Fedora 19 : php-5.5.12-1.fc19 (2014-5984)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2014-5984.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(73956);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2014-0185");
  script_bugtraq_id(67118);
  script_xref(name:"FEDORA", value:"2014-5984");

  script_name(english:"Fedora 19 : php-5.5.12-1.fc19 (2014-5984)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Notice: to fix CVE-2014-0185 this version change default php-fpm unix
domain socket permission to 660 (instead of 666). Check your
configuration if php-fpm use UDS (default configuration use a network
socket).

Upstream Changelog: 01 May 2014, PHP 5.5.12 Core :

  - Fixed bug #61019 (Out of memory on command
    stream_get_contents). (Mike)

    - Fixed bug #64330 (stream_socket_server() creates wrong
      Abstract Namespace UNIX sockets). (Mike)

    - Fixed bug #66182 (exit in stream filter produces
      segfault). (Mike)

    - Fixed bug #66736 (fpassthru broken). (Mike)

    - Fixed bug #67024 (getimagesize should recognize BMP
      files with negative height). (Gabor Buella)

    - Fixed bug #67043 (substr_compare broke by previous
      change) (Tjerk)

cURL :

  - Fixed bug #66562 (curl_exec returns differently than
    curl_multi_getcontent). (Freek Lijten)

Date :

  - Fixed bug #66721 (__wakeup of DateTime segfaults when
    invalid object data is supplied). (Boro Sitnikovski)

Embed :

  - Fixed bug #65715 (php5embed.lib isn't provided anymore).
    (Anatol).

Fileinfo :

  - Fixed bug #66987 (Memory corruption in fileinfo ext /
    bigendian). (Remi)

FPM :

  - Fixed bug #66482 (unknown entry 'priority' in
    php-fpm.conf).

    - Fixed bug #67060 (possible privilege escalation due to
      insecure default configuration). (CVE-2014-0185)
      (christian at hoffie dot info)

LDAP :

  - Fixed issue with null bytes in LDAP bindings. (Matthew
    Daley)

mysqli :

  - Fixed problem in mysqli_commit()/mysqli_rollback() with
    second parameter (extra comma) and third parameters
    (lack of escaping). (Andrey)

OpenSSL :

  - Fix bug #66942 (memory leak in openssl_seal()). (Chuan
    Ma)

    - Fix bug #66952 (memory leak in openssl_open()). (Chuan
      Ma)

SimpleXML :

  - Fixed bug #66084 (simplexml_load_string() mangles empty
    node name) (Anatol)

SQLite :

  - Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3).
    (Anatol)

XSL :

  - Fixed bug #53965 (<xsl:include> cannot find files with
    relative paths when loaded with 'file://'). (Anatol)

Apache2 Handler SAPI :

  - Fixed Apache log issue caused by APR's lack of support
    for %zu (APR issue
    https://issues.apache.org/bugzilla/show_bug.cgi?id=56120
    ). (Jeff Trawick)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1092815"
  );
  # https://issues.apache.org/bugzilla/show_bug.cgi?id=56120
  script_set_attribute(
    attribute:"see_also",
    value:"https://bz.apache.org/bugzilla/show_bug.cgi?id=56120"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133189.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4a043602"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/05/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC19", reference:"php-5.5.12-1.fc19")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
}