Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2012-37.NASL
HistorySep 04, 2013 - 12:00 a.m.

Amazon Linux AMI : php (ALAS-2012-37)

2013-09-0400:00:00
This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by adding a new configuration directive, max_input_vars, that limits the maximum number of parameters processed per request. By default, max_input_vars is set to 1000.
(CVE-2011-4885)

An integer overflow flaw was found in the PHP exif extension. On 32-bit systems, a specially crafted image file could cause the PHP interpreter to crash or disclose portions of its memory when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-4566)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2012-37.
#

include("compat.inc");

if (description)
{
  script_id(69644);
  script_version("1.13");
  script_cvs_date("Date: 2019/10/16 10:34:21");

  script_cve_id("CVE-2011-4566", "CVE-2011-4885");
  script_xref(name:"ALAS", value:"2012-37");
  script_xref(name:"RHSA", value:"2012:0019");

  script_name(english:"Amazon Linux AMI : php (ALAS-2012-37)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was found that the hashing routine used by PHP arrays was
susceptible to predictable hash collisions. If an HTTP POST request to
a PHP application contained many parameters whose names map to the
same hash value, a large amount of CPU time would be consumed. This
flaw has been mitigated by adding a new configuration directive,
max_input_vars, that limits the maximum number of parameters processed
per request. By default, max_input_vars is set to 1000.
(CVE-2011-4885)

An integer overflow flaw was found in the PHP exif extension. On
32-bit systems, a specially crafted image file could cause the PHP
interpreter to crash or disclose portions of its memory when a PHP
script tries to extract Exchangeable image file format (Exif) metadata
from the image file. (CVE-2011-4566)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2012-37.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update php' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-mssql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/11/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"php-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-bcmath-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-cli-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-common-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-dba-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-debuginfo-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-devel-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-embedded-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-fpm-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-gd-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-imap-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-intl-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-ldap-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-mbstring-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-mcrypt-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-mssql-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-mysql-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-mysqlnd-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-odbc-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-pdo-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-pgsql-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-process-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-pspell-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-snmp-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-soap-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-tidy-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-xml-5.3.9-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php-xmlrpc-5.3.9-1.9.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc");
}
VendorProductVersionCPE
amazonlinuxphpp-cpe:/a:amazon:linux:php
amazonlinuxphp-bcmathp-cpe:/a:amazon:linux:php-bcmath
amazonlinuxphp-clip-cpe:/a:amazon:linux:php-cli
amazonlinuxphp-commonp-cpe:/a:amazon:linux:php-common
amazonlinuxphp-dbap-cpe:/a:amazon:linux:php-dba
amazonlinuxphp-debuginfop-cpe:/a:amazon:linux:php-debuginfo
amazonlinuxphp-develp-cpe:/a:amazon:linux:php-devel
amazonlinuxphp-embeddedp-cpe:/a:amazon:linux:php-embedded
amazonlinuxphp-fpmp-cpe:/a:amazon:linux:php-fpm
amazonlinuxphp-gdp-cpe:/a:amazon:linux:php-gd
Rows per page:
1-10 of 291

Related

nessus 44
freebsd 1
openvas 81
fedora 12
centos 5
amazon 2
oraclelinux 3
redhat 5
securityvulns 4
seebug 6
osv 1
debian 2
packetstorm 2
prion 3
veracode 3
checkpoint_advisories 3
ubuntu 3
f5 4
exploitpack 2
cve 3
ubuntucve 3
exploitdb 2
suse 3
cert 1
gentoo 1
nessus
nessus
CentOS 5 / 6 : php / php53 (CESA-2012:0019)
2012-01-12 00:00:00
Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20120111)
2012-08-01 00:00:00
RHEL 5 / 6 : php53 and php (RHSA-2012:0019)
2012-01-12 00:00:00
freebsd
freebsd
php -- multiple vulnerabilities
2011-12-29 00:00:00
openvas
openvas
Fedora Update for maniadrive FEDORA-2012-0504
2012-04-02 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-37)
2015-09-08 00:00:00
Fedora Update for php-eaccelerator FEDORA-2012-0420
2012-02-01 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: php-eaccelerator-0.9.6.1-9.fc16.1
2012-01-19 22:00:25
[SECURITY] Fedora 16 Update: maniadrive-1.2-32.fc16.1
2012-01-19 22:00:25
[SECURITY] Fedora 16 Update: php-5.3.9-1.fc16
2012-01-19 22:00:25
centos
centos
php, php53 security update
2012-01-11 19:19:36
php security update
2012-01-30 20:44:11
php security update
2012-01-18 19:55:58
amazon
amazon
Medium: php
2012-01-19 20:10:00
Critical: php
2012-02-02 16:10:00
oraclelinux
oraclelinux
php53 and php security update
2012-01-11 00:00:00
php security update
2012-01-30 00:00:00
php security update
2012-01-18 00:00:00
redhat
redhat
(RHSA-2012:0019) Moderate: php53 and php security update
2012-01-11 00:00:00
(RHSA-2012:0071) Moderate: php security update
2012-01-30 00:00:00
(RHSA-2012:0033) Moderate: php security update
2012-01-18 00:00:00
securityvulns
securityvulns
PHP security vulnerabilities
2012-02-08 00:00:00
[oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision
2012-01-02 00:00:00
[ MDVSA-2012:065 ] php
2012-05-01 00:00:00
seebug
seebug
PHP "exif_process_IFD_TAG()"远程整数溢出漏洞
2011-12-07 00:00:00
PHP Hashtables Denial of Service
2014-07-01 00:00:00
PHP Web表单哈希冲突拒绝服务漏洞
2012-01-01 00:00:00
osv
osv
php5 - several
2012-01-31 00:00:00
debian
debian
[SECURITY] [DSA 2399-1] php5 security update
2012-01-31 07:22:58
[SECURITY] [DSA 2399-2] php5 regression fix
2012-01-31 15:26:47
packetstorm
packetstorm
PHP 5.3.x Hash Collision Proof Of Concept Code
2012-01-02 00:00:00
PHP 5.3.x Hashtables Proof Of Concept
2012-01-01 00:00:00
prion
prion
Code injection
2011-12-30 01:55:00
Design/Logic Flaw
2012-02-06 20:55:00
Integer overflow
2011-11-29 00:55:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:06:05
Denial Of Service (DoS)
2020-04-10 01:06:05
Remote Code Execution (RCE)
2020-04-10 01:10:12
checkpoint_advisories
checkpoint_advisories
PHP Exif Header Parsing Integer Overflow (CVE-2011-4566)
2012-08-27 00:00:00
PHP5 Hash Collision Denial Of Service - Ver2 (CVE-2011-4885)
2014-03-03 00:00:00
PHP Exif Header Parsing Integer Overflow - Ver2 (CVE-2011-4566)
2015-03-26 00:00:00
ubuntu
ubuntu
PHP vulnerability
2011-12-14 00:00:00
PHP regression
2012-02-13 00:00:00
PHP vulnerabilities
2012-02-10 00:00:00
f5
f5
K13588 : PHP vulnerability CVE-2011-4885
2013-09-11 00:00:00
SOL13588 - PHP vulnerability CVE-2011-4885
2012-05-17 00:00:00
SOL13519 - Multiple PHP vulnerabilities
2012-04-04 00:00:00
exploitpack
exploitpack
PHP 5.3.8 - Hashtables Denial of Service
2012-01-01 00:00:00
PHP Hash Table Collision - Denial of Service (PoC)
2012-01-03 00:00:00
cve
cve
CVE-2011-4885
2011-12-30 01:55:00
CVE-2011-4566
2011-11-29 00:55:00
CVE-2012-0830
2012-02-06 20:55:00
ubuntucve
ubuntucve
CVE-2011-4885
2011-12-29 00:00:00
CVE-2012-0830
2012-02-06 00:00:00
CVE-2011-4566
2011-11-28 00:00:00
exploitdb
exploitdb
PHP 5.3.8 - Hashtables Denial of Service
2012-01-01 00:00:00
PHP Hash Table Collision - Denial of Service (PoC)
2012-01-03 00:00:00
suse
suse
update for php5 (important)
2012-03-29 15:08:14
Security update for PHP5 (important)
2012-04-12 23:08:15
Security update for PHP5 (important)
2012-03-24 03:08:28
cert
cert
Hash table implementations vulnerable to algorithmic complexity attacks
2011-12-28 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2012-09-24 00:00:00
JSON
Related for ALA_ALAS-2012-37.NASL
nessus44freebsd1openvas81fedora12centos5amazon2oraclelinux3redhat5securityvulns4seebug6osv1debian2packetstorm2prion3veracode3checkpoint_advisories3ubuntu3f54exploitpack2cve3ubuntucve3exploitdb2suse3cert1gentoo1