According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.5, and is, therefore, potentially affected by an unspecified overflow vulnerability in the function β_php_stream_scandirβ in the file βmain/streams/streams.cβ.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(60086);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2012-2688");
script_bugtraq_id(54638);
script_name(english:"PHP 5.4.x < 5.4.5 _php_stream_scandir Overflow");
script_set_attribute(attribute:"synopsis", value:
"The remote web server uses a version of PHP that is affected by
an overflow vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its banner, the version of PHP installed on the remote
host is 5.4.x earlier than 5.4.5, and is, therefore, potentially
affected by an unspecified overflow vulnerability in the function
'_php_stream_scandir' in the file 'main/streams/streams.c'.");
script_set_attribute(attribute:"see_also", value:"http://www.php.net/ChangeLog-5.php#5.4.5");
script_set_attribute(attribute:"solution", value:
"Upgrade to PHP version 5.4.5 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/19");
script_set_attribute(attribute:"patch_publication_date", value:"2012/07/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/20");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.");
script_dependencies("php_version.nasl");
script_require_keys("www/PHP");
script_require_ports("Services/www", 80);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");
port = get_http_port(default:80, php:TRUE);
php = get_php_from_kb(
port : port,
exit_on_fail : TRUE
);
version = php["ver"];
source = php["src"];
backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
if (report_paranoia < 2 && backported)
audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
if (version !~ "^5\.4\.") exit(0, "The web server listening on port "+port+" does not use PHP version 5.4.x.");
if (version =~ "^5\.4\.[0-4]($|[^0-9])")
{
if (report_verbosity > 0)
{
report =
'\n Version source : '+source +
'\n Installed version : '+version+
'\n Fixed version : 5.4.5\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);