Slackware 10.2 / 11.0 / current : php (SSA:2007-127-01)

2007-05-1000:00:00

www.tenable.com

New php packages are available for Slackware 10.2, 11.0, and -current to improve the stability and security of PHP. Quite a few bugs were fixed – please see http://www.php.net for a detailed list. All sites that use PHP are encouraged to upgrade. Please note that we haven’t tested all PHP applications for backwards compatibility with this new upgrade, so you should have the old package on hand just in case. Both PHP 4.4.7 and PHP 5.2.2 updates have been provided.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Slackware Security Advisory 2007-127-01. The text 
# itself is copyright (C) Slackware Linux, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(25174);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2007-1001");
  script_xref(name:"SSA", value:"2007-127-01");

  script_name(english:"Slackware 10.2 / 11.0 / current : php (SSA:2007-127-01)");
  script_summary(english:"Checks for updated package in /var/log/packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Slackware host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"New php packages are available for Slackware 10.2, 11.0, and -current
to improve the stability and security of PHP. Quite a few bugs were
fixed -- please see http://www.php.net for a detailed list. All sites
that use PHP are encouraged to upgrade. Please note that we haven't
tested all PHP applications for backwards compatibility with this new
upgrade, so you should have the old package on hand just in case. Both
PHP 4.4.7 and PHP 5.2.2 updates have been provided."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.php.net"
  );
  # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.470053
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6b93491f"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:php");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:11.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/05/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/05/10");
  script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
  script_family(english:"Slackware Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("slackware.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);


flag = 0;
if (slackware_check(osver:"10.2", pkgname:"php", pkgver:"4.4.7", pkgarch:"i486", pkgnum:"1_slack10.2")) flag++;

if (slackware_check(osver:"11.0", pkgname:"php", pkgver:"4.4.7", pkgarch:"i486", pkgnum:"1_slack11.0")) flag++;

if (slackware_check(osver:"current", pkgname:"php", pkgver:"4.4.7", pkgarch:"i486", pkgnum:"1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
slackwareslackware_linuxphpp-cpe:/a:slackware:slackware_linux:php
slackwareslackware_linuxcpe:/o:slackware:slackware_linux
slackwareslackware_linux10.2cpe:/o:slackware:slackware_linux:10.2
slackwareslackware_linux11.0cpe:/o:slackware:slackware_linux:11.0

Vendor	Product	Version	CPE
slackware	slackware_linux	php	p-cpe:/a:slackware:slackware_linux:php
slackware	slackware_linux		cpe:/o:slackware:slackware_linux
slackware	slackware_linux	10.2	cpe:/o:slackware:slackware_linux:10.2
slackware	slackware_linux	11.0	cpe:/o:slackware:slackware_linux:11.0