Lucene search

K
nessusThis script is Copyright (C) 2012-2022 Tenable Network Security, Inc.PHP_5_4_5.NASL
HistoryJul 20, 2012 - 12:00 a.m.

PHP 5.4.x < 5.4.5 _php_stream_scandir Overflow

2012-07-2000:00:00
This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.
www.tenable.com
72

According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.5, and is, therefore, potentially affected by an unspecified overflow vulnerability in the function ‘_php_stream_scandir’ in the file ‘main/streams/streams.c’.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(60086);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2012-2688");
  script_bugtraq_id(54638);

  script_name(english:"PHP 5.4.x < 5.4.5 _php_stream_scandir Overflow");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server uses a version of PHP that is affected by
an overflow vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of PHP installed on the remote
host is 5.4.x earlier than 5.4.5, and is, therefore, potentially
affected by an unspecified overflow vulnerability in the function
'_php_stream_scandir' in the file 'main/streams/streams.c'.");
  script_set_attribute(attribute:"see_also", value:"http://www.php.net/ChangeLog-5.php#5.4.5");
  script_set_attribute(attribute:"solution", value:
"Upgrade to PHP version 5.4.5 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/07/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/20");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.");

  script_dependencies("php_version.nasl");
  script_require_keys("www/PHP");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");

port = get_http_port(default:80, php:TRUE);

php = get_php_from_kb(
  port : port,
  exit_on_fail : TRUE
);

version = php["ver"];
source = php["src"];

backported = get_kb_item('www/php/'+port+'/'+version+'/backported');

if (report_paranoia < 2 && backported)
  audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");

if (version !~ "^5\.4\.") exit(0, "The web server listening on port "+port+" does not use PHP version 5.4.x.");
if (version =~ "^5\.4\.[0-4]($|[^0-9])")
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Version source    : '+source +
      '\n  Installed version : '+version+
      '\n  Fixed version     : 5.4.5\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
VendorProductVersionCPE
phpphpcpe:/a:php:php