Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20131121_PHP_ON_SL6_X.NASL
HistoryDec 04, 2013 - 12:00 a.m.

Scientific Linux Security Update : php on SL6.x i386/x86_64 (20131121)

2013-12-0400:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
JSON

It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243)

A flaw was found in PHP’s SSL client’s hostname identity check when handling certificates that contain hostnames with NULL bytes. If an attacker was able to get a carefully crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate to conduct man-in-the-middle attacks to spoof SSL servers.
(CVE-2013-4248)

It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension.
(CVE-2013-1643)

This update fixes the following bugs :

  • Previously, when the allow_call_time_pass_reference setting was disabled, a virtual host on the Apache server could terminate with a segmentation fault when attempting to process certain PHP content. This bug has been fixed and virtual hosts no longer crash when allow_call_time_pass_reference is off.

  • Prior to this update, if an error occurred during the operation of the fclose(), file_put_contents(), or copy() function, the function did not report it. This could have led to data loss. With this update, the aforementioned functions have been modified to properly report any errors.

  • The internal buffer for the SQLSTATE error code can store maximum of 5 characters. Previously, when certain calls exceeded this limit, a buffer overflow occurred.
    With this update, messages longer than 5 characters are automatically replaced with the default ‘HY000’ string, thus preventing the overflow.

In addition, this update adds the following enhancement :

  • This update adds the following rpm macros to the php package: %__php, %php_inidir, %php_incldir.

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(71198);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2006-7243", "CVE-2013-1643", "CVE-2013-4248");

  script_name(english:"Scientific Linux Security Update : php on SL6.x i386/x86_64 (20131121)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was found that PHP did not properly handle file names with a NULL
character. A remote attacker could possibly use this flaw to make a
PHP script access unexpected files and bypass intended file system
access restrictions. (CVE-2006-7243)

A flaw was found in PHP's SSL client's hostname identity check when
handling certificates that contain hostnames with NULL bytes. If an
attacker was able to get a carefully crafted certificate signed by a
trusted Certificate Authority, the attacker could use the certificate
to conduct man-in-the-middle attacks to spoof SSL servers.
(CVE-2013-4248)

It was found that the PHP SOAP parser allowed the expansion of
external XML entities during SOAP message parsing. A remote attacker
could possibly use this flaw to read arbitrary files that are
accessible to a PHP application using a SOAP extension.
(CVE-2013-1643)

This update fixes the following bugs :

  - Previously, when the allow_call_time_pass_reference
    setting was disabled, a virtual host on the Apache
    server could terminate with a segmentation fault when
    attempting to process certain PHP content. This bug has
    been fixed and virtual hosts no longer crash when
    allow_call_time_pass_reference is off.

  - Prior to this update, if an error occurred during the
    operation of the fclose(), file_put_contents(), or
    copy() function, the function did not report it. This
    could have led to data loss. With this update, the
    aforementioned functions have been modified to properly
    report any errors.

  - The internal buffer for the SQLSTATE error code can
    store maximum of 5 characters. Previously, when certain
    calls exceeded this limit, a buffer overflow occurred.
    With this update, messages longer than 5 characters are
    automatically replaced with the default 'HY000' string,
    thus preventing the overflow.

In addition, this update adds the following enhancement :

  - This update adds the following rpm macros to the php
    package: %__php, %php_inidir, %php_incldir.

After installing the updated packages, the httpd daemon must be
restarted for the update to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1312&L=scientific-linux-errata&T=0&P=814
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?a51e1a0d"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-zts");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/11/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"php-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-bcmath-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-cli-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-common-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-dba-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-debuginfo-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-devel-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-embedded-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-enchant-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-fpm-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-gd-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-imap-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-intl-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-ldap-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-mbstring-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-mysql-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-odbc-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-pdo-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-pgsql-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-process-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-pspell-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-recode-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-snmp-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-soap-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-tidy-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-xml-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-xmlrpc-5.3.3-26.el6")) flag++;
if (rpm_check(release:"SL6", reference:"php-zts-5.3.3-26.el6")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxphpp-cpe:/a:fermilab:scientific_linux:php
fermilabscientific_linuxphp-bcmathp-cpe:/a:fermilab:scientific_linux:php-bcmath
fermilabscientific_linuxphp-clip-cpe:/a:fermilab:scientific_linux:php-cli
fermilabscientific_linuxphp-commonp-cpe:/a:fermilab:scientific_linux:php-common
fermilabscientific_linuxphp-dbap-cpe:/a:fermilab:scientific_linux:php-dba
fermilabscientific_linuxphp-debuginfop-cpe:/a:fermilab:scientific_linux:php-debuginfo
fermilabscientific_linuxphp-develp-cpe:/a:fermilab:scientific_linux:php-devel
fermilabscientific_linuxphp-embeddedp-cpe:/a:fermilab:scientific_linux:php-embedded
fermilabscientific_linuxphp-enchantp-cpe:/a:fermilab:scientific_linux:php-enchant
fermilabscientific_linuxphp-fpmp-cpe:/a:fermilab:scientific_linux:php-fpm
Rows per page:
1-10 of 291

Related

openvas 52
nessus 65
redhat 4
centos 4
oraclelinux 4
fedora 11
ubuntucve 7
veracode 3
cve 6
seebug 1
freebsd 3
f5 6
ptsecurity 1
ubuntu 2
checkpoint_advisories 1
osv 3
debian 3
mageia 1
slackware 2
prion 5
thn 1
redhatcve 1
securityvulns 5
amazon 1
suse 5
ibm 2
openvas
openvas
Oracle Linux Local Check: ELSA-2013-1615
2015-10-06 00:00:00
RedHat Update for php RHSA-2013:1615-02
2013-11-21 00:00:00
RedHat Update for php RHSA-2013:1615-02
2013-11-21 00:00:00
nessus
nessus
CentOS 6 : php (CESA-2013:1615)
2014-11-12 00:00:00
RHEL 6 : php (RHSA-2013:1615)
2013-11-21 00:00:00
Oracle Linux 6 : php (ELSA-2013-1615)
2013-11-27 00:00:00
redhat
redhat
(RHSA-2013:1615) Moderate: php security, bug fix, and enhancement update
2013-11-21 00:00:00
(RHSA-2013:1307) Moderate: php53 security, bug fix and enhancement update
2013-09-30 16:52:28
(RHSA-2014:0311) Critical: php security update
2014-03-18 00:00:00
centos
centos
php security update
2013-11-26 13:32:36
php53 security update
2013-10-07 12:42:03
php security update
2014-03-19 01:15:26
oraclelinux
oraclelinux
php security, bug fix, and enhancement update
2013-11-25 00:00:00
php53 security, bug fix and enhancement update
2013-10-02 00:00:00
php security update
2014-03-18 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: php-5.4.19-1.fc18
2013-09-08 23:25:56
[SECURITY] Fedora 18 Update: php-5.4.23-1.fc18
2013-12-20 02:04:53
[SECURITY] Fedora 18 Update: php-5.4.16-1.fc18
2013-06-20 02:31:36
ubuntucve
ubuntucve
CVE-2006-7243
2011-01-18 00:00:00
CVE-2015-4025
2015-06-09 00:00:00
CVE-2015-2348
2015-03-30 00:00:00
veracode
veracode
Authorization Bypass
2019-01-15 08:51:41
XML External Entity (XXE)
2019-05-02 04:52:37
Man-in-the-Middle (MitM)
2019-05-02 04:52:37
cve
cve
CVE-2006-7243
2011-01-18 20:00:00
CVE-2015-4026
2015-06-09 18:59:00
CVE-2015-4025
2015-06-09 18:59:00
seebug
seebug
PHP空字符安全限制绕过漏洞(CVE-2006-7243)
2012-04-12 00:00:00
freebsd
freebsd
php -- NULL byte poisoning
2010-12-10 00:00:00
php5 -- Multiple vulnerabilities
2013-03-04 00:00:00
php -- multiple vulnerabilities
2015-05-14 00:00:00
f5
f5
K14433 : PHP SOAP vulnerability CVE-2013-1643
2013-09-17 00:00:00
SOL14433 - PHP SOAP vulnerability CVE-2013-1643
2013-05-30 00:00:00
SOL14909 - OpenSSL vulnerability CVE-2013-4248
2014-01-15 00:00:00
ptsecurity
ptsecurity
PT-2013-14: XML External Entities Injection in PHP
2013-03-14 00:00:00
ubuntu
ubuntu
PHP vulnerability
2013-03-13 00:00:00
PHP vulnerability
2013-09-05 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP SSL Certificate Validation Security Bypass (CVE-2013-4248)
2013-08-28 00:00:00
osv
osv
php5 - interpretation conflict
2013-08-26 00:00:00
php5 - security update
2016-02-29 00:00:00
php5 - several vulnerabilities
2013-03-05 00:00:00
debian
debian
[SECURITY] [DSA 2742-1] php5 security update
2013-08-26 19:50:29
[SECURITY] [DSA 2639-1] php5 security update
2013-03-05 17:22:41
[SECURITY] [DLA 444-1] php5 security update
2016-02-29 18:41:39
mageia
mageia
Updated php packages fix CVE-2013-4248 and prevent the two gd packages being installed at once
2013-08-30 21:30:10
slackware
slackware
[slackware-security] php
2013-08-30 07:46:30
php
2013-03-23 20:35:59
prion
prion
Design/Logic Flaw
2015-06-09 18:59:00
Code injection
2015-06-09 18:59:00
Information disclosure
2015-03-30 10:59:00
thn
thn
Seagate NAS Zero-Day Vulnerability allows Unauthorized Root Access Remotely
2015-03-01 00:50:00
redhatcve
redhatcve
CVE-2019-11044
2020-03-28 20:00:41
securityvulns
securityvulns
PHP securiy vulnerabilities
2013-03-02 00:00:00
[ MDVSA-2013:016 ] php
2013-03-02 00:00:00
[ MDVSA-2013:221 ] php
2013-08-28 00:00:00
amazon
amazon
Medium: php54
2013-09-19 15:28:00
suse
suse
Security update for PHP5 (important)
2013-08-09 23:04:16
Security update for PHP5 (important)
2013-08-01 00:04:12
Security update for PHP5 (important)
2013-08-09 23:04:20
ibm
ibm
Security Bulletin: Vulnerabilities in PHP affect IBM Chassis Management Module (CMM) (CVE-2013-4248, CVE-2013-6420, CVE-2014-2497, CVE-2014-4049)
2019-01-31 01:55:01
Security Bulletin: Vulnerabilities in php5 affect IBM Flex System Manager (FSM): (CVE-2013-4248 CVE-2013-6420 CVE-2014-2497 CVE-2014-4049)
2019-01-31 01:30:01
JSON
Related for SL_20131121_PHP_ON_SL6_X.NASL
openvas52nessus65redhat4centos4oraclelinux4fedora11ubuntucve7veracode3cve6seebug1freebsd3f56ptsecurity1ubuntu2checkpoint_advisories1osv3debian3mageia1slackware2prion5thn1redhatcve1securityvulns5amazon1suse5ibm2