MiracleLinux 3 : php-5.1.6-24.5.1.AXS3 (AXSA:2010-78:01)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2010-78:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(283975);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/14");

  script_cve_id(
    "CVE-2009-2687",
    "CVE-2009-3291",
    "CVE-2009-3292",
    "CVE-2009-3546",
    "CVE-2009-4017",
    "CVE-2009-4142"
  );

  script_name(english:"MiracleLinux 3 : php-5.1.6-24.5.1.AXS3 (AXSA:2010-78:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2010-78:01 advisory.

    PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write
    dynamically generated webpages. PHP also offers built-in database integration for several commercial and
    non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly
    simple. The most common use of PHP coding is probably as a replacement for CGI scripts.
    The php package contains the module which adds support for the PHP language to Apache HTTP Server.
    Security issues fixed with this release:
    CVE-2009-2687
    The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a
    denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than
    CVE-2005-3353.
    CVE-2009-3291
    The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform
    certificate validation, which has unknown impact and attack vectors, probably related to an ability to
    spoof certificates.
    CVE-2009-3292
    Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack
    vectors related to 'missing sanity checks around exif processing.'
    CVE-2009-3546
    The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library
    2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers
    to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability
    than CVE-2009-3293. NOTE: some of these details are obtained from third party information.
    CVE-2009-4017
    PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when
    handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service
    (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion
    vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
    CVE-2009-4142
    The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences,
    (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to
    conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/1232");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-3546");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2009-4142");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/01/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-ncurses");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-oci8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'php-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-bcmath-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-cli-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-common-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-dba-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-devel-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-gd-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-imap-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-ldap-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-mbstring-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-mysql-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-ncurses-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-oci8-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-odbc-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-pdo-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-pgsql-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-snmp-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-soap-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-xml-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-xmlrpc-5.1.6-24.5.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc');
}