Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.ALA_ALAS-2015-584.NASL
HistoryAug 18, 2015 - 12:00 a.m.

Amazon Linux AMI : php55 (ALAS-2015-584) (BACKRONYM)

2015-08-1800:00:00
This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
www.tenable.com
29
JSON

PHP process crashes when processing an invalid file with the ‘phar’ extension. (CVE-2015-5589)

As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability.
(CVE-2015-3152)

PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue.
(CVE-2015-5590)

A flaw was discovered in the way PHP performed object unserialization.
Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.
(CVE-2015-6831 , CVE-2015-6832)

A flaw was found in the way the way PHP’s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-6833)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2015-584.
#

include("compat.inc");

if (description)
{
  script_id(85457);
  script_version("2.10");
  script_cvs_date("Date: 2018/04/18 15:09:35");

  script_cve_id("CVE-2015-3152", "CVE-2015-5589", "CVE-2015-5590", "CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833");
  script_xref(name:"ALAS", value:"2015-584");

  script_name(english:"Amazon Linux AMI : php55 (ALAS-2015-584) (BACKRONYM)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"PHP process crashes when processing an invalid file with the 'phar'
extension. (CVE-2015-5589)

As discussed upstream, mysqlnd is vulnerable to the attack described
in https://www.duosecurity.com/blog/backronym-mysql-vulnerability.
(CVE-2015-3152)

PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue.
(CVE-2015-5590)

A flaw was discovered in the way PHP performed object unserialization.
Specially crafted input processed by the unserialize() function could
cause a PHP application to crash or, possibly, execute arbitrary code.
(CVE-2015-6831 , CVE-2015-6832)

A flaw was found in the way the way PHP's Phar extension parsed Phar
archives. A specially crafted archive could cause PHP to crash or,
possibly, execute arbitrary code when opened. (CVE-2015-6833)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.php.net/bug.php?id=69669"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.duosecurity.com/blog/backronym-mysql-vulnerability"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2015-584.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update php55' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mssql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/08/17");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/18");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"php55-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-bcmath-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-cli-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-common-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-dba-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-debuginfo-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-devel-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-embedded-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-enchant-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-fpm-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-gd-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-gmp-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-imap-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-intl-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-ldap-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-mbstring-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-mcrypt-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-mssql-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-mysqlnd-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-odbc-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-opcache-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-pdo-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-pgsql-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-process-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-pspell-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-recode-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-snmp-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-soap-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-tidy-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-xml-5.5.28-1.106.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php55-xmlrpc-5.5.28-1.106.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php55 / php55-bcmath / php55-cli / php55-common / php55-dba / etc");
}
VendorProductVersionCPE
amazonlinuxphp55-pgsqlp-cpe:/a:amazon:linux:php55-pgsql
amazonlinuxphp55-processp-cpe:/a:amazon:linux:php55-process
amazonlinuxphp55-pspellp-cpe:/a:amazon:linux:php55-pspell
amazonlinuxphp55-recodep-cpe:/a:amazon:linux:php55-recode
amazonlinuxphp55-snmpp-cpe:/a:amazon:linux:php55-snmp
amazonlinuxphp55-soapp-cpe:/a:amazon:linux:php55-soap
amazonlinuxphp55-tidyp-cpe:/a:amazon:linux:php55-tidy
amazonlinuxphp55-xmlp-cpe:/a:amazon:linux:php55-xml
amazonlinuxphp55-xmlrpcp-cpe:/a:amazon:linux:php55-xmlrpc
amazonlinuxcpe:/o:amazon:linux
Rows per page:
1-10 of 321

Related

nessus 66
amazon 3
openvas 38
freebsd 3
osv 6
fedora 3
securityvulns 3
mageia 2
ubuntu 1
veracode 13
redhat 3
kaspersky 2
suse 6
hackerone 3
ubuntucve 9
cve 9
prion 9
debian 7
f5 2
mariadbunix 1
redhatcve 2
debiancve 1
thn 1
gentoo 1
slackware 1
ibm 1
cloudlinux 1
oraclelinux 1
centos 1
nessus
nessus
Amazon Linux AMI : php56 (ALAS-2015-585) (BACKRONYM)
2015-08-18 00:00:00
Amazon Linux AMI : php54 (ALAS-2015-583) (BACKRONYM)
2015-08-18 00:00:00
FreeBSD : php5 -- multiple vulnerabilities (787ef75e-44da-11e5-93ad-002590263bf5)
2015-08-18 00:00:00
amazon
amazon
Medium: php55
2015-08-17 12:41:00
Medium: php54
2015-08-17 12:39:00
Medium: php56
2015-08-17 12:46:00
openvas
openvas
PHP Multiple Vulnerabilities - 01 - Mar16 (Linux)
2016-03-01 00:00:00
PHP Multiple Vulnerabilities - 01 - Mar16 (Windows)
2016-03-01 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-583)
2015-09-08 00:00:00
freebsd
freebsd
php5 -- multiple vulnerabilities
2015-08-06 00:00:00
php-phar -- multiple vulnerabilities
2015-06-24 00:00:00
mysql -- SSL Downgrade
2015-03-20 00:00:00
osv
osv
php5 - security update
2015-08-27 00:00:00
php5 - security update
2015-11-08 00:00:00
CVE-2017-10789
2017-07-01 18:29:00
fedora
fedora
[SECURITY] Fedora 21 Update: php-5.6.11-1.fc21
2015-07-29 01:58:13
[SECURITY] Fedora 21 Update: mariadb-10.0.20-1.fc21
2015-07-10 19:10:52
[SECURITY] Fedora 22 Update: mariadb-10.0.20-1.fc22
2015-07-03 18:49:07
securityvulns
securityvulns
PHP security vulnerabilities
2015-08-31 00:00:00
[SECURITY] [DSA 3344-1] php5 security update
2015-08-31 00:00:00
[SECURITY] [DSA 3311-1] mariadb-10.0 security update
2015-07-20 00:00:00
mageia
mageia
Updated php package fixes security vulnerabilities
2015-07-23 12:39:14
Updated mariadb package fixes security vulnerabilities
2015-07-27 12:53:07
ubuntu
ubuntu
PHP vulnerabilities
2015-09-30 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:27:42
Use-After-Free
2019-05-02 05:27:42
Use-After-Free
2019-05-02 05:27:42
redhat
redhat
(RHSA-2016:0457) Moderate: rh-php56-php security update
2016-03-15 00:00:00
(RHSA-2015:1665) Moderate: mariadb security update
2015-08-24 00:00:00
(RHSA-2015:1647) Moderate: mariadb55-mariadb security update
2015-08-20 00:00:00
kaspersky
kaspersky
KLA10747 Obsolete PHP version in XAMPP & WAMP
2016-01-19 00:00:00
KLA10746 Multiple vulnerabilities in PHP
2016-01-19 00:00:00
suse
suse
Security update for php5 (important)
2015-09-25 15:09:56
Security update for php5 (important)
2015-09-25 11:09:46
Security update for php53 (important)
2015-10-26 15:09:54
hackerone
hackerone
Internet Bug Bounty: Dangling pointer in the unserialization of ArrayObject items
2015-07-13 00:00:00
Internet Bug Bounty: Files extracted from archive may be placed outside of destination directory
2015-07-08 00:00:00
Internet Bug Bounty: Multiple Use After Free Vulnerabilites in unserialize()
2015-07-30 00:00:00
ubuntucve
ubuntucve
CVE-2015-6833
2015-08-27 00:00:00
CVE-2015-6832
2015-08-27 00:00:00
CVE-2015-5589
2015-07-20 00:00:00
cve
cve
CVE-2015-6832
2016-01-19 05:59:00
CVE-2015-6833
2016-01-19 05:59:00
CVE-2015-5589
2016-05-16 10:59:00
prion
prion
Design/Logic Flaw
2016-01-19 05:59:00
Directory traversal
2016-01-19 05:59:00
Design/Logic Flaw
2016-05-16 10:59:00
debian
debian
[SECURITY] [DSA 3344-1] php5 security update
2015-08-27 15:00:09
[SECURITY] [DLA 341-1] php5 security update
2015-11-08 18:51:20
[SECURITY] [DSA 3344-1] php5 security update
2015-08-27 15:00:09
f5
f5
K16845 : MySQL vulnerability CVE-2015-3152
2015-07-02 00:00:00
SOL16845 - MySQL vulnerability CVE-2015-3152
2015-07-02 00:00:00
mariadbunix
mariadbunix
CVE-2015-3152
2016-05-16 10:59:00
redhatcve
redhatcve
CVE-2016-4473
2016-08-22 20:48:41
CVE-2017-10789
2017-07-04 10:49:05
debiancve
debiancve
CVE-2017-10789
2017-07-01 18:29:00
thn
thn
3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!
2016-12-28 23:45:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2016-06-19 00:00:00
slackware
slackware
[slackware-security] php
2015-07-17 20:25:21
ibm
ibm
Security Bulletin: IBM Tealeaf Customer Experience PCA Web UI PHP security issues
2018-06-16 19:50:01
cloudlinux
cloudlinux
Fix of 227 CVE
2020-10-15 12:00:00
oraclelinux
oraclelinux
mariadb security update
2015-08-24 00:00:00
centos
centos
mariadb security update
2015-08-25 16:08:22
JSON
Related for ALA_ALAS-2015-584.NASL
nessus66amazon3openvas38freebsd3osv6fedora3securityvulns3mageia2ubuntu1veracode13redhat3kaspersky2suse6hackerone3ubuntucve9cve9prion9debian7f52mariadbunix1redhatcve2debiancve1thn1gentoo1slackware1ibm1cloudlinux1oraclelinux1centos1