Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20130930_PHP53_ON_SL5_X.NASL
HistoryOct 11, 2013 - 12:00 a.m.

Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20130930)

2013-10-1100:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
JSON

It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243)

It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398)

A flaw was found in PHP’s SSL client’s hostname identity check when handling certificates that contain hostnames with NULL bytes. If an attacker was able to get a carefully crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate to conduct man-in-the-middle attacks to spoof SSL servers.
(CVE-2013-4248)

An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688)

It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831)

It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension.
(CVE-2013-1643)

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(70389);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2006-7243", "CVE-2011-1398", "CVE-2012-0831", "CVE-2012-2688", "CVE-2013-1643", "CVE-2013-4248");

  script_name(english:"Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20130930)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was found that PHP did not properly handle file names with a NULL
character. A remote attacker could possibly use this flaw to make a
PHP script access unexpected files and bypass intended file system
access restrictions. (CVE-2006-7243)

It was found that PHP did not check for carriage returns in HTTP
headers, allowing intended HTTP response splitting protections to be
bypassed. Depending on the web browser the victim is using, a remote
attacker could use this flaw to perform HTTP response splitting
attacks. (CVE-2011-1398)

A flaw was found in PHP's SSL client's hostname identity check when
handling certificates that contain hostnames with NULL bytes. If an
attacker was able to get a carefully crafted certificate signed by a
trusted Certificate Authority, the attacker could use the certificate
to conduct man-in-the-middle attacks to spoof SSL servers.
(CVE-2013-4248)

An integer signedness issue, leading to a heap-based buffer underflow,
was found in the PHP scandir() function. If a remote attacker could
upload an excessively large number of files to a directory the
scandir() function runs on, it could cause the PHP interpreter to
crash or, possibly, execute arbitrary code. (CVE-2012-2688)

It was found that PHP did not correctly handle the magic_quotes_gpc
configuration directive. This could result in magic_quotes_gpc input
escaping not being applied in all cases, possibly making it easier for
a remote attacker to perform SQL injection attacks. (CVE-2012-0831)

It was found that the PHP SOAP parser allowed the expansion of
external XML entities during SOAP message parsing. A remote attacker
could possibly use this flaw to read arbitrary files that are
accessible to a PHP application using a SOAP extension.
(CVE-2013-1643)

After installing the updated packages, the httpd daemon must be
restarted for the update to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1310&L=scientific-linux-errata&T=0&P=809
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?98848f7c"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:unixODBC");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:unixODBC-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:unixODBC-kde");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:unixODBC-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:unixODBC64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:unixODBC64-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:unixODBC64-libs");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/11");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"php53-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-bcmath-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-cli-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-common-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-dba-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-debuginfo-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-devel-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-gd-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-imap-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-intl-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-ldap-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-mbstring-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-mysql-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-odbc-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-pdo-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-pgsql-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-process-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-pspell-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-snmp-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-soap-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-xml-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"php53-xmlrpc-5.3.3-21.el5")) flag++;
if (rpm_check(release:"SL5", reference:"unixODBC-2.2.11-10.el5")) flag++;
if (rpm_check(release:"SL5", reference:"unixODBC-devel-2.2.11-10.el5")) flag++;
if (rpm_check(release:"SL5", reference:"unixODBC-kde-2.2.11-10.el5")) flag++;
if (rpm_check(release:"SL5", reference:"unixODBC-libs-2.2.11-10.el5")) flag++;
if (rpm_check(release:"SL5", reference:"unixODBC64-2.2.14-3.el5")) flag++;
if (rpm_check(release:"SL5", reference:"unixODBC64-devel-2.2.14-3.el5")) flag++;
if (rpm_check(release:"SL5", reference:"unixODBC64-libs-2.2.14-3.el5")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php53 / php53-bcmath / php53-cli / php53-common / php53-dba / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxphp53p-cpe:/a:fermilab:scientific_linux:php53
fermilabscientific_linuxphp53-bcmathp-cpe:/a:fermilab:scientific_linux:php53-bcmath
fermilabscientific_linuxphp53-clip-cpe:/a:fermilab:scientific_linux:php53-cli
fermilabscientific_linuxphp53-commonp-cpe:/a:fermilab:scientific_linux:php53-common
fermilabscientific_linuxphp53-dbap-cpe:/a:fermilab:scientific_linux:php53-dba
fermilabscientific_linuxphp53-debuginfop-cpe:/a:fermilab:scientific_linux:php53-debuginfo
fermilabscientific_linuxphp53-develp-cpe:/a:fermilab:scientific_linux:php53-devel
fermilabscientific_linuxphp53-gdp-cpe:/a:fermilab:scientific_linux:php53-gd
fermilabscientific_linuxphp53-imapp-cpe:/a:fermilab:scientific_linux:php53-imap
fermilabscientific_linuxphp53-intlp-cpe:/a:fermilab:scientific_linux:php53-intl
Rows per page:
1-10 of 301

Related

nessus 55
openvas 61
centos 5
redhat 5
oraclelinux 5
ubuntu 3
fedora 5
ubuntucve 7
veracode 6
cve 9
seebug 3
freebsd 3
prion 8
slackware 2
f5 4
amazon 1
ptsecurity 1
checkpoint_advisories 1
osv 2
debian 3
mageia 1
suse 5
thn 1
redhatcve 1
securityvulns 2
nessus
nessus
RHEL 5 : php53 (RHSA-2013:1307)
2013-10-01 00:00:00
CentOS 5 : php53 (CESA-2013:1307)
2014-11-12 00:00:00
Oracle Linux 5 : php53 (ELSA-2013-1307)
2013-10-03 00:00:00
openvas
openvas
RedHat Update for php53 RHSA-2013:1307-01
2013-10-03 00:00:00
RedHat Update for php53 RHSA-2013:1307-01
2013-10-03 00:00:00
Oracle Linux Local Check: ELSA-2013-1307
2015-10-06 00:00:00
centos
centos
php53 security update
2013-10-07 12:42:03
php security update
2013-02-27 19:37:21
php security update
2013-11-26 13:32:36
redhat
redhat
(RHSA-2013:1307) Moderate: php53 security, bug fix and enhancement update
2013-09-30 16:52:28
(RHSA-2013:1615) Moderate: php security, bug fix, and enhancement update
2013-11-21 00:00:00
(RHSA-2013:0514) Moderate: php security, bug fix and enhancement update
2013-02-21 00:00:00
oraclelinux
oraclelinux
php53 security, bug fix and enhancement update
2013-10-02 00:00:00
php security, bug fix, and enhancement update
2013-11-25 00:00:00
php security update
2013-12-10 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2012-09-17 00:00:00
PHP vulnerability
2013-03-13 00:00:00
PHP vulnerability
2013-09-05 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: php-5.4.19-1.fc18
2013-09-08 23:25:56
[SECURITY] Fedora 17 Update: maniadrive-1.2-43.fc17
2012-08-05 21:27:45
[SECURITY] Fedora 16 Update: maniadrive-1.2-32.fc16.7
2012-08-05 21:22:14
ubuntucve
ubuntucve
CVE-2006-7243
2011-01-18 00:00:00
CVE-2012-2688
2012-07-20 00:00:00
CVE-2012-0831
2012-02-02 00:00:00
veracode
veracode
Authorization Bypass
2019-01-15 08:51:41
Remote Code Execution (RCE)
2019-05-02 04:52:37
HTTP Response Splitting
2019-01-15 08:53:17
cve
cve
CVE-2006-7243
2011-01-18 20:00:00
CVE-2011-1398
2012-08-30 22:55:00
CVE-2012-2688
2012-07-20 10:40:00
seebug
seebug
PHP空字符安全限制绕过漏洞(CVE-2006-7243)
2012-04-12 00:00:00
PHP '_php_stream_scandir()'缓冲区溢出漏洞
2012-07-25 00:00:00
PHP 'magic_quotes_gpc'安全绕过漏洞(CVE-2012-0831)
2012-02-13 00:00:00
freebsd
freebsd
php -- NULL byte poisoning
2010-12-10 00:00:00
php5 -- header splitting attack via carriage-return character
2011-11-06 00:00:00
php -- potential overflow in _php_stream_scandir
2012-07-19 00:00:00
prion
prion
Design/Logic Flaw
2012-08-30 22:55:00
Buffer overflow
2012-07-20 10:40:00
Sql injection
2012-02-10 20:55:00
slackware
slackware
[slackware-security] php
2012-07-22 23:48:31
[slackware-security] php
2013-08-30 07:46:30
f5
f5
K15480 : PHP vulnerability CVE-2012-2688
2014-08-07 00:00:00
SOL15480 - PHP vulnerability CVE-2012-2688
2014-08-06 00:00:00
K14433 : PHP SOAP vulnerability CVE-2013-1643
2013-09-17 00:00:00
amazon
amazon
Low: php
2012-08-05 14:14:00
ptsecurity
ptsecurity
PT-2013-14: XML External Entities Injection in PHP
2013-03-14 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP SSL Certificate Validation Security Bypass (CVE-2013-4248)
2013-08-28 00:00:00
osv
osv
php5 - interpretation conflict
2013-08-26 00:00:00
php5 - several
2012-08-13 00:00:00
debian
debian
[SECURITY] [DSA 2742-1] php5 security update
2013-08-26 19:50:29
[SECURITY] [DSA 2639-1] php5 security update
2013-03-05 17:22:41
[SECURITY] [DSA 2527-1] php5 security update
2012-08-13 18:16:56
mageia
mageia
Updated php packages fix CVE-2013-4248 and prevent the two gd packages being installed at once
2013-08-30 21:30:10
suse
suse
Security update for PHP5 (important)
2013-08-09 22:04:14
Security update for PHP5 (important)
2012-09-14 02:08:28
Security update for php5 (important)
2012-08-24 14:08:28
thn
thn
Seagate NAS Zero-Day Vulnerability allows Unauthorized Root Access Remotely
2015-03-01 00:50:00
redhatcve
redhatcve
CVE-2019-11044
2020-03-28 20:00:41
securityvulns
securityvulns
[ MDVSA-2012:108 ] php
2012-07-30 00:00:00
PHP securiy vulnerabilities
2013-03-02 00:00:00
JSON
Related for SL_20130930_PHP53_ON_SL5_X.NASL
nessus55openvas61centos5redhat5oraclelinux5ubuntu3fedora5ubuntucve7veracode6cve9seebug3freebsd3prion8slackware2f54amazon1ptsecurity1checkpoint_advisories1osv2debian3mageia1suse5thn1redhatcve1securityvulns2