- Fix bug #79514: Memory leaks while including unexistent file\n- Fix bug #79528: Different object of the same xml between 7.4.5 and 7.4.4\n- Fix bug #62890: default_socket_timeout=-1 causes connection to timeout\n- Fix bug #70362: Can't copy() large 'data://' with open_basedir\n- Fix bug #73527: Invalid memory access in php_filter_strip\n- Fix bug #74267: segfault with streams and invalid data\n- Fix bug #79787: mb_strimwidth does not trim string\n- Fix bug #79877: getimagesize function silently truncates after a null byte\n- Fix bug #68447: grapheme_extract take an extra trailing character\n- Fix bug #68825: Inconsistent exception in DirectoryIterator::getLinkTarget()\n- Fix bug #74145: wddx parsing empty boolean tag leads to SIGSEGV (CVE-2017-11143)\n- Fix bug #74651: negative-size-param (-1) in memcpy in zif_openssl_seal()\n (CVE-2017-11144)\n- Fix bug #74435: Buffer over-read into uninitialized memory (CVE-2017-7890)\n- Fix bug #73093: Unserialize Exception object can lead to infinite loop\n (CVE-2016-7478)\n- Fix bug #72520: Stack-based buffer overflow vulnerability in php_stream_zip_opener\n (CVE-2016-6297)\n- Fix bug #73825: Heap out of bounds read on unserialize in finish_nested_data()\n (CVE-2016-10161)\n- Fix bug #60491: Session module is adoptive (CVE-2011-4718)\n- Fix bug #69253: ZIP Integer Overflow leads to writing past heap boundary\n (CVE-2015-2331)\n- Fix bug #69418: CVE-2006-7243 fix regressions in 5.4+ (CVE-2015-4025)\n- Fix bug #68598: pcntl_exec() should not allow null char (CVE-2015-4026)\n- Fix bug #69207: move_uploaded_file allows nulls in path (CVE-2015-2348)\n- Fix bug #69218: potential remote code execution with apache 2.4 apache2handler\n (CVE-2015-3330)\n- Fix bug #69719: Incorrect handling of paths with NULs, related to bug 69353\n (CVE-2015-4598)\n- Fix bug #69353: Missing null byte checks for paths in various PHP extensions\n (CVE-2015-3411)\n- Fix bugs #70168, #70169, #70166, #70155: Use After Free Vulnerability in\n unserialize() with\n SplObjectStorage, SplDoublyLinkedList, SPLArrayObject, SPLArrayObject (CVE-2015-6831)\n- Fix bug #70019: Files extracted from archive may be placed outside of\n destination directory (CVE-2015-6833)\n- Fix bug #70388: SOAP serialize_function_call() type confusion / RCE (CVE-2015-6836)\n- Fix bug #69782: NULL pointer dereference (CVE-2015-6837, CVE-2015-6838)\n- Fix bug #70433: Uninitialized pointer in phar_make_dirstream when zip entry\n filename is \"/\" (CVE-2015-7804)\n- Fix bug #69923: Buffer overflow and stack smashing error in phar_fix_filepath\n (CVE-2015-5590)\n- Fix bug #71488: Stack overflow when decompressing tar archives (CVE-2016-2554)\n- Fix bug #72061: Out-of-bounds reads in zif_grapheme_stripos with negative offset\n (CVE-2016-4541, CVE-2016-4540)\n- Fix bug #72094: Out of bounds heap read access in exif header processing\n (CVE-2016-4542)\n- Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition\n (CVE-2016-4537)\n- Fix bug #71331: Uninitialized pointer in phar_make_dirstream() (CVE-2016-4343)\n- Fix bug #72241: get_icu_value_internal out-of-bounds read (CVE-2016-5093)\n- Fix bug #72135: Integer Overflow in php_html_entities() (CVE-2016-5094)\n- Fix bug #72114: Integer underflow / arbitrary null write in fread/gzread\n (CVE-2016-5096)\n- Fix bug #72339: Integer Overflow in _gd2GetHeader() resulting in heap overflow\n (CVE-2016-5766)\n- Fix bug #72340: Double Free Courruption in wddx_deserialize (CVE-2016-5772)\n- Fix bug #72613: Inadequate error handling in bzread() (CVE-2016-5399)\n- Fix bug #70480: php_url_parse_ex() buffer overflow read (CVE-2016-6288)\n- Fix bug #72513: Stack-based buffer overflow vulnerability in virtual_file_ex\n (CVE-2016-6289)\n- Fix bug #72562: Use After Free in unserialize() with Unexpected Session\n Deserialization (CVE-2016-6290)\n- Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE (CVE-2016-6291)\n- Fix bug #72533: locale_accept_from_http out-of-bounds access (CVE-2016-6294)\n- Fix bug #69975: PHP segfaults when accessing nvarchar(max) defined columns\n (CVE-2015-8879)\n- Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c\n (CVE-2016-6296)\n- Fix bug #72293: Heap overflow in mysqlnd related to BIT fields (CVE-2016-7412)\n- Fix bug #72860: wddx_deserialize use-after-free (CVE-2016-7413)\n- Fix bug #72928: Out of bound when verify signature of zip phar in phar_parse_zipfile\n (CVE-2016-7414)\n- Fix bug #73007: SEH buffer overflow msgfmt_format_message (CVE-2016-7416)\n- Fix bug #73029: Missing type check when unserializing SplArray (CVE-2016-7417)\n- Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c (CVE-2016-7418)\n- Fix bug #73280: Stack Buffer Overflow in GD dynamicGetbuf (CVE-2016-8670)\n- Fix bug #73764: Crash while loading hostile phar archive (CVE-2016-10159)\n- Fix bug #73768: Memory corruption when loading hostile phar (CVE-2016-10160)\n- Fix bug #72627: Memory Leakage In exif_process_IFD_in_TIFF (CVE-2016-7128)\n- Fix bug #70350: ZipArchive::extractTo allows for directory traversal when\n creating directories (CVE-2014-9767)\n- Fix bug #70081: SoapClient info leak / null pointer dereference via multiple\n type confusions (CVE-2015-8835)\n- Fix bug #70121: unserialize() could lead to unexpected methods execution / NULL\n pointer deref (CVE-2015-8876)\n- Fix bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut\n (CVE-2016-4073)\n- Fix bug #70014: openssl_random_pseudo_bytes() is not cryptographically secure\n (CVE-2015-8867)\n- Fix bug #77371: heap buffer overflow in mb regex functions - compile_string_node\n (CVE-2019-9023)\n- Fix bug #77381: heap buffer overflow in multibyte match_at (CVE-2019-9023)\n- Fix bug #77382: heap buffer overflow due to incorrect length in expand_case_fold_string\n (CVE-2019-9023)\n- Fix bug #77385: buffer overflow in fetch_token (CVE-2019-9023)\n- Fix bug #77394: Buffer overflow in multibyte case folding - unicode (CVE-2019-9023)\n- Fix vulnerabilities with oniguruma: CVE-2017-9226, CVE-2017-9224, CVE-2017-9227,\n CVE-2017-9228, CVE-2019-13224\n- Fix general vulneravilities: CVE-2014-9653, CVE-2015-0235, CVE-2015-3152,\n CVE-2016-3074\n- Fix bug #79699: PHP parses encoded cookie names so malicious `__Host-` cookies\n can be sent (CVE-2020-7070)\n- Fix bug #80007: Potential type confusion in unixtojd() parameter parsing", "modified": "2020-10-15T12:00:00", "published": "2020-10-15T12:00:00", "id": "CLSA-2020:1605798462", "href": "https://repo.cloudlinux.com/centos6-els/updateinfo.xml", "type": "cloudlinux", "title": "Fix of 227 CVE", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}