Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2014-12341.NASL
HistoryNov 03, 2014 - 12:00 a.m.

Fedora 21 : php-ZendFramework-1.12.9-1.fc21 (2014-12341)

2014-11-0300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

Contains fixes for two security relevant bugs :

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2014-12341.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(78786);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2014-8088", "CVE-2014-8089");
  script_bugtraq_id(70011, 70378);
  script_xref(name:"FEDORA", value:"2014-12341");

  script_name(english:"Fedora 21 : php-ZendFramework-1.12.9-1.fc21 (2014-12341)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Contains fixes for two security relevant bugs :

  - 'ZF2014-05: Anonymous authentication in ldap_bind()
    function of PHP, using null byte'
    (http://framework.zend.com/security/advisory/ZF2014-05)

  - 'ZF2014-06: SQL injection vector when manually quoting
    values for sqlsrv extension, using null byte'
    (http://framework.zend.com/security/advisory/ZF2014-06)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://framework.zend.com/security/advisory/ZF2014-05
  script_set_attribute(
    attribute:"see_also",
    value:"https://framework.zend.com/security/advisory/ZF2014-05"
  );
  # http://framework.zend.com/security/advisory/ZF2014-06
  script_set_attribute(
    attribute:"see_also",
    value:"https://framework.zend.com/security/advisory/ZF2014-06"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1151276"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1151277"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/141794.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?8a913f6f"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected php-ZendFramework package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-ZendFramework");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/10/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/03");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC21", reference:"php-ZendFramework-1.12.9-1.fc21")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php-ZendFramework");
}
VendorProductVersionCPE
fedoraprojectfedoraphp-zendframeworkp-cpe:/a:fedoraproject:fedora:php-zendframework
fedoraprojectfedora21cpe:/o:fedoraproject:fedora:21

Related

fedora 8
nessus 10
mageia 1
openvas 9
amazon 1
cve 2
prion 2
ubuntucve 2
securityvulns 5
osv 4
debian 4
rapid7blog 1
fedora
fedora
[SECURITY] Fedora 19 Update: php-ZendFramework-1.12.9-1.fc19
2014-10-17 08:37:23
[SECURITY] Fedora 21 Update: php-ZendFramework2-2.3.3-1.fc21
2014-10-16 02:00:15
[SECURITY] Fedora 21 Update: php-ZendFramework-1.12.9-1.fc21
2014-11-01 16:20:08
nessus
nessus
Fedora 19 : php-ZendFramework2-2.2.8-2.fc19 (2014-14043)
2014-11-11 00:00:00
Fedora 21 : php-ZendFramework2-2.3.3-1.fc21 (2014-12676)
2014-10-16 00:00:00
Fedora 20 : php-ZendFramework2-2.3.3-2.fc20 (2014-13302)
2014-10-29 00:00:00
mageia
mageia
Updated php-ZendFramework packages fix security vulnerabilities
2014-10-29 14:30:40
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-460)
2015-09-08 00:00:00
Fedora Update for php-ZendFramework2 FEDORA-2014-14043
2014-11-11 00:00:00
Fedora Update for php-ZendFramework FEDORA-2014-12344
2014-10-18 00:00:00
amazon
amazon
Medium: php-ZendFramework
2014-12-11 14:23:00
cve
cve
CVE-2014-8089
2020-02-17 22:15:00
CVE-2014-8088
2014-10-22 14:55:00
prion
prion
Sql injection
2020-02-17 22:15:00
Authentication flaw
2014-10-22 14:55:00
ubuntucve
ubuntucve
CVE-2014-8089
2020-02-17 00:00:00
CVE-2014-8088
2014-10-22 00:00:00
securityvulns
securityvulns
[ MDVSA-2014:216 ] php-ZendFramework
2014-12-01 00:00:00
[ MDVSA-2015:097 ] php-ZendFramework
2015-05-12 00:00:00
[SECURITY] [DSA 3265-1] zendframework security update
2015-06-08 00:00:00
osv
osv
zendframework - security update
2015-05-20 00:00:00
zendframework - regression update
2015-05-20 00:00:00
zendframework - regression update
2015-06-23 00:00:00
debian
debian
[SECURITY] [DSA 3265-1] zendframework security update
2015-05-20 09:37:25
[SECURITY] [DSA 3265-2] zendframework regression update
2015-05-24 11:55:24
[SECURITY] [DLA 251-2] zendframework regression update
2015-06-23 20:26:59
rapid7blog
rapid7blog
NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS
2021-01-29 14:20:22
JSON
Related for FEDORA_2014-12341.NASL
fedora8nessus10mageia1openvas9amazon1cve2prion2ubuntucve2securityvulns5osv4debian4rapid7blog1