Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SLACKWARE_SSA_2015-162-02.NASL
HistoryJun 12, 2015 - 12:00 a.m.

Slackware 14.0 / 14.1 / current : php (SSA:2015-162-02)

2015-06-1200:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
JSON

New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Slackware Security Advisory 2015-162-02. The text 
# itself is copyright (C) Slackware Linux, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(84127);
  script_version("2.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2006-7243", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026");
  script_bugtraq_id(44951, 74700, 74902, 74903, 74904, 75056);
  script_xref(name:"SSA", value:"2015-162-02");

  script_name(english:"Slackware 14.0 / 14.1 / current : php (SSA:2015-162-02)");
  script_summary(english:"Checks for updated package in /var/log/packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Slackware host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"New php packages are available for Slackware 14.0, 14.1, and -current
to fix security issues."
  );
  # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.414774
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?cd9704a8"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:php");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/06/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Slackware Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("slackware.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);


flag = 0;
if (slackware_check(osver:"14.0", pkgname:"php", pkgver:"5.4.41", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++;
if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"php", pkgver:"5.4.41", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++;

if (slackware_check(osver:"14.1", pkgname:"php", pkgver:"5.4.41", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++;
if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"php", pkgver:"5.4.41", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++;

if (slackware_check(osver:"current", pkgname:"php", pkgver:"5.6.9", pkgarch:"i586", pkgnum:"1")) flag++;
if (slackware_check(osver:"current", arch:"x86_64", pkgname:"php", pkgver:"5.6.9", pkgarch:"x86_64", pkgnum:"1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
slackwareslackware_linuxphpp-cpe:/a:slackware:slackware_linux:php
slackwareslackware_linuxcpe:/o:slackware:slackware_linux
slackwareslackware_linux14.0cpe:/o:slackware:slackware_linux:14.0
slackwareslackware_linux14.1cpe:/o:slackware:slackware_linux:14.1

Related

nessus 50
slackware 2
openvas 38
amazon 5
fedora 3
freebsd 3
mageia 1
securityvulns 6
f5 12
ubuntucve 15
debian 3
redhat 6
osv 3
prion 9
cve 10
oraclelinux 4
openwrt 1
veracode 9
seebug 1
ubuntu 2
debiancve 2
mariadbunix 2
hackerone 2
checkpoint_advisories 3
suse 2
thn 1
centos 3
redhatcve 1
nessus
nessus
PHP 5.6.x < 5.6.9 Multiple Vulnerabilities
2015-06-18 00:00:00
Tenable SecurityCenter Multiple PHP Vulnerabilities (TNS-2015-06)
2015-08-20 00:00:00
PHP 5.6.x < 5.6.9 Multiple Vulnerabilities
2015-05-18 00:00:00
slackware
slackware
[slackware-security] php
2015-06-11 23:01:25
[slackware-security] php
2015-07-17 20:25:21
openvas
openvas
Slackware: Security Advisory (SSA:2015-162-02)
2022-04-21 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-534)
2015-09-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-536)
2015-09-08 00:00:00
amazon
amazon
Important: php56
2015-06-02 22:22:00
Important: php54
2015-06-02 22:20:00
Medium: php55
2015-06-02 22:21:00
fedora
fedora
[SECURITY] Fedora 22 Update: php-5.6.9-1.fc22
2015-05-26 03:40:42
[SECURITY] Fedora 21 Update: php-5.6.9-1.fc21
2015-05-27 16:13:20
[SECURITY] Fedora 20 Update: php-5.5.25-1.fc20
2015-05-27 16:23:41
freebsd
freebsd
php -- multiple vulnerabilities
2015-05-14 00:00:00
pcre -- multiple vulnerabilities
2015-04-28 00:00:00
php -- NULL byte poisoning
2010-12-10 00:00:00
mageia
mageia
Updated php packages fix security vulnerabilities
2015-05-18 22:08:05
securityvulns
securityvulns
PHP multiple security vulnerabilities
2015-06-13 00:00:00
[SECURITY] [DSA 3280-1] php5 security update
2015-06-08 00:00:00
PCRE multiple security vulnerabilities
2015-08-02 00:00:00
f5
f5
K16993 : PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026
2015-07-22 00:00:00
SOL16993 - PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026
2015-07-22 00:00:00
SOL16983 - PCRE library vulnerability CVE-2015-2325
2015-07-22 00:00:00
ubuntucve
ubuntucve
CVE-2015-4026
2015-06-09 00:00:00
CVE-2015-4025
2015-06-09 00:00:00
CVE-2015-5073
2015-06-26 00:00:00
debian
debian
[SECURITY] [DSA 3280-1] php5 security update
2015-06-07 17:06:52
[SECURITY] [DLA 307-1] php5 security update
2015-09-07 20:21:46
[SECURITY] [DLA 444-1] php5 security update
2016-02-29 18:41:39
redhat
redhat
(RHSA-2015:1219) Moderate: php54-php security update
2015-07-09 00:00:00
(RHSA-2015:1186) Important: php55-php security update
2015-06-25 00:00:00
(RHSA-2015:1187) Important: rh-php56-php security update
2015-06-25 00:00:00
osv
osv
php5 - security update
2015-06-07 00:00:00
php5 - security update
2015-09-07 00:00:00
php5 - security update
2016-02-29 00:00:00
prion
prion
Design/Logic Flaw
2015-06-09 18:59:00
Code injection
2015-06-09 18:59:00
Out-of-bounds
2020-01-14 17:15:00
cve
cve
CVE-2015-4026
2015-06-09 18:59:00
CVE-2015-4025
2015-06-09 18:59:00
CVE-2006-7243
2011-01-18 20:00:00
oraclelinux
oraclelinux
php54-php security update
2016-02-04 00:00:00
php55-php security update
2016-02-04 00:00:00
php security update
2014-03-18 00:00:00
openwrt
openwrt
php: Security update (7 CVEs)
2016-01-28 12:23:45
veracode
veracode
Arbitrary File Write
2019-05-02 05:39:55
Heap-based Buffer Overflow
2019-05-02 05:39:55
Improper Input Validation
2019-05-02 05:39:56
seebug
seebug
PHP空字符安全限制绕过漏洞(CVE-2006-7243)
2012-04-12 00:00:00
ubuntu
ubuntu
PCRE vulnerabilities
2015-07-29 00:00:00
PHP vulnerabilities
2015-07-06 00:00:00
debiancve
debiancve
CVE-2015-2325
2020-01-14 17:15:00
CVE-2015-2326
2020-01-14 17:15:00
mariadbunix
mariadbunix
CVE-2015-2326
2020-01-14 17:15:00
CVE-2015-2325
2020-01-14 17:15:00
hackerone
hackerone
Internet Bug Bounty: Memory Corruption in phar_parse_tarfile when entry filename starts with null
2015-04-15 00:00:00
Internet Bug Bounty: Integer overflow in ftp_genlist() resulting in heap overflow
2015-04-28 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP Multipart Remote Denial of Service (CVE-2015-4024)
2015-06-30 00:00:00
PHP phar_parse_tarfile method Integer Overflow (CVE-2015-4021)
2015-07-20 00:00:00
PHP ftp_genlist method Integer Overflow (CVE-2015-4022)
2015-07-01 00:00:00
suse
suse
Security update for php5 (important)
2015-07-17 10:12:10
Security update for php5 (important)
2015-07-17 11:08:12
thn
thn
Seagate NAS Zero-Day Vulnerability allows Unauthorized Root Access Remotely
2015-03-01 00:50:00
centos
centos
php security update
2014-03-19 01:15:26
php security update
2013-11-26 13:32:36
php security update
2015-07-09 19:23:41
redhatcve
redhatcve
CVE-2019-11044
2020-03-28 20:00:41
JSON
Related for SLACKWARE_SSA_2015-162-02.NASL
nessus50slackware2openvas38amazon5fedora3freebsd3mageia1securityvulns6f512ubuntucve15debian3redhat6osv3prion9cve10oraclelinux4openwrt1veracode9seebug1ubuntu2debiancve2mariadbunix2hackerone2checkpoint_advisories3suse2thn1centos3redhatcve1