Lucene search
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2016-670.NASLHistoryMar 17, 2016 - 12:00 a.m.
Amazon Linux AMI : php54 (ALAS-2016-670)
2016-03-1700:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets.
(CVE-2015-6837 , CVE-2015-6838)
A flaw was discovered in the way PHP performed object unserialization.
Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.
(CVE-2015-6834 , CVE-2015-6835 , CVE-2015-6836)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2016-670.
#
include("compat.inc");
if (description)
{
script_id(89967);
script_version("2.4");
script_cvs_date("Date: 2019/04/11 17:23:06");
script_cve_id("CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838");
script_xref(name:"ALAS", value:"2016-670");
script_name(english:"Amazon Linux AMI : php54 (ALAS-2016-670)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Amazon Linux AMI host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"A NULL pointer dereference flaw was found in the XSLTProcessor class
in PHP. An attacker could use this flaw to cause a PHP application to
crash if it performed Extensible Stylesheet Language (XSL)
transformations using untrusted XSLT files and allowed the use of PHP
functions to be used as XSLT functions within XSL stylesheets.
(CVE-2015-6837 , CVE-2015-6838)
A flaw was discovered in the way PHP performed object unserialization.
Specially crafted input processed by the unserialize() function could
cause a PHP application to crash or, possibly, execute arbitrary code.
(CVE-2015-6834 , CVE-2015-6835 , CVE-2015-6836)"
);
script_set_attribute(
attribute:"see_also",
value:"https://alas.aws.amazon.com/ALAS-2016-670.html"
);
script_set_attribute(
attribute:"solution",
value:"Run 'yum update php54' to update your system."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-bcmath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-cli");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-dba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-embedded");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-enchant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-fpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-imap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-intl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mbstring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mcrypt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mssql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-mysqlnd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pdo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-process");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-pspell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-recode");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-soap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-tidy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-xml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php54-xmlrpc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2016/03/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/17");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Amazon Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", reference:"php54-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-bcmath-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-cli-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-common-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-dba-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-debuginfo-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-devel-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-embedded-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-enchant-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-fpm-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-gd-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-imap-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-intl-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-ldap-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mbstring-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mcrypt-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mssql-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mysql-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-mysqlnd-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-odbc-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-pdo-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-pgsql-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-process-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-pspell-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-recode-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-snmp-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-soap-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-tidy-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-xml-5.4.45-1.75.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"php54-xmlrpc-5.4.45-1.75.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php54 / php54-bcmath / php54-cli / php54-common / php54-dba / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | php54 | p-cpe:/a:amazon:linux:php54 |
| amazon | linux | php54-bcmath | p-cpe:/a:amazon:linux:php54-bcmath |
| amazon | linux | php54-cli | p-cpe:/a:amazon:linux:php54-cli |
| amazon | linux | php54-common | p-cpe:/a:amazon:linux:php54-common |
| amazon | linux | php54-dba | p-cpe:/a:amazon:linux:php54-dba |
| amazon | linux | php54-debuginfo | p-cpe:/a:amazon:linux:php54-debuginfo |
| amazon | linux | php54-devel | p-cpe:/a:amazon:linux:php54-devel |
| amazon | linux | php54-embedded | p-cpe:/a:amazon:linux:php54-embedded |
| amazon | linux | php54-enchant | p-cpe:/a:amazon:linux:php54-enchant |
| amazon | linux | php54-fpm | p-cpe:/a:amazon:linux:php54-fpm |
References
Related
fedora
fedora
[SECURITY] Fedora 21 Update: php-5.6.13-1.fc21
2015-09-14 22:23:26
[SECURITY] Fedora 22 Update: php-5.6.13-1.fc22
2015-09-14 23:22:46
[SECURITY] Fedora 23 Update: php-5.6.13-1.fc23
2015-09-18 19:33:49
nessus
nessus
PHP 5.6.x < 5.6.13 Multiple Vulnerabilities
2019-01-09 00:00:00
Debian DSA-3358-1 : php5 - security update
2015-09-14 00:00:00
Slackware 14.0 / 14.1 / current : php (SSA:2015-274-02)
2015-10-02 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2015-274-02)
2022-04-21 00:00:00
Fedora Update for php FEDORA-2015-14977
2015-10-07 00:00:00
Debian: Security Advisory (DSA-3358-1)
2015-09-12 00:00:00
mageia
mageia
Updated php packages fix security vulnerabilities
2015-09-14 00:58:30
osv
osv
php5 - security update
2015-09-13 00:00:00
php5 - security update
2015-11-08 00:00:00
CVE-2016-9936
2017-01-04 20:59:00
debian
debian
[SECURITY] [DSA 3358-1] php5 security update
2015-09-13 14:58:00
[SECURITY] [DSA 3358-1] php5 security update
2015-09-13 14:58:00
[SECURITY] [DLA 341-1] php5 security update
2015-11-08 18:51:20
freebsd
freebsd
php -- multiple vulnerabilities
2015-09-03 00:00:00
slackware
slackware
[slackware-security] php
2015-10-01 21:35:28
f5
f5
securityvulns
securityvulns
PHP multiple security vulnerabilities
2015-09-15 00:00:00
[SECURITY] [DSA 3358-1] php5 security update
2015-09-15 00:00:00
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007
2015-10-25 00:00:00
amazon
amazon
ibm
ibm
suse
suse
Security update for php5 (important)
2015-10-08 16:10:07
Security update for php5 (important)
2015-09-25 11:09:46
Security update for php5 (important)
2015-09-25 15:09:56
cve
cve
ubuntucve
ubuntucve
prion
prion
Null pointer dereference
2016-05-16 10:59:00
Null pointer dereference
2016-05-16 10:59:00
Design/Logic Flaw
2016-05-16 10:59:00
ubuntu
ubuntu
PHP vulnerabilities
2015-09-30 00:00:00
veracode
veracode
Use After Free
2019-05-02 05:27:42
Denial Of Service (DoS)
2019-05-02 05:27:42
Denial Of Service (DoS)
2019-05-02 05:27:42
redhat
redhat
(RHSA-2016:0457) Moderate: rh-php56-php security update
2016-03-15 00:00:00
hackerone
hackerone
metasploit
metasploit
Joomla HTTP Header Unauthenticated Remote Code Execution
2015-12-15 17:03:36
debiancve
debiancve
CVE-2016-9936
2017-01-04 20:59:00
redhatcve
redhatcve
CVE-2016-9936
2016-12-14 14:47:50
packetstorm
packetstorm
Joomla HTTP Header Unauthenticated Remote Code Execution
2015-12-17 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2016-06-19 00:00:00
exploitpack
exploitpack
exploitdb
exploitdb
kaspersky
kaspersky
KLA10747 Obsolete PHP version in XAMPP & WAMP
2016-01-19 00:00:00
KLA10746 Multiple vulnerabilities in PHP
2016-01-19 00:00:00
cloudlinux
cloudlinux
Fix of 227 CVE
2020-10-15 12:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
Related for ALA_ALAS-2016-670.NASL