Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.ALA_ALAS-2015-509.NASL
HistoryApr 20, 2015 - 12:00 a.m.

Amazon Linux AMI : php54 (ALAS-2015-509)

2015-04-2000:00:00
This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
www.tenable.com
23
JSON

A buffer overflow vulnerability was found in PHP’s phar (PHP Archive) implementation. See https://bugs.php.net/bug.php?id=69324 for more details. (CVE-2015-2783)

A use-after-free flaw was found in PHP’s phar (PHP Archive) paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2015-2301)

A buffer over-read flaw was found in the GD library. A specially crafted GIF file could cause an application using the gdImageCreateFromGif() function to crash. (CVE-2014-9709)

A NULL pointer dereference flaw was found in PHP’s pgsql extension. A specially crafted table name passed to function as pg_insert() or pg_select() could cause a PHP application to crash. (CVE-2015-1352)

A buffer overflow flaw was found in the way PHP’s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.
(CVE-2015-3329)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2015-509.
#

include("compat.inc");

if (description)
{
  script_id(82856);
  script_version("1.8");
  script_cvs_date("Date: 2018/04/18 15:09:35");

  script_cve_id("CVE-2014-9709", "CVE-2015-1352", "CVE-2015-2301", "CVE-2015-2783", "CVE-2015-3329");
  script_xref(name:"ALAS", value:"2015-509");

  script_name(english:"Amazon Linux AMI : php54 (ALAS-2015-509)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A buffer overflow vulnerability was found in PHP's phar (PHP Archive)
implementation. See https://bugs.php.net/bug.php?id=69324 for more
details. (CVE-2015-2783)

A use-after-free flaw was found in PHP's phar (PHP Archive) paths
implementation. A malicious script author could possibly use this flaw
to disclose certain portions of server memory. (CVE-2015-2301)

A buffer over-read flaw was found in the GD library. A specially
crafted GIF file could cause an application using the
gdImageCreateFromGif() function to crash. (CVE-2014-9709)

A NULL pointer dereference flaw was found in PHP's pgsql extension. A
specially crafted table name passed to function as pg_insert() or
pg_select() could cause a PHP application to crash. (CVE-2015-1352)

A buffer overflow flaw was found in the way PHP's Phar extension
parsed Phar archives. A specially crafted archive could cause PHP to
crash or, possibly, execute arbitrary code when opened.
(CVE-2015-3329)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.php.net/bug.php?id=69324"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2015-509.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update php54' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mssql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"php54-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-bcmath-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-cli-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-common-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-dba-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-debuginfo-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-devel-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-embedded-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-enchant-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-fpm-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-gd-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-imap-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-intl-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-ldap-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mbstring-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mcrypt-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mssql-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mysql-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mysqlnd-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-odbc-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-pdo-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-pgsql-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-process-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-pspell-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-recode-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-snmp-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-soap-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-tidy-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-xml-5.4.40-1.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-xmlrpc-5.4.40-1.68.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php54 / php54-bcmath / php54-cli / php54-common / php54-dba / etc");
}
VendorProductVersionCPE
amazonlinuxphp54p-cpe:/a:amazon:linux:php54
amazonlinuxphp54-bcmathp-cpe:/a:amazon:linux:php54-bcmath
amazonlinuxphp54-clip-cpe:/a:amazon:linux:php54-cli
amazonlinuxphp54-commonp-cpe:/a:amazon:linux:php54-common
amazonlinuxphp54-dbap-cpe:/a:amazon:linux:php54-dba
amazonlinuxphp54-debuginfop-cpe:/a:amazon:linux:php54-debuginfo
amazonlinuxphp54-develp-cpe:/a:amazon:linux:php54-devel
amazonlinuxphp54-embeddedp-cpe:/a:amazon:linux:php54-embedded
amazonlinuxphp54-enchantp-cpe:/a:amazon:linux:php54-enchant
amazonlinuxphp54-fpmp-cpe:/a:amazon:linux:php54-fpm
Rows per page:
1-10 of 311

Related

amazon 3
openvas 30
nessus 52
freebsd 1
fedora 3
slackware 1
suse 2
securityvulns 8
mageia 2
archlinux 1
ubuntucve 7
f5 12
cve 6
prion 6
debiancve 1
osv 6
debian 8
hackerone 3
veracode 29
ubuntu 3
checkpoint_advisories 1
gentoo 2
kaspersky 1
redhat 4
oraclelinux 4
centos 2
cloudfoundry 1
amazon
amazon
Important: php54
2015-04-17 12:04:00
Low: php56
2015-04-17 12:04:00
Low: php55
2015-04-17 12:04:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-509)
2015-09-08 00:00:00
Fedora Update for php FEDORA-2015-6195
2015-07-07 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-511)
2015-09-08 00:00:00
nessus
nessus
FreeBSD : Several vulnerabilities found in PHP (1e232a0c-eb57-11e4-b595-4061861086c1)
2015-04-27 00:00:00
Fedora 20 : php-5.5.24-1.fc20 (2015-6399)
2015-04-28 00:00:00
Fedora 22 : php-5.6.8-1.fc22 (2015-6195)
2015-04-23 00:00:00
freebsd
freebsd
Several vulnerabilities found in PHP
2015-04-16 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: php-5.6.8-1.fc22
2015-04-22 22:52:07
[SECURITY] Fedora 20 Update: php-5.5.24-1.fc20
2015-04-27 08:39:40
[SECURITY] Fedora 21 Update: php-5.6.8-1.fc21
2015-04-23 16:11:13
slackware
slackware
[slackware-security] php
2015-04-22 01:22:40
suse
suse
Security update for php5 (important)
2015-05-13 15:07:04
Security update for php5 (important)
2015-05-12 17:05:25
securityvulns
securityvulns
PHP security vulnerabilities
2015-05-05 00:00:00
[ MDVSA-2015:209 ] php
2015-05-05 00:00:00
libgd / PHP security vulnerabilities
2015-04-07 00:00:00
mageia
mageia
Updated php packages fix security vulnerabilities
2015-04-25 23:15:07
Updated php packages fix security vulnerabilities
2015-03-04 00:16:02
archlinux
archlinux
php: multiple issues
2015-04-17 00:00:00
ubuntucve
ubuntucve
CVE-2014-9709
2015-03-30 00:00:00
CVE-2015-3329
2015-04-20 00:00:00
CVE-2015-2301
2015-03-16 00:00:00
f5
f5
SOL17127 - PHP vulnerability CVE-2014-9709
2015-08-14 00:00:00
K17127 : PHP vulnerability CVE-2014-9709
2015-08-14 00:00:00
K35239571 : PHP vulnerability CVE-2015-3329
2016-07-05 00:00:00
cve
cve
CVE-2014-9709
2015-03-30 10:59:00
CVE-2015-3329
2015-06-09 18:59:00
CVE-2015-2301
2015-03-30 10:59:00
prion
prion
Design/Logic Flaw
2015-03-30 10:59:00
Design/Logic Flaw
2015-03-30 10:59:00
Null pointer dereference
2015-03-30 10:59:00
debiancve
debiancve
CVE-2014-9709
2015-03-30 10:59:00
osv
osv
php5 - security update
2015-04-29 00:00:00
libgd2 - security update
2015-04-06 00:00:00
libgd2 - security update
2015-04-08 00:00:00
debian
debian
[SECURITY] [DLA 212-1] php5 security update
2015-04-29 20:45:33
[SECURITY] [DSA 3215-1] libgd2 security update
2015-04-06 18:33:02
[SECURITY] [DSA 3215-1] libgd2 security update
2015-04-06 18:33:02
hackerone
hackerone
Internet Bug Bounty: Buffer Over flow when parsing tar/zip/phar in phar_set_inode
2015-04-14 00:00:00
Internet Bug Bounty: Buffer Over-read in unserialize when parsing Phar
2015-03-29 00:00:00
Gratipay: PHP 5.4.45 is Outdated and Full of Preformance Interupting Arbitrary Code Execution Bugs
2016-04-16 22:49:59
veracode
veracode
Denial Of Service
2019-01-15 09:06:21
Denial Of Service (DoS)
2019-05-02 05:39:27
Denial Of Service (DoS)
2019-05-02 05:39:27
ubuntu
ubuntu
PHP vulnerabilities
2015-04-20 00:00:00
PHP vulnerabilities
2015-03-18 00:00:00
GD library vulnerabilities
2016-05-31 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP Multiple Function Stack Buffer Overflow (CVE-2015-3329; CVE-2016-10159)
2015-07-23 00:00:00
gentoo
gentoo
GD: Multiple vulnerabilities
2016-07-16 00:00:00
PHP: Multiple vulnerabilities
2016-06-19 00:00:00
kaspersky
kaspersky
KLA10514 Multiple vulnerabilities in PHP and plugins
2015-03-30 00:00:00
redhat
redhat
(RHSA-2015:1218) Moderate: php security update
2015-07-09 00:00:00
(RHSA-2015:1053) Moderate: php55 security and bug fix update
2015-06-04 00:00:00
(RHSA-2015:1066) Important: php54 security and bug fix update
2015-06-04 00:00:00
oraclelinux
oraclelinux
php security update
2015-07-09 00:00:00
php55 security and bug fix update
2016-02-04 00:00:00
php55-php security update
2016-02-04 00:00:00
centos
centos
php security update
2015-07-09 19:23:41
php security update
2015-06-24 03:28:02
cloudfoundry
cloudfoundry
USN-2987-1 GD library vulnerabilities | Cloud Foundry
2016-06-13 00:00:00
JSON
Related for ALA_ALAS-2015-509.NASL
amazon3openvas30nessus52freebsd1fedora3slackware1suse2securityvulns8mageia2archlinux1ubuntucve7f512cve6prion6debiancve1osv6debian8hackerone3veracode29ubuntu3checkpoint_advisories1gentoo2kaspersky1redhat4oraclelinux4centos2cloudfoundry1