Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2015-534.NASL
HistoryJun 04, 2015 - 12:00 a.m.

Amazon Linux AMI : php54 (ALAS-2015-534)

2015-06-0400:00:00
This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP’s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021)

An integer overflow flaw leading to a heap based buffer overflow was found in the way PHP’s FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.
(CVE-2015-4022)

A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025)

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026)

PCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325)

PCRE library is prone to a vulnerability which leads to Heap overflow.
Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application.
(CVE-2015-2326)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2015-534.
#

include("compat.inc");

if (description)
{
  script_id(83973);
  script_version("2.4");
  script_cvs_date("Date: 2020/01/27");

  script_cve_id("CVE-2015-2325", "CVE-2015-2326", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026");
  script_xref(name:"ALAS", value:"2015-534");

  script_name(english:"Amazon Linux AMI : php54 (ALAS-2015-534)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An integer underflow flaw leading to out-of-bounds memory access was
found in the way PHP's Phar extension parsed Phar archives. A
specially crafted archive could cause PHP to crash or, possibly,
execute arbitrary code when opened. (CVE-2015-4021)

An integer overflow flaw leading to a heap based buffer overflow was
found in the way PHP's FTP extension parsed file listing FTP server
responses. A malicious FTP server could use this flaw to cause a PHP
application to crash or, possibly, execute arbitrary code.
(CVE-2015-4022)

A flaw was found in the way PHP parsed multipart HTTP POST requests. A
specially crafted request could cause PHP to use an excessive amount
of CPU time. (CVE-2015-4024)

It was found that certain PHP functions did not properly handle file
names containing a NULL character. A remote attacker could possibly
use this flaw to make a PHP script access unexpected files and bypass
intended file system access restrictions. (CVE-2015-4025)

It was found that certain PHP functions did not properly handle file
names containing a NULL character. A remote attacker could possibly
use this flaw to make a PHP script access unexpected files and bypass
intended file system access restrictions. (CVE-2015-4026)

PCRE library is prone to a heap overflow vulnerability. Due to
insufficient bounds checking inside compile_branch(), the heap memory
could be overflowed via a crafted regular expression. Since PCRE
library is widely used, this vulnerability should affect many
applications using it. An attacker may exploit this issue to execute
arbitrary code in the context of the user running the affected
application. (CVE-2015-2325)

PCRE library is prone to a vulnerability which leads to Heap overflow.
Without enough bound checking inside pcre_compile2(), the heap memory
could be overflowed via a crafted regular expression. Since PCRE
library is widely used, this vulnerability should affect many
applications. An attacker may exploit this issue to execute arbitrary
code in the context of the user running the affected application.
(CVE-2015-2326)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2015-534.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update php54' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mssql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/06/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"php54-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-bcmath-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-cli-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-common-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-dba-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-debuginfo-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-devel-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-embedded-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-enchant-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-fpm-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-gd-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-imap-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-intl-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-ldap-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mbstring-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mcrypt-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mssql-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mysql-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mysqlnd-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-odbc-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-pdo-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-pgsql-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-process-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-pspell-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-recode-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-snmp-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-soap-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-tidy-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-xml-5.4.41-1.69.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-xmlrpc-5.4.41-1.69.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php54 / php54-bcmath / php54-cli / php54-common / php54-dba / etc");
}
VendorProductVersionCPE
amazonlinuxphp54p-cpe:/a:amazon:linux:php54
amazonlinuxphp54-bcmathp-cpe:/a:amazon:linux:php54-bcmath
amazonlinuxphp54-clip-cpe:/a:amazon:linux:php54-cli
amazonlinuxphp54-commonp-cpe:/a:amazon:linux:php54-common
amazonlinuxphp54-dbap-cpe:/a:amazon:linux:php54-dba
amazonlinuxphp54-debuginfop-cpe:/a:amazon:linux:php54-debuginfo
amazonlinuxphp54-develp-cpe:/a:amazon:linux:php54-devel
amazonlinuxphp54-embeddedp-cpe:/a:amazon:linux:php54-embedded
amazonlinuxphp54-enchantp-cpe:/a:amazon:linux:php54-enchant
amazonlinuxphp54-fpmp-cpe:/a:amazon:linux:php54-fpm
Rows per page:
1-10 of 311

Related

nessus 53
amazon 5
openvas 36
slackware 2
securityvulns 6
mageia 1
fedora 3
freebsd 2
debian 2
redhat 5
osv 2
oraclelinux 4
f5 14
ubuntucve 13
veracode 9
prion 8
ubuntu 3
cve 8
debiancve 2
mariadbunix 2
hackerone 2
checkpoint_advisories 3
suse 4
openwrt 1
centos 2
ibm 5
gentoo 1
rosalinux 1
nessus
nessus
Amazon Linux AMI : php56 (ALAS-2015-536)
2015-06-04 00:00:00
PHP 5.6.x < 5.6.9 Multiple Vulnerabilities
2015-06-18 00:00:00
Tenable SecurityCenter Multiple PHP Vulnerabilities (TNS-2015-06)
2015-08-20 00:00:00
amazon
amazon
Important: php56
2015-06-02 22:22:00
Important: php54
2015-06-02 22:20:00
Medium: php55
2015-06-02 22:21:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-534)
2015-09-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-536)
2015-09-08 00:00:00
Slackware: Security Advisory (SSA:2015-162-02)
2022-04-21 00:00:00
slackware
slackware
[slackware-security] php
2015-06-11 23:01:25
[slackware-security] php
2015-07-17 20:25:21
securityvulns
securityvulns
PHP multiple security vulnerabilities
2015-06-13 00:00:00
[SECURITY] [DSA 3280-1] php5 security update
2015-06-08 00:00:00
PCRE multiple security vulnerabilities
2015-08-02 00:00:00
mageia
mageia
Updated php packages fix security vulnerabilities
2015-05-18 22:08:05
fedora
fedora
[SECURITY] Fedora 22 Update: php-5.6.9-1.fc22
2015-05-26 03:40:42
[SECURITY] Fedora 21 Update: php-5.6.9-1.fc21
2015-05-27 16:13:20
[SECURITY] Fedora 20 Update: php-5.5.25-1.fc20
2015-05-27 16:23:41
freebsd
freebsd
php -- multiple vulnerabilities
2015-05-14 00:00:00
pcre -- multiple vulnerabilities
2015-04-28 00:00:00
debian
debian
[SECURITY] [DSA 3280-1] php5 security update
2015-06-07 17:06:52
[SECURITY] [DLA 307-1] php5 security update
2015-09-07 20:21:46
redhat
redhat
(RHSA-2015:1219) Moderate: php54-php security update
2015-07-09 00:00:00
(RHSA-2015:1187) Important: rh-php56-php security update
2015-06-25 00:00:00
(RHSA-2015:1186) Important: php55-php security update
2015-06-25 00:00:00
osv
osv
php5 - security update
2015-06-07 00:00:00
php5 - security update
2015-09-07 00:00:00
oraclelinux
oraclelinux
php54-php security update
2016-02-04 00:00:00
php55-php security update
2016-02-04 00:00:00
php security update
2015-07-09 00:00:00
f5
f5
SOL16993 - PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026
2015-07-22 00:00:00
K16993 : PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026
2015-07-22 00:00:00
SOL16983 - PCRE library vulnerability CVE-2015-2325
2015-07-22 00:00:00
ubuntucve
ubuntucve
CVE-2015-4026
2015-06-09 00:00:00
CVE-2015-2326
2015-04-01 00:00:00
CVE-2015-2325
2015-04-01 00:00:00
veracode
veracode
Improper Input Validation
2019-05-02 05:39:56
Heap-based Buffer Overflow
2019-05-02 05:39:55
Arbitrary File Write
2019-05-02 05:39:55
prion
prion
Out-of-bounds
2020-01-14 17:15:00
Out-of-bounds
2020-01-14 17:15:00
Design/Logic Flaw
2015-06-09 18:59:00
ubuntu
ubuntu
PCRE vulnerabilities
2015-07-29 00:00:00
PHP vulnerabilities
2015-07-06 00:00:00
PCRE vulnerabilities
2016-03-29 00:00:00
cve
cve
CVE-2015-2325
2020-01-14 17:15:00
CVE-2015-2326
2020-01-14 17:15:00
CVE-2015-4024
2015-06-09 18:59:00
debiancve
debiancve
CVE-2015-2325
2020-01-14 17:15:00
CVE-2015-2326
2020-01-14 17:15:00
mariadbunix
mariadbunix
CVE-2015-2325
2020-01-14 17:15:00
CVE-2015-2326
2020-01-14 17:15:00
hackerone
hackerone
Internet Bug Bounty: Memory Corruption in phar_parse_tarfile when entry filename starts with null
2015-04-15 00:00:00
Internet Bug Bounty: Integer overflow in ftp_genlist() resulting in heap overflow
2015-04-28 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP Multipart Remote Denial of Service (CVE-2015-4024)
2015-06-30 00:00:00
PHP phar_parse_tarfile method Integer Overflow (CVE-2015-4021)
2015-07-20 00:00:00
PHP ftp_genlist method Integer Overflow (CVE-2015-4022)
2015-07-01 00:00:00
suse
suse
Security update for php5 (important)
2015-07-17 11:08:12
Security update for php5 (important)
2015-07-17 10:12:10
Security update for mariadb (important)
2015-07-21 16:08:23
openwrt
openwrt
php: Security update (7 CVEs)
2016-01-28 12:23:45
centos
centos
php security update
2015-07-09 19:23:41
php security update
2015-06-24 03:28:02
ibm
ibm
Security Bulletin: Multiple vulnerabilities in php affect IBM Flex System Manger (FSM)
2019-01-31 02:10:01
Security Bulletin: IBM Tealeaf Customer Experience PCA Web UI PHP security issues
2018-06-16 19:50:01
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by multiple vulnerabilities in GNU C Library (glibc), krb5 and php
2020-11-02 20:22:51
gentoo
gentoo
PHP: Multiple vulnerabilities
2016-06-19 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1947
2021-07-02 17:40:57
JSON
Related for ALA_ALAS-2015-534.NASL
nessus53amazon5openvas36slackware2securityvulns6mageia1fedora3freebsd2debian2redhat5osv2oraclelinux4f514ubuntucve13veracode9prion8ubuntu3cve8debiancve2mariadbunix2hackerone2checkpoint_advisories3suse4openwrt1centos2ibm5gentoo1rosalinux1