SuSE 11.1 Security Update : PHP5 (SAT Patch Number 4663)

2011-06-17T00:00:00

Description

This PHP5 update fixes : - CVE-2011-0421: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P): Input Validation (CWE-20) - CVE-2011-1092: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189) - CVE-2011-1148: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Resource Management Errors (CWE-399) - CVE-2011-1464: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) - CVE-2011-1469: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) - CVE-2011-1470: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Input Validation (CWE-20) - CVE-2011-1471: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Numeric Errors (CWE-189) - CVE references:. (CVE-2011-1938: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)) - CVE-2011-1470 - CVE-2011-1471 - CVE-2011-1092 - CVE-2011-1464 - CVE-2011-1468 - CVE-2011-1467 - CVE-2011-0421 - CVE-2011-1469 - CVE-2011-1148 - CVE-2011-1938

{"id": "SUSE_11_APACHE2-MOD_PHP5-110601.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "SuSE 11.1 Security Update : PHP5 (SAT Patch Number 4663)", "description": "This PHP5 update fixes :\n\n - CVE-2011-0421: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P): Input Validation (CWE-20)\n\n - CVE-2011-1092: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189)\n\n - CVE-2011-1148: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Resource Management Errors (CWE-399)\n\n - CVE-2011-1464: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-1469: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n - CVE-2011-1470: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Input Validation (CWE-20)\n\n - CVE-2011-1471: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Numeric Errors (CWE-189)\n\n - CVE references:. (CVE-2011-1938: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P))\n\n - CVE-2011-1470\n\n - CVE-2011-1471\n\n - CVE-2011-1092\n\n - CVE-2011-1464\n\n - CVE-2011-1468\n\n - CVE-2011-1467\n\n - CVE-2011-0421\n\n - CVE-2011-1469\n\n - CVE-2011-1148\n\n - CVE-2011-1938", "published": "2011-06-17T00:00:00", "modified": "2021-01-19T00:00:00", "epss": [{"cve": "CVE-2011-0421", "epss": 0.03035, "percentile": 0.8988, "modified": "2023-12-06"}, {"cve": "CVE-2011-1092", "epss": 0.02758, "percentile": 0.89453, "modified": "2023-12-06"}, {"cve": "CVE-2011-1148", "epss": 0.01579, "percentile": 0.85857, "modified": "2023-12-06"}, {"cve": "CVE-2011-1464", "epss": 0.02227, "percentile": 0.88294, "modified": "2023-12-06"}, {"cve": "CVE-2011-1467", "epss": 0.01481, "percentile": 0.8531, "modified": "2023-12-06"}, {"cve": "CVE-2011-1468", "epss": 0.13003, "percentile": 0.94957, "modified": "2023-12-06"}, {"cve": "CVE-2011-1469", "epss": 0.0153, "percentile": 0.85585, "modified": "2023-12-06"}, {"cve": "CVE-2011-1470", "epss": 0.01907, "percentile": 0.87215, "modified": "2023-12-06"}, {"cve": "CVE-2011-1471", "epss": 0.0303, "percentile": 0.89872, "modified": "2023-12-06"}, {"cve": "CVE-2011-1938", "epss": 0.01856, "percentile": 0.8697, "modified": "2023-12-06"}], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/55165", "reporter": "This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1471", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421", "http://support.novell.com/security/cve/CVE-2011-1092.html", "http://support.novell.com/security/cve/CVE-2011-1467.html", "https://bugzilla.novell.com/show_bug.cgi?id=681194", "http://support.novell.com/security/cve/CVE-2011-1471.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938", "http://support.novell.com/security/cve/CVE-2011-1468.html", "https://bugzilla.novell.com/show_bug.cgi?id=695689", "http://support.novell.com/security/cve/CVE-2011-1464.html", "https://bugzilla.novell.com/show_bug.cgi?id=681214", "http://support.novell.com/security/cve/CVE-2011-1148.html", "http://support.novell.com/security/cve/CVE-2011-1938.html", "https://bugzilla.novell.com/show_bug.cgi?id=681210", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1464", "https://bugzilla.novell.com/show_bug.cgi?id=679278", "http://support.novell.com/security/cve/CVE-2011-0421.html", "http://support.novell.com/security/cve/CVE-2011-1469.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1467", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1092", "http://support.novell.com/security/cve/CVE-2011-1470.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1469", "https://bugzilla.novell.com/show_bug.cgi?id=677782", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148", "https://bugzilla.novell.com/show_bug.cgi?id=681291", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1468", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1470"], "cvelist": ["CVE-2011-0421", "CVE-2011-1092", "CVE-2011-1148", "CVE-2011-1464", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471", "CVE-2011-1938"], "immutableFields": [], "lastseen": "2023-12-07T15:06:30", "viewCount": 21, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2011-007"]}, {"type": "centos", "idList": ["CESA-2011:1423", "CESA-2012:0033"]}, {"type": "cve", "idList": ["CVE-2011-0421", "CVE-2011-1092", "CVE-2011-1148", "CVE-2011-1464", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471", "CVE-2011-1938"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2262-2:2E683", "DEBIAN:DSA-2266-1:4FAC3", "DEBIAN:DSA-2399-1:367BF", "DEBIAN:DSA-2399-2:BC1FA", "DEBIAN:DSA-2408-1:B808D"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-0421"]}, {"type": "exploitdb", "idList": ["EDB-ID:16966", "EDB-ID:17004", "EDB-ID:17318", "EDB-ID:17486"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:2DC667606D7AA02656ADD5D51EDFFA58", "EXPLOITPACK:73762C9D0D011D0F7F7CAA1D670C463F", "EXPLOITPACK:DCB6D1527114BF4939903A3FD787537D", "EXPLOITPACK:E01EEEA67E34582F2A422D4CD1795D05"]}, {"type": "f5", "idList": ["F5:K13518", "F5:K13519", "F5:K15441", "SOL13518", "SOL13519", "SOL15441", "SOL15903"]}, {"type": "fedora", "idList": ["FEDORA:25045C0AD1", "FEDORA:2AA70C0AD2", "FEDORA:420B0E7205", "FEDORA:510BA87E81", "FEDORA:57E68110E3B", "FEDORA:5BFF4110F9B", "FEDORA:5FE0A110FDE", "FEDORA:6126137D07", "FEDORA:7869DC0ACF", "FEDORA:7F9E2C0AD1", "FEDORA:805B3C0ACF", "FEDORA:836B9C0AD2", "FEDORA:8A8DC1119DF", "FEDORA:8F60E111A68", "FEDORA:92E21111A84", "FEDORA:C705211199E", "FEDORA:CD55C111A26", "FEDORA:D0393111A65"]}, {"type": "freebsd", "idList": ["057BF770-CAC4-11E0-AEA3-00215C6A37BB", "FE853666-56CE-11E0-9668-001FD0D616CF"]}, {"type": "gentoo", "idList": ["GLSA-201110-06"]}, {"type": "nessus", "idList": ["5824.PRM", "6015.PRM", "801082.PRM", "801087.PRM", "ALA_ALAS-2011-07.NASL", "ALA_ALAS-2011-7.NASL", "CENTOS_RHSA-2011-1423.NASL", "CENTOS_RHSA-2012-0033.NASL", "DEBIAN_DSA-2266.NASL", "DEBIAN_DSA-2399.NASL", "DEBIAN_DSA-2408.NASL", "F5_BIGIP_SOL13519.NASL", "FEDORA_2011-11464.NASL", "FEDORA_2011-11528.NASL", "FEDORA_2011-11537.NASL", "FEDORA_2011-3614.NASL", "FEDORA_2011-3636.NASL", "FEDORA_2011-3666.NASL", "FREEBSD_PKG_057BF770CAC411E0AEA300215C6A37BB.NASL", "FREEBSD_PKG_FE85366656CE11E09668001FD0D616CF.NASL", "GENTOO_GLSA-201110-06.NASL", "HPSMH_7_0_0_24.NASL", "MACOSX_10_7_3.NASL", "MACOSX_SECUPD2011-006.NASL", "MACOSX_SECUPD2012-001.NASL", "MANDRIVA_MDVSA-2011-052.NASL", "MANDRIVA_MDVSA-2011-053.NASL", "MANDRIVA_MDVSA-2011-099.NASL", "MANDRIVA_MDVSA-2011-165.NASL", "ORACLELINUX_ELSA-2011-1423.NASL", "ORACLELINUX_ELSA-2012-0033.NASL", "PHP_5_3_6.NASL", "PHP_5_3_7.NASL", "REDHAT-RHSA-2011-1423.NASL", "REDHAT-RHSA-2012-0033.NASL", "SLACKWARE_SSA_2011-210-01.NASL", "SLACKWARE_SSA_2011-237-01.NASL", "SL_20111102_PHP53_AND_PHP_ON_SL5_X.NASL", "SL_20120118_PHP_ON_SL5_X.NASL", "SUSE_11_2_LIBZIP-DEVEL-110321.NASL", "SUSE_11_3_APACHE2-MOD_PHP5-110601.NASL", "SUSE_11_3_LIBZIP-DEVEL-110321.NASL", "SUSE_11_4_APACHE2-MOD_PHP5-110601.NASL", "SUSE_11_4_LIBZIP-DEVEL-110321.NASL", "SUSE_11_LIBZIP1-110321.NASL", "SUSE_APACHE2-MOD_PHP5-7553.NASL", "SUSE_APACHE2-MOD_PHP5-7554.NASL", "UBUNTU_USN-1126-1.NASL", "UBUNTU_USN-1126-2.NASL", "UBUNTU_USN-1231-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310103113", "OPENVAS:1361412562310110013", "OPENVAS:1361412562310120517", "OPENVAS:1361412562310122011", "OPENVAS:1361412562310122061", "OPENVAS:136141256231069359", "OPENVAS:136141256231069973", "OPENVAS:136141256231069976", "OPENVAS:136141256231070257", "OPENVAS:136141256231070716", "OPENVAS:136141256231070717", "OPENVAS:136141256231070769", "OPENVAS:136141256231071135", "OPENVAS:136141256231071955", "OPENVAS:136141256231071962", "OPENVAS:1361412562310802336", "OPENVAS:1361412562310802392", "OPENVAS:1361412562310831352", "OPENVAS:1361412562310831353", "OPENVAS:1361412562310831407", "OPENVAS:1361412562310831484", "OPENVAS:1361412562310840636", "OPENVAS:1361412562310840646", "OPENVAS:1361412562310840782", "OPENVAS:1361412562310862968", "OPENVAS:1361412562310862969", "OPENVAS:1361412562310862972", "OPENVAS:1361412562310862973", "OPENVAS:1361412562310862974", "OPENVAS:1361412562310862975", "OPENVAS:1361412562310863518", "OPENVAS:1361412562310863520", "OPENVAS:1361412562310863523", "OPENVAS:1361412562310863524", "OPENVAS:1361412562310863527", "OPENVAS:1361412562310863531", "OPENVAS:1361412562310863788", "OPENVAS:1361412562310863794", "OPENVAS:1361412562310863875", "OPENVAS:1361412562310870510", "OPENVAS:1361412562310870531", "OPENVAS:1361412562310881028", "OPENVAS:1361412562310881147", "OPENVAS:1361412562310881333", "OPENVAS:1361412562310902356", "OPENVAS:1361412562310902436", "OPENVAS:69359", "OPENVAS:69973", "OPENVAS:69976", "OPENVAS:70257", "OPENVAS:70716", "OPENVAS:70717", "OPENVAS:70769", "OPENVAS:71135", "OPENVAS:71955", "OPENVAS:71962", "OPENVAS:802336", "OPENVAS:802392", "OPENVAS:831352", "OPENVAS:831353", "OPENVAS:831407", "OPENVAS:831484", "OPENVAS:840636", "OPENVAS:840646", "OPENVAS:840782", "OPENVAS:862968", "OPENVAS:862969", "OPENVAS:862972", "OPENVAS:862973", "OPENVAS:862974", "OPENVAS:862975", "OPENVAS:863518", "OPENVAS:863520", "OPENVAS:863523", "OPENVAS:863524", "OPENVAS:863527", "OPENVAS:863531", "OPENVAS:863788", "OPENVAS:863794", "OPENVAS:863875", "OPENVAS:870510", "OPENVAS:870531", "OPENVAS:881028", "OPENVAS:881147", "OPENVAS:881333"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1423", "ELSA-2012-0033", "ELSA-2012-1046"]}, {"type": "osv", "idList": ["OSV:DSA-2266-1", "OSV:DSA-2399-1", "OSV:DSA-2408-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:101665", "PACKETSTORM:102751", "PACKETSTORM:99445"]}, {"type": "prion", "idList": ["PRION:CVE-2011-0421", "PRION:CVE-2011-1092", "PRION:CVE-2011-1148", "PRION:CVE-2011-1464", "PRION:CVE-2011-1467", "PRION:CVE-2011-1468", "PRION:CVE-2011-1469", "PRION:CVE-2011-1470", "PRION:CVE-2011-1471", "PRION:CVE-2011-1938"]}, {"type": "redhat", "idList": ["RHSA-2011:1423", "RHSA-2012:0033"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:25952", "SECURITYVULNS:DOC:26262", "SECURITYVULNS:DOC:26931", "SECURITYVULNS:DOC:27147", "SECURITYVULNS:DOC:27155", "SECURITYVULNS:DOC:27600", "SECURITYVULNS:DOC:28070", "SECURITYVULNS:VULN:11512", "SECURITYVULNS:VULN:11634", "SECURITYVULNS:VULN:11879", "SECURITYVULNS:VULN:11973", "SECURITYVULNS:VULN:12164"]}, {"type": "seebug", "idList": ["SSV:20381", "SSV:20382", "SSV:20390", "SSV:20391", "SSV:20393", "SSV:20394", "SSV:20395", "SSV:20582", "SSV:20694", "SSV:71455", "SSV:71487", "SSV:71717", "SSV:71847"]}, {"type": "slackware", "idList": ["SSA-2011-210-01", "SSA-2011-237-01"]}, {"type": "thn", "idList": ["THN:08954A860D959956C8714EEB14A0BC1A"]}, {"type": "ubuntu", "idList": ["USN-1126-1", "USN-1126-2", "USN-1231-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-0421", "UB:CVE-2011-1092", "UB:CVE-2011-1148", "UB:CVE-2011-1464", "UB:CVE-2011-1467", "UB:CVE-2011-1468", "UB:CVE-2011-1469", "UB:CVE-2011-1470", "UB:CVE-2011-1471", "UB:CVE-2011-1938"]}, {"type": "veracode", "idList": ["VERACODE:24744", "VERACODE:24746", "VERACODE:24747", "VERACODE:24748", "VERACODE:24749"]}]}, "score": {"value": 7.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2011:1423", "CESA-2012:0033"]}, {"type": "cve", "idList": ["CVE-2011-0421", "CVE-2011-1092", "CVE-2011-1148", "CVE-2011-1464", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2262-2:2E683"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-0421"]}, {"type": "exploitdb", "idList": ["EDB-ID:17004"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:E01EEEA67E34582F2A422D4CD1795D05"]}, {"type": "f5", "idList": ["SOL13518", "SOL13519", "SOL15441", "SOL15903"]}, {"type": "fedora", "idList": ["FEDORA:CD55C111A26"]}, {"type": "freebsd", "idList": ["057BF770-CAC4-11E0-AEA3-00215C6A37BB", "FE853666-56CE-11E0-9668-001FD0D616CF"]}, {"type": "gentoo", "idList": ["GLSA-201110-06"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GENTOO-LINUX-CVE-2011-1469/"]}, {"type": "nessus", "idList": ["6303.PRM", "DEBIAN_DSA-2266.NASL", "FEDORA_2011-11464.NASL", "FEDORA_2011-11528.NASL", "FEDORA_2011-3636.NASL", "MACOSX_10_7_3.NASL", "SUSE_11_3_LIBZIP-DEVEL-110321.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107443", "OPENVAS:1361412562310802392", "OPENVAS:1361412562310863875", "OPENVAS:70717", "OPENVAS:840782", "OPENVAS:863518", "OPENVAS:863875"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0033"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:101665"]}, {"type": "redhat", "idList": ["RHSA-2012:0033"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11512"]}, {"type": "seebug", "idList": ["SSV:20390"]}, {"type": "ubuntu", "idList": ["USN-1231-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-1470", "UB:CVE-2011-1471"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2011-0421", "epss": 0.03035, "percentile": 0.89475, "modified": "2023-05-07"}, {"cve": "CVE-2011-1092", "epss": 0.02758, "percentile": 0.8903, "modified": "2023-05-07"}, {"cve": "CVE-2011-1148", "epss": 0.01579, "percentile": 0.85359, "modified": "2023-05-07"}, {"cve": "CVE-2011-1464", "epss": 0.02012, "percentile": 0.87155, "modified": "2023-05-07"}, {"cve": "CVE-2011-1467", "epss": 0.01481, "percentile": 0.84818, "modified": "2023-05-07"}, {"cve": "CVE-2011-1468", "epss": 0.13003, "percentile": 0.94646, "modified": "2023-05-07"}, {"cve": "CVE-2011-1469", "epss": 0.0153, "percentile": 0.85092, "modified": "2023-05-07"}, {"cve": "CVE-2011-1470", "epss": 0.01907, "percentile": 0.86762, "modified": "2023-05-07"}, {"cve": "CVE-2011-1471", "epss": 0.03002, "percentile": 0.89409, "modified": "2023-05-07"}, {"cve": "CVE-2011-1938", "epss": 0.01989, "percentile": 0.87071, "modified": "2023-05-07"}], "vulnersScore": 7.4}, "_state": {"dependencies": 1701980487, "score": 1701980238, "epss": 0}, "_internal": {"score_hash": "9ac22806e2110d4d9c779c5a4451d229"}, "pluginID": "55165", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55165);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0421\", \"CVE-2011-1092\", \"CVE-2011-1148\", \"CVE-2011-1464\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\", \"CVE-2011-1938\");\n\n script_name(english:\"SuSE 11.1 Security Update : PHP5 (SAT Patch Number 4663)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This PHP5 update fixes :\n\n - CVE-2011-0421: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:N/A:P): Input Validation (CWE-20)\n\n - CVE-2011-1092: CVSS v2 Base Score: 5.1\n (AV:N/AC:H/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189)\n\n - CVE-2011-1148: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2011-1464: CVSS v2 Base Score: 2.1\n (AV:L/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-1469: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n - CVE-2011-1470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Input Validation (CWE-20)\n\n - CVE-2011-1471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Numeric Errors (CWE-189)\n\n - CVE references:. (CVE-2011-1938: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:N/A:P))\n\n - CVE-2011-1470\n\n - CVE-2011-1471\n\n - CVE-2011-1092\n\n - CVE-2011-1464\n\n - CVE-2011-1468\n\n - CVE-2011-1467\n\n - CVE-2011-0421\n\n - CVE-2011-1469\n\n - CVE-2011-1148\n\n - CVE-2011-1938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=677782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=679278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=695689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0421.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1092.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1148.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1464.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1467.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1468.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1469.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1470.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1471.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1938.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4663.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"apache2-mod_php5-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-bcmath-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-bz2-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-calendar-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-ctype-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-curl-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-dba-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-dbase-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-dom-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-exif-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-fastcgi-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-ftp-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-gd-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-gettext-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-gmp-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-hash-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-iconv-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-json-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-ldap-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-mbstring-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-mcrypt-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-mysql-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-odbc-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-openssl-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-pcntl-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-pdo-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-pear-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-pgsql-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-pspell-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-shmop-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-snmp-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-soap-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-suhosin-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-sysvmsg-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-sysvsem-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-sysvshm-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-tokenizer-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-wddx-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-xmlreader-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-xmlrpc-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-xmlwriter-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-xsl-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-zip-5.2.14-0.7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-zlib-5.2.14-0.7.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:11:apache2-mod_php5", "p-cpe:/a:novell:suse_linux:11:php5", "p-cpe:/a:novell:suse_linux:11:php5-bcmath", "p-cpe:/a:novell:suse_linux:11:php5-bz2", "p-cpe:/a:novell:suse_linux:11:php5-calendar", "p-cpe:/a:novell:suse_linux:11:php5-ctype", "p-cpe:/a:novell:suse_linux:11:php5-curl", "p-cpe:/a:novell:suse_linux:11:php5-dba", "p-cpe:/a:novell:suse_linux:11:php5-dbase", "p-cpe:/a:novell:suse_linux:11:php5-dom", "p-cpe:/a:novell:suse_linux:11:php5-exif", "p-cpe:/a:novell:suse_linux:11:php5-fastcgi", "p-cpe:/a:novell:suse_linux:11:php5-ftp", "p-cpe:/a:novell:suse_linux:11:php5-gd", "p-cpe:/a:novell:suse_linux:11:php5-gettext", "p-cpe:/a:novell:suse_linux:11:php5-gmp", "p-cpe:/a:novell:suse_linux:11:php5-hash", "p-cpe:/a:novell:suse_linux:11:php5-iconv", "p-cpe:/a:novell:suse_linux:11:php5-json", "p-cpe:/a:novell:suse_linux:11:php5-ldap", "p-cpe:/a:novell:suse_linux:11:php5-mbstring", "p-cpe:/a:novell:suse_linux:11:php5-mcrypt", "p-cpe:/a:novell:suse_linux:11:php5-mysql", "p-cpe:/a:novell:suse_linux:11:php5-odbc", "p-cpe:/a:novell:suse_linux:11:php5-openssl", "p-cpe:/a:novell:suse_linux:11:php5-pcntl", "p-cpe:/a:novell:suse_linux:11:php5-pdo", "p-cpe:/a:novell:suse_linux:11:php5-pear", "p-cpe:/a:novell:suse_linux:11:php5-pgsql", "p-cpe:/a:novell:suse_linux:11:php5-pspell", "p-cpe:/a:novell:suse_linux:11:php5-shmop", "p-cpe:/a:novell:suse_linux:11:php5-snmp", "p-cpe:/a:novell:suse_linux:11:php5-soap", "p-cpe:/a:novell:suse_linux:11:php5-suhosin", "p-cpe:/a:novell:suse_linux:11:php5-sysvmsg", "p-cpe:/a:novell:suse_linux:11:php5-sysvsem", "p-cpe:/a:novell:suse_linux:11:php5-sysvshm", "p-cpe:/a:novell:suse_linux:11:php5-tokenizer", "p-cpe:/a:novell:suse_linux:11:php5-wddx", "p-cpe:/a:novell:suse_linux:11:php5-xmlreader", "p-cpe:/a:novell:suse_linux:11:php5-xmlrpc", "p-cpe:/a:novell:suse_linux:11:php5-xmlwriter", "p-cpe:/a:novell:suse_linux:11:php5-xsl", "p-cpe:/a:novell:suse_linux:11:php5-zip", "p-cpe:/a:novell:suse_linux:11:php5-zlib", "cpe:/o:novell:suse_linux:11"], "solution": "Apply SAT patch number 4663.", "nessusSeverity": "High", "cvssScoreSource": "", "vendor_cvss2": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "vendor_cvss3": {"score": null, "vector": null}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2011-06-01T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"nessus": [{"lastseen": "2023-12-07T15:33:30", "description": "This php5 update fixes :\n\n - CVE-2011-0421: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P): Input Validation (CWE-20)\n\n - CVE-2011-1092: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189)\n\n - CVE-2011-1148: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Resource Management Errors (CWE-399)\n\n - CVE-2011-1464: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-1467: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n - CVE-2011-1468: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Resource Management Errors (CWE-399)\n\n - CVE-2011-1469: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n - CVE-2011-1470: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Input Validation (CWE-20)\n\n - CVE-2011-1471: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Numeric Errors (CWE-189)\n\n - CVE-2011-1938: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:0645-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-1092", "CVE-2011-1148", "CVE-2011-1464", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471", "CVE-2011-1938"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-hash", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-zlib", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_APACHE2-MOD_PHP5-110601.NASL", "href": "https://www.tenable.com/plugins/nessus/75432", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-mod_php5-4647.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75432);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0421\", \"CVE-2011-1092\", \"CVE-2011-1148\", \"CVE-2011-1464\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\", \"CVE-2011-1938\");\n\n script_name(english:\"openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:0645-1)\");\n script_summary(english:\"Check for the apache2-mod_php5-4647 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This php5 update fixes :\n\n - CVE-2011-0421: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:N/A:P): Input Validation (CWE-20)\n\n - CVE-2011-1092: CVSS v2 Base Score: 5.1\n (AV:N/AC:H/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189)\n\n - CVE-2011-1148: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2011-1464: CVSS v2 Base Score: 2.1\n (AV:L/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-1467: CVSS v2 Base Score: 5.0\n (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n - CVE-2011-1468: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2011-1469: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n - CVE-2011-1470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Input Validation (CWE-20)\n\n - CVE-2011-1471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Numeric Errors (CWE-189)\n\n - CVE-2011-1938: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:N/A:P)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=677782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=679278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=695689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-06/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_php5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-mod_php5-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-bcmath-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-bz2-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-calendar-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-ctype-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-curl-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-dba-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-devel-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-dom-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-enchant-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-exif-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-fastcgi-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-fileinfo-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-ftp-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-gd-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-gettext-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-gmp-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-hash-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-iconv-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-imap-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-intl-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-json-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-ldap-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-mbstring-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-mcrypt-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-mysql-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-odbc-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-openssl-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-pcntl-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-pdo-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-pear-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-pgsql-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-phar-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-posix-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-pspell-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-readline-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-shmop-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-snmp-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-soap-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-sockets-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-sqlite-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-suhosin-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-sysvmsg-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-sysvsem-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-sysvshm-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-tidy-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-tokenizer-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-wddx-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-xmlreader-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-xmlrpc-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-xmlwriter-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-xsl-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-zip-5.3.3-0.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-zlib-5.3.3-0.19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:12:01", "description": "This update for PHP5 fixes the following security issues :\n\n - Input Validation in the ZIP extension and NumberFormatter. (CWE-20, CVE-2011-0421 / CVE-2011-1470 / CVE-2011-1467)\n\n - Numeric Errors in the SHM support and ZIP extension.\n (CWE-189, CVE-2011-1092 / CVE-2011-1471)\n\n - Buffer overflows in the AF_UNIX support, string handling, streams support. (CWE-119, CVE-2011-1938 / CVE-2011-1464 / CVE-2011-1469)\n\n - Resource management error (use after free) in string handling. (CWE-399, CVE-2011-1148)\n\n - Memory leak in the OpenSSL extension (CVE-2011-1468)", "cvss3": {}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : PHP5 (ZYPP Patch Number 7553)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-1092", "CVE-2011-1148", "CVE-2011-1464", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471", "CVE-2011-1938"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_APACHE2-MOD_PHP5-7553.NASL", "href": "https://www.tenable.com/plugins/nessus/57158", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57158);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0421\", \"CVE-2011-1092\", \"CVE-2011-1148\", \"CVE-2011-1464\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\", \"CVE-2011-1938\");\n\n script_name(english:\"SuSE 10 Security Update : PHP5 (ZYPP Patch Number 7553)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for PHP5 fixes the following security issues :\n\n - Input Validation in the ZIP extension and\n NumberFormatter. (CWE-20, CVE-2011-0421 / CVE-2011-1470\n / CVE-2011-1467)\n\n - Numeric Errors in the SHM support and ZIP extension.\n (CWE-189, CVE-2011-1092 / CVE-2011-1471)\n\n - Buffer overflows in the AF_UNIX support, string\n handling, streams support. (CWE-119, CVE-2011-1938 /\n CVE-2011-1464 / CVE-2011-1469)\n\n - Resource management error (use after free) in string\n handling. (CWE-399, CVE-2011-1148)\n\n - Memory leak in the OpenSSL extension (CVE-2011-1468)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0421.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1092.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1148.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1464.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1467.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1468.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1469.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1470.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1471.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1938.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7553.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"apache2-mod_php5-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-bcmath-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-bz2-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-calendar-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-ctype-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-curl-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-dba-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-dbase-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-devel-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-dom-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-exif-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-fastcgi-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-ftp-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-gd-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-gettext-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-gmp-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-hash-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-iconv-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-imap-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-json-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-ldap-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-mbstring-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-mcrypt-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-mhash-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-mysql-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-ncurses-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-odbc-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-openssl-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-pcntl-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-pdo-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-pear-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-pgsql-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-posix-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-pspell-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-shmop-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-snmp-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-soap-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-sockets-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-sqlite-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-suhosin-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-sysvmsg-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-sysvsem-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-sysvshm-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-tokenizer-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-wddx-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-xmlreader-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-xmlrpc-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-xsl-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-zlib-5.2.14-0.16.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:30:43", "description": "This php5 update fixes :\n\n - CVE-2011-0421: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P): Input Validation (CWE-20)\n\n - CVE-2011-1092: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189)\n\n - CVE-2011-1148: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Resource Management Errors (CWE-399)\n\n - CVE-2011-1464: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-1467: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n - CVE-2011-1468: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Resource Management Errors (CWE-399)\n\n - CVE-2011-1469: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n - CVE-2011-1470: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Input Validation (CWE-20)\n\n - CVE-2011-1471: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Numeric Errors (CWE-189)\n\n - CVE-2011-1938: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:0645-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-1092", "CVE-2011-1148", "CVE-2011-1464", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471", "CVE-2011-1938"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-hash", "p-cpe:/a:novell:opensuse:php5-hash-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc"], "id": "SUSE_11_4_APACHE2-MOD_PHP5-110601.NASL", "href": "https://www.tenable.com/plugins/nessus/75790", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-mod_php5-4647.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75790);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0421\", \"CVE-2011-1092\", \"CVE-2011-1148\", \"CVE-2011-1464\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\", \"CVE-2011-1938\");\n\n script_name(english:\"openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:0645-1)\");\n script_summary(english:\"Check for the apache2-mod_php5-4647 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This php5 update fixes :\n\n - CVE-2011-0421: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:N/A:P): Input Validation (CWE-20)\n\n - CVE-2011-1092: CVSS v2 Base Score: 5.1\n (AV:N/AC:H/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189)\n\n - CVE-2011-1148: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2011-1464: CVSS v2 Base Score: 2.1\n (AV:L/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-1467: CVSS v2 Base Score: 5.0\n (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n - CVE-2011-1468: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2011-1469: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n - CVE-2011-1470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Input Validation (CWE-20)\n\n - CVE-2011-1471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Numeric Errors (CWE-189)\n\n - CVE-2011-1938: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:N/A:P)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=677782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=679278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=695689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-06/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_php5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-hash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-mod_php5-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-mod_php5-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-bcmath-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-bcmath-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-bz2-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-bz2-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-calendar-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-calendar-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-ctype-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-ctype-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-curl-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-curl-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-dba-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-dba-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-debugsource-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-devel-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-dom-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-dom-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-enchant-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-enchant-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-exif-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-exif-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-fastcgi-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-fastcgi-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-fileinfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-fileinfo-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-fpm-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-fpm-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-ftp-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-ftp-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-gd-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-gd-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-gettext-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-gettext-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-gmp-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-gmp-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-hash-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-hash-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-iconv-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-iconv-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-imap-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-imap-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-intl-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-intl-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-json-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-json-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-ldap-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-ldap-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-mbstring-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-mbstring-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-mcrypt-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-mcrypt-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-mysql-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-mysql-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-odbc-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-odbc-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-openssl-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-openssl-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-pcntl-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-pcntl-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-pdo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-pdo-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-pear-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-pgsql-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-pgsql-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-phar-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-phar-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-posix-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-posix-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-pspell-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-pspell-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-readline-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-readline-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-shmop-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-shmop-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-snmp-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-snmp-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-soap-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-soap-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sockets-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sockets-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sqlite-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sqlite-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-suhosin-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-suhosin-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sysvmsg-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sysvmsg-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sysvsem-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sysvsem-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sysvshm-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sysvshm-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-tidy-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-tidy-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-tokenizer-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-tokenizer-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-wddx-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-wddx-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-xmlreader-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-xmlreader-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-xmlrpc-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-xmlrpc-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-xmlwriter-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-xmlwriter-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-xsl-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-xsl-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-zip-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-zip-debuginfo-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-zlib-5.3.5-5.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-zlib-debuginfo-5.3.5-5.14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:05:39", "description": "This update for PHP5 fixes the following security issues :\n\n - Input Validation in the ZIP extension and NumberFormatter. (CWE-20, CVE-2011-0421 / CVE-2011-1470 / CVE-2011-1467)\n\n - Numeric Errors in the SHM support and ZIP extension.\n (CWE-189, CVE-2011-1092 / CVE-2011-1471)\n\n - Buffer overflows in the AF_UNIX support, string handling, streams support. (CWE-119, CVE-2011-1938 / CVE-2011-1464 / CVE-2011-1469)\n\n - Resource management error (use after free) in string handling. (CWE-399, CVE-2011-1148)\n\n - Memory leak in the OpenSSL extension (CVE-2011-1468)", "cvss3": {}, "published": "2011-06-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : PHP5 (ZYPP Patch Number 7554)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-1092", "CVE-2011-1148", "CVE-2011-1464", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471", "CVE-2011-1938"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_APACHE2-MOD_PHP5-7554.NASL", "href": "https://www.tenable.com/plugins/nessus/55166", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55166);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0421\", \"CVE-2011-1092\", \"CVE-2011-1148\", \"CVE-2011-1464\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\", \"CVE-2011-1938\");\n\n script_name(english:\"SuSE 10 Security Update : PHP5 (ZYPP Patch Number 7554)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for PHP5 fixes the following security issues :\n\n - Input Validation in the ZIP extension and\n NumberFormatter. (CWE-20, CVE-2011-0421 / CVE-2011-1470\n / CVE-2011-1467)\n\n - Numeric Errors in the SHM support and ZIP extension.\n (CWE-189, CVE-2011-1092 / CVE-2011-1471)\n\n - Buffer overflows in the AF_UNIX support, string\n handling, streams support. (CWE-119, CVE-2011-1938 /\n CVE-2011-1464 / CVE-2011-1469)\n\n - Resource management error (use after free) in string\n handling. (CWE-399, CVE-2011-1148)\n\n - Memory leak in the OpenSSL extension (CVE-2011-1468)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0421.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1092.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1148.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1464.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1467.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1468.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1469.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1470.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1471.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1938.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7554.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"apache2-mod_php5-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-bcmath-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-bz2-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-calendar-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-ctype-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-curl-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-dba-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-dbase-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-devel-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-dom-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-exif-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-fastcgi-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-ftp-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-gd-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-gettext-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-gmp-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-hash-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-iconv-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-imap-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-json-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-ldap-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-mbstring-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-mcrypt-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-mhash-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-mysql-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-ncurses-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-odbc-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-openssl-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-pcntl-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-pdo-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-pear-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-pgsql-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-posix-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-pspell-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-shmop-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-snmp-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-soap-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-sockets-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-sqlite-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-suhosin-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-sysvmsg-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-sysvsem-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-sysvshm-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-tokenizer-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-wddx-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-xmlreader-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-xmlrpc-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-xsl-5.2.14-0.16.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"php5-zlib-5.2.14-0.16.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:00:02", "description": "According to its banner, the version of PHP 5.3.x installed on the remote host is older than 5.3.6. \n\n - A NULL pointer can be dereferenced in the function '_zip_name_locate()' when processing empty archives and can lead to application crashes or code execution.\n Exploitation requires the 'ZIPARCHIVE::FL_UNCHANGED' setting to be in use. (CVE-2011-0421)\n\n - A variable casting error exists in the Exif extention, which can allow denial of service attacks when handling crafted 'Image File Directory' (IFD) header values in the PHP function 'exif_read_data()'. Exploitation requires a 64bit system and a config setting 'memory_limit' above 4GB or unlimited. (CVE-2011-0708)\n\n - An integer overflow vulnerability exists in the implementation of the PHP function 'shmop_read()' and can allow arbitrary code execution. (CVE-2011-1092)\n\n - Errors exist in the file 'phar/phar_object.c' in which calls to 'zend_throw_exception_ex()' pass data as a string format parameter. This can lead to memory corruption when handling PHP archives (phar).\n (CVE-2011-1153)\n\n - A buffer overflow error exists in the C function 'xbuf_format_converter' when the PHP configuration value for 'precision' is set to a large value and can lead to application crashes. (CVE-2011-1464)\n\n - An integer overflow error exists in the C function 'SdnToJulian()' in the Calendar extension and can lead to application crashes. (CVE-2011-1466)\n\n - An unspecified error exists in the implementation of the PHP function 'numfmt_set_symbol()' and PHP method 'NumberFormatter::setSymbol()' in the Intl extension.\n This error can lead to application crashes.\n (CVE-2011-1467)\n\n - Multiple memory leaks exist in the OpenSSL extension in the PHP functions 'openssl_encrypt' and 'openssl_decrypt'. (CVE-2011-1468)\n\n - An unspecified error exists in the Streams component when accessing FTP URLs with an HTTP proxy.\n (CVE-2011-1469)\n\n - An integer signedness error and an unspecified error exist in the Zip extension and can lead to denial of service via certain ziparchive streams. (CVE-2011-1470, CVE-2011-1471)\n\n - An unspecified error exists in the security enforcement regarding the parsing of the fastcgi protocol with the 'FastCGI Process Manager' (FPM) SAPI.", "cvss3": {}, "published": "2011-03-18T00:00:00", "type": "nessus", "title": "PHP 5.3 < 5.3.6 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-0708", "CVE-2011-1092", "CVE-2011-1153", "CVE-2011-1464", "CVE-2011-1466", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_3_6.NASL", "href": "https://www.tenable.com/plugins/nessus/52717", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52717);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2011-0421\",\n \"CVE-2011-0708\",\n \"CVE-2011-1092\",\n \"CVE-2011-1153\",\n \"CVE-2011-1464\",\n \"CVE-2011-1466\",\n \"CVE-2011-1467\",\n \"CVE-2011-1468\",\n \"CVE-2011-1469\",\n \"CVE-2011-1470\"\n );\n script_bugtraq_id(\n 46354,\n 46365,\n 46786,\n 46854\n );\n script_xref(name:\"EDB-ID\", value:\"16261\");\n script_xref(name:\"SECUNIA\", value:\"43328\");\n\n script_name(english:\"PHP 5.3 < 5.3.6 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.3.x installed on the\nremote host is older than 5.3.6. \n\n - A NULL pointer can be dereferenced in the function\n '_zip_name_locate()' when processing empty archives and\n can lead to application crashes or code execution.\n Exploitation requires the 'ZIPARCHIVE::FL_UNCHANGED'\n setting to be in use. (CVE-2011-0421)\n\n - A variable casting error exists in the Exif extention,\n which can allow denial of service attacks when handling\n crafted 'Image File Directory' (IFD) header values in\n the PHP function 'exif_read_data()'. Exploitation\n requires a 64bit system and a config setting\n 'memory_limit' above 4GB or unlimited. (CVE-2011-0708)\n\n - An integer overflow vulnerability exists in the\n implementation of the PHP function 'shmop_read()' and\n can allow arbitrary code execution. (CVE-2011-1092)\n\n - Errors exist in the file 'phar/phar_object.c' in which\n calls to 'zend_throw_exception_ex()' pass data as a\n string format parameter. This can lead to memory\n corruption when handling PHP archives (phar).\n (CVE-2011-1153)\n\n - A buffer overflow error exists in the C function\n 'xbuf_format_converter' when the PHP configuration value\n for 'precision' is set to a large value and can lead to\n application crashes. (CVE-2011-1464)\n\n - An integer overflow error exists in the C function\n 'SdnToJulian()' in the Calendar extension and can lead\n to application crashes. (CVE-2011-1466)\n\n - An unspecified error exists in the implementation of\n the PHP function 'numfmt_set_symbol()' and PHP method\n 'NumberFormatter::setSymbol()' in the Intl extension.\n This error can lead to application crashes.\n (CVE-2011-1467)\n\n - Multiple memory leaks exist in the OpenSSL extension\n in the PHP functions 'openssl_encrypt' and\n 'openssl_decrypt'. (CVE-2011-1468)\n\n - An unspecified error exists in the Streams component\n when accessing FTP URLs with an HTTP proxy.\n (CVE-2011-1469)\n\n - An integer signedness error and an unspecified error\n exist in the Zip extension and can lead to denial of\n service via certain ziparchive streams. (CVE-2011-1470,\n CVE-2011-1471)\n\n - An unspecified error exists in the security enforcement\n regarding the parsing of the fastcgi protocol with the\n 'FastCGI Process Manager' (FPM) SAPI.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=54193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=54055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=53885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=53574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=53512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=54060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=54061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=54092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=53579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=49072\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openwall.com/lists/oss-security/2011/02/14/1\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/releases/5_3_6.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.rooibo.com/2011/03/12/integer-overflow-en-php-2/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP 5.3.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ '^5(\\\\.3)?$') exit(1, \"The banner for PHP on port \"+port+\" - \"+source+\" - is not granular enough to make a determination.\");\n\nif (version =~ \"^5\\.3\\.[0-5]($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.3.6\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T14:59:42", "description": "Multiple vulnerabilities has been identified and fixed in php :\n\nThe _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (application crash) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation (CVE-2011-0421).\n\nexif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read (CVE-2011-0708).\n\nInteger overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function (CVE-2011-1092).\n\nMultiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call (CVE-2011-1153).\n\nBuffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument (CVE-2011-1464).\n\nInteger overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function (CVE-2011-1466).\n\nUnspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409 (CVE-2011-1467).\n\nMultiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function (CVE-2011-1468).\n\nUnspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper (CVE-2011-1469).\n\nThe Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function (CVE-2011-1470).\n\nInteger signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls (CVE-2011-1471).\n\nThe updated php packages have been upgraded to 5.3.6 which is not vulnerable to these issues.\n\nAdditionally some of the PECL extensions has been upgraded and/or rebuilt for the new php version.", "cvss3": {}, "published": "2011-03-24T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : php (MDVSA-2011:053)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4409", "CVE-2011-0421", "CVE-2011-0708", "CVE-2011-1092", "CVE-2011-1153", "CVE-2011-1464", "CVE-2011-1466", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache-mod_php", "p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:libphp5_common5", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-apc", "p-cpe:/a:mandriva:linux:php-apc-admin", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-bz2", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-idn", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-ctype", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-ini", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-intl", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-dio", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-doc", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-eaccelerator", "p-cpe:/a:mandriva:linux:php-mailparse", "p-cpe:/a:mandriva:linux:php-eaccelerator-admin", "p-cpe:/a:mandriva:linux:php-enchant", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-fam", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-fileinfo", "p-cpe:/a:mandriva:linux:php-mcal", "p-cpe:/a:mandriva:linux:php-filepro", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-fpm", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-mysqli", "p-cpe:/a:mandriva:linux:php-gearman", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-suhosin", "p-cpe:/a:mandriva:linux:php-sybase_ct", "p-cpe:/a:mandriva:linux:php-openssl", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-optimizer", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-tclink", "p-cpe:/a:mandriva:linux:php-pdo", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:php-timezonedb", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-translit", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-vld", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-xattr", "p-cpe:/a:mandriva:linux:php-xdebug", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-pgsql", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-phar", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-zip", "p-cpe:/a:mandriva:linux:php-pinba", "p-cpe:/a:mandriva:linux:php-zlib", "p-cpe:/a:mandriva:linux:php-posix", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:php-pspell", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:php-readline", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:php-sasl", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-sphinx", "p-cpe:/a:mandriva:linux:php-sqlite3", "p-cpe:/a:mandriva:linux:php-ssh2"], "id": "MANDRIVA_MDVSA-2011-053.NASL", "href": "https://www.tenable.com/plugins/nessus/52958", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:053. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52958);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\");\n script_bugtraq_id(46354, 46365, 46786, 46854, 46967, 46968, 46969, 46970, 46975, 46977);\n script_xref(name:\"MDVSA\", value:\"2011:053\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2011:053)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been identified and fixed in php :\n\nThe _zip_name_locate function in zip_name_locate.c in the Zip\nextension in PHP before 5.3.6 does not properly handle a\nZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent\nattackers to cause a denial of service (application crash) via an\nempty ZIP archive that is processed with a (1) locateName or (2)\nstatName operation (CVE-2011-0421).\n\nexif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms\nperforms an incorrect cast, which allows remote attackers to cause a\ndenial of service (application crash) via an image with a crafted\nImage File Directory (IFD) that triggers a buffer over-read\n(CVE-2011-0708).\n\nInteger overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows\ncontext-dependent attackers to cause a denial of service (crash) and\npossibly read sensitive memory via a large third argument to the\nshmop_read function (CVE-2011-1092).\n\nMultiple format string vulnerabilities in phar_object.c in the phar\nextension in PHP 5.3.5 and earlier allow context-dependent attackers\nto obtain sensitive information from process memory, cause a denial of\nservice (memory corruption), or possibly execute arbitrary code via\nformat string specifiers in an argument to a class method, leading to\nan incorrect zend_throw_exception_ex call (CVE-2011-1153).\n\nBuffer overflow in the strval function in PHP before 5.3.6, when the\nprecision configuration option has a large value, might allow\ncontext-dependent attackers to cause a denial of service (application\ncrash) via a small numerical value in the argument (CVE-2011-1464).\n\nInteger overflow in the SdnToJulian function in the Calendar extension\nin PHP before 5.3.6 allows context-dependent attackers to cause a\ndenial of service (application crash) via a large integer in the first\nargument to the cal_from_jd function (CVE-2011-1466).\n\nUnspecified vulnerability in the NumberFormatter::setSymbol (aka\nnumfmt_set_symbol) function in the Intl extension in PHP before 5.3.6\nallows context-dependent attackers to cause a denial of service\n(application crash) via an invalid argument, a related issue to\nCVE-2010-4409 (CVE-2011-1467).\n\nMultiple memory leaks in the OpenSSL extension in PHP before 5.3.6\nmight allow remote attackers to cause a denial of service (memory\nconsumption) via (1) plaintext data to the openssl_encrypt function or\n(2) ciphertext data to the openssl_decrypt function (CVE-2011-1468).\n\nUnspecified vulnerability in the Streams component in PHP before 5.3.6\nallows context-dependent attackers to cause a denial of service\n(application crash) by accessing an ftp:// URL during use of an HTTP\nproxy with the FTP wrapper (CVE-2011-1469).\n\nThe Zip extension in PHP before 5.3.6 allows context-dependent\nattackers to cause a denial of service (application crash) via a\nziparchive stream that is not properly handled by the\nstream_get_contents function (CVE-2011-1470).\n\nInteger signedness error in zip_stream.c in the Zip extension in PHP\nbefore 5.3.6 allows context-dependent attackers to cause a denial of\nservice (CPU consumption) via a malformed archive file that triggers\nerrors in zip_fread function calls (CVE-2011-1471).\n\nThe updated php packages have been upgraded to 5.3.6 which is not\nvulnerable to these issues.\n\nAdditionally some of the PECL extensions has been upgraded and/or\nrebuilt for the new php version.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filepro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gearman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-idn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mailparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-optimizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pinba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sphinx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase_ct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tclink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-timezonedb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-translit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-vld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xattr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_php-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libphp5_common5-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-apc-3.1.6-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-apc-admin-3.1.6-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-bcmath-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-bz2-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-calendar-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-cgi-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-cli-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ctype-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-curl-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-dba-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-devel-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-dio-0.0.2-6.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-doc-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-dom-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-eaccelerator-0.9.6.1-0.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-eaccelerator-admin-0.9.6.1-0.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-enchant-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-exif-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-fam-5.0.1-10.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-fileinfo-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-filepro-5.1.6-20.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-filter-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-fpm-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ftp-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-gd-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-gettext-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-gmp-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-hash-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-iconv-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-idn-1.2b-18.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-imap-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ini-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-intl-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-json-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ldap-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mailparse-2.1.5-3.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mbstring-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mcal-0.6-30.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mcrypt-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mssql-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mysql-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-mysqli-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-odbc-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-openssl-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-optimizer-0.1-0.alpha2.3.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pcntl-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_dblib-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_mysql-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_odbc-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_pgsql-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pdo_sqlite-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pgsql-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-phar-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-posix-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-pspell-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-readline-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-recode-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sasl-0.1.0-28.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-session-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-shmop-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-snmp-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-soap-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sockets-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sqlite3-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-ssh2-0.11.2-0.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-suhosin-0.9.32.1-0.4mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sybase_ct-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sysvmsg-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sysvsem-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-sysvshm-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-tclink-3.4.5-1.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-tidy-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-timezonedb-2011.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-tokenizer-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-translit-0.6.0-10.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-vld-0.10.1-0.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-wddx-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xattr-1.1.0-9.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xdebug-2.1.0-0.5mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xml-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xmlreader-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xmlrpc-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xmlwriter-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-xsl-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-zip-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"php-zlib-5.3.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_php-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libphp5_common5-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-apc-3.1.6-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-apc-admin-3.1.6-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-bcmath-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-bz2-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-calendar-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-cgi-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-cli-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ctype-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-curl-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-dba-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-devel-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-doc-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-dom-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-eaccelerator-0.9.6.1-1.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-eaccelerator-admin-0.9.6.1-1.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-enchant-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-exif-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-fileinfo-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-filter-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-fpm-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ftp-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gd-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gearman-0.7.0-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gettext-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gmp-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-hash-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-iconv-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-imap-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ini-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-intl-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-json-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ldap-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mailparse-2.1.5-8.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mbstring-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mcal-0.6-35.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mcrypt-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mssql-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mysql-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mysqli-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-odbc-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-openssl-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-optimizer-0.1-0.alpha2.8.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pcntl-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_dblib-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_mysql-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_odbc-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_pgsql-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_sqlite-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pgsql-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-phar-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pinba-0.0.5-2.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-posix-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pspell-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-readline-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-recode-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sasl-0.1.0-33.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-session-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-shmop-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-snmp-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-soap-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sockets-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sphinx-1.0.4-2.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sqlite3-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ssh2-0.11.2-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-suhosin-0.9.32.1-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sybase_ct-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvmsg-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvsem-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvshm-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tclink-3.4.5-7.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tidy-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-timezonedb-2011.4-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tokenizer-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-translit-0.6.0-15.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-vld-0.10.1-1.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-wddx-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xattr-1.1.0-13.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xdebug-2.1.0-0.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xml-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlreader-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlrpc-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlwriter-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xsl-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-zip-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-zlib-5.3.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T14:59:40", "description": "Multiple vulnerabilities has been identified and fixed in php :\n\nThe _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (application crash) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation (CVE-2011-0421).\n\nexif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read (CVE-2011-0708).\n\nInteger overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function (CVE-2011-1092).\n\nMultiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call (CVE-2011-1153).\n\nBuffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument (CVE-2011-1464).\n\nInteger overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function (CVE-2011-1466).\n\nUnspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409 (CVE-2011-1467).\n\nUnspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper (CVE-2011-1469).\n\nThe Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function (CVE-2011-1470).\n\nInteger signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls (CVE-2011-1471).\n\nThe previous fix for #43486 got lost along the line and is now being fixed again.\n\nNote: the php-phar (CVE-2011-1153) and php-intl (CVE-2011-1467) packages was shipped with Enterprise Server 5 only and is also being fixed with this advisory.\n\nAdditionally sqlite3 was upgraded to 3.7.3 for Corporate Server 4 which has numerous bug fixes and enhancements over the previous version.\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.", "cvss3": {}, "published": "2011-03-24T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : php (MDVSA-2011:052)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4409", "CVE-2011-0421", "CVE-2011-0708", "CVE-2011-1092", "CVE-2011-1153", "CVE-2011-1464", "CVE-2011-1466", "CVE-2011-1467", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:libphp5_common5", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-bz2", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-ctype", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-dbase", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-fcgi", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-posix", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-pspell", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-readline", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-mhash", "p-cpe:/a:mandriva:linux:php-sqlite", "p-cpe:/a:mandriva:linux:php-sybase", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-mime_magic", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-ming", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-mysqli", "p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-ncurses", "p-cpe:/a:mandriva:linux:php-zip", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-zlib", "p-cpe:/a:mandriva:linux:php-openssl", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-pdo", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "p-cpe:/a:mandriva:linux:php-pgsql"], "id": "MANDRIVA_MDVSA-2011-052.NASL", "href": "https://www.tenable.com/plugins/nessus/52957", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:052. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52957);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2011-1467\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\");\n script_bugtraq_id(46354, 46365, 46786, 46854, 46967, 46968, 46969, 46970, 46975);\n script_xref(name:\"MDVSA\", value:\"2011:052\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2011:052)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been identified and fixed in php :\n\nThe _zip_name_locate function in zip_name_locate.c in the Zip\nextension in PHP before 5.3.6 does not properly handle a\nZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent\nattackers to cause a denial of service (application crash) via an\nempty ZIP archive that is processed with a (1) locateName or (2)\nstatName operation (CVE-2011-0421).\n\nexif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms\nperforms an incorrect cast, which allows remote attackers to cause a\ndenial of service (application crash) via an image with a crafted\nImage File Directory (IFD) that triggers a buffer over-read\n(CVE-2011-0708).\n\nInteger overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows\ncontext-dependent attackers to cause a denial of service (crash) and\npossibly read sensitive memory via a large third argument to the\nshmop_read function (CVE-2011-1092).\n\nMultiple format string vulnerabilities in phar_object.c in the phar\nextension in PHP 5.3.5 and earlier allow context-dependent attackers\nto obtain sensitive information from process memory, cause a denial of\nservice (memory corruption), or possibly execute arbitrary code via\nformat string specifiers in an argument to a class method, leading to\nan incorrect zend_throw_exception_ex call (CVE-2011-1153).\n\nBuffer overflow in the strval function in PHP before 5.3.6, when the\nprecision configuration option has a large value, might allow\ncontext-dependent attackers to cause a denial of service (application\ncrash) via a small numerical value in the argument (CVE-2011-1464).\n\nInteger overflow in the SdnToJulian function in the Calendar extension\nin PHP before 5.3.6 allows context-dependent attackers to cause a\ndenial of service (application crash) via a large integer in the first\nargument to the cal_from_jd function (CVE-2011-1466).\n\nUnspecified vulnerability in the NumberFormatter::setSymbol (aka\nnumfmt_set_symbol) function in the Intl extension in PHP before 5.3.6\nallows context-dependent attackers to cause a denial of service\n(application crash) via an invalid argument, a related issue to\nCVE-2010-4409 (CVE-2011-1467).\n\nUnspecified vulnerability in the Streams component in PHP before 5.3.6\nallows context-dependent attackers to cause a denial of service\n(application crash) by accessing an ftp:// URL during use of an HTTP\nproxy with the FTP wrapper (CVE-2011-1469).\n\nThe Zip extension in PHP before 5.3.6 allows context-dependent\nattackers to cause a denial of service (application crash) via a\nziparchive stream that is not properly handled by the\nstream_get_contents function (CVE-2011-1470).\n\nInteger signedness error in zip_stream.c in the Zip extension in PHP\nbefore 5.3.6 allows context-dependent attackers to cause a denial of\nservice (CPU consumption) via a malformed archive file that triggers\nerrors in zip_fread function calls (CVE-2011-1471).\n\nThe previous fix for #43486 got lost along the line and is now being\nfixed again.\n\nNote: the php-phar (CVE-2011-1153) and php-intl (CVE-2011-1467)\npackages was shipped with Enterprise Server 5 only and is also being\nfixed with this advisory.\n\nAdditionally sqlite3 was upgraded to 3.7.3 for Corporate Server 4\nwhich has numerous bug fixes and enhancements over the previous\nversion.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://qa.mandriva.com/43486\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mime_magic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libphp5_common5-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-bcmath-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-bz2-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-calendar-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-cgi-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-cli-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ctype-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-curl-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-dba-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-dbase-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-devel-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-dom-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-exif-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-fcgi-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-filter-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ftp-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-gd-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-gettext-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-gmp-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-hash-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-iconv-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-imap-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-json-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ldap-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mbstring-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mcrypt-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mhash-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mime_magic-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ming-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mssql-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mysql-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-mysqli-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-ncurses-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-odbc-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-openssl-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pcntl-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_dblib-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_mysql-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_odbc-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_pgsql-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pdo_sqlite-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pgsql-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-posix-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-pspell-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-readline-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-recode-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-session-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-shmop-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-snmp-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-soap-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sockets-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sqlite-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sybase-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sysvmsg-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sysvsem-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-sysvshm-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-tidy-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-tokenizer-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-wddx-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xml-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xmlreader-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xmlrpc-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xmlwriter-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-xsl-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-zip-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-zlib-5.2.17-0.2mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:16:51", "description": "USN 1126-1 fixed several vulnerabilities in PHP. The fix for CVE-2010-4697 introduced an incorrect reference counting regression in the Zend engine that caused the PHP interpreter to segfault. This regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS.\n\nThe fixes for CVE-2011-1072 and CVE-2011-1144 introduced a regression in the PEAR installer that prevented it from creating its cache directory and reporting errors correctly.\n\nWe apologize for the inconvenience.\n\nStephane Chazelas discovered that the /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. (CVE-2011-0441)\n\nRaphael Geisert and Dan Rosenberg discovered that the PEAR installer allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. (CVE-2011-1072, CVE-2011-1144)\n\nBen Schmidt discovered that a use-after-free vulnerability in the PHP Zend engine could allow an attacker to cause a denial of service (heap memory corruption) or possibly execute arbitrary code. (CVE-2010-4697)\n\nMartin Barbella discovered a buffer overflow in the PHP GD extension that allows an attacker to cause a denial of service (application crash) via a large number of anti- aliasing steps in an argument to the imagepstext function.\n(CVE-2010-4698)\n\nIt was discovered that PHP accepts the \\0 character in a pathname, which might allow an attacker to bypass intended access restrictions by placing a safe file extension after this character. This issue is addressed in Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2006-7243)\n\nMaksymilian Arciemowicz discovered that the grapheme_extract function in the PHP Internationalization extension (Intl) for ICU allow an attacker to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-0420)\n\nMaksymilian Arciemowicz discovered that the _zip_name_locate function in the PHP Zip extension does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow an attacker to cause a denial of service (NULL pointer dereference) via an empty ZIP archive. This issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-0421)\n\nLuca Carettoni discovered that the PHP Exif extension performs an incorrect cast on 64bit platforms, which allows a remote attacker to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD). (CVE-2011-0708)\n\nJose Carlos Norte discovered that an integer overflow in the PHP shmop extension could allow an attacker to cause a denial of service (crash) and possibly read sensitive memory function. (CVE-2011-1092)\n\nFelipe Pena discovered that a use-after-free vulnerability in the substr_replace function allows an attacker to cause a denial of service (memory corruption) or possibly execute arbitrary code. (CVE-2011-1148)\n\nFelipe Pena discovered multiple format string vulnerabilities in the PHP phar extension. These could allow an attacker to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.(CVE-2011-1153)\n\nIt was discovered that a buffer overflow occurs in the strval function when the precision configuration option has a large value. The default compiler options for Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04 should reduce the vulnerability to a denial of service. (CVE-2011-1464)\n\nIt was discovered that an integer overflow in the SdnToJulian function in the PHP Calendar extension could allow an attacker to cause a denial of service (application crash). (CVE-2011-1466)\n\nTomas Hoger discovered that an integer overflow in the NumberFormatter::setSymbol function in the PHP Intl extension could allow an attacker to cause a denial of service (application crash). This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-1467)\n\nIt was discovered that multiple memory leaks in the PHP OpenSSL extension might allow a remote attacker to cause a denial of service (memory consumption). This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.\n(CVE-2011-1468)\n\nDaniel Buschke discovered that the PHP Streams component in PHP handled types improperly, possibly allowing an attacker to cause a denial of service (application crash).\n(CVE-2011-1469)\n\nIt was discovered that the PHP Zip extension could allow an attacker to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function. This issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-1470)\n\nIt was discovered that an integer signedness error in the PHP Zip extension could allow an attacker to cause a denial of service (CPU consumption) via a malformed archive file.\nThis issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-1470) (CVE-2011-1471).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-06-13T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 / 11.04 : php5 regressions (USN-1126-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2010-4697", "CVE-2010-4698", "CVE-2011-0420", "CVE-2011-0421", "CVE-2011-0441", "CVE-2011-0708", "CVE-2011-1072", "CVE-2011-1092", "CVE-2011-1144", "CVE-2011-1148", "CVE-2011-1153", "CVE-2011-1464", "CVE-2011-1466", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:php-pear", "p-cpe:/a:canonical:ubuntu_linux:php5", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-common", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-1126-2.NASL", "href": "https://www.tenable.com/plugins/nessus/55087", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1126-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55087);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2010-4697\", \"CVE-2010-4698\", \"CVE-2011-0420\", \"CVE-2011-0421\", \"CVE-2011-0441\", \"CVE-2011-0708\", \"CVE-2011-1072\", \"CVE-2011-1092\", \"CVE-2011-1144\", \"CVE-2011-1148\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\");\n script_bugtraq_id(44951, 45338, 45952, 46354, 46365, 46429, 46605, 46786, 46843, 46854, 46928, 46967, 46968, 46970, 46975, 46977);\n script_xref(name:\"USN\", value:\"1126-2\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 / 11.04 : php5 regressions (USN-1126-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN 1126-1 fixed several vulnerabilities in PHP. The fix for\nCVE-2010-4697 introduced an incorrect reference counting regression in\nthe Zend engine that caused the PHP interpreter to segfault. This\nregression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS.\n\nThe fixes for CVE-2011-1072 and CVE-2011-1144 introduced a regression\nin the PEAR installer that prevented it from creating its cache\ndirectory and reporting errors correctly.\n\nWe apologize for the inconvenience.\n\nStephane Chazelas discovered that the /etc/cron.d/php5 cron job for\nPHP 5.3.5 allows local users to delete arbitrary files via a symlink\nattack on a directory under /var/lib/php5/. (CVE-2011-0441)\n\nRaphael Geisert and Dan Rosenberg discovered that the PEAR\ninstaller allows local users to overwrite arbitrary files\nvia a symlink attack on the package.xml file, related to the\n(1) download_dir, (2) cache_dir, (3) tmp_dir, and (4)\npear-build-download directories. (CVE-2011-1072,\nCVE-2011-1144)\n\nBen Schmidt discovered that a use-after-free vulnerability\nin the PHP Zend engine could allow an attacker to cause a\ndenial of service (heap memory corruption) or possibly\nexecute arbitrary code. (CVE-2010-4697)\n\nMartin Barbella discovered a buffer overflow in the PHP GD\nextension that allows an attacker to cause a denial of\nservice (application crash) via a large number of anti-\naliasing steps in an argument to the imagepstext function.\n(CVE-2010-4698)\n\nIt was discovered that PHP accepts the \\0 character in a\npathname, which might allow an attacker to bypass intended\naccess restrictions by placing a safe file extension after\nthis character. This issue is addressed in Ubuntu 10.04 LTS,\nUbuntu 10.10, and Ubuntu 11.04. (CVE-2006-7243)\n\nMaksymilian Arciemowicz discovered that the grapheme_extract\nfunction in the PHP Internationalization extension (Intl)\nfor ICU allow an attacker to cause a denial of service\n(crash) via an invalid size argument, which triggers a NULL\npointer dereference. This issue affected Ubuntu 10.04 LTS,\nUbuntu 10.10, and Ubuntu 11.04. (CVE-2011-0420)\n\nMaksymilian Arciemowicz discovered that the _zip_name_locate\nfunction in the PHP Zip extension does not properly handle a\nZIPARCHIVE::FL_UNCHANGED argument, which might allow an\nattacker to cause a denial of service (NULL pointer\ndereference) via an empty ZIP archive. This issue affected\nUbuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu\n10.10, and Ubuntu 11.04. (CVE-2011-0421)\n\nLuca Carettoni discovered that the PHP Exif extension\nperforms an incorrect cast on 64bit platforms, which allows\na remote attacker to cause a denial of service (application\ncrash) via an image with a crafted Image File Directory\n(IFD). (CVE-2011-0708)\n\nJose Carlos Norte discovered that an integer overflow in the\nPHP shmop extension could allow an attacker to cause a\ndenial of service (crash) and possibly read sensitive memory\nfunction. (CVE-2011-1092)\n\nFelipe Pena discovered that a use-after-free vulnerability\nin the substr_replace function allows an attacker to cause a\ndenial of service (memory corruption) or possibly execute\narbitrary code. (CVE-2011-1148)\n\nFelipe Pena discovered multiple format string\nvulnerabilities in the PHP phar extension. These could allow\nan attacker to obtain sensitive information from process\nmemory, cause a denial of service (memory corruption), or\npossibly execute arbitrary code. This issue affected Ubuntu\n10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.(CVE-2011-1153)\n\nIt was discovered that a buffer overflow occurs in the\nstrval function when the precision configuration option has\na large value. The default compiler options for Ubuntu 8.04\nLTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu\n11.04 should reduce the vulnerability to a denial of\nservice. (CVE-2011-1464)\n\nIt was discovered that an integer overflow in the\nSdnToJulian function in the PHP Calendar extension could\nallow an attacker to cause a denial of service (application\ncrash). (CVE-2011-1466)\n\nTomas Hoger discovered that an integer overflow in the\nNumberFormatter::setSymbol function in the PHP Intl\nextension could allow an attacker to cause a denial of\nservice (application crash). This issue affected Ubuntu\n10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-1467)\n\nIt was discovered that multiple memory leaks in the PHP\nOpenSSL extension might allow a remote attacker to cause a\ndenial of service (memory consumption). This issue affected\nUbuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.\n(CVE-2011-1468)\n\nDaniel Buschke discovered that the PHP Streams component in\nPHP handled types improperly, possibly allowing an attacker\nto cause a denial of service (application crash).\n(CVE-2011-1469)\n\nIt was discovered that the PHP Zip extension could allow an\nattacker to cause a denial of service (application crash)\nvia a ziparchive stream that is not properly handled by the\nstream_get_contents function. This issue affected Ubuntu\n8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10, and\nUbuntu 11.04. (CVE-2011-1470)\n\nIt was discovered that an integer signedness error in the\nPHP Zip extension could allow an attacker to cause a denial\nof service (CPU consumption) via a malformed archive file.\nThis issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu\n10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-1470)\n(CVE-2011-1471).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1126-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(6\\.06|8\\.04|9\\.10|10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.10 / 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.1.2-1ubuntu3.24\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php-pear\", pkgver:\"5.1.2-1ubuntu3.24\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5\", pkgver:\"5.1.2-1ubuntu3.24\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cgi\", pkgver:\"5.1.2-1ubuntu3.24\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cli\", pkgver:\"5.1.2-1ubuntu3.24\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-common\", pkgver:\"5.1.2-1ubuntu3.24\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.4-2ubuntu5.17\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php-pear\", pkgver:\"5.2.4-2ubuntu5.17\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5\", pkgver:\"5.2.4-2ubuntu5.17\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cgi\", pkgver:\"5.2.4-2ubuntu5.17\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cli\", pkgver:\"5.2.4-2ubuntu5.17\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-common\", pkgver:\"5.2.4-2ubuntu5.17\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php-pear\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-cgi\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-cli\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-common\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.10\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.2-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php-pear\", pkgver:\"5.3.2-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5\", pkgver:\"5.3.2-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.2-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cli\", pkgver:\"5.3.2-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-common\", pkgver:\"5.3.2-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.3-1ubuntu9.5\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php-pear\", pkgver:\"5.3.3-1ubuntu9.5\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5\", pkgver:\"5.3.3-1ubuntu9.5\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-cgi\", pkgver:\"5.3.3-1ubuntu9.5\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-cli\", pkgver:\"5.3.3-1ubuntu9.5\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-common\", pkgver:\"5.3.3-1ubuntu9.5\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.5-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php-pear\", pkgver:\"5.3.5-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5\", pkgver:\"5.3.5-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.5-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-cli\", pkgver:\"5.3.5-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-common\", pkgver:\"5.3.5-1ubuntu7.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / php-pear / php5 / php5-cgi / php5-cli / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:06:26", "description": "Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. (CVE-2011-0441)\n\nRaphael Geisert and Dan Rosenberg discovered that the PEAR installer allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories.\n(CVE-2011-1072, CVE-2011-1144)\n\nBen Schmidt discovered that a use-after-free vulnerability in the PHP Zend engine could allow an attacker to cause a denial of service (heap memory corruption) or possibly execute arbitrary code. (CVE-2010-4697)\n\nMartin Barbella discovered a buffer overflow in the PHP GD extension that allows an attacker to cause a denial of service (application crash) via a large number of anti- aliasing steps in an argument to the imagepstext function. (CVE-2010-4698)\n\nIt was discovered that PHP accepts the \\0 character in a pathname, which might allow an attacker to bypass intended access restrictions by placing a safe file extension after this character. This issue is addressed in Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.\n(CVE-2006-7243)\n\nMaksymilian Arciemowicz discovered that the grapheme_extract function in the PHP Internationalization extension (Intl) for ICU allow an attacker to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.\n(CVE-2011-0420)\n\nMaksymilian Arciemowicz discovered that the _zip_name_locate function in the PHP Zip extension does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow an attacker to cause a denial of service (NULL pointer dereference) via an empty ZIP archive. This issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-0421)\n\nLuca Carettoni discovered that the PHP Exif extension performs an incorrect cast on 64bit platforms, which allows a remote attacker to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD). (CVE-2011-0708)\n\nJose Carlos Norte discovered that an integer overflow in the PHP shmop extension could allow an attacker to cause a denial of service (crash) and possibly read sensitive memory function. (CVE-2011-1092)\n\nFelipe Pena discovered that a use-after-free vulnerability in the substr_replace function allows an attacker to cause a denial of service (memory corruption) or possibly execute arbitrary code.\n(CVE-2011-1148)\n\nFelipe Pena discovered multiple format string vulnerabilities in the PHP phar extension. These could allow an attacker to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.(CVE-2011-1153)\n\nIt was discovered that a buffer overflow occurs in the strval function when the precision configuration option has a large value. The default compiler options for Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04 should reduce the vulnerability to a denial of service. (CVE-2011-1464)\n\nIt was discovered that an integer overflow in the SdnToJulian function in the PHP Calendar extension could allow an attacker to cause a denial of service (application crash). (CVE-2011-1466)\n\nTomas Hoger discovered that an integer overflow in the NumberFormatter::setSymbol function in the PHP Intl extension could allow an attacker to cause a denial of service (application crash).\nThis issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.\n(CVE-2011-1467)\n\nIt was discovered that multiple memory leaks in the PHP OpenSSL extension might allow a remote attacker to cause a denial of service (memory consumption). This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-1468)\n\nDaniel Buschke discovered that the PHP Streams component in PHP handled types improperly, possibly allowing an attacker to cause a denial of service (application crash). (CVE-2011-1469)\n\nIt was discovered that the PHP Zip extension could allow an attacker to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function. This issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-1470)\n\nIt was discovered that an integer signedness error in the PHP Zip extension could allow an attacker to cause a denial of service (CPU consumption) via a malformed archive file. This issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-1470) (CVE-2011-1471).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-06-13T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 / 11.04 : php5 vulnerabilities (USN-1126-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2010-4697", "CVE-2010-4698", "CVE-2011-0420", "CVE-2011-0421", "CVE-2011-0441", "CVE-2011-0708", "CVE-2011-1072", "CVE-2011-1092", "CVE-2011-1144", "CVE-2011-1148", "CVE-2011-1153", "CVE-2011-1464", "CVE-2011-1466", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:php-pear", "p-cpe:/a:canonical:ubuntu_linux:php5", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-common", "p-cpe:/a:canonical:ubuntu_linux:php5-curl", "p-cpe:/a:canonical:ubuntu_linux:php5-dev", "p-cpe:/a:canonical:ubuntu_linux:php5-gd", "p-cpe:/a:canonical:ubuntu_linux:php5-intl", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-1126-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55086", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1126-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55086);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2010-4697\", \"CVE-2010-4698\", \"CVE-2011-0420\", \"CVE-2011-0421\", \"CVE-2011-0441\", \"CVE-2011-0708\", \"CVE-2011-1072\", \"CVE-2011-1092\", \"CVE-2011-1144\", \"CVE-2011-1148\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\");\n script_bugtraq_id(44951, 45338, 45952, 46354, 46365, 46429, 46605, 46786, 46843, 46854, 46928, 46967, 46968, 46969, 46970, 46975, 46977);\n script_xref(name:\"USN\", value:\"1126-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 / 11.04 : php5 vulnerabilities (USN-1126-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for\nPHP 5.3.5 allows local users to delete arbitrary files via a symlink\nattack on a directory under /var/lib/php5/. (CVE-2011-0441)\n\nRaphael Geisert and Dan Rosenberg discovered that the PEAR installer\nallows local users to overwrite arbitrary files via a symlink attack\non the package.xml file, related to the (1) download_dir, (2)\ncache_dir, (3) tmp_dir, and (4) pear-build-download directories.\n(CVE-2011-1072, CVE-2011-1144)\n\nBen Schmidt discovered that a use-after-free vulnerability in the PHP\nZend engine could allow an attacker to cause a denial of service (heap\nmemory corruption) or possibly execute arbitrary code. (CVE-2010-4697)\n\nMartin Barbella discovered a buffer overflow in the PHP GD extension\nthat allows an attacker to cause a denial of service (application\ncrash) via a large number of anti- aliasing steps in an argument to\nthe imagepstext function. (CVE-2010-4698)\n\nIt was discovered that PHP accepts the \\0 character in a pathname,\nwhich might allow an attacker to bypass intended access restrictions\nby placing a safe file extension after this character. This issue is\naddressed in Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.\n(CVE-2006-7243)\n\nMaksymilian Arciemowicz discovered that the grapheme_extract function\nin the PHP Internationalization extension (Intl) for ICU allow an\nattacker to cause a denial of service (crash) via an invalid size\nargument, which triggers a NULL pointer dereference. This issue\naffected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.\n(CVE-2011-0420)\n\nMaksymilian Arciemowicz discovered that the _zip_name_locate function\nin the PHP Zip extension does not properly handle a\nZIPARCHIVE::FL_UNCHANGED argument, which might allow an attacker to\ncause a denial of service (NULL pointer dereference) via an empty ZIP\narchive. This issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu\n10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-0421)\n\nLuca Carettoni discovered that the PHP Exif extension performs an\nincorrect cast on 64bit platforms, which allows a remote attacker to\ncause a denial of service (application crash) via an image with a\ncrafted Image File Directory (IFD). (CVE-2011-0708)\n\nJose Carlos Norte discovered that an integer overflow in the PHP shmop\nextension could allow an attacker to cause a denial of service (crash)\nand possibly read sensitive memory function. (CVE-2011-1092)\n\nFelipe Pena discovered that a use-after-free vulnerability in the\nsubstr_replace function allows an attacker to cause a denial of\nservice (memory corruption) or possibly execute arbitrary code.\n(CVE-2011-1148)\n\nFelipe Pena discovered multiple format string vulnerabilities in the\nPHP phar extension. These could allow an attacker to obtain sensitive\ninformation from process memory, cause a denial of service (memory\ncorruption), or possibly execute arbitrary code. This issue affected\nUbuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.(CVE-2011-1153)\n\nIt was discovered that a buffer overflow occurs in the strval function\nwhen the precision configuration option has a large value. The default\ncompiler options for Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS,\nUbuntu 10.10, and Ubuntu 11.04 should reduce the vulnerability to a\ndenial of service. (CVE-2011-1464)\n\nIt was discovered that an integer overflow in the SdnToJulian function\nin the PHP Calendar extension could allow an attacker to cause a\ndenial of service (application crash). (CVE-2011-1466)\n\nTomas Hoger discovered that an integer overflow in the\nNumberFormatter::setSymbol function in the PHP Intl extension could\nallow an attacker to cause a denial of service (application crash).\nThis issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.\n(CVE-2011-1467)\n\nIt was discovered that multiple memory leaks in the PHP OpenSSL\nextension might allow a remote attacker to cause a denial of service\n(memory consumption). This issue affected Ubuntu 10.04 LTS, Ubuntu\n10.10, and Ubuntu 11.04. (CVE-2011-1468)\n\nDaniel Buschke discovered that the PHP Streams component in PHP\nhandled types improperly, possibly allowing an attacker to cause a\ndenial of service (application crash). (CVE-2011-1469)\n\nIt was discovered that the PHP Zip extension could allow an attacker\nto cause a denial of service (application crash) via a ziparchive\nstream that is not properly handled by the stream_get_contents\nfunction. This issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu\n10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-1470)\n\nIt was discovered that an integer signedness error in the PHP Zip\nextension could allow an attacker to cause a denial of service (CPU\nconsumption) via a malformed archive file. This issue affected Ubuntu\n8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu\n11.04. (CVE-2011-1470) (CVE-2011-1471).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1126-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(6\\.06|8\\.04|9\\.10|10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.10 / 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.1.2-1ubuntu3.22\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php-pear\", pkgver:\"5.1.2-1ubuntu3.22\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5\", pkgver:\"5.1.2-1ubuntu3.22\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cgi\", pkgver:\"5.1.2-1ubuntu3.22\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cli\", pkgver:\"5.1.2-1ubuntu3.22\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-common\", pkgver:\"5.1.2-1ubuntu3.22\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-curl\", pkgver:\"5.1.2-1ubuntu3.22\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-dev\", pkgver:\"5.1.2-1ubuntu3.22\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-gd\", pkgver:\"5.1.2-1ubuntu3.22\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.4-2ubuntu5.15\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php-pear\", pkgver:\"5.2.4-2ubuntu5.15\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5\", pkgver:\"5.2.4-2ubuntu5.15\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cgi\", pkgver:\"5.2.4-2ubuntu5.15\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cli\", pkgver:\"5.2.4-2ubuntu5.15\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-common\", pkgver:\"5.2.4-2ubuntu5.15\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-curl\", pkgver:\"5.2.4-2ubuntu5.15\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-dev\", pkgver:\"5.2.4-2ubuntu5.15\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-gd\", pkgver:\"5.2.4-2ubuntu5.15\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.9\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php-pear\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.9\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.9\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-cgi\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.9\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-cli\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.9\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-common\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.9\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-curl\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.9\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-dev\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.9\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"php5-gd\", pkgver:\"5.2.10.dfsg.1-2ubuntu6.9\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.2-1ubuntu4.8\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php-pear\", pkgver:\"5.3.2-1ubuntu4.8\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5\", pkgver:\"5.3.2-1ubuntu4.8\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.2-1ubuntu4.8\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cli\", pkgver:\"5.3.2-1ubuntu4.8\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-common\", pkgver:\"5.3.2-1ubuntu4.8\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-curl\", pkgver:\"5.3.2-1ubuntu4.8\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-dev\", pkgver:\"5.3.2-1ubuntu4.8\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-gd\", pkgver:\"5.3.2-1ubuntu4.8\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-intl\", pkgver:\"5.3.2-1ubuntu4.8\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.3-1ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php-pear\", pkgver:\"5.3.3-1ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5\", pkgver:\"5.3.3-1ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-cgi\", pkgver:\"5.3.3-1ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-cli\", pkgver:\"5.3.3-1ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-common\", pkgver:\"5.3.3-1ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-curl\", pkgver:\"5.3.3-1ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-dev\", pkgver:\"5.3.3-1ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-gd\", pkgver:\"5.3.3-1ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-intl\", pkgver:\"5.3.3-1ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.5-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php-pear\", pkgver:\"5.3.5-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5\", pkgver:\"5.3.5-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.5-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-cli\", pkgver:\"5.3.5-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-common\", pkgver:\"5.3.5-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-curl\", pkgver:\"5.3.5-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-dev\", pkgver:\"5.3.5-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-gd\", pkgver:\"5.3.5-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-intl\", pkgver:\"5.3.5-1ubuntu7.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / php-pear / php5 / php5-cgi / php5-cli / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:46:02", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nA signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to PHP applications that hash passwords with Blowfish using the PHP crypt() function. Refer to the upstream 'CRYPT_BLOWFISH security fix details' document, linked to in the References, for details.\n\nAn insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nMultiple memory leak flaws were found in the PHP OpenSSL extension. A remote attacker able to make a PHP script use openssl_encrypt() or openssl_decrypt() repeatedly could cause the PHP interpreter to use an excessive amount of memory. (CVE-2011-1468)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469)\n\nAn integer signedness issue was found in the PHP zip extension. An attacker could use a specially crafted ZIP archive to cause the PHP interpreter to use an excessive amount of CPU time until the script execution time limit is reached. (CVE-2011-1471)\n\nA stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter. (CVE-2011-1938)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the 'apache' user, preventing it from writing to the root directory. (CVE-2011-2202)\n\nAll php53 and php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0708", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1471", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111102_PHP53_AND_PHP_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61168", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61168);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\");\n\n script_name(english:\"Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nA signedness issue was found in the way the PHP crypt() function\nhandled 8-bit characters in passwords when using Blowfish hashing. Up\nto three characters immediately preceding a non-ASCII character (one\nwith the high bit set) had no effect on the hash result, thus\nshortening the effective password length. This made brute-force\nguessing more efficient as several different passwords were hashed to\nthe same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to PHP applications that hash\npasswords with Blowfish using the PHP crypt() function. Refer to the\nupstream 'CRYPT_BLOWFISH security fix details' document, linked to in\nthe References, for details.\n\nAn insufficient input validation flaw, leading to a buffer over-read,\nwas found in the PHP exif extension. A specially crafted image file\ncould cause the PHP interpreter to crash when a PHP script tries to\nextract Exchangeable image file format (Exif) metadata from the image\nfile. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A\nremote attacker able to make a PHP script call SdnToJulian() with a\nlarge value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nMultiple memory leak flaws were found in the PHP OpenSSL extension. A\nremote attacker able to make a PHP script use openssl_encrypt() or\nopenssl_decrypt() repeatedly could cause the PHP interpreter to use an\nexcessive amount of memory. (CVE-2011-1468)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments,\na remote attacker could possibly use this to crash the PHP interpreter\nor, possibly, execute arbitrary code. (CVE-2011-1148)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash\nif an FTP wrapper connection was made through an HTTP proxy. A remote\nattacker could possibly trigger this issue if a PHP script accepted an\nuntrusted URL to connect to. (CVE-2011-1469)\n\nAn integer signedness issue was found in the PHP zip extension. An\nattacker could use a specially crafted ZIP archive to cause the PHP\ninterpreter to use an excessive amount of CPU time until the script\nexecution time limit is reached. (CVE-2011-1471)\n\nA stack-based buffer overflow flaw was found in the way the PHP socket\nextension handled long AF_UNIX socket addresses. An attacker able to\nmake a PHP script connect to a long AF_UNIX socket address could use\nthis flaw to crash the PHP interpreter. (CVE-2011-1938)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file\nwith a specially crafted file name it could cause a PHP script to\nattempt to write a file to the root (/) directory. By default, PHP\nruns as the 'apache' user, preventing it from writing to the root\ndirectory. (CVE-2011-2202)\n\nAll php53 and php users should upgrade to these updated packages,\nwhich contain backported patches to resolve these issues. After\ninstalling the updated packages, the httpd daemon must be restarted\nfor the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1111&L=scientific-linux-errata&T=0&P=210\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2cfb58fc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"php53-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-bcmath-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-cli-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-common-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-dba-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-debuginfo-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-devel-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-gd-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-imap-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-intl-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-ldap-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-mbstring-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-mysql-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-odbc-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-pdo-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-pgsql-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-process-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-pspell-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-snmp-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-soap-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-xml-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-xmlrpc-5.3.3-1.el5_7.3\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"php-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-bcmath-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-cli-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-common-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-dba-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-debuginfo-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-devel-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-embedded-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-enchant-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-gd-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-imap-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-intl-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-ldap-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-mbstring-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-mysql-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-odbc-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-pdo-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-pgsql-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-process-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-pspell-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-recode-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-snmp-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-soap-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-tidy-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-xml-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-xmlrpc-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-zts-5.3.3-3.el6_1.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:11:35", "description": "Updated php53 and php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nA signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to PHP applications that hash passwords with Blowfish using the PHP crypt() function. Refer to the upstream 'CRYPT_BLOWFISH security fix details' document, linked to in the References, for details.\n\nAn insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nMultiple memory leak flaws were found in the PHP OpenSSL extension. A remote attacker able to make a PHP script use openssl_encrypt() or openssl_decrypt() repeatedly could cause the PHP interpreter to use an excessive amount of memory. (CVE-2011-1468)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469)\n\nAn integer signedness issue was found in the PHP zip extension. An attacker could use a specially crafted ZIP archive to cause the PHP interpreter to use an excessive amount of CPU time until the script execution time limit is reached. (CVE-2011-1471)\n\nA stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter. (CVE-2011-1938)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the 'apache' user, preventing it from writing to the root directory. (CVE-2011-2202)\n\nAll php53 and php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2011-11-03T00:00:00", "type": "nessus", "title": "CentOS 5 : php53 (CESA-2011:1423)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0708", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1471", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:php53", "p-cpe:/a:centos:centos:php53-bcmath", "p-cpe:/a:centos:centos:php53-cli", "p-cpe:/a:centos:centos:php53-common", "p-cpe:/a:centos:centos:php53-dba", "p-cpe:/a:centos:centos:php53-devel", "p-cpe:/a:centos:centos:php53-gd", "p-cpe:/a:centos:centos:php53-imap", "p-cpe:/a:centos:centos:php53-intl", "p-cpe:/a:centos:centos:php53-ldap", "p-cpe:/a:centos:centos:php53-mbstring", "p-cpe:/a:centos:centos:php53-mysql", "p-cpe:/a:centos:centos:php53-odbc", "p-cpe:/a:centos:centos:php53-pdo", "p-cpe:/a:centos:centos:php53-pgsql", "p-cpe:/a:centos:centos:php53-process", "p-cpe:/a:centos:centos:php53-pspell", "p-cpe:/a:centos:centos:php53-snmp", "p-cpe:/a:centos:centos:php53-soap", "p-cpe:/a:centos:centos:php53-xml", "p-cpe:/a:centos:centos:php53-xmlrpc", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1423.NASL", "href": "https://www.tenable.com/plugins/nessus/56695", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1423 and \n# CentOS Errata and Security Advisory 2011:1423 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56695);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\");\n script_bugtraq_id(46365, 46843, 46967, 46970, 46975, 46977, 47950, 48259, 49241);\n script_xref(name:\"RHSA\", value:\"2011:1423\");\n\n script_name(english:\"CentOS 5 : php53 (CESA-2011:1423)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php53 and php packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nA signedness issue was found in the way the PHP crypt() function\nhandled 8-bit characters in passwords when using Blowfish hashing. Up\nto three characters immediately preceding a non-ASCII character (one\nwith the high bit set) had no effect on the hash result, thus\nshortening the effective password length. This made brute-force\nguessing more efficient as several different passwords were hashed to\nthe same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to PHP applications that hash\npasswords with Blowfish using the PHP crypt() function. Refer to the\nupstream 'CRYPT_BLOWFISH security fix details' document, linked to in\nthe References, for details.\n\nAn insufficient input validation flaw, leading to a buffer over-read,\nwas found in the PHP exif extension. A specially crafted image file\ncould cause the PHP interpreter to crash when a PHP script tries to\nextract Exchangeable image file format (Exif) metadata from the image\nfile. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A\nremote attacker able to make a PHP script call SdnToJulian() with a\nlarge value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nMultiple memory leak flaws were found in the PHP OpenSSL extension. A\nremote attacker able to make a PHP script use openssl_encrypt() or\nopenssl_decrypt() repeatedly could cause the PHP interpreter to use an\nexcessive amount of memory. (CVE-2011-1468)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments,\na remote attacker could possibly use this to crash the PHP interpreter\nor, possibly, execute arbitrary code. (CVE-2011-1148)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash\nif an FTP wrapper connection was made through an HTTP proxy. A remote\nattacker could possibly trigger this issue if a PHP script accepted an\nuntrusted URL to connect to. (CVE-2011-1469)\n\nAn integer signedness issue was found in the PHP zip extension. An\nattacker could use a specially crafted ZIP archive to cause the PHP\ninterpreter to use an excessive amount of CPU time until the script\nexecution time limit is reached. (CVE-2011-1471)\n\nA stack-based buffer overflow flaw was found in the way the PHP socket\nextension handled long AF_UNIX socket addresses. An attacker able to\nmake a PHP script connect to a long AF_UNIX socket address could use\nthis flaw to crash the PHP interpreter. (CVE-2011-1938)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file\nwith a specially crafted file name it could cause a PHP script to\nattempt to write a file to the root (/) directory. By default, PHP\nruns as the 'apache' user, preventing it from writing to the root\ndirectory. (CVE-2011-2202)\n\nAll php53 and php users should upgrade to these updated packages,\nwhich contain backported patches to resolve these issues. After\ninstalling the updated packages, the httpd daemon must be restarted\nfor the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018145.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8d8e6f39\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018146.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ef98eb6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php53 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-bcmath-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-cli-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-common-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-dba-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-devel-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-gd-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-imap-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-intl-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-ldap-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-mbstring-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-mysql-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-odbc-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-pdo-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-pgsql-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-process-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-pspell-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-snmp-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-soap-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-xml-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-xmlrpc-5.3.3-1.el5_7.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53 / php53-bcmath / php53-cli / php53-common / php53-dba / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:31:25", "description": "From Red Hat Security Advisory 2011:1423 :\n\nUpdated php53 and php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nA signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to PHP applications that hash passwords with Blowfish using the PHP crypt() function. Refer to the upstream 'CRYPT_BLOWFISH security fix details' document, linked to in the References, for details.\n\nAn insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nMultiple memory leak flaws were found in the PHP OpenSSL extension. A remote attacker able to make a PHP script use openssl_encrypt() or openssl_decrypt() repeatedly could cause the PHP interpreter to use an excessive amount of memory. (CVE-2011-1468)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469)\n\nAn integer signedness issue was found in the PHP zip extension. An attacker could use a specially crafted ZIP archive to cause the PHP interpreter to use an excessive amount of CPU time until the script execution time limit is reached. (CVE-2011-1471)\n\nA stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter. (CVE-2011-1938)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the 'apache' user, preventing it from writing to the root directory. (CVE-2011-2202)\n\nAll php53 and php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : php / php53 (ELSA-2011-1423)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0708", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1471", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:php", "p-cpe:/a:oracle:linux:php-bcmath", "p-cpe:/a:oracle:linux:php-cli", "p-cpe:/a:oracle:linux:php-common", "p-cpe:/a:oracle:linux:php-dba", "p-cpe:/a:oracle:linux:php-devel", "p-cpe:/a:oracle:linux:php-embedded", "p-cpe:/a:oracle:linux:php-enchant", "p-cpe:/a:oracle:linux:php-gd", "p-cpe:/a:oracle:linux:php-imap", "p-cpe:/a:oracle:linux:php-intl", "p-cpe:/a:oracle:linux:php-ldap", "p-cpe:/a:oracle:linux:php-mbstring", "p-cpe:/a:oracle:linux:php-mysql", "p-cpe:/a:oracle:linux:php-odbc", "p-cpe:/a:oracle:linux:php-pdo", "p-cpe:/a:oracle:linux:php-pgsql", "p-cpe:/a:oracle:linux:php-process", "p-cpe:/a:oracle:linux:php-pspell", "p-cpe:/a:oracle:linux:php-recode", "p-cpe:/a:oracle:linux:php-snmp", "p-cpe:/a:oracle:linux:php-soap", "p-cpe:/a:oracle:linux:php-tidy", "p-cpe:/a:oracle:linux:php-xml", "p-cpe:/a:oracle:linux:php-xmlrpc", "p-cpe:/a:oracle:linux:php-zts", "p-cpe:/a:oracle:linux:php53", "p-cpe:/a:oracle:linux:php53-bcmath", "p-cpe:/a:oracle:linux:php53-cli", "p-cpe:/a:oracle:linux:php53-common", "p-cpe:/a:oracle:linux:php53-dba", "p-cpe:/a:oracle:linux:php53-devel", "p-cpe:/a:oracle:linux:php53-gd", "p-cpe:/a:oracle:linux:php53-imap", "p-cpe:/a:oracle:linux:php53-intl", "p-cpe:/a:oracle:linux:php53-ldap", "p-cpe:/a:oracle:linux:php53-mbstring", "p-cpe:/a:oracle:linux:php53-mysql", "p-cpe:/a:oracle:linux:php53-odbc", "p-cpe:/a:oracle:linux:php53-pdo", "p-cpe:/a:oracle:linux:php53-pgsql", "p-cpe:/a:oracle:linux:php53-process", "p-cpe:/a:oracle:linux:php53-pspell", "p-cpe:/a:oracle:linux:php53-snmp", "p-cpe:/a:oracle:linux:php53-soap", "p-cpe:/a:oracle:linux:php53-xml", "p-cpe:/a:oracle:linux:php53-xmlrpc", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2011-1423.NASL", "href": "https://www.tenable.com/plugins/nessus/68382", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1423 and \n# Oracle Linux Security Advisory ELSA-2011-1423 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68382);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\");\n script_bugtraq_id(46365, 46843, 46967, 46969, 46970, 46975, 46977, 47950, 48259, 49241);\n script_xref(name:\"RHSA\", value:\"2011:1423\");\n\n script_name(english:\"Oracle Linux 5 / 6 : php / php53 (ELSA-2011-1423)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1423 :\n\nUpdated php53 and php packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nA signedness issue was found in the way the PHP crypt() function\nhandled 8-bit characters in passwords when using Blowfish hashing. Up\nto three characters immediately preceding a non-ASCII character (one\nwith the high bit set) had no effect on the hash result, thus\nshortening the effective password length. This made brute-force\nguessing more efficient as several different passwords were hashed to\nthe same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to PHP applications that hash\npasswords with Blowfish using the PHP crypt() function. Refer to the\nupstream 'CRYPT_BLOWFISH security fix details' document, linked to in\nthe References, for details.\n\nAn insufficient input validation flaw, leading to a buffer over-read,\nwas found in the PHP exif extension. A specially crafted image file\ncould cause the PHP interpreter to crash when a PHP script tries to\nextract Exchangeable image file format (Exif) metadata from the image\nfile. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A\nremote attacker able to make a PHP script call SdnToJulian() with a\nlarge value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nMultiple memory leak flaws were found in the PHP OpenSSL extension. A\nremote attacker able to make a PHP script use openssl_encrypt() or\nopenssl_decrypt() repeatedly could cause the PHP interpreter to use an\nexcessive amount of memory. (CVE-2011-1468)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments,\na remote attacker could possibly use this to crash the PHP interpreter\nor, possibly, execute arbitrary code. (CVE-2011-1148)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash\nif an FTP wrapper connection was made through an HTTP proxy. A remote\nattacker could possibly trigger this issue if a PHP script accepted an\nuntrusted URL to connect to. (CVE-2011-1469)\n\nAn integer signedness issue was found in the PHP zip extension. An\nattacker could use a specially crafted ZIP archive to cause the PHP\ninterpreter to use an excessive amount of CPU time until the script\nexecution time limit is reached. (CVE-2011-1471)\n\nA stack-based buffer overflow flaw was found in the way the PHP socket\nextension handled long AF_UNIX socket addresses. An attacker able to\nmake a PHP script connect to a long AF_UNIX socket address could use\nthis flaw to crash the PHP interpreter. (CVE-2011-1938)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file\nwith a specially crafted file name it could cause a PHP script to\nattempt to write a file to the root (/) directory. By default, PHP\nruns as the 'apache' user, preventing it from writing to the root\ndirectory. (CVE-2011-2202)\n\nAll php53 and php users should upgrade to these updated packages,\nwhich contain backported patches to resolve these issues. After\ninstalling the updated packages, the httpd daemon must be restarted\nfor the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-November/002444.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-November/002446.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php and / or php53 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"php53-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-bcmath-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-cli-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-common-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-dba-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-devel-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-gd-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-imap-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-intl-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-ldap-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-mbstring-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-mysql-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-odbc-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-pdo-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-pgsql-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-process-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-pspell-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-snmp-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-soap-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-xml-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-xmlrpc-5.3.3-1.el5_7.3\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"php-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-bcmath-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-cli-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-common-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-dba-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-devel-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-embedded-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-enchant-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-gd-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-imap-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-intl-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-ldap-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-mbstring-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-mysql-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-odbc-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-pdo-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-pgsql-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-process-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-pspell-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-recode-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-snmp-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-soap-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-tidy-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-xml-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-xmlrpc-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-zts-5.3.3-3.el6_1.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:11:49", "description": "Updated php53 and php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nA signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to PHP applications that hash passwords with Blowfish using the PHP crypt() function. Refer to the upstream 'CRYPT_BLOWFISH security fix details' document, linked to in the References, for details.\n\nAn insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nMultiple memory leak flaws were found in the PHP OpenSSL extension. A remote attacker able to make a PHP script use openssl_encrypt() or openssl_decrypt() repeatedly could cause the PHP interpreter to use an excessive amount of memory. (CVE-2011-1468)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469)\n\nAn integer signedness issue was found in the PHP zip extension. An attacker could use a specially crafted ZIP archive to cause the PHP interpreter to use an excessive amount of CPU time until the script execution time limit is reached. (CVE-2011-1471)\n\nA stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter. (CVE-2011-1938)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the 'apache' user, preventing it from writing to the root directory. (CVE-2011-2202)\n\nAll php53 and php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2011-11-03T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : php53 and php (RHSA-2011:1423)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0708", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1471", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php53-common", "p-cpe:/a:redhat:enterprise_linux:php53-dba", "p-cpe:/a:redhat:enterprise_linux:php53-devel", "p-cpe:/a:redhat:enterprise_linux:php53-gd", "p-cpe:/a:redhat:enterprise_linux:php53-imap", "p-cpe:/a:redhat:enterprise_linux:php53-intl", "p-cpe:/a:redhat:enterprise_linux:php53-ldap", "p-cpe:/a:redhat:enterprise_linux:php53-mbstring", "p-cpe:/a:redhat:enterprise_linux:php53-mysql", "p-cpe:/a:redhat:enterprise_linux:php53-odbc", "p-cpe:/a:redhat:enterprise_linux:php53-pdo", "p-cpe:/a:redhat:enterprise_linux:php53-pgsql", "p-cpe:/a:redhat:enterprise_linux:php53-process", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-debuginfo", "p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-embedded", "p-cpe:/a:redhat:enterprise_linux:php-enchant", "p-cpe:/a:redhat:enterprise_linux:php-gd", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-intl", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "p-cpe:/a:redhat:enterprise_linux:php-process", "p-cpe:/a:redhat:enterprise_linux:php-pspell", "p-cpe:/a:redhat:enterprise_linux:php-recode", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-tidy", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:php-zts", "p-cpe:/a:redhat:enterprise_linux:php53", "p-cpe:/a:redhat:enterprise_linux:php53-bcmath", "p-cpe:/a:redhat:enterprise_linux:php53-cli", "p-cpe:/a:redhat:enterprise_linux:php53-pspell", "p-cpe:/a:redhat:enterprise_linux:php53-snmp", "p-cpe:/a:redhat:enterprise_linux:php53-soap", "p-cpe:/a:redhat:enterprise_linux:php53-xml", "p-cpe:/a:redhat:enterprise_linux:php53-xmlrpc", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-1423.NASL", "href": "https://www.tenable.com/plugins/nessus/56699", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1423. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56699);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\");\n script_bugtraq_id(46365, 46843, 46967, 46970, 46975, 46977, 47950, 48259, 49241);\n script_xref(name:\"RHSA\", value:\"2011:1423\");\n\n script_name(english:\"RHEL 5 / 6 : php53 and php (RHSA-2011:1423)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php53 and php packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nA signedness issue was found in the way the PHP crypt() function\nhandled 8-bit characters in passwords when using Blowfish hashing. Up\nto three characters immediately preceding a non-ASCII character (one\nwith the high bit set) had no effect on the hash result, thus\nshortening the effective password length. This made brute-force\nguessing more efficient as several different passwords were hashed to\nthe same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to PHP applications that hash\npasswords with Blowfish using the PHP crypt() function. Refer to the\nupstream 'CRYPT_BLOWFISH security fix details' document, linked to in\nthe References, for details.\n\nAn insufficient input validation flaw, leading to a buffer over-read,\nwas found in the PHP exif extension. A specially crafted image file\ncould cause the PHP interpreter to crash when a PHP script tries to\nextract Exchangeable image file format (Exif) metadata from the image\nfile. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A\nremote attacker able to make a PHP script call SdnToJulian() with a\nlarge value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nMultiple memory leak flaws were found in the PHP OpenSSL extension. A\nremote attacker able to make a PHP script use openssl_encrypt() or\nopenssl_decrypt() repeatedly could cause the PHP interpreter to use an\nexcessive amount of memory. (CVE-2011-1468)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments,\na remote attacker could possibly use this to crash the PHP interpreter\nor, possibly, execute arbitrary code. (CVE-2011-1148)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash\nif an FTP wrapper connection was made through an HTTP proxy. A remote\nattacker could possibly trigger this issue if a PHP script accepted an\nuntrusted URL to connect to. (CVE-2011-1469)\n\nAn integer signedness issue was found in the PHP zip extension. An\nattacker could use a specially crafted ZIP archive to cause the PHP\ninterpreter to use an excessive amount of CPU time until the script\nexecution time limit is reached. (CVE-2011-1471)\n\nA stack-based buffer overflow flaw was found in the way the PHP socket\nextension handled long AF_UNIX socket addresses. An attacker able to\nmake a PHP script connect to a long AF_UNIX socket address could use\nthis flaw to crash the PHP interpreter. (CVE-2011-1938)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file\nwith a specially crafted file name it could cause a PHP script to\nattempt to write a file to the root (/) directory. By default, PHP\nruns as the 'apache' user, preventing it from writing to the root\ndirectory. (CVE-2011-2202)\n\nAll php53 and php users should upgrade to these updated packages,\nwhich contain backported patches to resolve these issues. After\ninstalling the updated packages, the httpd daemon must be restarted\nfor the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/security/crypt_blowfish.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1423\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1423\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-bcmath-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-bcmath-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-bcmath-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-cli-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-cli-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-cli-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-common-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-common-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-common-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-dba-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-dba-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-dba-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-devel-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-devel-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-devel-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-gd-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-gd-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-gd-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-imap-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-imap-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-imap-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-intl-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-intl-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-intl-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-ldap-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-ldap-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-ldap-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-mbstring-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-mbstring-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-mbstring-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-mysql-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-mysql-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-mysql-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-odbc-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-odbc-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-odbc-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-pdo-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-pdo-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-pdo-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-pgsql-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-pgsql-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-pgsql-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-process-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-process-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-process-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-pspell-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-pspell-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-pspell-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-snmp-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-snmp-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-snmp-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-soap-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-soap-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-soap-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-xml-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-xml-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-xml-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-xmlrpc-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-xmlrpc-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-xmlrpc-5.3.3-1.el5_7.3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-bcmath-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-bcmath-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-bcmath-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-cli-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-cli-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-cli-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-common-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-common-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-common-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-dba-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-dba-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-dba-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-debuginfo-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-debuginfo-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-debuginfo-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-devel-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-devel-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-devel-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-embedded-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-embedded-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-embedded-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-enchant-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-enchant-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-enchant-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-gd-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-gd-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-gd-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-imap-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-imap-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-imap-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-intl-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-intl-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-intl-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-ldap-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-ldap-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-ldap-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-mbstring-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-mbstring-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-mbstring-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-mysql-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-mysql-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-mysql-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-odbc-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-odbc-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-odbc-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-pdo-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-pdo-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-pdo-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-pgsql-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-pgsql-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-pgsql-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-process-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-process-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-process-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-pspell-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-pspell-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-pspell-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-recode-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-recode-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-recode-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-snmp-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-snmp-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-snmp-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-soap-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-soap-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-soap-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-tidy-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-tidy-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-tidy-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-xml-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-xml-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-xml-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-xmlrpc-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-xmlrpc-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-zts-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-zts-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-zts-5.3.3-3.el6_1.3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:36:05", "description": "Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues :\n\n - CVE-2011-1072 It was discovered that insecure handling of temporary files in the PEAR installer could lead to denial of service.\n\n - CVE-2011-4153 Maksymilian Arciemowicz discovered that a NULL pointer dereference in the zend_strndup() function could lead to denial of service.\n\n - CVE-2012-0781 Maksymilian Arciemowicz discovered that a NULL pointer dereference in the tidy_diagnose() function could lead to denial of service.\n\n - CVE-2012-0788 It was discovered that missing checks in the handling of PDORow objects could lead to denial of service.\n\n - CVE-2012-0831 It was discovered that the magic_quotes_gpc setting could be disabled remotely.\n\nThis update also addresses PHP bugs, which are not treated as security issues in Debian (see README.Debian.security), but which were fixed nonetheless: CVE-2010-4697, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1467 CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1657, CVE-2011-3182 CVE-2011-3267", "cvss3": {}, "published": "2012-02-14T00:00:00", "type": "nessus", "title": "Debian DSA-2408-1 : php5 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4697", "CVE-2011-1072", "CVE-2011-1092", "CVE-2011-1148", "CVE-2011-1464", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1657", "CVE-2011-3182", "CVE-2011-3267", "CVE-2011-4153", "CVE-2012-0781", "CVE-2012-0788", "CVE-2012-0831"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:php5", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2408.NASL", "href": "https://www.tenable.com/plugins/nessus/57925", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2408. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57925);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-4697\", \"CVE-2011-1072\", \"CVE-2011-1092\", \"CVE-2011-1148\", \"CVE-2011-1464\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1657\", \"CVE-2011-3182\", \"CVE-2011-3267\", \"CVE-2011-4153\", \"CVE-2012-0781\", \"CVE-2012-0788\", \"CVE-2012-0831\");\n script_bugtraq_id(46605, 51417, 51952, 51954);\n script_xref(name:\"DSA\", value:\"2408\");\n\n script_name(english:\"Debian DSA-2408-1 : php5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues :\n\n - CVE-2011-1072\n It was discovered that insecure handling of temporary\n files in the PEAR installer could lead to denial of\n service.\n\n - CVE-2011-4153\n Maksymilian Arciemowicz discovered that a NULL pointer\n dereference in the zend_strndup() function could lead to\n denial of service.\n\n - CVE-2012-0781\n Maksymilian Arciemowicz discovered that a NULL pointer\n dereference in the tidy_diagnose() function could lead\n to denial of service.\n\n - CVE-2012-0788\n It was discovered that missing checks in the handling of\n PDORow objects could lead to denial of service.\n\n - CVE-2012-0831\n It was discovered that the magic_quotes_gpc setting\n could be disabled remotely.\n\nThis update also addresses PHP bugs, which are not treated as security\nissues in Debian (see README.Debian.security), but which were fixed\nnonetheless: CVE-2010-4697, CVE-2011-1092, CVE-2011-1148,\nCVE-2011-1464, CVE-2011-1467 CVE-2011-1468, CVE-2011-1469,\nCVE-2011-1470, CVE-2011-1657, CVE-2011-3182 CVE-2011-3267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2408\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php5 packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze8.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php-pear\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cgi\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cli\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-common\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-curl\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dbg\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dev\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-enchant\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gd\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gmp\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-imap\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-interbase\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-intl\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-ldap\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mcrypt\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mysql\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-odbc\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pgsql\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pspell\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-recode\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-snmp\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sqlite\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sybase\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-tidy\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xmlrpc\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xsl\", reference:\"5.3.3-7+squeeze8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:00", "description": "Versions of PHP 5.3 earlier than 5.3.6 are potentially affected by multiple vulnerabilities : \n\n - An error exists in the function '_zip_name_locate()' in the file 'ext/zip/lib/zip_name_locate.c' which allows a NULL pointer to be dereferenced when processing an empty archive. (CVE-2011-0421)\n - A variable casting error exists in the Exif extension's C function 'exif_process_IFD_TAG()' in the file 'ext/exif/exif.c' could allow arbitrary code execution. (CVE-2011-0708)\n - An integer overflow vulnerability exists in the implementation of the PHP function 'shmop_read' in the file 'ext/shmop/shmop.c'. (CVE-2011-1092)\n - An error exists in the file 'phar/phar_object.c' n which calls to 'zend_throw_exception_ex()' pass data as a string format parameter which could lead to information disclosure or memory corruption when handling PHP archives. (CVE-2011-1153)\n - A buffer overflow error exists in the C function 'xbuf_format_converter' in the file 'main/snprintf.c' when the PHP configuration setting for 'precision' is set to a large value. (Bug 54055)\n - An unspecified error exists in the security enforcement regarding the parsing of the fastcgi protocol with the 'FastCGI Process Manager' (FPM) SAPI.", "cvss3": {}, "published": "2011-03-18T00:00:00", "type": "nessus", "title": "PHP 5.3.x < 5.3.6 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-0708", "CVE-2011-1092", "CVE-2011-1153"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "5824.PRM", "href": "https://www.tenable.com/plugins/nnm/5824", "sourceData": "Binary data 5824.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T14:59:51", "description": "Security Enhancements and Fixes in PHP 5.3.6 :\n\n - Enforce security in the fastcgi protocol parsing with fpm SAPI.\n\n - Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153)\n\n - Fixed bug #54193 (Integer overflow in shmop_read()).\n (CVE-2011-1092)\n\n - Fixed bug #54055 (buffer overrun with high values for precision ini setting).\n\n - Fixed bug #54002 (crash on crafted tag in exif).\n (CVE-2011-0708)\n\n - Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421)\n\nFull upstream changelog : http://php.net/ChangeLog-5.php#5.3.6\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-03-27T00:00:00", "type": "nessus", "title": "Fedora 15 : maniadrive-1.2-29.fc15 / php-5.3.6-1.fc15 / php-eaccelerator-0.9.6.1-6.fc15 (2011-3614)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-0708", "CVE-2011-1092", "CVE-2011-1153"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:maniadrive", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-3614.NASL", "href": "https://www.tenable.com/plugins/nessus/52983", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-3614.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52983);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-1153\");\n script_bugtraq_id(46354, 46365, 46854);\n script_xref(name:\"FEDORA\", value:\"2011-3614\");\n\n script_name(english:\"Fedora 15 : maniadrive-1.2-29.fc15 / php-5.3.6-1.fc15 / php-eaccelerator-0.9.6.1-6.fc15 (2011-3614)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Enhancements and Fixes in PHP 5.3.6 :\n\n - Enforce security in the fastcgi protocol parsing with\n fpm SAPI.\n\n - Fixed bug #54247 (format-string vulnerability on\n Phar). (CVE-2011-1153)\n\n - Fixed bug #54193 (Integer overflow in shmop_read()).\n (CVE-2011-1092)\n\n - Fixed bug #54055 (buffer overrun with high values for\n precision ini setting).\n\n - Fixed bug #54002 (crash on crafted tag in exif).\n (CVE-2011-0708)\n\n - Fixed bug #53885 (ZipArchive segfault with\n FL_UNCHANGED on empty archive). (CVE-2011-0421)\n\nFull upstream changelog : http://php.net/ChangeLog-5.php#5.3.6\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.3.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=680972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688735\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-March/056640.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?db15ff24\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-March/056641.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef8fca1a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f8c1094c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"maniadrive-1.2-29.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"php-5.3.6-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"php-eaccelerator-0.9.6.1-6.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:54", "description": "Versions of PHP 5.3 earlier than 5.3.6 are potentially affected by multiple vulnerabilities : \n\n - An error exists in the function '_zip_name_locate()' in the file 'ext/zip/lib/zip_name_locate.c' which allows a NULL pointer to be dereferenced when processing an empty archive. (CVE-2011-0421)\n\n - A variable casting error exists in the Exif extension's C function 'exif_process_IFD_TAG()' in the file 'ext/exif/exif.c' could allow arbitrary code execution. (CVE-2011-0708)\n\n - An integer overflow vulnerability exists in the implementation of the PHP function 'shmop_read' in the file 'ext/shmop/shmop.c'. (CVE-2011-1092)\n\n - An error exists in the file 'phar/phar_object.c' n which calls to 'zend_throw_exception_ex()' pass data as a string format parameter which could lead to information disclosure or memory corruption when handling PHP archives. (CVE-2011-1153)\n\n - A buffer overflow error exists in the C function 'xbuf_format_converter' in the file 'main/snprintf.c' when the PHP configuration setting for 'precision' is set to a large value. (Bug 54055)\n\n - An unspecified error exists in the security enforcement regarding the parsing of the fastcgi protocol with the 'FastCGI Process Manager' (FPM) SAPI.", "cvss3": {}, "published": "2011-03-18T00:00:00", "type": "nessus", "title": "PHP 5.3 < 5.3.6 String To Double Conversion DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-0708", "CVE-2011-1092", "CVE-2011-1153"], "modified": "2011-03-18T00:00:00", "cpe": [], "id": "801082.PRM", "href": "https://www.tenable.com/plugins/lce/801082", "sourceData": "Binary data 801082.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:01:10", "description": "Security Enhancements and Fixes in PHP 5.3.6 :\n\n - Fixed bug #54247 (format-string vulnerability on Phar).\n (CVE-2011-1153)\n\n - Fixed bug #54193 (Integer overflow in shmop_read()).\n (CVE-2011-1092)\n\n - Fixed bug #54055 (buffer overrun with high values for precision ini setting).\n\n - Fixed bug #54002 (crash on crafted tag in exif).\n (CVE-2011-0708)\n\n - Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421)\n\nFull upstream changelog : http://php.net/ChangeLog-5.php#5.3.6\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-04-07T00:00:00", "type": "nessus", "title": "Fedora 14 : maniadrive-1.2-27.fc14 / php-5.3.6-1.fc14 / php-eaccelerator-0.9.6.1-6.fc14 (2011-3636)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-0708", "CVE-2011-1092", "CVE-2011-1153"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:maniadrive", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-3636.NASL", "href": "https://www.tenable.com/plugins/nessus/53305", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-3636.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53305);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-1153\");\n script_xref(name:\"FEDORA\", value:\"2011-3636\");\n\n script_name(english:\"Fedora 14 : maniadrive-1.2-27.fc14 / php-5.3.6-1.fc14 / php-eaccelerator-0.9.6.1-6.fc14 (2011-3636)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Enhancements and Fixes in PHP 5.3.6 :\n\n - Fixed bug #54247 (format-string vulnerability on Phar).\n (CVE-2011-1153)\n\n - Fixed bug #54193 (Integer overflow in shmop_read()).\n (CVE-2011-1092)\n\n - Fixed bug #54055 (buffer overrun with high values for\n precision ini setting).\n\n - Fixed bug #54002 (crash on crafted tag in exif).\n (CVE-2011-0708)\n\n - Fixed bug #53885 (ZipArchive segfault with\n FL_UNCHANGED on empty archive). (CVE-2011-0421)\n\nFull upstream changelog : http://php.net/ChangeLog-5.php#5.3.6\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.3.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=680972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688735\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/057707.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42215151\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/057708.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f44cb64e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3f1b9a8f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"maniadrive-1.2-27.fc14\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"php-5.3.6-1.fc14\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"php-eaccelerator-0.9.6.1-6.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:01:20", "description": "Security Enhancements and Fixes in PHP 5.3.6 :\n\n - Fixed bug #54247 (format-string vulnerability on Phar).\n (CVE-2011-1153)\n\n - Fixed bug #54193 (Integer overflow in shmop_read()).\n (CVE-2011-1092)\n\n - Fixed bug #54055 (buffer overrun with high values for precision ini setting).\n\n - Fixed bug #54002 (crash on crafted tag in exif).\n (CVE-2011-0708)\n\n - Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421)\n\nFull upstream changelog : http://php.net/ChangeLog-5.php#5.3.6\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-04-07T00:00:00", "type": "nessus", "title": "Fedora 13 : maniadrive-1.2-27.fc13 / php-5.3.6-1.fc13 / php-eaccelerator-0.9.6.1-6.fc13 (2011-3666)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-0708", "CVE-2011-1092", "CVE-2011-1153"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:maniadrive", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2011-3666.NASL", "href": "https://www.tenable.com/plugins/nessus/53306", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-3666.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53306);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-1153\");\n script_xref(name:\"FEDORA\", value:\"2011-3666\");\n\n script_name(english:\"Fedora 13 : maniadrive-1.2-27.fc13 / php-5.3.6-1.fc13 / php-eaccelerator-0.9.6.1-6.fc13 (2011-3666)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Enhancements and Fixes in PHP 5.3.6 :\n\n - Fixed bug #54247 (format-string vulnerability on Phar).\n (CVE-2011-1153)\n\n - Fixed bug #54193 (Integer overflow in shmop_read()).\n (CVE-2011-1092)\n\n - Fixed bug #54055 (buffer overrun with high values for\n precision ini setting).\n\n - Fixed bug #54002 (crash on crafted tag in exif).\n (CVE-2011-0708)\n\n - Fixed bug #53885 (ZipArchive segfault with\n FL_UNCHANGED on empty archive). (CVE-2011-0421)\n\nFull upstream changelog : http://php.net/ChangeLog-5.php#5.3.6\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.3.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=680972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688735\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dbf2d8c0\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/057711.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d9b6fcaf\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/057712.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bc4aa699\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"maniadrive-1.2-27.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"php-5.3.6-1.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"php-eaccelerator-0.9.6.1-6.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:08:41", "description": "New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.", "cvss3": {}, "published": "2011-08-26T00:00:00", "type": "nessus", "title": "Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : php (SSA:2011-237-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:php", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37"], "id": "SLACKWARE_SSA_2011-237-01.NASL", "href": "https://www.tenable.com/plugins/nessus/55980", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2011-237-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55980);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\");\n script_bugtraq_id(46843, 47950, 48259, 49241);\n script_xref(name:\"SSA\", value:\"2011-237-01\");\n\n script_name(english:\"Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : php (SSA:2011-237-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2,\n13.0, 13.1, 13.37, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.575575\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0c1f1ac5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"11.0\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:08:38", "description": "PHP development team reports :\n\nSecurity Enhancements and Fixes in PHP 5.3.7 :\n\n- Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n- Fixed crash in error_log(). Reported by Mateusz Kocielski\n\n- Fixed buffer overflow on overlog salt in crypt().\n\n- Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)\n\n- Fixed stack-based buffer overflow in socket_connect(). (CVE-2011-1938)\n\n- Fixed bug #54238 (use-after-free in substr_replace()).\n(CVE-2011-1148)", "cvss3": {}, "published": "2011-08-20T00:00:00", "type": "nessus", "title": "FreeBSD : php -- multiple vulnerabilities (057bf770-cac4-11e0-aea3-00215c6a37bb)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:php5", "p-cpe:/a:freebsd:freebsd:php5-sockets", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_057BF770CAC411E0AEA300215C6A37BB.NASL", "href": "https://www.tenable.com/plugins/nessus/55912", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55912);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\");\n script_bugtraq_id(49241);\n\n script_name(english:\"FreeBSD : php -- multiple vulnerabilities (057bf770-cac4-11e0-aea3-00215c6a37bb)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP development team reports :\n\nSecurity Enhancements and Fixes in PHP 5.3.7 :\n\n- Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n- Fixed crash in error_log(). Reported by Mateusz Kocielski\n\n- Fixed buffer overflow on overlog salt in crypt().\n\n- Fixed bug #54939 (File path injection vulnerability in RFC1867 File\nupload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)\n\n- Fixed stack-based buffer overflow in socket_connect(). (CVE-2011-1938)\n\n- Fixed bug #54238 (use-after-free in substr_replace()).\n(CVE-2011-1148)\"\n );\n # https://vuxml.freebsd.org/freebsd/057bf770-cac4-11e0-aea3-00215c6a37bb.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?236b579e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php5<5.3.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-sockets<5.3.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:37", "description": "Versions of PHP 5.3 earlier than 5.3.7 are potentially affected by multiple vulnerabilities : \n\n - A stack buffer overflow exists in socket_connect(). (CVE-2011-1938)\n\n - A use-after-free vulnerability exists in substr_replace(). (CVE-2011-1148)\n\n - A code execution vulnerability exists in ZipArchive: : addGlob(). (CVE-2011-1657)\n\n - crypt_blowfish was updated to 1.2. (CVE-2011-2483)\n\n - Multiple null pointer dereferences exist.\n\n - An unspecified crash exists in error_log().\n\n - A buffer overflow vulnerability exists in crypt().", "cvss3": {}, "published": "2011-08-23T00:00:00", "type": "nessus", "title": "PHP 5.3 < 5.3.7 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1657", "CVE-2011-1938", "CVE-2011-2483"], "modified": "2011-08-23T00:00:00", "cpe": [], "id": "801087.PRM", "href": "https://www.tenable.com/plugins/lce/801087", "sourceData": "Binary data 801087.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:38", "description": "Versions of PHP 5.3 earlier than 5.3.7 are potentially affected by multiple vulnerabilities : \n\n - A stack buffer overflow exists in socket_connect(). (CVE-2011-1938)\n\n - A use-after-free vulnerability exists in substr_replace(). (CVE-2011-1148)\n\n - A code execution vulnerability exists in ZipArchive: : addGlob(). (CVE-2011-1657)\n\n - crypt_blowfish was updated to 1.2. (CVE-2011-2483)\n\n - Multiple null pointer dereferences exist.\n\n - An unspecified crash exists in error_log().\n\n - A buffer overflow vulnerability exists in crypt().\n - A flaw exists in the php_win32_get_random_bytes() function when passing MCRYPT_DEV_URANDOM as source to mcrypt_create_iv(). A remote attacker can exploit this to cause a denial of service condition.", "cvss3": {}, "published": "2011-08-23T00:00:00", "type": "nessus", "title": "PHP 5.3.x < 5.3.7 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1657", "CVE-2011-1938", "CVE-2011-2483"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "6015.PRM", "href": "https://www.tenable.com/plugins/nnm/6015", "sourceData": "Binary data 6015.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:11:26", "description": "empty zip archives could crash programs using libzip (CVE-2011-0421).", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libzip-devel (openSUSE-SU-2011:0449-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libzip-devel", "p-cpe:/a:novell:opensuse:libzip-util", "p-cpe:/a:novell:opensuse:libzip1", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_LIBZIP-DEVEL-110321.NASL", "href": "https://www.tenable.com/plugins/nessus/75637", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libzip-devel-4188.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75637);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0421\");\n\n script_name(english:\"openSUSE Security Update : libzip-devel (openSUSE-SU-2011:0449-1)\");\n script_summary(english:\"Check for the libzip-devel-4188 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"empty zip archives could crash programs using libzip (CVE-2011-0421).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-05/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libzip-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzip-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzip1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libzip-devel-0.9-27.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libzip-util-0.9-27.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libzip1-0.9-27.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzip-devel / libzip-util / libzip1\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:19:31", "description": "A vulnerability has been identified and fixed in libzip :\n\nThe _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (application crash) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation (CVE-2011-0421).\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct this issue.", "cvss3": {}, "published": "2011-05-25T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : libzip (MDVSA-2011:099)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64zip-devel", "p-cpe:/a:mandriva:linux:lib64zip1", "p-cpe:/a:mandriva:linux:lib64zip1-devel", "p-cpe:/a:mandriva:linux:libzip", "p-cpe:/a:mandriva:linux:libzip-devel", "p-cpe:/a:mandriva:linux:libzip1", "p-cpe:/a:mandriva:linux:libzip1-devel", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2011-099.NASL", "href": "https://www.tenable.com/plugins/nessus/54638", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:099. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54638);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-0421\");\n script_bugtraq_id(46354);\n script_xref(name:\"MDVSA\", value:\"2011:099\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libzip (MDVSA-2011:099)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been identified and fixed in libzip :\n\nThe _zip_name_locate function in zip_name_locate.c in the Zip\nextension in PHP before 5.3.6 does not properly handle a\nZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent\nattackers to cause a denial of service (application crash) via an\nempty ZIP archive that is processed with a (1) locateName or (2)\nstatName operation (CVE-2011-0421).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64zip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64zip1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64zip1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libzip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libzip1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libzip1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64zip1-0.9-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64zip1-devel-0.9-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"libzip-0.9-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libzip1-0.9-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libzip1-devel-0.9-1.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64zip-devel-0.9.3-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64zip1-0.9.3-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"libzip-0.9.3-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libzip-devel-0.9.3-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libzip1-0.9.3-2.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:13:57", "description": "The following bug has been fixed :\n\n - empty zip archives could crash programs using libzip.\n (CVE-2011-0421)", "cvss3": {}, "published": "2011-05-09T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : libzip1 (SAT Patch Number 4191)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libzip1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBZIP1-110321.NASL", "href": "https://www.tenable.com/plugins/nessus/53839", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53839);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0421\");\n\n script_name(english:\"SuSE 11.1 Security Update : libzip1 (SAT Patch Number 4191)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following bug has been fixed :\n\n - empty zip archives could crash programs using libzip.\n (CVE-2011-0421)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0421.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4191.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libzip1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libzip1-0.9-1.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libzip1-0.9-1.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libzip1-0.9-1.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:08:58", "description": "Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce for 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-09-19T00:00:00", "type": "nessus", "title": "Fedora 15 : maniadrive-1.2-32.fc15 / php-5.3.8-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15 (2011-11528)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:maniadrive", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-11528.NASL", "href": "https://www.tenable.com/plugins/nessus/56218", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11528.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56218);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\");\n script_bugtraq_id(46843, 47950, 48259, 49241, 49249);\n script_xref(name:\"FEDORA\", value:\"2011-11528\");\n\n script_name(english:\"Fedora 15 : maniadrive-1.2-32.fc15 / php-5.3.8-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15 (2011-11528)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz\n Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in\n RFC1867 File upload filename). Reported by Krzysztof\n Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce\nfor 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-18-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-23-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=709067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=713194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732516\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066105.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?665afecc\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066106.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?06722286\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b071447c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"maniadrive-1.2-32.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"php-5.3.8-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"php-eaccelerator-0.9.6.1-9.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:09:04", "description": "Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce for 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-09-19T00:00:00", "type": "nessus", "title": "Fedora 14 : maniadrive-1.2-32.fc14 / php-5.3.8-1.fc14 / php-eaccelerator-0.9.6.1-9.fc14 (2011-11537)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:maniadrive", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-11537.NASL", "href": "https://www.tenable.com/plugins/nessus/56219", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11537.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56219);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\");\n script_bugtraq_id(46843, 47950, 48259, 49241, 49249);\n script_xref(name:\"FEDORA\", value:\"2011-11537\");\n\n script_name(english:\"Fedora 14 : maniadrive-1.2-32.fc14 / php-5.3.8-1.fc14 / php-eaccelerator-0.9.6.1-9.fc14 (2011-11537)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz\n Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in\n RFC1867 File upload filename). Reported by Krzysztof\n Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce\nfor 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-18-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-23-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=709067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=713194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732516\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066102.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4634af29\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066103.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d7ceb4d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066104.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8d9735d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"maniadrive-1.2-32.fc14\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"php-5.3.8-1.fc14\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"php-eaccelerator-0.9.6.1-9.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:09:15", "description": "Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1\n\nUpstream announce for 5.3.7:\nhttp://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nphp package now provides both apache modules (for prefork and worker MPM).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-09-12T00:00:00", "type": "nessus", "title": "Fedora 16 : maniadrive-1.2-32.fc16 / php-5.3.8-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16 (2011-11464)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:maniadrive", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2011-11464.NASL", "href": "https://www.tenable.com/plugins/nessus/56150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11464.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56150);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\");\n script_bugtraq_id(46843, 47950, 48259, 49241, 49249);\n script_xref(name:\"FEDORA\", value:\"2011-11464\");\n\n script_name(english:\"Fedora 16 : maniadrive-1.2-32.fc16 / php-5.3.8-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16 (2011-11464)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz\n Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in\n RFC1867 File upload filename). Reported by Krzysztof\n Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1\n\nUpstream announce for 5.3.7:\nhttp://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nphp package now provides both apache modules (for prefork and worker\nMPM).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-18-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-23-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=709067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=713194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732516\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065673.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1686eb9b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065674.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a64ae93c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065675.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d04815a3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"maniadrive-1.2-32.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"php-5.3.8-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"php-eaccelerator-0.9.6.1-9.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T14:59:52", "description": "US-CERT/NIST reports :\n\nThe _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (application crash) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.", "cvss3": {}, "published": "2011-03-27T00:00:00", "type": "nessus", "title": "FreeBSD : php -- ZipArchive segfault with FL_UNCHANGED on empty archive (fe853666-56ce-11e0-9668-001fd0d616cf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:php5-zip", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_FE85366656CE11E09668001FD0D616CF.NASL", "href": "https://www.tenable.com/plugins/nessus/52987", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52987);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-0421\");\n\n script_name(english:\"FreeBSD : php -- ZipArchive segfault with FL_UNCHANGED on empty archive (fe853666-56ce-11e0-9668-001fd0d616cf)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"US-CERT/NIST reports :\n\nThe _zip_name_locate function in zip_name_locate.c in the Zip\nextension in PHP before 5.3.6 does not properly handle a\nZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent\nattackers to cause a denial of service (application crash) via an\nempty ZIP archive that is processed with a (1) locateName or (2)\nstatName operation.\"\n );\n # https://vuxml.freebsd.org/freebsd/fe853666-56ce-11e0-9668-001fd0d616cf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef9f466d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php5-zip<5.3.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:29:35", "description": "empty zip archives could crash programs using libzip (CVE-2011-0421).", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libzip-devel (openSUSE-SU-2011:0449-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libzip-devel", "p-cpe:/a:novell:opensuse:libzip-util", "p-cpe:/a:novell:opensuse:libzip-util-debuginfo", "p-cpe:/a:novell:opensuse:libzip1", "p-cpe:/a:novell:opensuse:libzip1-debuginfo", "p-cpe:/a:novell:opensuse:libzip1-debugsource", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_LIBZIP-DEVEL-110321.NASL", "href": "https://www.tenable.com/plugins/nessus/75940", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libzip-devel-4188.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75940);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0421\");\n\n script_name(english:\"openSUSE Security Update : libzip-devel (openSUSE-SU-2011:0449-1)\");\n script_summary(english:\"Check for the libzip-devel-4188 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"empty zip archives could crash programs using libzip (CVE-2011-0421).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-05/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libzip-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzip-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzip-util-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzip1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzip1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzip1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libzip-devel-0.9-30.31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libzip-util-0.9-30.31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libzip-util-debuginfo-0.9-30.31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libzip1-0.9-30.31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libzip1-debuginfo-0.9-30.31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libzip1-debugsource-0.9-30.31.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzip-devel / libzip-util / libzip1 / libzip-util-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:01:59", "description": "empty zip archives could crash programs using libzip (CVE-2011-0421).", "cvss3": {}, "published": "2011-05-09T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libzip-devel (openSUSE-SU-2011:0449-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libzip-devel", "p-cpe:/a:novell:opensuse:libzip-util", "p-cpe:/a:novell:opensuse:libzip1", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_LIBZIP-DEVEL-110321.NASL", "href": "https://www.tenable.com/plugins/nessus/53838", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libzip-devel-4188.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53838);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0421\");\n\n script_name(english:\"openSUSE Security Update : libzip-devel (openSUSE-SU-2011:0449-1)\");\n script_summary(english:\"Check for the libzip-devel-4188 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"empty zip archives could crash programs using libzip (CVE-2011-0421).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-05/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libzip-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzip-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzip1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libzip-devel-0.9-23.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libzip-util-0.9-23.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libzip1-0.9-23.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzip-devel / libzip-util / libzip1\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:39:23", "description": "The MITRE CVE database describes these CVEs as :\n\nRevert is_a() behavior to php <= 5.3.6 and add a new new option (allow_string) for the new behavior (accept string and raise autoload if needed)\n\nUse-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.\n\nStack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a 'file path injection vulnerability.'\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.\n\nPHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function.", "cvss3": {}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php (ALAS-2011-07)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3379"], "modified": "2016-01-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php", "p-cpe:/a:amazon:linux:php-bcmath", "p-cpe:/a:amazon:linux:php-cli", "p-cpe:/a:amazon:linux:php-common", "p-cpe:/a:amazon:linux:php-dba", "p-cpe:/a:amazon:linux:php-debuginfo", "p-cpe:/a:amazon:linux:php-devel", "p-cpe:/a:amazon:linux:php-embedded", "p-cpe:/a:amazon:linux:php-fpm", "p-cpe:/a:amazon:linux:php-gd", "p-cpe:/a:amazon:linux:php-imap", "p-cpe:/a:amazon:linux:php-intl", "p-cpe:/a:amazon:linux:php-ldap", "p-cpe:/a:amazon:linux:php-mbstring", "p-cpe:/a:amazon:linux:php-mcrypt", "p-cpe:/a:amazon:linux:php-mssql", "p-cpe:/a:amazon:linux:php-mysql", "p-cpe:/a:amazon:linux:php-odbc", "p-cpe:/a:amazon:linux:php-pdo", "p-cpe:/a:amazon:linux:php-pgsql", "p-cpe:/a:amazon:linux:php-process", "p-cpe:/a:amazon:linux:php-pspell", "p-cpe:/a:amazon:linux:php-snmp", "p-cpe:/a:amazon:linux:php-soap", "p-cpe:/a:amazon:linux:php-tidy", "p-cpe:/a:amazon:linux:php-xml", "p-cpe:/a:amazon:linux:php-xmlrpc", "p-cpe:/a:amazon:linux:php-zts", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2011-07.NASL", "href": "https://www.tenable.com/plugins/nessus/69566", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2011-07.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69566);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2016/01/27 16:45:01 $\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3379\");\n script_xref(name:\"ALAS\", value:\"2011-07\");\n\n script_name(english:\"Amazon Linux AMI : php (ALAS-2011-07)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The MITRE CVE database describes these CVEs as :\n\nRevert is_a() behavior to php <= 5.3.6 and add a new new option\n(allow_string) for the new behavior (accept string and raise autoload\nif needed)\n\nUse-after-free vulnerability in the substr_replace function in PHP\n5.3.6 and earlier allows context-dependent attackers to cause a denial\nof service (memory corruption) or possibly have unspecified other\nimpact by using the same variable for multiple arguments.\n\nStack-based buffer overflow in the socket_connect function in\next/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\ncontext-dependent attackers to execute arbitrary code via a long\npathname for a UNIX socket.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a 'file path injection\nvulnerability.'\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\nplatforms, does not properly handle 8-bit characters, which makes it\neasier for context-dependent attackers to determine a cleartext\npassword by leveraging knowledge of a password hash.\n\nPHP before 5.3.7 does not properly check the return values of the\nmalloc, calloc, and realloc library functions, which allows\ncontext-dependent attackers to cause a denial of service (NULL pointer\ndereference and application crash) or trigger a buffer overflow by\nleveraging the ability to provide an arbitrary value for a function\nargument, related to (1) ext/curl/interface.c, (2)\next/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4)\next/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\next/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8)\next/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10)\nTSRM/tsrm_win32.c, and (11) the strtotime function.\"\n );\n # https://admin.fedoraproject.org/updates/php-5.3.8-1.fc15,php-eaccelerator-0.9.6.1-9.fc15,maniadrive-1.2-32.fc15\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f94687c5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://admin.fedoraproject.org/updates/php-5.3.8-3.fc15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2011-7.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum upgrade php*' to upgrade your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/AmazonLinux/release\")) audit(AUDIT_OS_NOT, \"Amazon Linux AMI\");\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-bcmath-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-cli-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-common-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-dba-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-debuginfo-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-devel-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-embedded-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-fpm-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-gd-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-imap-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-intl-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ldap-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mbstring-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mcrypt-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mssql-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mysql-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-odbc-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pdo-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pgsql-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-process-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pspell-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-snmp-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-soap-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-tidy-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-xml-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-xmlrpc-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-zts-5.3.8-3.19.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:40:40", "description": "PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function.\n\nThe is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the\n__autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.\n\nphp: changes to is_a() in 5.3.7 may allow arbitrary code execution with certain code\n\nA signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.\n\nA signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.\n\nA stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter.\n\nStack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a 'file path injection vulnerability.'\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the 'apache' user, preventing it from writing to the root directory.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a 'file path injection vulnerability.'\n\nUse-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code.", "cvss3": {}, "published": "2014-10-12T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php (ALAS-2011-7)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3379"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php", "p-cpe:/a:amazon:linux:php-bcmath", "p-cpe:/a:amazon:linux:php-cli", "p-cpe:/a:amazon:linux:php-common", "p-cpe:/a:amazon:linux:php-dba", "p-cpe:/a:amazon:linux:php-debuginfo", "p-cpe:/a:amazon:linux:php-devel", "p-cpe:/a:amazon:linux:php-embedded", "p-cpe:/a:amazon:linux:php-fpm", "p-cpe:/a:amazon:linux:php-gd", "p-cpe:/a:amazon:linux:php-imap", "p-cpe:/a:amazon:linux:php-intl", "p-cpe:/a:amazon:linux:php-ldap", "p-cpe:/a:amazon:linux:php-mbstring", "p-cpe:/a:amazon:linux:php-mcrypt", "p-cpe:/a:amazon:linux:php-mssql", "p-cpe:/a:amazon:linux:php-mysql", "p-cpe:/a:amazon:linux:php-odbc", "p-cpe:/a:amazon:linux:php-pdo", "p-cpe:/a:amazon:linux:php-pgsql", "p-cpe:/a:amazon:linux:php-process", "p-cpe:/a:amazon:linux:php-pspell", "p-cpe:/a:amazon:linux:php-snmp", "p-cpe:/a:amazon:linux:php-soap", "p-cpe:/a:amazon:linux:php-tidy", "p-cpe:/a:amazon:linux:php-xml", "p-cpe:/a:amazon:linux:php-xmlrpc", "p-cpe:/a:amazon:linux:php-zts", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2011-7.NASL", "href": "https://www.tenable.com/plugins/nessus/78268", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2011-7.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78268);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3379\");\n script_xref(name:\"ALAS\", value:\"2011-7\");\n\n script_name(english:\"Amazon Linux AMI : php (ALAS-2011-7)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP before 5.3.7 does not properly check the return values of the\nmalloc, calloc, and realloc library functions, which allows\ncontext-dependent attackers to cause a denial of service (NULL pointer\ndereference and application crash) or trigger a buffer overflow by\nleveraging the ability to provide an arbitrary value for a function\nargument, related to (1) ext/curl/interface.c, (2)\next/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4)\next/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\next/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8)\next/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10)\nTSRM/tsrm_win32.c, and (11) the strtotime function.\n\nThe is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the\n__autoload function, which makes it easier for remote attackers to\nexecute arbitrary code by providing a crafted URL and leveraging\npotentially unsafe behavior in certain PEAR packages and custom\nautoloaders.\n\nphp: changes to is_a() in 5.3.7 may allow arbitrary code execution\nwith certain code\n\nA signedness issue was found in the way the PHP crypt() function\nhandled 8-bit characters in passwords when using Blowfish hashing. Up\nto three characters immediately preceding a non-ASCII character (one\nwith the high bit set) had no effect on the hash result, thus\nshortening the effective password length. This made brute-force\nguessing more efficient as several different passwords were hashed to\nthe same value.\n\nA signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value.\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\nplatforms, PostgreSQL before 8.4.9, and other products, does not\nproperly handle 8-bit characters, which makes it easier for\ncontext-dependent attackers to determine a cleartext password by\nleveraging knowledge of a password hash.\n\nA stack-based buffer overflow flaw was found in the way the PHP socket\nextension handled long AF_UNIX socket addresses. An attacker able to\nmake a PHP script connect to a long AF_UNIX socket address could use\nthis flaw to crash the PHP interpreter.\n\nStack-based buffer overflow in the socket_connect function in\next/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\ncontext-dependent attackers to execute arbitrary code via a long\npathname for a UNIX socket.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a 'file path injection\nvulnerability.'\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file\nwith a specially crafted file name it could cause a PHP script to\nattempt to write a file to the root (/) directory. By default, PHP\nruns as the 'apache' user, preventing it from writing to the root\ndirectory.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a 'file path injection\nvulnerability.'\n\nUse-after-free vulnerability in the substr_replace function in PHP\n5.3.6 and earlier allows context-dependent attackers to cause a denial\nof service (memory corruption) or possibly have unspecified other\nimpact by using the same variable for multiple arguments.\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments,\na remote attacker could possibly use this to crash the PHP interpreter\nor, possibly, execute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2011-7.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-bcmath-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-cli-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-common-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-dba-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-debuginfo-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-devel-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-embedded-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-fpm-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-gd-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-imap-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-intl-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ldap-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mbstring-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mcrypt-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mssql-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mysql-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-odbc-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pdo-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pgsql-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-process-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pspell-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-snmp-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-soap-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-tidy-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-xml-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-xmlrpc-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-zts-5.3.8-3.19.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:34:25", "description": "Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by adding a new configuration directive, max_input_vars, that limits the maximum number of parameters processed per request. By default, max_input_vars is set to 1000.\n(CVE-2011-4885)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148)\n\nAn integer overflow flaw was found in the PHP exif extension. On 32-bit systems, a specially crafted image file could cause the PHP interpreter to crash or disclose portions of its memory when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-4566)\n\nAn insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the 'apache' user, preventing it from writing to the root directory. (CVE-2011-2202)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4885. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4885.\n\nAll php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-01-24T00:00:00", "type": "nessus", "title": "CentOS 5 : php (CESA-2012:0033)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0708", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1469", "CVE-2011-2202", "CVE-2011-4566", "CVE-2011-4885"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:php", "p-cpe:/a:centos:centos:php-bcmath", "p-cpe:/a:centos:centos:php-cli", "p-cpe:/a:centos:centos:php-common", "p-cpe:/a:centos:centos:php-dba", "p-cpe:/a:centos:centos:php-devel", "p-cpe:/a:centos:centos:php-gd", "p-cpe:/a:centos:centos:php-imap", "p-cpe:/a:centos:centos:php-ldap", "p-cpe:/a:centos:centos:php-mbstring", "p-cpe:/a:centos:centos:php-mysql", "p-cpe:/a:centos:centos:php-ncurses", "p-cpe:/a:centos:centos:php-odbc", "p-cpe:/a:centos:centos:php-pdo", "p-cpe:/a:centos:centos:php-pgsql", "p-cpe:/a:centos:centos:php-snmp", "p-cpe:/a:centos:centos:php-soap", "p-cpe:/a:centos:centos:php-xml", "p-cpe:/a:centos:centos:php-xmlrpc", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2012-0033.NASL", "href": "https://www.tenable.com/plugins/nessus/57642", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0033 and \n# CentOS Errata and Security Advisory 2012:0033 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57642);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1469\", \"CVE-2011-2202\", \"CVE-2011-4566\", \"CVE-2011-4885\");\n script_bugtraq_id(46365, 46843, 46967, 46970, 48259, 49241, 50907, 51193);\n script_xref(name:\"RHSA\", value:\"2012:0033\");\n\n script_name(english:\"CentOS 5 : php (CESA-2012:0033)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was found that the hashing routine used by PHP arrays was\nsusceptible to predictable hash collisions. If an HTTP POST request to\na PHP application contained many parameters whose names map to the\nsame hash value, a large amount of CPU time would be consumed. This\nflaw has been mitigated by adding a new configuration directive,\nmax_input_vars, that limits the maximum number of parameters processed\nper request. By default, max_input_vars is set to 1000.\n(CVE-2011-4885)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments,\na remote attacker could possibly use this to crash the PHP interpreter\nor, possibly, execute arbitrary code. (CVE-2011-1148)\n\nAn integer overflow flaw was found in the PHP exif extension. On\n32-bit systems, a specially crafted image file could cause the PHP\ninterpreter to crash or disclose portions of its memory when a PHP\nscript tries to extract Exchangeable image file format (Exif) metadata\nfrom the image file. (CVE-2011-4566)\n\nAn insufficient input validation flaw, leading to a buffer over-read,\nwas found in the PHP exif extension. A specially crafted image file\ncould cause the PHP interpreter to crash when a PHP script tries to\nextract Exchangeable image file format (Exif) metadata from the image\nfile. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A\nremote attacker able to make a PHP script call SdnToJulian() with a\nlarge value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash\nif an FTP wrapper connection was made through an HTTP proxy. A remote\nattacker could possibly trigger this issue if a PHP script accepted an\nuntrusted URL to connect to. (CVE-2011-1469)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file\nwith a specially crafted file name it could cause a PHP script to\nattempt to write a file to the root (/) directory. By default, PHP\nruns as the 'apache' user, preventing it from writing to the root\ndirectory. (CVE-2011-2202)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4885. oCERT\nacknowledges Julian Walde and Alexander Klink as the original\nreporters of CVE-2011-4885.\n\nAll php users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-January/018379.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2bb7c0f5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-1148\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-bcmath-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-cli-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-common-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-dba-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-devel-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-gd-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-imap-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-ldap-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-mbstring-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-mysql-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-ncurses-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-odbc-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-pdo-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-pgsql-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-snmp-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-soap-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-xml-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-xmlrpc-5.1.6-27.el5_7.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:30:09", "description": "From Red Hat Security Advisory 2012:0033 :\n\nUpdated php packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by adding a new configuration directive, max_input_vars, that limits the maximum number of parameters processed per request. By default, max_input_vars is set to 1000.\n(CVE-2011-4885)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148)\n\nAn integer overflow flaw was found in the PHP exif extension. On 32-bit systems, a specially crafted image file could cause the PHP interpreter to crash or disclose portions of its memory when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-4566)\n\nAn insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the 'apache' user, preventing it from writing to the root directory. (CVE-2011-2202)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4885. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4885.\n\nAll php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : php (ELSA-2012-0033)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0708", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1469", "CVE-2011-2202", "CVE-2011-4566", "CVE-2011-4885"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:php", "p-cpe:/a:oracle:linux:php-bcmath", "p-cpe:/a:oracle:linux:php-cli", "p-cpe:/a:oracle:linux:php-common", "p-cpe:/a:oracle:linux:php-dba", "p-cpe:/a:oracle:linux:php-devel", "p-cpe:/a:oracle:linux:php-gd", "p-cpe:/a:oracle:linux:php-imap", "p-cpe:/a:oracle:linux:php-ldap", "p-cpe:/a:oracle:linux:php-mbstring", "p-cpe:/a:oracle:linux:php-mysql", "p-cpe:/a:oracle:linux:php-ncurses", "p-cpe:/a:oracle:linux:php-odbc", "p-cpe:/a:oracle:linux:php-pdo", "p-cpe:/a:oracle:linux:php-pgsql", "p-cpe:/a:oracle:linux:php-snmp", "p-cpe:/a:oracle:linux:php-soap", "p-cpe:/a:oracle:linux:php-xml", "p-cpe:/a:oracle:linux:php-xmlrpc", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2012-0033.NASL", "href": "https://www.tenable.com/plugins/nessus/68432", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0033 and \n# Oracle Linux Security Advisory ELSA-2012-0033 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68432);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1469\", \"CVE-2011-2202\", \"CVE-2011-4566\", \"CVE-2011-4885\");\n script_bugtraq_id(46365, 46843, 46967, 46970, 48259, 49241, 50907, 51193);\n script_xref(name:\"RHSA\", value:\"2012:0033\");\n\n script_name(english:\"Oracle Linux 5 : php (ELSA-2012-0033)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0033 :\n\nUpdated php packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was found that the hashing routine used by PHP arrays was\nsusceptible to predictable hash collisions. If an HTTP POST request to\na PHP application contained many parameters whose names map to the\nsame hash value, a large amount of CPU time would be consumed. This\nflaw has been mitigated by adding a new configuration directive,\nmax_input_vars, that limits the maximum number of parameters processed\nper request. By default, max_input_vars is set to 1000.\n(CVE-2011-4885)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments,\na remote attacker could possibly use this to crash the PHP interpreter\nor, possibly, execute arbitrary code. (CVE-2011-1148)\n\nAn integer overflow flaw was found in the PHP exif extension. On\n32-bit systems, a specially crafted image file could cause the PHP\ninterpreter to crash or disclose portions of its memory when a PHP\nscript tries to extract Exchangeable image file format (Exif) metadata\nfrom the image file. (CVE-2011-4566)\n\nAn insufficient input validation flaw, leading to a buffer over-read,\nwas found in the PHP exif extension. A specially crafted image file\ncould cause the PHP interpreter to crash when a PHP script tries to\nextract Exchangeable image file format (Exif) metadata from the image\nfile. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A\nremote attacker able to make a PHP script call SdnToJulian() with a\nlarge value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash\nif an FTP wrapper connection was made through an HTTP proxy. A remote\nattacker could possibly trigger this issue if a PHP script accepted an\nuntrusted URL to connect to. (CVE-2011-1469)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file\nwith a specially crafted file name it could cause a PHP script to\nattempt to write a file to the root (/) directory. By default, PHP\nruns as the 'apache' user, preventing it from writing to the root\ndirectory. (CVE-2011-2202)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4885. oCERT\nacknowledges Julian Walde and Alexander Klink as the original\nreporters of CVE-2011-4885.\n\nAll php users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-January/002556.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"php-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-bcmath-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-cli-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-common-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-dba-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-devel-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-gd-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-imap-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-ldap-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-mbstring-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-mysql-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-ncurses-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-odbc-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-pdo-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-pgsql-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-snmp-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-soap-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-xml-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-xmlrpc-5.1.6-27.el5_7.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:43:28", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by adding a new configuration directive, max_input_vars, that limits the maximum number of parameters processed per request. By default, max_input_vars is set to 1000.\n(CVE-2011-4885)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148)\n\nAn integer overflow flaw was found in the PHP exif extension. On 32-bit systems, a specially crafted image file could cause the PHP interpreter to crash or disclose portions of its memory when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-4566)\n\nAn insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the 'apache' user, preventing it from writing to the root directory. (CVE-2011-2202)\n\nAll php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : php on SL5.x i386/x86_64 (20120118)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0708", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1469", "CVE-2011-2202", "CVE-2011-4566", "CVE-2011-4885"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:php-odbc", "p-cpe:/a:fermilab:scientific_linux:php-pdo", "p-cpe:/a:fermilab:scientific_linux:php-pgsql", "p-cpe:/a:fermilab:scientific_linux:php-snmp", "p-cpe:/a:fermilab:scientific_linux:php-soap", "p-cpe:/a:fermilab:scientific_linux:php-xml", "p-cpe:/a:fermilab:scientific_linux:php-xmlrpc", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:php", "p-cpe:/a:fermilab:scientific_linux:php-bcmath", "p-cpe:/a:fermilab:scientific_linux:php-cli", "p-cpe:/a:fermilab:scientific_linux:php-common", "p-cpe:/a:fermilab:scientific_linux:php-dba", "p-cpe:/a:fermilab:scientific_linux:php-debuginfo", "p-cpe:/a:fermilab:scientific_linux:php-devel", "p-cpe:/a:fermilab:scientific_linux:php-gd", "p-cpe:/a:fermilab:scientific_linux:php-imap", "p-cpe:/a:fermilab:scientific_linux:php-ldap", "p-cpe:/a:fermilab:scientific_linux:php-mbstring", "p-cpe:/a:fermilab:scientific_linux:php-mysql", "p-cpe:/a:fermilab:scientific_linux:php-ncurses"], "id": "SL_20120118_PHP_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61220", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61220);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1469\", \"CVE-2011-2202\", \"CVE-2011-4566\", \"CVE-2011-4885\");\n\n script_name(english:\"Scientific Linux Security Update : php on SL5.x i386/x86_64 (20120118)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was found that the hashing routine used by PHP arrays was\nsusceptible to predictable hash collisions. If an HTTP POST request to\na PHP application contained many parameters whose names map to the\nsame hash value, a large amount of CPU time would be consumed. This\nflaw has been mitigated by adding a new configuration directive,\nmax_input_vars, that limits the maximum number of parameters processed\nper request. By default, max_input_vars is set to 1000.\n(CVE-2011-4885)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments,\na remote attacker could possibly use this to crash the PHP interpreter\nor, possibly, execute arbitrary code. (CVE-2011-1148)\n\nAn integer overflow flaw was found in the PHP exif extension. On\n32-bit systems, a specially crafted image file could cause the PHP\ninterpreter to crash or disclose portions of its memory when a PHP\nscript tries to extract Exchangeable image file format (Exif) metadata\nfrom the image file. (CVE-2011-4566)\n\nAn insufficient input validation flaw, leading to a buffer over-read,\nwas found in the PHP exif extension. A specially crafted image file\ncould cause the PHP interpreter to crash when a PHP script tries to\nextract Exchangeable image file format (Exif) metadata from the image\nfile. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A\nremote attacker able to make a PHP script call SdnToJulian() with a\nlarge value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash\nif an FTP wrapper connection was made through an HTTP proxy. A remote\nattacker could possibly trigger this issue if a PHP script accepted an\nuntrusted URL to connect to. (CVE-2011-1469)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file\nwith a specially crafted file name it could cause a PHP script to\nattempt to write a file to the root (/) directory. By default, PHP\nruns as the 'apache' user, preventing it from writing to the root\ndirectory. (CVE-2011-2202)\n\nAll php users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1201&L=scientific-linux-errata&T=0&P=1113\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?14b6a8f7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"php-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-bcmath-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-cli-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-common-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-dba-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-debuginfo-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-devel-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-gd-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-imap-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-ldap-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-mbstring-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-mysql-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-ncurses-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-odbc-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-pdo-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-pgsql-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-snmp-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-soap-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-xml-5.1.6-27.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-xmlrpc-5.1.6-27.el5_7.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2019-05-29T18:39:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-03-25T00:00:00", "type": "openvas", "title": "Mandriva Update for php MDVSA-2011:053 (php)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-1466", "CVE-2011-1092", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-1470", "CVE-2011-1469", "CVE-2011-1464", "CVE-2010-4409"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831353", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831353", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDVSA-2011:053 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-03/msg00012.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831353\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-25 15:26:27 +0100 (Fri, 25 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2011:053\");\n script_cve_id(\"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2010-4409\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\");\n script_name(\"Mandriva Update for php MDVSA-2011:053 (php)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2010\\.1|2010\\.0)\");\n script_tag(name:\"affected\", value:\"php on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been identified and fixed in php:\n\n The _zip_name_locate function in zip_name_locate.c in the Zip extension\n in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED\n argument, which might allow context-dependent attackers to cause\n a denial of service (application crash) via an empty ZIP archive\n that is processed with a (1) locateName or (2) statName operation\n (CVE-2011-0421).\n\n exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms\n performs an incorrect cast, which allows remote attackers to cause a\n denial of service (application crash) via an image with a crafted Image\n File Directory (IFD) that triggers a buffer over-read (CVE-2011-0708).\n\n Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows\n context-dependent attackers to cause a denial of service (crash)\n and possibly read sensitive memory via a large third argument to the\n shmop_read function (CVE-2011-1092).\n\n Multiple format string vulnerabilities in phar_object.c in the phar\n extension in PHP 5.3.5 and earlier allow context-dependent attackers\n to obtain sensitive information from process memory, cause a denial of\n service (memory corruption), or possibly execute arbitrary code via\n format string specifiers in an argument to a class method, leading\n to an incorrect zend_throw_exception_ex call (CVE-2011-1153).\n\n Buffer overflow in the strval function in PHP before 5.3.6, when\n the precision configuration option has a large value, might allow\n context-dependent attackers to cause a denial of service (application\n crash) via a small numerical value in the argument (CVE-2011-1464).\n\n Integer overflow in the SdnToJulian function in the Calendar extension\n in PHP before 5.3.6 allows context-dependent attackers to cause a\n denial of service (application crash) via a large integer in the\n first argument to the cal_from_jd function (CVE-2011-1466).\n\n Unspecified vulnerability in the NumberFormatter::setSymbol (aka\n numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6\n allows context-dependent attackers to cause a denial of service\n (application crash) via an invalid argument, a related issue to\n CVE-2010-4409 (CVE-2011-1467).\n\n Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6\n might allow remote attackers to cause a denial of service (memory\n consumption) via (1) plaintext data to the openssl_encrypt function or\n (2) ciphertext data to the openssl_decrypt function (CVE-2011-1468).\n\n Un ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.6~0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.6~0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-doc\", rpm:\"php-doc~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~1.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~1.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gearman\", rpm:\"php-gearman~0.7.0~0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mailparse\", rpm:\"php-mailparse~2.1.5~8.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~35.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha2.8.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-phar\", rpm:\"php-phar~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pinba\", rpm:\"php-pinba~0.0.5~2.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~33.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sphinx\", rpm:\"php-sphinx~1.0.4~2.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite3\", rpm:\"php-sqlite3~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.2~0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.32.1~0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase_ct\", rpm:\"php-sybase_ct~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.5~7.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-timezonedb\", rpm:\"php-timezonedb~2011.4~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.0~15.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.10.1~1.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~13.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.1.0~0.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.6~0.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.6~0.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dio\", rpm:\"php-dio~0.0.2~6.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-doc\", rpm:\"php-doc~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~0.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~0.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fam\", rpm:\"php-fam~5.0.1~10.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filepro\", rpm:\"php-filepro~5.1.6~20.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-idn\", rpm:\"php-idn~1.2b~18.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mailparse\", rpm:\"php-mailparse~2.1.5~3.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~30.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha2.3.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-phar\", rpm:\"php-phar~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~28.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite3\", rpm:\"php-sqlite3~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.2~0.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.32.1~0.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase_ct\", rpm:\"php-sybase_ct~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.5~1.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-timezonedb\", rpm:\"php-timezonedb~2011.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.0~10.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.10.1~0.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~9.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.1.0~0.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:03", "description": "PHP version < 5.3.6 suffers multiple vulnerabilities such as integer overflow vulnerability,\n buffer overflow error and several casting errors.", "cvss3": {}, "published": "2012-06-14T00:00:00", "type": "openvas", "title": "PHP Version 5.3 < 5.3.6 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1466", "CVE-2011-1092", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-1470", "CVE-2011-1469", "CVE-2011-1464"], "modified": "2018-07-09T00:00:00", "id": "OPENVAS:1361412562310110013", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310110013", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: nopsec_php_5_3_6.nasl 10460 2018-07-09 07:50:03Z cfischer $\n#\n# PHP Version 5.3 < 5.3.6 Multiple Vulnerabilities\n#\n# Authors:\n# Songhan Yu <syu@nopsec.com>\n#\n# Copyright:\n# Copyright NopSec Inc. 2012, http://www.nopsec.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.110013\");\n script_version(\"$Revision: 10460 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-09 09:50:03 +0200 (Mon, 09 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-14 13:15:22 +0200 (Thu, 14 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_cve_id(\"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1153\", \"CVE-2011-1464\",\n \"CVE-2011-1466\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\");\n script_bugtraq_id(46354, 46365, 46786, 46854);\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"PHP Version 5.3 < 5.3.6 Multiple Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright NopSec Inc. 2012\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_tag(name:\"solution\", value:\"Upgrade PHP to 5.3.6 or later versions.\");\n\n script_tag(name:\"summary\", value:\"PHP version < 5.3.6 suffers multiple vulnerabilities such as integer overflow vulnerability,\n buffer overflow error and several casting errors.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_in_range( version:vers, test_version:\"5.3\", test_version2:\"5.3.5\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.3.6\" );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:55:42", "description": "Check for the Version of php", "cvss3": {}, "published": "2011-03-25T00:00:00", "type": "openvas", "title": "Mandriva Update for php MDVSA-2011:053 (php)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-1466", "CVE-2011-1092", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-1470", "CVE-2011-1469", "CVE-2011-1464", "CVE-2010-4409"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:831353", "href": "http://plugins.openvas.org/nasl.php?oid=831353", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDVSA-2011:053 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been identified and fixed in php:\n\n The _zip_name_locate function in zip_name_locate.c in the Zip extension\n in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED\n argument, which might allow context-dependent attackers to cause\n a denial of service (application crash) via an empty ZIP archive\n that is processed with a (1) locateName or (2) statName operation\n (CVE-2011-0421).\n \n exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms\n performs an incorrect cast, which allows remote attackers to cause a\n denial of service (application crash) via an image with a crafted Image\n File Directory (IFD) that triggers a buffer over-read (CVE-2011-0708).\n \n Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows\n context-dependent attackers to cause a denial of service (crash)\n and possibly read sensitive memory via a large third argument to the\n shmop_read function (CVE-2011-1092).\n \n Multiple format string vulnerabilities in phar_object.c in the phar\n extension in PHP 5.3.5 and earlier allow context-dependent attackers\n to obtain sensitive information from process memory, cause a denial of\n service (memory corruption), or possibly execute arbitrary code via\n format string specifiers in an argument to a class method, leading\n to an incorrect zend_throw_exception_ex call (CVE-2011-1153).\n \n Buffer overflow in the strval function in PHP before 5.3.6, when\n the precision configuration option has a large value, might allow\n context-dependent attackers to cause a denial of service (application\n crash) via a small numerical value in the argument (CVE-2011-1464).\n \n Integer overflow in the SdnToJulian function in the Calendar extension\n in PHP before 5.3.6 allows context-dependent attackers to cause a\n denial of service (application crash) via a large integer in the\n first argument to the cal_from_jd function (CVE-2011-1466).\n \n Unspecified vulnerability in the NumberFormatter::setSymbol (aka\n numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6\n allows context-dependent attackers to cause a denial of service\n (application crash) via an invalid argument, a related issue to\n CVE-2010-4409 (CVE-2011-1467).\n \n Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6\n might allow remote attackers to cause a denial of service (memory\n consumption) via (1) plaintext data to the openssl_encrypt function or\n (2) ciphertext data to the openssl_decrypt function (CVE-2011-1468).\n \n Un ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-03/msg00012.php\");\n script_id(831353);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-25 15:26:27 +0100 (Fri, 25 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2011:053\");\n script_cve_id(\"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2010-4409\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\");\n script_name(\"Mandriva Update for php MDVSA-2011:053 (php)\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.6~0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.6~0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-doc\", rpm:\"php-doc~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~1.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~1.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gearman\", rpm:\"php-gearman~0.7.0~0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mailparse\", rpm:\"php-mailparse~2.1.5~8.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~35.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha2.8.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-phar\", rpm:\"php-phar~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pinba\", rpm:\"php-pinba~0.0.5~2.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~33.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sphinx\", rpm:\"php-sphinx~1.0.4~2.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite3\", rpm:\"php-sqlite3~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.2~0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.32.1~0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase_ct\", rpm:\"php-sybase_ct~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.5~7.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-timezonedb\", rpm:\"php-timezonedb~2011.4~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.0~15.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.10.1~1.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~13.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.1.0~0.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.3.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.6~0.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.6~0.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dio\", rpm:\"php-dio~0.0.2~6.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-doc\", rpm:\"php-doc~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~0.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~0.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fam\", rpm:\"php-fam~5.0.1~10.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filepro\", rpm:\"php-filepro~5.1.6~20.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-idn\", rpm:\"php-idn~1.2b~18.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ini\", rpm:\"php-ini~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mailparse\", rpm:\"php-mailparse~2.1.5~3.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~30.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha2.3.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-phar\", rpm:\"php-phar~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~28.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite3\", rpm:\"php-sqlite3~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.2~0.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.32.1~0.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase_ct\", rpm:\"php-sybase_ct~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.5~1.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-timezonedb\", rpm:\"php-timezonedb~2011.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.0~10.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.10.1~0.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~9.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.1.0~0.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.3.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-03-25T00:00:00", "type": "openvas", "title": "Mandriva Update for php MDVSA-2011:052 (php)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-1466", "CVE-2011-1092", "CVE-2011-0708", "CVE-2011-1470", "CVE-2011-1469", "CVE-2011-1464", "CVE-2010-4409"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831352", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831352", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDVSA-2011:052 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-03/msg00011.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831352\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-25 15:26:27 +0100 (Fri, 25 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2011:052\");\n script_cve_id(\"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2010-4409\", \"CVE-2011-1467\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\");\n script_name(\"Mandriva Update for php MDVSA-2011:052 (php)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2009\\.0)\");\n script_tag(name:\"affected\", value:\"php on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been identified and fixed in php:\n\n The _zip_name_locate function in zip_name_locate.c in the Zip extension\n in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED\n argument, which might allow context-dependent attackers to cause\n a denial of service (application crash) via an empty ZIP archive\n that is processed with a (1) locateName or (2) statName operation\n (CVE-2011-0421).\n\n exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms\n performs an incorrect cast, which allows remote attackers to cause a\n denial of service (application crash) via an image with a crafted Image\n File Directory (IFD) that triggers a buffer over-read (CVE-2011-0708).\n\n Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows\n context-dependent attackers to cause a denial of service (crash)\n and possibly read sensitive memory via a large third argument to the\n shmop_read function (CVE-2011-1092).\n\n Multiple format string vulnerabilities in phar_object.c in the phar\n extension in PHP 5.3.5 and earlier allow context-dependent attackers\n to obtain sensitive information from process memory, cause a denial of\n service (memory corruption), or possibly execute arbitrary code via\n format string specifiers in an argument to a class method, leading\n to an incorrect zend_throw_exception_ex call (CVE-2011-1153).\n\n Buffer overflow in the strval function in PHP before 5.3.6, when\n the precision configuration option has a large value, might allow\n context-dependent attackers to cause a denial of service (application\n crash) via a small numerical value in the argument (CVE-2011-1464).\n\n Integer overflow in the SdnToJulian function in the Calendar extension\n in PHP before 5.3.6 allows context-dependent attackers to cause a\n denial of service (application crash) via a large integer in the\n first argument to the cal_from_jd function (CVE-2011-1466).\n\n Unspecified vulnerability in the NumberFormatter::setSymbol (aka\n numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6\n allows context-dependent attackers to cause a denial of service\n (application crash) via an invalid argument, a related issue to\n CVE-2010-4409 (CVE-2011-1467).\n\n Unspecified vulnerability in the Streams component in PHP before\n 5.3.6 allows context-dependent attackers to cause a denial of service\n (application crash) by accessing an ftp:// URL during use of an HTTP\n proxy with the FTP wrapper (CVE-2011-1469).\n\n The Zip ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dbase\", rpm:\"php-dbase~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~1.1.2~0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mhash\", rpm:\"php-mhash~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mime_magic\", rpm:\"php-mime_magic~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ming\", rpm:\"php-ming~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-phar\", rpm:\"php-phar~2.0.0~0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase\", rpm:\"php-sybase~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dbase\", rpm:\"php-dbase~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mhash\", rpm:\"php-mhash~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mime_magic\", rpm:\"php-mime_magic~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ming\", rpm:\"php-ming~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase\", rpm:\"php-sybase~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:55:27", "description": "Check for the Version of php", "cvss3": {}, "published": "2011-03-25T00:00:00", "type": "openvas", "title": "Mandriva Update for php MDVSA-2011:052 (php)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-1466", "CVE-2011-1092", "CVE-2011-0708", "CVE-2011-1470", "CVE-2011-1469", "CVE-2011-1464", "CVE-2010-4409"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:831352", "href": "http://plugins.openvas.org/nasl.php?oid=831352", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDVSA-2011:052 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been identified and fixed in php:\n\n The _zip_name_locate function in zip_name_locate.c in the Zip extension\n in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED\n argument, which might allow context-dependent attackers to cause\n a denial of service (application crash) via an empty ZIP archive\n that is processed with a (1) locateName or (2) statName operation\n (CVE-2011-0421).\n \n exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms\n performs an incorrect cast, which allows remote attackers to cause a\n denial of service (application crash) via an image with a crafted Image\n File Directory (IFD) that triggers a buffer over-read (CVE-2011-0708).\n \n Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows\n context-dependent attackers to cause a denial of service (crash)\n and possibly read sensitive memory via a large third argument to the\n shmop_read function (CVE-2011-1092).\n \n Multiple format string vulnerabilities in phar_object.c in the phar\n extension in PHP 5.3.5 and earlier allow context-dependent attackers\n to obtain sensitive information from process memory, cause a denial of\n service (memory corruption), or possibly execute arbitrary code via\n format string specifiers in an argument to a class method, leading\n to an incorrect zend_throw_exception_ex call (CVE-2011-1153).\n \n Buffer overflow in the strval function in PHP before 5.3.6, when\n the precision configuration option has a large value, might allow\n context-dependent attackers to cause a denial of service (application\n crash) via a small numerical value in the argument (CVE-2011-1464).\n \n Integer overflow in the SdnToJulian function in the Calendar extension\n in PHP before 5.3.6 allows context-dependent attackers to cause a\n denial of service (application crash) via a large integer in the\n first argument to the cal_from_jd function (CVE-2011-1466).\n \n Unspecified vulnerability in the NumberFormatter::setSymbol (aka\n numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6\n allows context-dependent attackers to cause a denial of service\n (application crash) via an invalid argument, a related issue to\n CVE-2010-4409 (CVE-2011-1467).\n \n Unspecified vulnerability in the Streams component in PHP before\n 5.3.6 allows context-dependent attackers to cause a denial of service\n (application crash) by accessing an ftp:// URL during use of an HTTP\n proxy with the FTP wrapper (CVE-2011-1469).\n \n The Zip exten ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-03/msg00011.php\");\n script_id(831352);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-25 15:26:27 +0100 (Fri, 25 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2011:052\");\n script_cve_id(\"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2010-4409\", \"CVE-2011-1467\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\");\n script_name(\"Mandriva Update for php MDVSA-2011:052 (php)\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dbase\", rpm:\"php-dbase~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~1.1.2~0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mhash\", rpm:\"php-mhash~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mime_magic\", rpm:\"php-mime_magic~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ming\", rpm:\"php-ming~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-phar\", rpm:\"php-phar~2.0.0~0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase\", rpm:\"php-sybase~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.17~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dbase\", rpm:\"php-dbase~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mhash\", rpm:\"php-mhash~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mime_magic\", rpm:\"php-mime_magic~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ming\", rpm:\"php-ming~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase\", rpm:\"php-sybase~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.17~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:00", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1126-1", "cvss3": {}, "published": "2011-05-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for php5 USN-1126-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-0441", "CVE-2011-1471", "CVE-2011-1148", "CVE-2011-1466", "CVE-2010-4697", "CVE-2011-1092", "CVE-2011-1144", "CVE-2010-4698", "CVE-2006-7243", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-0420", "CVE-2011-1470", "CVE-2011-1469", "CVE-2011-1464", "CVE-2011-1072"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840646", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840646", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1126_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for php5 USN-1126-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1126-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840646\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1126-1\");\n script_cve_id(\"CVE-2011-0441\", \"CVE-2011-1072\", \"CVE-2011-1144\", \"CVE-2010-4697\", \"CVE-2010-4698\", \"CVE-2006-7243\", \"CVE-2011-0420\", \"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1148\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\");\n script_name(\"Ubuntu Update for php5 USN-1126-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|9\\.10|6\\.06 LTS|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1126-1\");\n script_tag(name:\"affected\", value:\"php5 on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 9.10,\n Ubuntu 8.04 LTS,\n Ubuntu 6.06 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for\n PHP 5.3.5 allows local users to delete arbitrary files via a symlink\n attack on a directory under /var/lib/php5/. (CVE-2011-0441)\n\n Raphael Geisert and Dan Rosenberg discovered that the PEAR installer\n allows local users to overwrite arbitrary files via a symlink attack on\n the package.xml file, related to the (1) download_dir, (2) cache_dir,\n (3) tmp_dir, and (4) pear-build-download directories. (CVE-2011-1072,\n CVE-2011-1144)\n\n Ben Schmidt discovered that a use-after-free vulnerability in the PHP\n Zend engine could allow an attacker to cause a denial of service (heap\n memory corruption) or possibly execute arbitrary code. (CVE-2010-4697)\n\n Martin Barbella discovered a buffer overflow in the PHP GD extension\n that allows an attacker to cause a denial of service (application crash)\n via a large number of anti- aliasing steps in an argument to the\n imagepstext function. (CVE-2010-4698)\n\n It was discovered that PHP accepts the \\0 character in a pathname,\n which might allow an attacker to bypass intended access restrictions\n by placing a safe file extension after this character. This issue\n is addressed in Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.\n (CVE-2006-7243)\n\n Maksymilian Arciemowicz discovered that the grapheme_extract function\n in the PHP Internationalization extension (Intl) for ICU allow\n an attacker to cause a denial of service (crash) via an invalid\n size argument, which triggers a NULL pointer dereference. This\n issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu\n 11.04. (CVE-2011-0420)\n\n Maksymilian Arciemowicz discovered that the _zip_name_locate\n function in the PHP Zip extension does not properly handle a\n ZIPARCHIVE::FL_UNCHANGED argument, which might allow an attacker to\n cause a denial of service (NULL pointer dereference) via an empty\n ZIP archive. This issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu\n 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-0421)\n\n Luca Carettoni discovered that the PHP Exif extension performs an\n incorrect cast on 64bit platforms, which allows a remote attacker\n to cause a denial of service (application crash) via an image with\n a crafted Image File Directory (IFD). (CVE-2011-0708)\n\n Jose Carlos Norte discovered that an integer overflow in the PHP\n shmop extension could allow an attacker to cause a denial of service\n (crash) and possibly read sensitive memory function. (CVE-2011-1092)\n\n Felipe Pena discovered that ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.10.dfsg.1-2ubuntu6.9\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.10.dfsg.1-2ubuntu6.9\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.10.dfsg.1-2ubuntu6.9\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.10.dfsg.1-2ubuntu6.9\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.10.dfsg.1-2ubuntu6.9\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.10.dfsg.1-2ubuntu6.9\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.10.dfsg.1-2ubuntu6.9\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.10.dfsg.1-2ubuntu6.9\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.10.dfsg.1-2ubuntu6.9\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.1.2-1ubuntu3.22\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.1.2-1ubuntu3.22\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.1.2-1ubuntu3.22\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.1.2-1ubuntu3.22\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.1.2-1ubuntu3.22\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.1.2-1ubuntu3.22\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.1.2-1ubuntu3.22\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.1.2-1ubuntu3.22\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.1.2-1ubuntu3.22\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.4-2ubuntu5.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.4-2ubuntu5.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.4-2ubuntu5.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.4-2ubuntu5.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.4-2ubuntu5.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.4-2ubuntu5.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.4-2ubuntu5.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.4-2ubuntu5.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.4-2ubuntu5.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:34", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1126-2", "cvss3": {}, "published": "2011-05-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for php5 USN-1126-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-0441", "CVE-2011-1471", "CVE-2011-1148", "CVE-2011-1466", "CVE-2010-4697", "CVE-2011-1092", "CVE-2011-1144", "CVE-2010-4698", "CVE-2006-7243", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-0420", "CVE-2011-1470", "CVE-2011-1469", "CVE-2011-1464", "CVE-2011-1072"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840636", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840636", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1126_2.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for php5 USN-1126-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1126-2/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840636\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1126-2\");\n script_cve_id(\"CVE-2010-4697\", \"CVE-2011-1072\", \"CVE-2011-1144\", \"CVE-2011-0441\", \"CVE-2010-4698\", \"CVE-2006-7243\", \"CVE-2011-0420\", \"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1148\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\");\n script_name(\"Ubuntu Update for php5 USN-1126-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|9\\.10|6\\.06 LTS|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1126-2\");\n script_tag(name:\"affected\", value:\"php5 on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 9.10,\n Ubuntu 8.04 LTS,\n Ubuntu 6.06 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"USN 1126-1 fixed several vulnerabilities in PHP. The fix for\n CVE-2010-4697 introduced an incorrect reference counting regression\n in the Zend engine that caused the PHP interpreter to segfault. This\n regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS.\n\n The fixes for CVE-2011-1072 and CVE-2011-1144 introduced a regression\n in the PEAR installer that prevented it from creating its cache\n directory and reporting errors correctly.\n\n We apologize for the inconvenience.\n\n Original advisory details:\n\n Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for\n PHP 5.3.5 allows local users to delete arbitrary files via a symlink\n attack on a directory under /var/lib/php5/. (CVE-2011-0441)\n\n Raphael Geisert and Dan Rosenberg discovered that the PEAR installer\n allows local users to overwrite arbitrary files via a symlink attack on\n the package.xml file, related to the (1) download_dir, (2) cache_dir,\n (3) tmp_dir, and (4) pear-build-download directories. (CVE-2011-1072,\n CVE-2011-1144)\n\n Ben Schmidt discovered that a use-after-free vulnerability in the PHP\n Zend engine could allow an attacker to cause a denial of service (heap\n memory corruption) or possibly execute arbitrary code. (CVE-2010-4697)\n\n Martin Barbella discovered a buffer overflow in the PHP GD extension\n that allows an attacker to cause a denial of service (application crash)\n via a large number of anti- aliasing steps in an argument to the\n imagepstext function. (CVE-2010-4698)\n\n It was discovered that PHP accepts the \\0 character in a pathname,\n which might allow an attacker to bypass intended access restrictions\n by placing a safe file extension after this character. This issue\n is addressed in Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.\n (CVE-2006-7243)\n\n Maksymilian Arciemowicz discovered that the grapheme_extract function\n in the PHP Internationalization extension (Intl) for ICU allow\n an attacker to cause a denial of service (crash) via an invalid\n size argument, which triggers a NULL pointer dereference. This\n issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu\n 11.04. (CVE-2011-0420)\n\n Maksymilian Arciemowicz discovered that the _zip_name_locate\n function in the PHP Zip extension does not properly handle a\n ZIPARCHIVE::FL_UNCHANGED argument, which might allow an attacker to\n cause a denial of service (NULL pointer dereference) via an empty\n ZIP archive. This issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu\n 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. ( ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-1ubuntu9.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.3-1ubuntu9.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.3-1ubuntu9.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-1ubuntu9.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-1ubuntu9.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.3-1ubuntu9.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.2-1ubuntu4.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.2-1ubuntu4.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.2-1ubuntu4.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.2-1ubuntu4.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.2-1ubuntu4.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.2-1ubuntu4.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.10.dfsg.1-2ubuntu6.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.10.dfsg.1-2ubuntu6.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.10.dfsg.1-2ubuntu6.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.10.dfsg.1-2ubuntu6.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.10.dfsg.1-2ubuntu6.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.10.dfsg.1-2ubuntu6.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.1.2-1ubuntu3.24\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.1.2-1ubuntu3.24\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.1.2-1ubuntu3.24\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.1.2-1ubuntu3.24\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.1.2-1ubuntu3.24\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.1.2-1ubuntu3.24\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.5-1ubuntu7.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.5-1ubuntu7.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.5-1ubuntu7.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.5-1ubuntu7.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.5-1ubuntu7.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.5-1ubuntu7.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.4-2ubuntu5.17\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.4-2ubuntu5.17\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.4-2ubuntu5.17\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.4-2ubuntu5.17\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.4-2ubuntu5.17\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.4-2ubuntu5.17\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:26:39", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1126-2", "cvss3": {}, "published": "2011-05-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for php5 USN-1126-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-0441", "CVE-2011-1471", "CVE-2011-1148", "CVE-2011-1466", "CVE-2010-4697", "CVE-2011-1092", "CVE-2011-1144", "CVE-2010-4698", "CVE-2006-7243", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-0420", "CVE-2011-1470", "CVE-2011-1469", "CVE-2011-1464", "CVE-2011-1072"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840636", "href": "http://plugins.openvas.org/nasl.php?oid=840636", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1126_2.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for php5 USN-1126-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN 1126-1 fixed several vulnerabilities in PHP. The fix for\n CVE-2010-4697 introduced an incorrect reference counting regression\n in the Zend engine that caused the PHP interpreter to segfault. This\n regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS.\n\n The fixes for CVE-2011-1072 and CVE-2011-1144 introduced a regression\n in the PEAR installer that prevented it from creating its cache\n directory and reporting errors correctly.\n \n We apologize for the inconvenience.\n \n Original advisory details:\n \n Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for\n PHP 5.3.5 allows local users to delete arbitrary files via a symlink\n attack on a directory under /var/lib/php5/. (CVE-2011-0441)\n \n Raphael Geisert and Dan Rosenberg discovered that the PEAR installer\n allows local users to overwrite arbitrary files via a symlink attack on\n the package.xml file, related to the (1) download_dir, (2) cache_dir,\n (3) tmp_dir, and (4) pear-build-download directories. (CVE-2011-1072,\n CVE-2011-1144)\n \n Ben Schmidt discovered that a use-after-free vulnerability in the PHP\n Zend engine could allow an attacker to cause a denial of service (heap\n memory corruption) or possibly execute arbitrary code. (CVE-2010-4697)\n \n Martin Barbella discovered a buffer overflow in the PHP GD extension\n that allows an attacker to cause a denial of service (application crash)\n via a large number of anti- aliasing steps in an argument to the\n imagepstext function. (CVE-2010-4698)\n \n It was discovered that PHP accepts the \\0 character in a pathname,\n which might allow an attacker to bypass intended access restrictions\n by placing a safe file extension after this character. This issue\n is addressed in Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.\n (CVE-2006-7243)\n \n Maksymilian Arciemowicz discovered that the grapheme_extract function\n in the PHP Internationalization extension (Intl) for ICU allow\n an attacker to cause a denial of service (crash) via an invalid\n size argument, which triggers a NULL pointer dereference. This\n issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu\n 11.04. (CVE-2011-0420)\n \n Maksymilian Arciemowicz discovered that the _zip_name_locate\n function in the PHP Zip extension does not properly handle a\n ZIPARCHIVE::FL_UNCHANGED argument, which might allow an attacker to\n cause a denial of service (NULL pointer dereference) via an empty\n ZIP archive. This issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu\n 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. ( ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1126-2\";\ntag_affected = \"php5 on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 9.10 ,\n Ubuntu 8.04 LTS ,\n Ubuntu 6.06 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1126-2/\");\n script_id(840636);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1126-2\");\n script_cve_id(\"CVE-2010-4697\", \"CVE-2011-1072\", \"CVE-2011-1144\", \"CVE-2011-0441\", \"CVE-2010-4698\", \"CVE-2006-7243\", \"CVE-2011-0420\", \"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1148\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\");\n script_name(\"Ubuntu Update for php5 USN-1126-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-1ubuntu9.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.3-1ubuntu9.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.3-1ubuntu9.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-1ubuntu9.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-1ubuntu9.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.3-1ubuntu9.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.2-1ubuntu4.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.2-1ubuntu4.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.2-1ubuntu4.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.2-1ubuntu4.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.2-1ubuntu4.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.2-1ubuntu4.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.10.dfsg.1-2ubuntu6.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.10.dfsg.1-2ubuntu6.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.10.dfsg.1-2ubuntu6.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.10.dfsg.1-2ubuntu6.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.10.dfsg.1-2ubuntu6.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.10.dfsg.1-2ubuntu6.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.1.2-1ubuntu3.24\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.1.2-1ubuntu3.24\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.1.2-1ubuntu3.24\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.1.2-1ubuntu3.24\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.1.2-1ubuntu3.24\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.1.2-1ubuntu3.24\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.5-1ubuntu7.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.5-1ubuntu7.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.5-1ubuntu7.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.5-1ubuntu7.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.5-1ubuntu7.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.5-1ubuntu7.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.4-2ubuntu5.17\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.4-2ubuntu5.17\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.4-2ubuntu5.17\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.4-2ubuntu5.17\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.4-2ubuntu5.17\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.4-2ubuntu5.17\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-11-03T00:00:00", "type": "openvas", "title": "RedHat Update for php53 and php RHSA-2011:1423-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1471", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-2202"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310870510", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870510", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for php53 and php RHSA-2011:1423-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-November/msg00003.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870510\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-03 12:22:48 +0100 (Thu, 03 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1423-01\");\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\",\n \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\",\n \"CVE-2011-2483\");\n script_name(\"RedHat Update for php53 and php RHSA-2011:1423-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php53 and php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"php53 and php on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n A signedness issue was found in the way the PHP crypt() function handled\n 8-bit characters in passwords when using Blowfish hashing. Up to three\n characters immediately preceding a non-ASCII character (one with the high\n bit set) had no effect on the hash result, thus shortening the effective\n password length. This made brute-force guessing more efficient as several\n different passwords were hashed to the same value. (CVE-2011-2483)\n\n Note: Due to the CVE-2011-2483 fix, after installing this update some users\n may not be able to log in to PHP applications that hash passwords with\n Blowfish using the PHP crypt() function. Refer to the upstream\n 'CRYPT_BLOWFISH security fix details' document, linked to in the\n References, for details.\n\n An insufficient input validation flaw, leading to a buffer over-read, was\n found in the PHP exif extension. A specially-crafted image file could cause\n the PHP interpreter to crash when a PHP script tries to extract\n Exchangeable image file format (Exif) metadata from the image file.\n (CVE-2011-0708)\n\n An integer overflow flaw was found in the PHP calendar extension. A remote\n attacker able to make a PHP script call SdnToJulian() with a large value\n could cause the PHP interpreter to crash. (CVE-2011-1466)\n\n Multiple memory leak flaws were found in the PHP OpenSSL extension. A\n remote attacker able to make a PHP script use openssl_encrypt() or\n openssl_decrypt() repeatedly could cause the PHP interpreter to use an\n excessive amount of memory. (CVE-2011-1468)\n\n A use-after-free flaw was found in the PHP substr_replace() function. If a\n PHP script used the same variable as multiple function arguments, a remote\n attacker could possibly use this to crash the PHP interpreter or, possibly,\n execute arbitrary code. (CVE-2011-1148)\n\n A bug in the PHP Streams component caused the PHP interpreter to crash if\n an FTP wrapper connection was made through an HTTP proxy. A remote attacker\n could possibly trigger this issue if a PHP script accepted an untrusted URL\n to connect to. (CVE-2011-1469)\n\n An integer signedness issue was found in the PHP zip extension. An attacker\n could use a specially-crafted ZIP archive to cause the PHP interpreter to\n use an excessive amount of CPU time until the script execution time limit\n is reached. (CVE-2011-1471)\n\n A stack-based buffer overflow flaw was found in the way the PHP socket\n extension handled long AF_UNIX socket addresses. An attacker able to mak ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php53\", rpm:\"php53~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-bcmath\", rpm:\"php53-bcmath~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-cli\", rpm:\"php53-cli~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-common\", rpm:\"php53-common~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-dba\", rpm:\"php53-dba~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-debuginfo\", rpm:\"php53-debuginfo~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-devel\", rpm:\"php53-devel~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-gd\", rpm:\"php53-gd~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-imap\", rpm:\"php53-imap~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-intl\", rpm:\"php53-intl~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-ldap\", rpm:\"php53-ldap~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mbstring\", rpm:\"php53-mbstring~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mysql\", rpm:\"php53-mysql~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-odbc\", rpm:\"php53-odbc~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pdo\", rpm:\"php53-pdo~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pgsql\", rpm:\"php53-pgsql~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-process\", rpm:\"php53-process~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pspell\", rpm:\"php53-pspell~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-snmp\", rpm:\"php53-snmp~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-soap\", rpm:\"php53-soap~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xml\", rpm:\"php53-xml~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xmlrpc\", rpm:\"php53-xmlrpc~5.3.3~1.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:27:05", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1126-1", "cvss3": {}, "published": "2011-05-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for php5 USN-1126-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-0441", "CVE-2011-1471", "CVE-2011-1148", "CVE-2011-1466", "CVE-2010-4697", "CVE-2011-1092", "CVE-2011-1144", "CVE-2010-4698", "CVE-2006-7243", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-0420", "CVE-2011-1470", "CVE-2011-1469", "CVE-2011-1464", "CVE-2011-1072"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840646", "href": "http://plugins.openvas.org/nasl.php?oid=840646", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1126_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for php5 USN-1126-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for\n PHP 5.3.5 allows local users to delete arbitrary files via a symlink\n attack on a directory under /var/lib/php5/. (CVE-2011-0441)\n\n Raphael Geisert and Dan Rosenberg discovered that the PEAR installer\n allows local users to overwrite arbitrary files via a symlink attack on\n the package.xml file, related to the (1) download_dir, (2) cache_dir,\n (3) tmp_dir, and (4) pear-build-download directories. (CVE-2011-1072,\n CVE-2011-1144)\n \n Ben Schmidt discovered that a use-after-free vulnerability in the PHP\n Zend engine could allow an attacker to cause a denial of service (heap\n memory corruption) or possibly execute arbitrary code. (CVE-2010-4697)\n \n Martin Barbella discovered a buffer overflow in the PHP GD extension\n that allows an attacker to cause a denial of service (application crash)\n via a large number of anti- aliasing steps in an argument to the\n imagepstext function. (CVE-2010-4698)\n \n It was discovered that PHP accepts the \\0 character in a pathname,\n which might allow an attacker to bypass intended access restrictions\n by placing a safe file extension after this character. This issue\n is addressed in Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.\n (CVE-2006-7243)\n \n Maksymilian Arciemowicz discovered that the grapheme_extract function\n in the PHP Internationalization extension (Intl) for ICU allow\n an attacker to cause a denial of service (crash) via an invalid\n size argument, which triggers a NULL pointer dereference. This\n issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu\n 11.04. (CVE-2011-0420)\n \n Maksymilian Arciemowicz discovered that the _zip_name_locate\n function in the PHP Zip extension does not properly handle a\n ZIPARCHIVE::FL_UNCHANGED argument, which might allow an attacker to\n cause a denial of service (NULL pointer dereference) via an empty\n ZIP archive. This issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu\n 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-0421)\n \n Luca Carettoni discovered that the PHP Exif extension performs an\n incorrect cast on 64bit platforms, which allows a remote attacker\n to cause a denial of service (application crash) via an image with\n a crafted Image File Directory (IFD). (CVE-2011-0708)\n \n Jose Carlos Norte discovered that an integer overflow in the PHP\n shmop extension could allow an attacker to cause a denial of service\n (crash) and possibly read sensitive memory function. (CVE-2011-1092)\n \n Felipe Pena discovered that ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1126-1\";\ntag_affected = \"php5 on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 9.10 ,\n Ubuntu 8.04 LTS ,\n Ubuntu 6.06 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1126-1/\");\n script_id(840646);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1126-1\");\n script_cve_id(\"CVE-2011-0441\", \"CVE-2011-1072\", \"CVE-2011-1144\", \"CVE-2010-4697\", \"CVE-2010-4698\", \"CVE-2006-7243\", \"CVE-2011-0420\", \"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1148\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\");\n script_name(\"Ubuntu Update for php5 USN-1126-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.3-1ubuntu9.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.2-1ubuntu4.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.10.dfsg.1-2ubuntu6.9\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.10.dfsg.1-2ubuntu6.9\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.10.dfsg.1-2ubuntu6.9\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.10.dfsg.1-2ubuntu6.9\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.10.dfsg.1-2ubuntu6.9\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.10.dfsg.1-2ubuntu6.9\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.10.dfsg.1-2ubuntu6.9\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.10.dfsg.1-2ubuntu6.9\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.10.dfsg.1-2ubuntu6.9\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.1.2-1ubuntu3.22\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.1.2-1ubuntu3.22\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.1.2-1ubuntu3.22\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.1.2-1ubuntu3.22\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.1.2-1ubuntu3.22\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.1.2-1ubuntu3.22\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.1.2-1ubuntu3.22\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.1.2-1ubuntu3.22\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.1.2-1ubuntu3.22\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.5-1ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.4-2ubuntu5.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.4-2ubuntu5.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.4-2ubuntu5.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.4-2ubuntu5.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.4-2ubuntu5.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.4-2ubuntu5.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.4-2ubuntu5.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.4-2ubuntu5.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.4-2ubuntu5.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:20", "description": "Check for the Version of php53", "cvss3": {}, "published": "2011-11-03T00:00:00", "type": "openvas", "title": "CentOS Update for php53 CESA-2011:1423 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1471", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-2202"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:881028", "href": "http://plugins.openvas.org/nasl.php?oid=881028", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php53 CESA-2011:1423 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n A signedness issue was found in the way the PHP crypt() function handled\n 8-bit characters in passwords when using Blowfish hashing. Up to three\n characters immediately preceding a non-ASCII character (one with the high\n bit set) had no effect on the hash result, thus shortening the effective\n password length. This made brute-force guessing more efficient as several\n different passwords were hashed to the same value. (CVE-2011-2483)\n \n Note: Due to the CVE-2011-2483 fix, after installing this update some users\n may not be able to log in to PHP applications that hash passwords with\n Blowfish using the PHP crypt() function. Refer to the upstream\n "CRYPT_BLOWFISH security fix details" document, linked to in the\n References, for details.\n \n An insufficient input validation flaw, leading to a buffer over-read, was\n found in the PHP exif extension. A specially-crafted image file could cause\n the PHP interpreter to crash when a PHP script tries to extract\n Exchangeable image file format (Exif) metadata from the image file.\n (CVE-2011-0708)\n \n An integer overflow flaw was found in the PHP calendar extension. A remote\n attacker able to make a PHP script call SdnToJulian() with a large value\n could cause the PHP interpreter to crash. (CVE-2011-1466)\n \n Multiple memory leak flaws were found in the PHP OpenSSL extension. A\n remote attacker able to make a PHP script use openssl_encrypt() or\n openssl_decrypt() repeatedly could cause the PHP interpreter to use an\n excessive amount of memory. (CVE-2011-1468)\n \n A use-after-free flaw was found in the PHP substr_replace() function. If a\n PHP script used the same variable as multiple function arguments, a remote\n attacker could possibly use this to crash the PHP interpreter or, possibly,\n execute arbitrary code. (CVE-2011-1148)\n \n A bug in the PHP Streams component caused the PHP interpreter to crash if\n an FTP wrapper connection was made through an HTTP proxy. A remote attacker\n could possibly trigger this issue if a PHP script accepted an untrusted URL\n to connect to. (CVE-2011-1469)\n \n An integer signedness issue was found in the PHP zip extension. An attacker\n could use a specially-crafted ZIP archive to cause the PHP interpreter to\n use an excessive amount of CPU time until the script execution time limit\n is reached. (CVE-2011-1471)\n \n A stack-based buffer overflow flaw was found in the way the PHP socket\n extension handled long AF_UNIX socket addresses. An attacker able to make a\n PHP script connect to a long AF_ ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php53 on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018145.html\");\n script_id(881028);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-03 12:22:48 +0100 (Thu, 03 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1423\");\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\",\n \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\",\n \"CVE-2011-2483\");\n script_name(\"CentOS Update for php53 CESA-2011:1423 centos5 i386\");\n\n script_summary(\"Check for the Version of php53\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php53\", rpm:\"php53~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-bcmath\", rpm:\"php53-bcmath~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-cli\", rpm:\"php53-cli~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-common\", rpm:\"php53-common~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-dba\", rpm:\"php53-dba~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-devel\", rpm:\"php53-devel~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-gd\", rpm:\"php53-gd~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-imap\", rpm:\"php53-imap~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-intl\", rpm:\"php53-intl~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-ldap\", rpm:\"php53-ldap~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mbstring\", rpm:\"php53-mbstring~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mysql\", rpm:\"php53-mysql~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-odbc\", rpm:\"php53-odbc~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pdo\", rpm:\"php53-pdo~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pgsql\", rpm:\"php53-pgsql~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-process\", rpm:\"php53-process~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pspell\", rpm:\"php53-pspell~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-snmp\", rpm:\"php53-snmp~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-soap\", rpm:\"php53-soap~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xml\", rpm:\"php53-xml~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xmlrpc\", rpm:\"php53-xmlrpc~5.3.3~1.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:19", "description": "Oracle Linux Local Security Checks ELSA-2011-1423", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1423", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1471", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-2202"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122061", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122061", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1423.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122061\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:12:26 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1423\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1423 - php53 and php security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1423\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1423.html\");\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"php53\", rpm:\"php53~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-bcmath\", rpm:\"php53-bcmath~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-cli\", rpm:\"php53-cli~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-common\", rpm:\"php53-common~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-dba\", rpm:\"php53-dba~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-devel\", rpm:\"php53-devel~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-gd\", rpm:\"php53-gd~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-imap\", rpm:\"php53-imap~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-intl\", rpm:\"php53-intl~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-ldap\", rpm:\"php53-ldap~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-mbstring\", rpm:\"php53-mbstring~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-mysql\", rpm:\"php53-mysql~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-odbc\", rpm:\"php53-odbc~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-pdo\", rpm:\"php53-pdo~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-pgsql\", rpm:\"php53-pgsql~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-process\", rpm:\"php53-process~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-pspell\", rpm:\"php53-pspell~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-snmp\", rpm:\"php53-snmp~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-soap\", rpm:\"php53-soap~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-xml\", rpm:\"php53-xml~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-xmlrpc\", rpm:\"php53-xmlrpc~5.3.3~1.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-zts\", rpm:\"php-zts~5.3.3~3.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for php53 CESA-2011:1423 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1471", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-0708", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-2202"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881333", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881333", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php53 CESA-2011:1423 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-November/018146.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881333\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:25:50 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\",\n \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\",\n \"CVE-2011-2483\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1423\");\n script_name(\"CentOS Update for php53 CESA-2011:1423 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update fo

SuSE 11.1 Security Update : PHP5 (SAT Patch Number 4663)

Description

Related