SuSE 11.2 Security Update : PHP5 (SAT Patch Number 5958)

2012-04-06T00:00:00

Description

This update of PHP5 fixes multiple security flaws : - missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). (CVE-2011-4153) - specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. (CVE-2012-0057) - a stack-based buffer overflow in php5's Suhosin extension could allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header. (CVE-2012-0807) - temporary changes to the magic_quotes_gpc directive during the importing of environment variables is not properly performed which makes it easier for remote attackers to conduct SQL injections. (CVE-2012-0831)

{"id": "SUSE_11_APACHE2-MOD_PHP53-120309.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "SuSE 11.2 Security Update : PHP5 (SAT Patch Number 5958)", "description": "This update of PHP5 fixes multiple security flaws :\n\n - missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). (CVE-2011-4153)\n\n - specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. (CVE-2012-0057)\n\n - a stack-based buffer overflow in php5's Suhosin extension could allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header. (CVE-2012-0807)\n\n - temporary changes to the magic_quotes_gpc directive during the importing of environment variables is not properly performed which makes it easier for remote attackers to conduct SQL injections. (CVE-2012-0831)", "published": "2012-04-06T00:00:00", "modified": "2021-01-19T00:00:00", "epss": [{"cve": "CVE-2011-4153", "epss": 0.03908, "percentile": 0.90981, "modified": "2023-12-02"}, {"cve": "CVE-2012-0057", "epss": 0.00683, "percentile": 0.77679, "modified": "2023-12-02"}, {"cve": "CVE-2012-0807", "epss": 0.04381, "percentile": 0.91408, "modified": "2023-12-02"}, {"cve": "CVE-2012-0831", "epss": 0.00625, "percentile": 0.76494, "modified": "2023-12-02"}], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/58615", "reporter": "This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=749111", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4153", "https://bugzilla.novell.com/show_bug.cgi?id=746661", "http://support.novell.com/security/cve/CVE-2012-0057.html", "http://support.novell.com/security/cve/CVE-2011-4153.html", "https://bugzilla.novell.com/show_bug.cgi?id=741859", "http://support.novell.com/security/cve/CVE-2012-0807.html", "https://bugzilla.novell.com/show_bug.cgi?id=743308", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0057", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0807", "http://support.novell.com/security/cve/CVE-2012-0831.html", "https://bugzilla.novell.com/show_bug.cgi?id=741520", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0831"], "cvelist": ["CVE-2011-4153", "CVE-2012-0057", "CVE-2012-0807", "CVE-2012-0831"], "immutableFields": [], "lastseen": "2023-12-02T14:42:04", "viewCount": 22, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2012:1045", "CESA-2012:1046", "CESA-2012:1047", "CESA-2013:0514", "CESA-2013:1307"]}, {"type": "cve", "idList": ["CVE-2011-4153", "CVE-2012-0057", "CVE-2012-0781", "CVE-2012-0807", "CVE-2012-0831"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2399-1:367BF", "DEBIAN:DSA-2399-2:BC1FA", "DEBIAN:DSA-2408-1:B808D"]}, {"type": "exploitdb", "idList": ["EDB-ID:18370"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:177A5DE3B57567943B9B255C17105EEB"]}, {"type": "f5", "idList": ["F5:K13518", "SOL13518"]}, {"type": "fedora", "idList": ["FEDORA:74DD920884", "FEDORA:7E4C7208A1", "FEDORA:7FE32208A7", "FEDORA:877BA208A7", "FEDORA:8F32E208C8", "FEDORA:97B7C208D3"]}, {"type": "freebsd", "idList": ["07234E78-E899-11E1-B38D-0023AE8E59F0", "2CDE1892-913E-11E1-B44C-001FD0AF1A4C"]}, {"type": "gentoo", "idList": ["GLSA-201209-03", "GLSA-201412-10"]}, {"type": "nessus", "idList": ["6263.PRM", "6995.PRM", "801116.PRM", "CENTOS_RHSA-2012-1045.NASL", "CENTOS_RHSA-2012-1046.NASL", "CENTOS_RHSA-2012-1047.NASL", "CENTOS_RHSA-2013-0514.NASL", "CENTOS_RHSA-2013-1307.NASL", "DEBIAN_DSA-2399.NASL", "DEBIAN_DSA-2408.NASL", "FEDORA_2012-6907.NASL", "FEDORA_2012-6911.NASL", "FREEBSD_PKG_07234E78E89911E1B38D0023AE8E59F0.NASL", "FREEBSD_PKG_2CDE1892913E11E1B44C001FD0AF1A4C.NASL", "GENTOO_GLSA-201209-03.NASL", "GENTOO_GLSA-201412-10.NASL", "HPSMH_7_1_1_1.NASL", "MACOSX_10_7_5.NASL", "MACOSX_10_8_2.NASL", "MACOSX_SECUPD2012-004.NASL", "MANDRIVA_MDVSA-2012-065.NASL", "OPENSUSE-2012-182.NASL", "ORACLELINUX_ELSA-2012-1045.NASL", "ORACLELINUX_ELSA-2012-1046.NASL", "ORACLELINUX_ELSA-2012-1047.NASL", "ORACLELINUX_ELSA-2013-0514.NASL", "ORACLELINUX_ELSA-2013-1307.NASL", "PHP_5_3_11.NASL", "PHP_5_3_9.NASL", "PHP_5_4_0.NASL", "REDHAT-RHSA-2012-1045.NASL", "REDHAT-RHSA-2012-1046.NASL", "REDHAT-RHSA-2012-1047.NASL", "REDHAT-RHSA-2013-0514.NASL", "REDHAT-RHSA-2013-1307.NASL", "SL_20120627_PHP53_ON_SL5_X.NASL", "SL_20120627_PHP_ON_SL5_X.NASL", "SL_20120627_PHP_ON_SL6_X.NASL", "SL_20130221_PHP_ON_SL6_X.NASL", "SL_20130930_PHP53_ON_SL5_X.NASL", "SUSE_11_APACHE2-MOD_PHP5-120309.NASL", "SUSE_APACHE2-MOD_PHP5-8009.NASL", "UBUNTU_USN-1358-1.NASL", "UBUNTU_USN-1358-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310103464", "OPENVAS:1361412562310110012", "OPENVAS:1361412562310121296", "OPENVAS:1361412562310123562", "OPENVAS:1361412562310123689", "OPENVAS:1361412562310123874", "OPENVAS:1361412562310123883", "OPENVAS:1361412562310123893", "OPENVAS:136141256231070716", "OPENVAS:136141256231070717", "OPENVAS:136141256231071135", "OPENVAS:136141256231071265", "OPENVAS:136141256231072420", "OPENVAS:1361412562310802566", "OPENVAS:1361412562310802591", "OPENVAS:1361412562310802968", "OPENVAS:1361412562310831621", "OPENVAS:1361412562310840891", "OPENVAS:1361412562310840895", "OPENVAS:1361412562310850217", "OPENVAS:1361412562310864217", "OPENVAS:1361412562310864219", "OPENVAS:1361412562310864221", "OPENVAS:1361412562310864225", "OPENVAS:1361412562310864226", "OPENVAS:1361412562310864227", "OPENVAS:1361412562310870780", "OPENVAS:1361412562310870781", "OPENVAS:1361412562310870782", "OPENVAS:1361412562310870940", "OPENVAS:1361412562310871047", "OPENVAS:1361412562310881144", "OPENVAS:1361412562310881154", "OPENVAS:1361412562310881174", "OPENVAS:1361412562310881656", "OPENVAS:70716", "OPENVAS:70717", "OPENVAS:71135", "OPENVAS:71265", "OPENVAS:72420", "OPENVAS:802968", "OPENVAS:831621", "OPENVAS:840891", "OPENVAS:840895", "OPENVAS:850217", "OPENVAS:864217", "OPENVAS:864219", "OPENVAS:864221", "OPENVAS:864225", "OPENVAS:864226", "OPENVAS:864227", "OPENVAS:870780", "OPENVAS:870781", "OPENVAS:870782", "OPENVAS:870940", "OPENVAS:871047", "OPENVAS:881144", "OPENVAS:881154", "OPENVAS:881174", "OPENVAS:881656"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-1045", "ELSA-2012-1046", "ELSA-2012-1047", "ELSA-2013-0514", "ELSA-2013-1307"]}, {"type": "osv", "idList": ["OSV:DSA-2399-1", "OSV:DSA-2408-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:108684"]}, {"type": "prion", "idList": ["PRION:CVE-2011-4153", "PRION:CVE-2012-0057", "PRION:CVE-2012-0781", "PRION:CVE-2012-0807", "PRION:CVE-2012-0831"]}, {"type": "redhat", "idList": ["RHSA-2012:1045", "RHSA-2012:1046", "RHSA-2012:1047", "RHSA-2013:0514", "RHSA-2013:1307"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27585", "SECURITYVULNS:DOC:28033", "SECURITYVULNS:DOC:28070", "SECURITYVULNS:DOC:28577", "SECURITYVULNS:VULN:12159", "SECURITYVULNS:VULN:12353"]}, {"type": "seebug", "idList": ["SSV:30025", "SSV:30053", "SSV:30072", "SSV:30080", "SSV:30102", "SSV:60067", "SSV:72494"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0426-1", "SUSE-SU-2012:0411-1", "SUSE-SU-2012:0472-1", "SUSE-SU-2012:0496-1", "SUSE-SU-2013:1351-1"]}, {"type": "ubuntu", "idList": ["USN-1358-1", "USN-1358-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-4153", "UB:CVE-2012-0057", "UB:CVE-2012-0781", "UB:CVE-2012-0807", "UB:CVE-2012-0831"]}, {"type": "veracode", "idList": ["VERACODE:10889", "VERACODE:13855", "VERACODE:13856", "VERACODE:13857", "VERACODE:13858", "VERACODE:13860", "VERACODE:13864", "VERACODE:14519"]}]}, "score": {"value": 0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2012:1045", "CESA-2012:1046", "CESA-2012:1047", "CESA-2013:0514"]}, {"type": "cve", "idList": ["CVE-2011-4153", "CVE-2012-0057", "CVE-2012-0807", "CVE-2012-0831"]}, {"type": "exploitdb", "idList": ["EDB-ID:18370"]}, {"type": "f5", "idList": ["SOL13518"]}, {"type": "fedora", "idList": ["FEDORA:7E4C7208A1"]}, {"type": "freebsd", "idList": ["07234E78-E899-11E1-B38D-0023AE8E59F0", "2CDE1892-913E-11E1-B44C-001FD0AF1A4C"]}, {"type": "gentoo", "idList": ["GLSA-201209-03"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GENTOO-LINUX-CVE-2012-0807/"]}, {"type": "nessus", "idList": ["6263.PRM", "GENTOO_GLSA-201209-03.NASL", "REDHAT-RHSA-2013-1307.NASL", "SL_20120627_PHP_ON_SL6_X.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310110012", "OPENVAS:136141256231072420", "OPENVAS:1361412562310850217", "OPENVAS:70717", "OPENVAS:71265"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:108684"]}, {"type": "redhat", "idList": ["RHSA-2012:1047"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12159"]}, {"type": "seebug", "idList": ["SSV:30102"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0426-1"]}, {"type": "ubuntu", "idList": ["USN-1358-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-0807"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2011-4153", "epss": 0.04079, "percentile": 0.90823, "modified": "2023-05-06"}, {"cve": "CVE-2012-0057", "epss": 0.00683, "percentile": 0.77096, "modified": "2023-05-06"}, {"cve": "CVE-2012-0807", "epss": 0.04571, "percentile": 0.91287, "modified": "2023-05-06"}, {"cve": "CVE-2012-0831", "epss": 0.01042, "percentile": 0.81773, "modified": "2023-05-06"}], "vulnersScore": 0.0}, "_state": {"dependencies": 1701549006, "score": 1701548784, "epss": 0}, "_internal": {"score_hash": "0a1100d7be667ef00ee28979c52932b5"}, "pluginID": "58615", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58615);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4153\", \"CVE-2012-0057\", \"CVE-2012-0807\", \"CVE-2012-0831\");\n\n script_name(english:\"SuSE 11.2 Security Update : PHP5 (SAT Patch Number 5958)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of PHP5 fixes multiple security flaws :\n\n - missing checks of return values could allow remote\n attackers to cause a denial of service (NULL pointer\n dereference). (CVE-2011-4153)\n\n - specially crafted XSLT stylesheets could allow remote\n attackers to create arbitrary files with arbitrary\n content. (CVE-2012-0057)\n\n - a stack-based buffer overflow in php5's Suhosin\n extension could allow remote attackers to execute\n arbitrary code via a long string that is used in a\n Set-Cookie HTTP header. (CVE-2012-0807)\n\n - temporary changes to the magic_quotes_gpc directive\n during the importing of environment variables is not\n properly performed which makes it easier for remote\n attackers to conduct SQL injections. (CVE-2012-0831)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=743308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=746661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=749111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4153.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0057.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0807.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0831.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5958.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"apache2-mod_php53-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-bcmath-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-bz2-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-calendar-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-ctype-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-curl-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-dba-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-dom-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-exif-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-fastcgi-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-fileinfo-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-ftp-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-gd-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-gettext-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-gmp-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-iconv-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-intl-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-json-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-ldap-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-mbstring-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-mcrypt-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-mysql-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-odbc-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-openssl-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-pcntl-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-pdo-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-pear-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-pgsql-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-pspell-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-shmop-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-snmp-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-soap-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-suhosin-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-sysvmsg-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-sysvsem-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-sysvshm-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-tokenizer-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-wddx-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-xmlreader-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-xmlrpc-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-xmlwriter-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-xsl-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-zip-5.3.8-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-zlib-5.3.8-0.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:11:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:11:php53", "p-cpe:/a:novell:suse_linux:11:php53-bcmath", "p-cpe:/a:novell:suse_linux:11:php53-bz2", "p-cpe:/a:novell:suse_linux:11:php53-calendar", "p-cpe:/a:novell:suse_linux:11:php53-ctype", "p-cpe:/a:novell:suse_linux:11:php53-curl", "p-cpe:/a:novell:suse_linux:11:php53-dba", "p-cpe:/a:novell:suse_linux:11:php53-dom", "p-cpe:/a:novell:suse_linux:11:php53-exif", "p-cpe:/a:novell:suse_linux:11:php53-fastcgi", "p-cpe:/a:novell:suse_linux:11:php53-fileinfo", "p-cpe:/a:novell:suse_linux:11:php53-ftp", "p-cpe:/a:novell:suse_linux:11:php53-gd", "p-cpe:/a:novell:suse_linux:11:php53-gettext", "p-cpe:/a:novell:suse_linux:11:php53-gmp", "p-cpe:/a:novell:suse_linux:11:php53-iconv", "p-cpe:/a:novell:suse_linux:11:php53-intl", "p-cpe:/a:novell:suse_linux:11:php53-json", "p-cpe:/a:novell:suse_linux:11:php53-ldap", "p-cpe:/a:novell:suse_linux:11:php53-mbstring", "p-cpe:/a:novell:suse_linux:11:php53-mcrypt", "p-cpe:/a:novell:suse_linux:11:php53-mysql", "p-cpe:/a:novell:suse_linux:11:php53-odbc", "p-cpe:/a:novell:suse_linux:11:php53-openssl", "p-cpe:/a:novell:suse_linux:11:php53-pcntl", "p-cpe:/a:novell:suse_linux:11:php53-pdo", "p-cpe:/a:novell:suse_linux:11:php53-pear", "p-cpe:/a:novell:suse_linux:11:php53-pgsql", "p-cpe:/a:novell:suse_linux:11:php53-pspell", "p-cpe:/a:novell:suse_linux:11:php53-shmop", "p-cpe:/a:novell:suse_linux:11:php53-snmp", "p-cpe:/a:novell:suse_linux:11:php53-soap", "p-cpe:/a:novell:suse_linux:11:php53-suhosin", "p-cpe:/a:novell:suse_linux:11:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:11:php53-sysvsem", "p-cpe:/a:novell:suse_linux:11:php53-sysvshm", "p-cpe:/a:novell:suse_linux:11:php53-tokenizer", "p-cpe:/a:novell:suse_linux:11:php53-wddx", "p-cpe:/a:novell:suse_linux:11:php53-xmlreader", "p-cpe:/a:novell:suse_linux:11:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:11:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:11:php53-xsl", "p-cpe:/a:novell:suse_linux:11:php53-zip", "p-cpe:/a:novell:suse_linux:11:php53-zlib", "cpe:/o:novell:suse_linux:11"], "solution": "Apply SAT patch number 5958.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vendor_cvss2": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "vendor_cvss3": {"score": null, "vector": null}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2012-03-09T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"suse": [{"lastseen": "2016-09-04T11:48:25", "description": "This update of PHP5 fixes multiple security flaws:\n\n * CVE-2011-4153, missing checks of return values could\n allow remote attackers to cause a denial of service (NULL\n pointer dereference)\n * CVE-2012-0057, specially crafted XSLT stylesheets\n could allow remote attackers to create arbitrary files with\n arbitrary content\n * CVE-2012-0807, a stack based buffer overflow in\n php5's Suhosin extension could allow remote attackers to\n execute arbitrary code via a long string that is used in a\n Set-Cookie HTTP header\n * CVE-2012-0831, temporary changes to the\n magic_quotes_gpc directive during the importing of\n environment variables is not properly performed which makes\n it easier for remote attackers to conduct SQL injections\n", "cvss3": {}, "published": "2012-04-06T03:08:16", "type": "suse", "title": "Security update for PHP5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-0057", "CVE-2012-0831", "CVE-2011-4153", "CVE-2012-0807"], "modified": "2012-04-06T03:08:16", "id": "SUSE-SU-2012:0472-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:23:18", "description": "This update of php5 fixes multiple security flaws:\n\n * CVE-2011-4153, missing checks of return values could\n allow remote attackers to cause a denial of service (NULL\n pointer dereference)\n * CVE-2011-4885, denial of service via hash collisions\n * CVE-2012-0057, specially crafted XSLT stylesheets\n could allow remote attackers to create arbitrary files with\n arbitrary content\n * CVE-2012-0781, remote attackers can cause a denial of\n service via specially crafted input to an application that\n attempts to perform Tidy::diagnose operations\n * CVE-2012-0788, applications that use a PDO driver\n were prone to denial of service flaws which could be\n exploited remotely\n * CVE-2012-0789, memory leak in the timezone\n functionality could allow remote attackers to cause a\n denial of service (memory consumption)\n * CVE-2012-0807, a stack based buffer overflow in\n php5's Suhosin extension could allow remote attackers to\n execute arbitrary code via a long string that is used in a\n Set-Cookie HTTP header\n * CVE-2012-0830, this fixes an incorrect fix for\n CVE-2011-4885 which could allow remote attackers to execute\n arbitrary code via a request containing a large number of\n variables\n * CVE-2012-0831, temporary changes to the\n magic_quotes_gpc directive during the importing of\n environment variables is not properly performed which makes\n it easier for remote attackers to conduct SQL injections\n", "cvss3": {}, "published": "2012-03-24T03:08:28", "type": "suse", "title": "Security update for PHP5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-0789", "CVE-2011-4885", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0781", "CVE-2012-0057", "CVE-2012-0831", "CVE-2011-4153", "CVE-2012-0807"], "modified": "2012-03-24T03:08:28", "id": "SUSE-SU-2012:0411-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:15:09", "description": "php5 security update\n\n", "cvss3": {}, "published": "2012-03-29T15:08:14", "type": "suse", "title": "update for php5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-1466", "CVE-2012-0789", "CVE-2011-4885", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0781", "CVE-2012-0057", "CVE-2011-4566", "CVE-2012-0831", "CVE-2011-4153", "CVE-2012-0807"], "modified": "2012-03-29T15:08:14", "id": "OPENSUSE-SU-2012:0426-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:42:58", "description": "This update of php5 fixes multiple security flaws:\n\n * CVE-2011-2202: A php5 upload filename injection was\n fixed.\n * CVE-2011-4566: A integer overflow in the EXIF\n extension was fixed that could be used by attackers to\n crash the interpreter or potentially read memory\n * CVE-2011-3182: Multiple NULL pointer dereferences\n were fixed that could lead to crashes\n * CVE-2011-1466: An integer overflow in the PHP\n calendar extension was fixed that could have led to crashes.\n * CVE-2011-1072: A symlink vulnerability in the PEAR\n installer could be exploited by local attackers to inject\n code.\n * CVE-2011-4153: missing checks of return values could\n allow remote attackers to cause a denial of service (NULL\n pointer dereference)\n * CVE-2011-4885: denial of service via hash collisions\n * CVE-2012-0057: specially crafted XSLT stylesheets\n could allow remote attackers to create arbitrary files with\n arbitrary content\n * CVE-2012-0781: remote attackers can cause a denial of\n service via specially crafted input to an application that\n attempts to perform Tidy::diagnose operations\n * CVE-2012-0788: applications that use a PDO driver\n were prone to denial of service flaws which could be\n exploited remotely\n * CVE-2012-0789: memory leak in the timezone\n functionality could allow remote attackers to cause a\n denial of service (memory consumption)\n * CVE-2012-0807: a stack based buffer overflow in the\n php5 Suhosin extension could allow remote attackers to\n execute arbitrary code via a long string that is used in a\n Set-Cookie HTTP header\n * CVE-2012-0830: this fixes an incorrect fix for\n CVE-2011-4885 which could allow remote attackers to execute\n arbitrary code via a request containing a large number of\n variables\n * CVE-2012-0831: temporary changes to the\n magic_quotes_gpc directive during the importing of\n environment variables is not properly performed which makes\n it easier for remote attackers to conduct SQL injections\n\n Also the following bugs have been fixed:\n\n * allow uploading files bigger than 2GB for 64bit\n systems [bnc#709549]\n * amend README.SUSE to discourage using apache module\n with apache2-worker [bnc#728671]\n", "cvss3": {}, "published": "2012-04-12T23:08:15", "type": "suse", "title": "Security update for PHP5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-1466", "CVE-2012-0789", "CVE-2011-4885", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0781", "CVE-2011-3182", "CVE-2012-0057", "CVE-2011-4566", "CVE-2011-2202", "CVE-2012-0831", "CVE-2011-1072", "CVE-2011-4153", "CVE-2012-0807"], "modified": "2012-04-12T23:08:15", "id": "SUSE-SU-2012:0496-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00005.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:52:15", "description": "php5 has been updated to roll up all pending security fixes\n for Long Term Service Pack Support.\n\n The Following security issues have been fixed:\n\n *\n\n CVE-2013-4635: Integer overflow in the SdnToJewish\n function in jewish.c in the Calendar component in PHP\n allowed context-dependent attackers to cause a denial of\n service (application hang) via a large argument to the\n jdtojewish function.\n\n *\n\n CVE-2013-1635: ext/soap/soap.c in PHP did not\n validate the relationship between the soap.wsdl_cache_dir\n directive and the open_basedir directive, which allowed\n remote attackers to bypass intended access restrictions by\n triggering the creation of cached SOAP WSDL files in an\n arbitrary directory.\n\n *\n\n CVE-2013-1643: The SOAP parser in PHP allowed remote\n attackers to read arbitrary files via a SOAP WSDL file\n containing an XML external entity declaration in\n conjunction with an entity reference, related to an XML\n External Entity (XXE) issue in the soap_xmlParseFile and\n soap_xmlParseMemory functions.\n\n *\n\n CVE-2013-4113: ext/xml/xml.c in PHP before 5.3.27\n does not properly consider parsing depth, which allowed\n remote attackers to cause a denial of service (heap memory\n corruption) or possibly have unspecified other impact via a\n crafted document that is processed by the\n xml_parse_into_struct function.\n\n *\n\n CVE-2011-1398 / CVE-2012-4388: The sapi_header_op\n function in main/SAPI.c in PHP did not check for %0D\n sequences (aka carriage return characters), which allowed\n remote attackers to bypass an HTTP response-splitting\n protection mechanism via a crafted URL, related to improper\n interaction between the PHP header function and certain\n browsers, as demonstrated by Internet Explorer and Google\n Chrome.\n\n *\n\n CVE-2012-2688: An unspecified vulnerability in the\n _php_stream_scandir function in the stream implementation\n in PHP had unknown impact and remote attack vectors,\n related to an "overflow."\n\n *\n\n CVE-2012-3365: The SQLite functionality in PHP before\n 5.3.15 allowed remote attackers to bypass the open_basedir\n protection mechanism via unspecified vectors.\n\n *\n\n CVE-2012-1823: sapi/cgi/cgi_main.c in PHP, when\n configured as a CGI script (aka php-cgi), did not properly\n handle query strings that lack an = (equals sign)\n character, which allowed remote attackers to execute\n arbitrary code by placing command-line options in the query\n string, related to lack of skipping a certain php_getopt\n for the 'd' case.\n\n *\n\n CVE-2012-2335: php-wrapper.fcgi did not properly\n handle command-line arguments, which allowed remote\n attackers to bypass a protection mechanism in PHP and\n execute arbitrary code by leveraging improper interaction\n between the PHP sapi/cgi/cgi_main.c component and a query\n string beginning with a +- sequence.\n\n *\n\n CVE-2012-2336: sapi/cgi/cgi_main.c in PHP, when\n configured as a CGI script (aka php-cgi), did not properly\n handle query strings that lack an = (equals sign)\n character, which allowed remote attackers to cause a denial\n of service (resource consumption) by placing command-line\n options in the query string, related to lack of skipping a\n certain php_getopt for the 'T' case. NOTE: this\n vulnerability exists because of an incomplete fix for\n CVE-2012-1823.\n\n *\n\n CVE-2012-2311: sapi/cgi/cgi_main.c in PHP, when\n configured as a CGI script (aka php-cgi), does not properly\n handle query strings that contain a %3D sequence but no =\n (equals sign) character, which allows remote attackers to\n execute arbitrary code by placing command-line options in\n the query string, related to lack of skipping a certain\n php_getopt for the 'd' case. NOTE: this vulnerability\n exists because of an incomplete fix for CVE-2012-1823.\n\n *\n\n CVE-2012-1172: The file-upload implementation in\n rfc1867.c in PHP did not properly handle invalid [ (open\n square bracket) characters in name values, which makes it\n easier for remote attackers to cause a denial of service\n (malformed $_FILES indexes) or conduct directory traversal\n attacks during multi-file uploads by leveraging a script\n that lacks its own filename restrictions.\n\n *\n\n CVE-2012-0830: The php_register_variable_ex function\n in php_variables.c in PHP allowed remote attackers to\n execute arbitrary code via a request containing a large\n number of variables, related to improper handling of array\n variables. NOTE: this vulnerability exists because of an\n incorrect fix for CVE-2011-4885.\n\n *\n\n CVE-2012-0807: Stack-based buffer overflow in the\n suhosin_encrypt_single_cookie function in the transparent\n cookie-encryption feature in the Suhosin extension before\n 0.9.33 for PHP, when suhosin.cookie.encrypt and\n suhosin.multiheader are enabled, might have allowed remote\n attackers to execute arbitrary code via a long string that\n is used in a Set-Cookie HTTP header.\n\n *\n\n CVE-2012-0057: PHP had improper libxslt security\n settings, which allowed remote attackers to create\n arbitrary files via a crafted XSLT stylesheet that uses the\n libxslt output extension.\n\n *\n\n CVE-2012-0831: PHP did not properly perform a\n temporary change to the magic_quotes_gpc directive during\n the importing of environment variables, which made it\n easier for remote attackers to conduct SQL injection\n attacks via a crafted request, related to\n main/php_variables.c, sapi/cgi/cgi_main.c, and\n sapi/fpm/fpm/fpm_main.c.\n\n *\n\n CVE-2011-4153: PHP did not always check the return\n value of the zend_strndup function, which might have\n allowed remote attackers to cause a denial of service (NULL\n pointer dereference and application crash) via crafted\n input to an application that performs strndup operations on\n untrusted string data, as demonstrated by the define\n function in zend_builtin_functions.c, and unspecified\n functions in ext/soap/php_sdl.c, ext/standard/syslog.c,\n ext/standard/browscap.c, ext/oci8/oci8.c,\n ext/com_dotnet/com_typeinfo.c, and\n main/php_open_temporary_file.c.\n\n *\n\n CVE-2012-0781: The tidy_diagnose function in PHP\n might have allowed remote attackers to cause a denial of\n service (NULL pointer dereference and application crash)\n via crafted input to an application that attempts to\n perform Tidy::diagnose operations on invalid objects, a\n different vulnerability than CVE-2011-4153.\n\n *\n\n CVE-2012-0788: The PDORow implementation in PHP did\n not properly interact with the session feature, which\n allowed remote attackers to cause a denial of service\n (application crash) via a crafted application that uses a\n PDO driver for a fetch and then calls the session_start\n function, as demonstrated by a crash of the Apache HTTP\n Server.\n\n *\n\n CVE-2012-0789: Memory leak in the timezone\n functionality in PHP allowed remote attackers to cause a\n denial of service (memory consumption) by triggering many\n strtotime function calls, which were not properly handled\n by the php_date_parse_tzfile cache.\n\n *\n\n CVE-2011-4885: PHP computed hash values for form\n parameters without restricting the ability to trigger hash\n collisions predictably, which allowed remote attackers to\n cause a denial of service (CPU consumption) by sending many\n crafted parameters. We added a max_input_vars directive to\n prevent attacks based on hash collisions.\n\n *\n\n CVE-2011-4566: Integer overflow in the\n exif_process_IFD_TAG function in exif.c in the exif\n extension in PHP allowed remote attackers to read the\n contents of arbitrary memory locations or cause a denial of\n service via a crafted offset_val value in an EXIF header in\n a JPEG file, a different vulnerability than CVE-2011-0708.\n\n *\n\n CVE-2011-3182: PHP did not properly check the return\n values of the malloc, calloc, and realloc library\n functions, which allowed context-dependent attackers to\n cause a denial of service (NULL pointer dereference and\n application crash) or trigger a buffer overflow by\n leveraging the ability to provide an arbitrary value for a\n function argument, related to (1) ext/curl/interface.c, (2)\n ext/date/lib/parse_date.c, (3)\n ext/date/lib/parse_iso_intervals.c, (4)\n ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\n ext/pdo_odbc/pdo_odbc.c, (7)\n ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c,\n (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c,\n and (11) the strtotime function.\n\n *\n\n CVE-2011-1466: Integer overflow in the SdnToJulian\n function in the Calendar extension in PHP allowed\n context-dependent attackers to cause a denial of service\n (application crash) via a large integer in the first\n argument to the cal_from_jd function.\n\n *\n\n CVE-2011-1072: The installer in PEAR allowed local\n users to overwrite arbitrary files via a symlink attack on\n the package.xml file, related to the (1) download_dir, (2)\n cache_dir, (3) tmp_dir, and (4) pear-build-download\n directories, a different vulnerability than CVE-2007-2519.\n\n *\n\n CVE-2011-2202: The rfc1867_post_handler function in\n main/rfc1867.c in PHP did not properly restrict filenames\n in multipart/form-data POST requests, which allowed remote\n attackers to conduct absolute path traversal attacks, and\n possibly create or overwrite arbitrary files, via a crafted\n upload request, related to a "file path injection\n vulnerability."\n\n Bugfixes:\n\n * fixed php bug #43200 (Interface implementation /\n inheritence not possible in abstract classes) [bnc#783239]\n * use FilesMatch with 'SetHandler' rather than\n 'AddHandler' [bnc#775852]\n * fixed unpredictable unpack()/pack() behaviour\n [bnc#753778]\n * memory corruption in parse_ini_string() [bnc#742806]\n * amend README.SUSE to discourage using apache module\n with apache2-worker [bnc#728671]\n * allow uploading files bigger than 2GB for 64bit\n systems [bnc#709549]\n", "cvss3": {}, "published": "2013-08-16T21:04:11", "type": "suse", "title": "Security update for PHP5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-2311", "CVE-2013-4113", "CVE-2012-2336", "CVE-2011-1466", "CVE-2012-0789", "CVE-2013-1643", "CVE-2012-2335", "CVE-2012-1823", "CVE-2011-4885", "CVE-2012-2688", "CVE-2011-1398", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0781", "CVE-2011-0708", "CVE-2013-4635", "CVE-2011-4388", "CVE-2011-3182", "CVE-2012-4388", "CVE-2012-0057", "CVE-2012-1172", "CVE-2011-4566", "CVE-2007-2519", "CVE-2013-1635", "CVE-2011-2202", "CVE-2012-0831", "CVE-2011-1072", "CVE-2011-4153", "CVE-2012-0807", "CVE-2012-3365"], "modified": "2013-08-16T21:04:11", "id": "SUSE-SU-2013:1351-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00016.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-11-30T14:48:18", "description": "This update of php5 fixes multiple security flaws :\n\n - missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). (CVE-2011-4153)\n\n - denial of service via hash collisions. (CVE-2011-4885)\n\n - specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. (CVE-2012-0057)\n\n - remote attackers can cause a denial of service via specially crafted input to an application that attempts to perform Tidy::diagnose operations. (CVE-2012-0781)\n\n - applications that use a PDO driver were prone to denial of service flaws which could be exploited remotely.\n (CVE-2012-0788)\n\n - memory leak in the timezone functionality could allow remote attackers to cause a denial of service (memory consumption). (CVE-2012-0789)\n\n - a stack-based buffer overflow in php5's Suhosin extension could allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header. (CVE-2012-0807)\n\n - this fixes an incorrect fix for CVE-2011-4885 which could allow remote attackers to execute arbitrary code via a request containing a large number of variables.\n (CVE-2012-0830)\n\n - temporary changes to the magic_quotes_gpc directive during the importing of environment variables is not properly performed which makes it easier for remote attackers to conduct SQL injections. (CVE-2012-0831)", "cvss3": {}, "published": "2012-03-26T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8009)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4153", "CVE-2011-4885", "CVE-2012-0057", "CVE-2012-0781", "CVE-2012-0788", "CVE-2012-0789", "CVE-2012-0807", "CVE-2012-0830", "CVE-2012-0831"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_APACHE2-MOD_PHP5-8009.NASL", "href": "https://www.tenable.com/plugins/nessus/58480", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58480);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4153\", \"CVE-2011-4885\", \"CVE-2012-0057\", \"CVE-2012-0781\", \"CVE-2012-0788\", \"CVE-2012-0789\", \"CVE-2012-0807\", \"CVE-2012-0830\", \"CVE-2012-0831\");\n script_xref(name:\"TRA\", value:\"TRA-2012-01\");\n\n script_name(english:\"SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8009)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of php5 fixes multiple security flaws :\n\n - missing checks of return values could allow remote\n attackers to cause a denial of service (NULL pointer\n dereference). (CVE-2011-4153)\n\n - denial of service via hash collisions. (CVE-2011-4885)\n\n - specially crafted XSLT stylesheets could allow remote\n attackers to create arbitrary files with arbitrary\n content. (CVE-2012-0057)\n\n - remote attackers can cause a denial of service via\n specially crafted input to an application that attempts\n to perform Tidy::diagnose operations. (CVE-2012-0781)\n\n - applications that use a PDO driver were prone to denial\n of service flaws which could be exploited remotely.\n (CVE-2012-0788)\n\n - memory leak in the timezone functionality could allow\n remote attackers to cause a denial of service (memory\n consumption). (CVE-2012-0789)\n\n - a stack-based buffer overflow in php5's Suhosin\n extension could allow remote attackers to execute\n arbitrary code via a long string that is used in a\n Set-Cookie HTTP header. (CVE-2012-0807)\n\n - this fixes an incorrect fix for CVE-2011-4885 which\n could allow remote attackers to execute arbitrary code\n via a request containing a large number of variables.\n (CVE-2012-0830)\n\n - temporary changes to the magic_quotes_gpc directive\n during the importing of environment variables is not\n properly performed which makes it easier for remote\n attackers to conduct SQL injections. (CVE-2012-0831)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4153.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4885.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0057.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0781.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0788.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0789.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0807.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0831.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2012-01\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8009.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"apache2-mod_php5-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-bcmath-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-bz2-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-calendar-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-ctype-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-curl-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-dba-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-dbase-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-devel-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-dom-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-exif-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-fastcgi-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-ftp-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-gd-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-gettext-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-gmp-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-hash-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-iconv-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-imap-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-json-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-ldap-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-mbstring-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-mcrypt-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-mhash-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-mysql-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-ncurses-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-odbc-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-openssl-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-pcntl-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-pdo-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-pear-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-pgsql-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-posix-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-pspell-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-shmop-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-snmp-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-soap-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-sockets-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-sqlite-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-suhosin-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-sysvmsg-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-sysvsem-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-sysvshm-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-tokenizer-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-wddx-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-xmlreader-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-xmlrpc-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-xsl-5.2.14-0.26.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"php5-zlib-5.2.14-0.26.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:40:12", "description": "It was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. (CVE-2011-4885)\n\nATTENTION: this update changes previous PHP behavior by limiting the number of external input variables to 1000. This may be increased by adding a 'max_input_vars' directive to the php.ini configuration file.\nSee http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars for more information.\n\nStefan Esser discovered that the fix to address the predictable hash collision issue, CVE-2011-4885, did not properly handle the situation where the limit was reached. This could allow a remote attacker to cause a denial of service or execute arbitrary code via a request containing a large number of variables. (CVE-2012-0830)\n\nIt was discovered that PHP did not always check the return value of the zend_strndup function. This could allow a remote attacker to cause a denial of service. (CVE-2011-4153)\n\nIt was discovered that PHP did not properly enforce libxslt security settings. This could allow a remote attacker to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.\n(CVE-2012-0057)\n\nIt was discovered that PHP did not properly enforce that PDORow objects could not be serialized and not be saved in a session. A remote attacker could use this to cause a denial of service via an application crash. (CVE-2012-0788)\n\nIt was discovered that PHP allowed the magic_quotes_gpc setting to be disabled remotely. This could allow a remote attacker to bypass restrictions that could prevent a SQL injection. (CVE-2012-0831)\n\nUSN 1126-1 addressed an issue where the /etc/cron.d/php5 cron job for PHP allowed local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. Emese Revfy discovered that the fix had not been applied to PHP for Ubuntu 10.04 LTS. This update corrects the issue. We apologize for the error. (CVE-2011-0441).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-02-10T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerabilities (USN-1358-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0441", "CVE-2011-4153", "CVE-2011-4885", "CVE-2012-0057", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0831"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:php5", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-common", "p-cpe:/a:canonical:ubuntu_linux:php5-xsl", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1358-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57888", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1358-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57888);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-0441\", \"CVE-2011-4153\", \"CVE-2011-4885\", \"CVE-2012-0057\", \"CVE-2012-0788\", \"CVE-2012-0830\", \"CVE-2012-0831\");\n script_bugtraq_id(46928, 51417, 51806, 51830);\n script_xref(name:\"USN\", value:\"1358-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerabilities (USN-1358-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that PHP computed hash values for form parameters\nwithout restricting the ability to trigger hash collisions\npredictably. This could allow a remote attacker to cause a denial of\nservice by sending many crafted parameters. (CVE-2011-4885)\n\nATTENTION: this update changes previous PHP behavior by limiting the\nnumber of external input variables to 1000. This may be increased by\nadding a 'max_input_vars' directive to the php.ini configuration file.\nSee\nhttp://www.php.net/manual/en/info.configuration.php#ini.max-input-vars\nfor more information.\n\nStefan Esser discovered that the fix to address the predictable hash\ncollision issue, CVE-2011-4885, did not properly handle the situation\nwhere the limit was reached. This could allow a remote attacker to\ncause a denial of service or execute arbitrary code via a request\ncontaining a large number of variables. (CVE-2012-0830)\n\nIt was discovered that PHP did not always check the return value of\nthe zend_strndup function. This could allow a remote attacker to cause\na denial of service. (CVE-2011-4153)\n\nIt was discovered that PHP did not properly enforce libxslt security\nsettings. This could allow a remote attacker to create arbitrary files\nvia a crafted XSLT stylesheet that uses the libxslt output extension.\n(CVE-2012-0057)\n\nIt was discovered that PHP did not properly enforce that PDORow\nobjects could not be serialized and not be saved in a session. A\nremote attacker could use this to cause a denial of service via an\napplication crash. (CVE-2012-0788)\n\nIt was discovered that PHP allowed the magic_quotes_gpc setting to be\ndisabled remotely. This could allow a remote attacker to bypass\nrestrictions that could prevent a SQL injection. (CVE-2012-0831)\n\nUSN 1126-1 addressed an issue where the /etc/cron.d/php5 cron job for\nPHP allowed local users to delete arbitrary files via a symlink attack\non a directory under /var/lib/php5/. Emese Revfy discovered that the\nfix had not been applied to PHP for Ubuntu 10.04 LTS. This update\ncorrects the issue. We apologize for the error. (CVE-2011-0441).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1358-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.4-2ubuntu5.22\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5\", pkgver:\"5.2.4-2ubuntu5.22\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cgi\", pkgver:\"5.2.4-2ubuntu5.22\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cli\", pkgver:\"5.2.4-2ubuntu5.22\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-common\", pkgver:\"5.2.4-2ubuntu5.22\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-xsl\", pkgver:\"5.2.4-2ubuntu5.22\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.2-1ubuntu4.13\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5\", pkgver:\"5.3.2-1ubuntu4.13\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.2-1ubuntu4.13\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cli\", pkgver:\"5.3.2-1ubuntu4.13\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-common\", pkgver:\"5.3.2-1ubuntu4.13\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-xsl\", pkgver:\"5.3.2-1ubuntu4.13\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.3-1ubuntu9.9\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5\", pkgver:\"5.3.3-1ubuntu9.9\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-cgi\", pkgver:\"5.3.3-1ubuntu9.9\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-cli\", pkgver:\"5.3.3-1ubuntu9.9\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-common\", pkgver:\"5.3.3-1ubuntu9.9\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-xsl\", pkgver:\"5.3.3-1ubuntu9.9\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.5-1ubuntu7.6\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5\", pkgver:\"5.3.5-1ubuntu7.6\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.5-1ubuntu7.6\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-cli\", pkgver:\"5.3.5-1ubuntu7.6\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-common\", pkgver:\"5.3.5-1ubuntu7.6\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-xsl\", pkgver:\"5.3.5-1ubuntu7.6\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.6-13ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"php5\", pkgver:\"5.3.6-13ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"php5-cgi\", pkgver:\"5.3.6-13ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"php5-cli\", pkgver:\"5.3.6-13ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"php5-common\", pkgver:\"5.3.6-13ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"php5-xsl\", pkgver:\"5.3.6-13ubuntu3.5\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / php5 / php5-cgi / php5-cli / php5-common / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T16:09:31", "description": "USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for CVE-2012-0831 introduced a regression where the state of the magic_quotes_gpc setting was not correctly reflected when calling the ini_get() function.\n\nWe apologize for the inconvenience.\n\nIt was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. (CVE-2011-4885)\n\nATTENTION: this update changes previous PHP behavior by limiting the number of external input variables to 1000.\nThis may be increased by adding a 'max_input_vars' directive to the php.ini configuration file. See http://www.php.net/manual/en/info.configuration.php#ini.max- input-vars for more information.\n\nStefan Esser discovered that the fix to address the predictable hash collision issue, CVE-2011-4885, did not properly handle the situation where the limit was reached.\nThis could allow a remote attacker to cause a denial of service or execute arbitrary code via a request containing a large number of variables. (CVE-2012-0830)\n\nIt was discovered that PHP did not always check the return value of the zend_strndup function. This could allow a remote attacker to cause a denial of service.\n(CVE-2011-4153)\n\nIt was discovered that PHP did not properly enforce libxslt security settings. This could allow a remote attacker to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. (CVE-2012-0057)\n\nIt was discovered that PHP did not properly enforce that PDORow objects could not be serialized and not be saved in a session. A remote attacker could use this to cause a denial of service via an application crash. (CVE-2012-0788)\n\nIt was discovered that PHP allowed the magic_quotes_gpc setting to be disabled remotely. This could allow a remote attacker to bypass restrictions that could prevent a SQL injection. (CVE-2012-0831)\n\nUSN 1126-1 addressed an issue where the /etc/cron.d/php5 cron job for PHP allowed local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. Emese Revfy discovered that the fix had not been applied to PHP for Ubuntu 10.04 LTS. This update corrects the issue. We apologize for the error.\n(CVE-2011-0441).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-02-14T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 regression (USN-1358-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0441", "CVE-2011-4153", "CVE-2011-4885", "CVE-2012-0057", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0831"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:php5", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1358-2.NASL", "href": "https://www.tenable.com/plugins/nessus/57932", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1358-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57932);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-0441\", \"CVE-2011-4153\", \"CVE-2011-4885\", \"CVE-2012-0057\", \"CVE-2012-0788\", \"CVE-2012-0830\", \"CVE-2012-0831\");\n script_xref(name:\"USN\", value:\"1358-2\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 regression (USN-1358-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for\nCVE-2012-0831 introduced a regression where the state of the\nmagic_quotes_gpc setting was not correctly reflected when calling the\nini_get() function.\n\nWe apologize for the inconvenience.\n\nIt was discovered that PHP computed hash values for form parameters\nwithout restricting the ability to trigger hash collisions\npredictably. This could allow a remote attacker to cause a denial of\nservice by sending many crafted parameters. (CVE-2011-4885)\n\nATTENTION: this update changes previous PHP behavior by\nlimiting the number of external input variables to 1000.\nThis may be increased by adding a 'max_input_vars' directive\nto the php.ini configuration file. See\nhttp://www.php.net/manual/en/info.configuration.php#ini.max-\ninput-vars for more information.\n\nStefan Esser discovered that the fix to address the\npredictable hash collision issue, CVE-2011-4885, did not\nproperly handle the situation where the limit was reached.\nThis could allow a remote attacker to cause a denial of\nservice or execute arbitrary code via a request containing a\nlarge number of variables. (CVE-2012-0830)\n\nIt was discovered that PHP did not always check the return\nvalue of the zend_strndup function. This could allow a\nremote attacker to cause a denial of service.\n(CVE-2011-4153)\n\nIt was discovered that PHP did not properly enforce libxslt\nsecurity settings. This could allow a remote attacker to\ncreate arbitrary files via a crafted XSLT stylesheet that\nuses the libxslt output extension. (CVE-2012-0057)\n\nIt was discovered that PHP did not properly enforce that\nPDORow objects could not be serialized and not be saved in a\nsession. A remote attacker could use this to cause a denial\nof service via an application crash. (CVE-2012-0788)\n\nIt was discovered that PHP allowed the magic_quotes_gpc\nsetting to be disabled remotely. This could allow a remote\nattacker to bypass restrictions that could prevent a SQL\ninjection. (CVE-2012-0831)\n\nUSN 1126-1 addressed an issue where the /etc/cron.d/php5\ncron job for PHP allowed local users to delete arbitrary\nfiles via a symlink attack on a directory under\n/var/lib/php5/. Emese Revfy discovered that the fix had not\nbeen applied to PHP for Ubuntu 10.04 LTS. This update\ncorrects the issue. We apologize for the error.\n(CVE-2011-0441).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1358-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.4-2ubuntu5.23\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5\", pkgver:\"5.2.4-2ubuntu5.23\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cgi\", pkgver:\"5.2.4-2ubuntu5.23\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cli\", pkgver:\"5.2.4-2ubuntu5.23\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.2-1ubuntu4.14\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5\", pkgver:\"5.3.2-1ubuntu4.14\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.2-1ubuntu4.14\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cli\", pkgver:\"5.3.2-1ubuntu4.14\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.3-1ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5\", pkgver:\"5.3.3-1ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-cgi\", pkgver:\"5.3.3-1ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-cli\", pkgver:\"5.3.3-1ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.5-1ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5\", pkgver:\"5.3.5-1ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.5-1ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-cli\", pkgver:\"5.3.5-1ubuntu7.7\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.6-13ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"php5\", pkgver:\"5.3.6-13ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"php5-cgi\", pkgver:\"5.3.6-13ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"php5-cli\", pkgver:\"5.3.6-13ubuntu3.6\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / php5 / php5-cgi / php5-cli\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:32:01", "description": "php5 security update", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : php5 (openSUSE-SU-2012:0426-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1466", "CVE-2011-4153", "CVE-2011-4566", "CVE-2011-4885", "CVE-2012-0057", "CVE-2012-0781", "CVE-2012-0788", "CVE-2012-0789", "CVE-2012-0807", "CVE-2012-0830", "CVE-2012-0831"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php5-mssql", "p-cpe:/a:novell:opensuse:php5-mssql-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo"], "id": "OPENSUSE-2012-182.NASL", "href": "https://www.tenable.com/plugins/nessus/74580", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-182.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74580);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1466\", \"CVE-2011-4153\", \"CVE-2011-4566\", \"CVE-2011-4885\", \"CVE-2012-0057\", \"CVE-2012-0781\", \"CVE-2012-0788\", \"CVE-2012-0789\", \"CVE-2012-0807\", \"CVE-2012-0830\", \"CVE-2012-0831\");\n script_xref(name:\"TRA\", value:\"TRA-2012-01\");\n\n script_name(english:\"openSUSE Security Update : php5 (openSUSE-SU-2012:0426-1)\");\n script_summary(english:\"Check for the openSUSE-2012-182 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(attribute:\"description\", value:\"php5 security update\");\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=728671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=733590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=736169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=738221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=742273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=742806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=743308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=744966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=746661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=749111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-03/msg00047.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2012-01\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"apache2-mod_php5-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"apache2-mod_php5-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-bcmath-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-bcmath-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-bz2-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-bz2-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-calendar-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-calendar-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-ctype-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-ctype-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-curl-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-curl-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-dba-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-dba-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-debugsource-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-devel-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-dom-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-dom-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-enchant-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-enchant-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-exif-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-exif-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-fastcgi-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-fastcgi-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-fileinfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-fileinfo-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-fpm-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-fpm-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-ftp-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-ftp-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-gd-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-gd-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-gettext-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-gettext-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-gmp-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-gmp-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-iconv-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-iconv-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-imap-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-imap-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-intl-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-intl-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-json-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-json-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-ldap-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-ldap-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-mbstring-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-mbstring-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-mcrypt-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-mcrypt-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-mssql-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-mssql-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-mysql-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-mysql-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-odbc-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-odbc-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-openssl-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-openssl-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-pcntl-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-pcntl-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-pdo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-pdo-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-pear-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-pgsql-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-pgsql-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-phar-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-phar-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-posix-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-posix-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-pspell-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-pspell-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-readline-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-readline-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-shmop-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-shmop-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-snmp-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-snmp-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-soap-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-soap-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-sockets-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-sockets-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-sqlite-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-sqlite-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-suhosin-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-suhosin-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-sysvmsg-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-sysvmsg-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-sysvsem-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-sysvsem-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-sysvshm-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-sysvshm-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-tidy-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-tidy-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-tokenizer-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-tokenizer-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-wddx-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-wddx-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-xmlreader-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-xmlreader-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-xmlrpc-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-xmlrpc-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-xmlwriter-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-xmlwriter-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-xsl-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-xsl-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-zip-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-zip-debuginfo-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-zlib-5.3.8-4.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"php5-zlib-debuginfo-5.3.8-4.9.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:41:52", "description": "This update of php5 fixes multiple security flaws :\n\n - A php5 upload filename injection was fixed.\n (CVE-2011-2202)\n\n - A integer overflow in the EXIF extension was fixed that could be used by attackers to crash the interpreter or potentially read memory. (CVE-2011-4566)\n\n - Multiple NULL pointer dereferences were fixed that could lead to crashes. (CVE-2011-3182)\n\n - An integer overflow in the PHP calendar extension was fixed that could have led to crashes. (CVE-2011-1466)\n\n - A symlink vulnerability in the PEAR installer could be exploited by local attackers to inject code.\n (CVE-2011-1072)\n\n - missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). (CVE-2011-4153)\n\n - denial of service via hash collisions. (CVE-2011-4885)\n\n - specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. (CVE-2012-0057)\n\n - remote attackers can cause a denial of service via specially crafted input to an application that attempts to perform Tidy::diagnose operations. (CVE-2012-0781)\n\n - applications that use a PDO driver were prone to denial of service flaws which could be exploited remotely.\n (CVE-2012-0788)\n\n - memory leak in the timezone functionality could allow remote attackers to cause a denial of service (memory consumption). (CVE-2012-0789)\n\n - a stack-based buffer overflow in the php5 Suhosin extension could allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header. (CVE-2012-0807)\n\n - this fixes an incorrect fix for CVE-2011-4885 which could allow remote attackers to execute arbitrary code via a request containing a large number of variables.\n (CVE-2012-0830)\n\n - temporary changes to the magic_quotes_gpc directive during the importing of environment variables is not properly performed which makes it easier for remote attackers to conduct SQL injections. (CVE-2012-0831)\n\nAlso the following bugs have been fixed :\n\n - allow uploading files bigger than 2GB for 64bit systems [bnc#709549]\n\n - amend README.SUSE to discourage using apache module with apache2-worker [bnc#728671]", "cvss3": {}, "published": "2012-04-13T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : PHP5 (SAT Patch Number 5964)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1072", "CVE-2011-1466", "CVE-2011-2202", "CVE-2011-3182", "CVE-2011-4153", "CVE-2011-4566", "CVE-2011-4885", "CVE-2012-0057", "CVE-2012-0781", "CVE-2012-0788", "CVE-2012-0789", "CVE-2012-0807", "CVE-2012-0830", "CVE-2012-0831"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:apache2-mod_php5", "p-cpe:/a:novell:suse_linux:11:php5", "p-cpe:/a:novell:suse_linux:11:php5-bcmath", "p-cpe:/a:novell:suse_linux:11:php5-bz2", "p-cpe:/a:novell:suse_linux:11:php5-calendar", "p-cpe:/a:novell:suse_linux:11:php5-ctype", "p-cpe:/a:novell:suse_linux:11:php5-curl", "p-cpe:/a:novell:suse_linux:11:php5-dba", "p-cpe:/a:novell:suse_linux:11:php5-dbase", "p-cpe:/a:novell:suse_linux:11:php5-dom", "p-cpe:/a:novell:suse_linux:11:php5-exif", "p-cpe:/a:novell:suse_linux:11:php5-fastcgi", "p-cpe:/a:novell:suse_linux:11:php5-ftp", "p-cpe:/a:novell:suse_linux:11:php5-gd", "p-cpe:/a:novell:suse_linux:11:php5-gettext", "p-cpe:/a:novell:suse_linux:11:php5-gmp", "p-cpe:/a:novell:suse_linux:11:php5-hash", "p-cpe:/a:novell:suse_linux:11:php5-iconv", "p-cpe:/a:novell:suse_linux:11:php5-json", "p-cpe:/a:novell:suse_linux:11:php5-ldap", "p-cpe:/a:novell:suse_linux:11:php5-mbstring", "p-cpe:/a:novell:suse_linux:11:php5-mcrypt", "p-cpe:/a:novell:suse_linux:11:php5-mysql", "p-cpe:/a:novell:suse_linux:11:php5-odbc", "p-cpe:/a:novell:suse_linux:11:php5-openssl", "p-cpe:/a:novell:suse_linux:11:php5-pcntl", "p-cpe:/a:novell:suse_linux:11:php5-pdo", "p-cpe:/a:novell:suse_linux:11:php5-pear", "p-cpe:/a:novell:suse_linux:11:php5-pgsql", "p-cpe:/a:novell:suse_linux:11:php5-pspell", "p-cpe:/a:novell:suse_linux:11:php5-shmop", "p-cpe:/a:novell:suse_linux:11:php5-snmp", "p-cpe:/a:novell:suse_linux:11:php5-soap", "p-cpe:/a:novell:suse_linux:11:php5-suhosin", "p-cpe:/a:novell:suse_linux:11:php5-sysvmsg", "p-cpe:/a:novell:suse_linux:11:php5-sysvsem", "p-cpe:/a:novell:suse_linux:11:php5-sysvshm", "p-cpe:/a:novell:suse_linux:11:php5-tokenizer", "p-cpe:/a:novell:suse_linux:11:php5-wddx", "p-cpe:/a:novell:suse_linux:11:php5-xmlreader", "p-cpe:/a:novell:suse_linux:11:php5-xmlrpc", "p-cpe:/a:novell:suse_linux:11:php5-xmlwriter", "p-cpe:/a:novell:suse_linux:11:php5-xsl", "p-cpe:/a:novell:suse_linux:11:php5-zip", "p-cpe:/a:novell:suse_linux:11:php5-zlib", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_APACHE2-MOD_PHP5-120309.NASL", "href": "https://www.tenable.com/plugins/nessus/58740", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58740);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1072\", \"CVE-2011-1466\", \"CVE-2011-2202\", \"CVE-2011-3182\", \"CVE-2011-4153\", \"CVE-2011-4566\", \"CVE-2011-4885\", \"CVE-2012-0057\", \"CVE-2012-0781\", \"CVE-2012-0788\", \"CVE-2012-0789\", \"CVE-2012-0807\", \"CVE-2012-0830\", \"CVE-2012-0831\");\n\n script_name(english:\"SuSE 11.1 Security Update : PHP5 (SAT Patch Number 5964)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of php5 fixes multiple security flaws :\n\n - A php5 upload filename injection was fixed.\n (CVE-2011-2202)\n\n - A integer overflow in the EXIF extension was fixed that\n could be used by attackers to crash the interpreter or\n potentially read memory. (CVE-2011-4566)\n\n - Multiple NULL pointer dereferences were fixed that could\n lead to crashes. (CVE-2011-3182)\n\n - An integer overflow in the PHP calendar extension was\n fixed that could have led to crashes. (CVE-2011-1466)\n\n - A symlink vulnerability in the PEAR installer could be\n exploited by local attackers to inject code.\n (CVE-2011-1072)\n\n - missing checks of return values could allow remote\n attackers to cause a denial of service (NULL pointer\n dereference). (CVE-2011-4153)\n\n - denial of service via hash collisions. (CVE-2011-4885)\n\n - specially crafted XSLT stylesheets could allow remote\n attackers to create arbitrary files with arbitrary\n content. (CVE-2012-0057)\n\n - remote attackers can cause a denial of service via\n specially crafted input to an application that attempts\n to perform Tidy::diagnose operations. (CVE-2012-0781)\n\n - applications that use a PDO driver were prone to denial\n of service flaws which could be exploited remotely.\n (CVE-2012-0788)\n\n - memory leak in the timezone functionality could allow\n remote attackers to cause a denial of service (memory\n consumption). (CVE-2012-0789)\n\n - a stack-based buffer overflow in the php5 Suhosin\n extension could allow remote attackers to execute\n arbitrary code via a long string that is used in a\n Set-Cookie HTTP header. (CVE-2012-0807)\n\n - this fixes an incorrect fix for CVE-2011-4885 which\n could allow remote attackers to execute arbitrary code\n via a request containing a large number of variables.\n (CVE-2012-0830)\n\n - temporary changes to the magic_quotes_gpc directive\n during the importing of environment variables is not\n properly performed which makes it easier for remote\n attackers to conduct SQL injections. (CVE-2012-0831)\n\nAlso the following bugs have been fixed :\n\n - allow uploading files bigger than 2GB for 64bit systems\n [bnc#709549]\n\n - amend README.SUSE to discourage using apache module with\n apache2-worker [bnc#728671]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=709549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=728671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=733590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=735613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=736169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=738221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=742273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=742806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=743308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=744966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=746661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=749111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1072.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1466.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2202.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4153.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4566.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4885.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0057.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0781.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0788.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0789.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0807.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0831.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5964.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"apache2-mod_php5-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-bcmath-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-bz2-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-calendar-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-ctype-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-curl-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-dba-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-dbase-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-dom-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-exif-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-fastcgi-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-ftp-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-gd-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-gettext-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-gmp-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-hash-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-iconv-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-json-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-ldap-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-mbstring-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-mcrypt-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-mysql-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-odbc-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-openssl-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-pcntl-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-pdo-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-pear-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-pgsql-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-pspell-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-shmop-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-snmp-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-soap-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-suhosin-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-sysvmsg-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-sysvsem-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-sysvshm-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-tokenizer-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-wddx-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-xmlreader-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-xmlrpc-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-xmlwriter-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-xsl-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-zip-5.2.14-0.7.30.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"php5-zlib-5.2.14-0.7.30.34.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:43:52", "description": "Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP configuration directive, 'xsl.security_prefs', can be used to enable file writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172)\n\nIt was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0546, did not properly filter all php-cgi command line arguments. A specially crafted request to a PHP script could cause the PHP interpreter to output usage information that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nIt was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153)\n\nAll php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-06-28T00:00:00", "type": "nessus", "title": "RHEL 5 : php (RHSA-2012:1045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4153", "CVE-2012-0057", "CVE-2012-0789", "CVE-2012-1172", "CVE-2012-1823", "CVE-2012-2336"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-debuginfo", "p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-gd", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-ncurses", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-pgsql"], "id": "REDHAT-RHSA-2012-1045.NASL", "href": "https://www.tenable.com/plugins/nessus/59751", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1045. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59751);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4153\", \"CVE-2012-0057\", \"CVE-2012-0789\", \"CVE-2012-1172\", \"CVE-2012-2336\");\n script_xref(name:\"RHSA\", value:\"2012:1045\");\n script_xref(name:\"TRA\", value:\"TRA-2012-01\");\n\n script_name(english:\"RHEL 5 : php (RHSA-2012:1045)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file\nwriting capability of libxslt. A remote attacker could use this flaw\nto create or overwrite an arbitrary file that is writable by the user\nrunning PHP, if a PHP script processed untrusted eXtensible Style\nSheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP\nconfiguration directive, 'xsl.security_prefs', can be used to enable\nfile writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload\nrequests. A remote attacker could possibly use this flaw to bypass the\nsanitization of the uploaded file names, and cause a PHP script to\nstore the uploaded file in an unexpected directory, by using a\ndirectory traversal attack. (CVE-2012-1172)\n\nIt was discovered that the fix for CVE-2012-1823, released via\nRHSA-2012:0546, did not properly filter all php-cgi command line\narguments. A specially crafted request to a PHP script could cause the\nPHP interpreter to output usage information that triggers an Internal\nServer Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A\nremote attacker could possibly use this flaw to cause excessive memory\nconsumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nIt was found that PHP did not check the zend_strndup() function's\nreturn value in certain cases. A remote attacker could possibly use\nthis flaw to crash a PHP application. (CVE-2011-4153)\n\nAll php users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://rhn.redhat.com/errata/RHSA-2012-0546.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2012-01\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1045\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-bcmath-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-bcmath-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-bcmath-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-cli-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-cli-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-cli-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-common-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-common-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-common-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-dba-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-dba-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-dba-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-debuginfo-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-debuginfo-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-debuginfo-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-devel-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-devel-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-devel-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-gd-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-gd-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-gd-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-imap-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-imap-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-imap-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ldap-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ldap-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ldap-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mbstring-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mbstring-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mbstring-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mysql-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mysql-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mysql-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ncurses-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ncurses-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ncurses-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-odbc-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-odbc-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-odbc-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pdo-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pdo-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pdo-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pgsql-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pgsql-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pgsql-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-snmp-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-snmp-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-snmp-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-soap-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-soap-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-soap-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xml-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xml-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xml-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xmlrpc-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xmlrpc-5.1.6-39.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.1.6-39.el5_8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T16:13:31", "description": "Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP configuration directive, 'xsl.security_prefs', can be used to enable file writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172)\n\nIt was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0546, did not properly filter all php-cgi command line arguments. A specially crafted request to a PHP script could cause the PHP interpreter to output usage information that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nIt was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153)\n\nAll php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-06-28T00:00:00", "type": "nessus", "title": "CentOS 5 : php (CESA-2012:1045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4153", "CVE-2012-0057", "CVE-2012-0789", "CVE-2012-1172", "CVE-2012-1823", "CVE-2012-2336"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:php", "p-cpe:/a:centos:centos:php-bcmath", "p-cpe:/a:centos:centos:php-cli", "p-cpe:/a:centos:centos:php-common", "p-cpe:/a:centos:centos:php-dba", "p-cpe:/a:centos:centos:php-devel", "p-cpe:/a:centos:centos:php-gd", "p-cpe:/a:centos:centos:php-imap", "p-cpe:/a:centos:centos:php-ldap", "p-cpe:/a:centos:centos:php-mbstring", "p-cpe:/a:centos:centos:php-mysql", "p-cpe:/a:centos:centos:php-ncurses", "p-cpe:/a:centos:centos:php-odbc", "p-cpe:/a:centos:centos:php-pdo", "p-cpe:/a:centos:centos:php-pgsql", "p-cpe:/a:centos:centos:php-snmp", "p-cpe:/a:centos:centos:php-soap", "p-cpe:/a:centos:centos:php-xml", "p-cpe:/a:centos:centos:php-xmlrpc", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2012-1045.NASL", "href": "https://www.tenable.com/plugins/nessus/59738", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1045 and \n# CentOS Errata and Security Advisory 2012:1045 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59738);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-4153\", \"CVE-2012-0057\", \"CVE-2012-0789\", \"CVE-2012-1172\", \"CVE-2012-2336\");\n script_xref(name:\"RHSA\", value:\"2012:1045\");\n script_xref(name:\"TRA\", value:\"TRA-2012-01\");\n\n script_name(english:\"CentOS 5 : php (CESA-2012:1045)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file\nwriting capability of libxslt. A remote attacker could use this flaw\nto create or overwrite an arbitrary file that is writable by the user\nrunning PHP, if a PHP script processed untrusted eXtensible Style\nSheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP\nconfiguration directive, 'xsl.security_prefs', can be used to enable\nfile writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload\nrequests. A remote attacker could possibly use this flaw to bypass the\nsanitization of the uploaded file names, and cause a PHP script to\nstore the uploaded file in an unexpected directory, by using a\ndirectory traversal attack. (CVE-2012-1172)\n\nIt was discovered that the fix for CVE-2012-1823, released via\nRHSA-2012:0546, did not properly filter all php-cgi command line\narguments. A specially crafted request to a PHP script could cause the\nPHP interpreter to output usage information that triggers an Internal\nServer Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A\nremote attacker could possibly use this flaw to cause excessive memory\nconsumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nIt was found that PHP did not check the zend_strndup() function's\nreturn value in certain cases. A remote attacker could possibly use\nthis flaw to crash a PHP application. (CVE-2011-4153)\n\nAll php users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-June/018702.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?37e3d16d\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2012-01\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0057\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-bcmath-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-cli-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-common-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-dba-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-devel-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-gd-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-imap-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-ldap-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-mbstring-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-mysql-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-ncurses-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-odbc-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-pdo-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-pgsql-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-snmp-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-soap-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-xml-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-xmlrpc-5.1.6-39.el5_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:42:42", "description": "Multiple vulnerabilities has been identified and fixed in php :\n\nThe PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server (CVE-2012-0788). Note: this was fixed with php-5.3.10\n\nThe php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885 (CVE-2012-0830). Note: this was fixed with php-5.3.10\n\nPHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c (CVE-2012-0831).\n\nInsufficient validating of upload name leading to corrupted $_FILES indices (CVE-2012-1172).\n\nThe updated php packages have been upgraded to 5.3.11 which is not vulnerable to these issues.\n\nStack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header (CVE-2012-0807). The php-suhosin packages has been upgraded to the 0.9.33 version which is not affected by this issue.\n\nAdditionally some of the PECL extensions has been upgraded to their latest respective versions which resolves various upstream bugs.", "cvss3": {}, "published": "2012-04-27T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : php (MDVSA-2012:065)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4885", "CVE-2012-0788", "CVE-2012-0807", "CVE-2012-0830", "CVE-2012-0831", "CVE-2012-1172"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache-mod_php", "p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:php-ctype", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-doc", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-enchant", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-fileinfo", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-fpm", "p-cpe:/a:mandriva:linux:libphp5_common5", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-bz2", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-sqlite", "p-cpe:/a:mandriva:linux:php-sqlite3", "p-cpe:/a:mandriva:linux:php-ssh2", "p-cpe:/a:mandriva:linux:php-suhosin", "p-cpe:/a:mandriva:linux:php-sybase_ct", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:php-timezonedb", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-vld", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-xdebug", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-zip", "p-cpe:/a:mandriva:linux:php-zlib", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-ini", "p-cpe:/a:mandriva:linux:php-intl", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-mailparse", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-mysqli", "p-cpe:/a:mandriva:linux:php-mysqlnd", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-openssl", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-pdo", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "p-cpe:/a:mandriva:linux:php-pgsql", "p-cpe:/a:mandriva:linux:php-phar", "p-cpe:/a:mandriva:linux:php-posix", "p-cpe:/a:mandriva:linux:php-pspell", "p-cpe:/a:mandriva:linux:php-readline"], "id": "MANDRIVA_MDVSA-2012-065.NASL", "href": "https://www.tenable.com/plugins/nessus/58890", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:065. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58890);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-0788\", \"CVE-2012-0807\", \"CVE-2012-0830\", \"CVE-2012-0831\", \"CVE-2012-1172\");\n script_bugtraq_id(51574, 51830, 51952, 51954, 53403);\n script_xref(name:\"MDVSA\", value:\"2012:065\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2012:065)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been identified and fixed in php :\n\nThe PDORow implementation in PHP before 5.3.9 does not properly\ninteract with the session feature, which allows remote attackers to\ncause a denial of service (application crash) via a crafted\napplication that uses a PDO driver for a fetch and then calls the\nsession_start function, as demonstrated by a crash of the Apache HTTP\nServer (CVE-2012-0788). Note: this was fixed with php-5.3.10\n\nThe php_register_variable_ex function in php_variables.c in PHP 5.3.9\nallows remote attackers to execute arbitrary code via a request\ncontaining a large number of variables, related to improper handling\nof array variables. NOTE: this vulnerability exists because of an\nincorrect fix for CVE-2011-4885 (CVE-2012-0830). Note: this was fixed\nwith php-5.3.10\n\nPHP before 5.3.10 does not properly perform a temporary change to the\nmagic_quotes_gpc directive during the importing of environment\nvariables, which makes it easier for remote attackers to conduct SQL\ninjection attacks via a crafted request, related to\nmain/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c\n(CVE-2012-0831).\n\nInsufficient validating of upload name leading to corrupted $_FILES\nindices (CVE-2012-1172).\n\nThe updated php packages have been upgraded to 5.3.11 which is not\nvulnerable to these issues.\n\nStack-based buffer overflow in the suhosin_encrypt_single_cookie\nfunction in the transparent cookie-encryption feature in the Suhosin\nextension before 0.9.33 for PHP, when suhosin.cookie.encrypt and\nsuhosin.multiheader are enabled, might allow remote attackers to\nexecute arbitrary code via a long string that is used in a Set-Cookie\nHTTP header (CVE-2012-0807). The php-suhosin packages has been\nupgraded to the 0.9.33 version which is not affected by this issue.\n\nAdditionally some of the PECL extensions has been upgraded to their\nlatest respective versions which resolves various upstream bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.10\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.11\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mailparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase_ct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-timezonedb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-vld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_php-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libphp5_common5-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-bcmath-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-bz2-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-calendar-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-cgi-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-cli-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ctype-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-curl-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-dba-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-devel-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-doc-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-dom-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-enchant-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-exif-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-fileinfo-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-filter-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-fpm-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ftp-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gd-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gettext-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gmp-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-hash-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-iconv-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-imap-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ini-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-intl-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-json-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ldap-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mailparse-2.1.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mbstring-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mcrypt-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mssql-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mysql-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mysqli-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mysqlnd-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-odbc-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-openssl-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pcntl-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_dblib-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_mysql-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_odbc-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_pgsql-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_sqlite-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pgsql-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-phar-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-posix-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pspell-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-readline-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-recode-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-session-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-shmop-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-snmp-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-soap-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sockets-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sqlite-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sqlite3-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ssh2-0.11.3-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-suhosin-0.9.33-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sybase_ct-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvmsg-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvsem-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvshm-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tidy-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-timezonedb-2012.3-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tokenizer-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-vld-0.11.1-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-wddx-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xdebug-2.1.4-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xml-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlreader-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlrpc-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlwriter-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xsl-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-zip-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-zlib-5.3.11-0.1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_php-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libphp5_common5-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-bcmath-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-bz2-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-calendar-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-cgi-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-cli-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-ctype-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-curl-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-dba-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-devel-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-doc-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-dom-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-enchant-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-exif-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-fileinfo-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-filter-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-fpm-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-ftp-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-gd-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-gettext-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-gmp-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-hash-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-iconv-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-imap-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-ini-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-intl-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-json-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-ldap-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-mailparse-2.1.6-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-mbstring-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-mcrypt-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-mssql-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-mysql-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-mysqli-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-mysqlnd-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-odbc-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-openssl-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-pcntl-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-pdo-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-pdo_dblib-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-pdo_mysql-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-pdo_odbc-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-pdo_pgsql-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-pdo_sqlite-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-pgsql-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-phar-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-posix-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-pspell-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-readline-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-recode-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-session-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-shmop-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-snmp-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-soap-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-sockets-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-sqlite-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-sqlite3-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-ssh2-0.11.3-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-suhosin-0.9.33-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-sybase_ct-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-sysvmsg-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-sysvsem-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-sysvshm-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-tidy-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-timezonedb-2012.3-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-tokenizer-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-vld-0.11.1-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-wddx-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-xdebug-2.1.4-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-xml-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-xmlreader-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-xmlrpc-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-xmlwriter-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-xsl-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-zip-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-zlib-5.3.11-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:45:08", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP configuration directive, 'xsl.security_prefs', can be used to enable file writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172)\n\nIt was discovered that the fix for CVE-2012-1823, released via a previous update, did not properly filter all php-cgi command line arguments. A specially crafted request to a PHP script could cause the PHP interpreter to output usage information that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nIt was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153)\n\nAll php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : php on SL5.x i386/x86_64 (20120627)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4153", "CVE-2012-0057", "CVE-2012-0789", "CVE-2012-1172", "CVE-2012-1823", "CVE-2012-2336"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:php", "p-cpe:/a:fermilab:scientific_linux:php-bcmath", "p-cpe:/a:fermilab:scientific_linux:php-cli", "p-cpe:/a:fermilab:scientific_linux:php-common", "p-cpe:/a:fermilab:scientific_linux:php-dba", "p-cpe:/a:fermilab:scientific_linux:php-debuginfo", "p-cpe:/a:fermilab:scientific_linux:php-devel", "p-cpe:/a:fermilab:scientific_linux:php-gd", "p-cpe:/a:fermilab:scientific_linux:php-imap", "p-cpe:/a:fermilab:scientific_linux:php-ldap", "p-cpe:/a:fermilab:scientific_linux:php-mbstring", "p-cpe:/a:fermilab:scientific_linux:php-mysql", "p-cpe:/a:fermilab:scientific_linux:php-ncurses", "p-cpe:/a:fermilab:scientific_linux:php-odbc", "p-cpe:/a:fermilab:scientific_linux:php-pdo", "p-cpe:/a:fermilab:scientific_linux:php-pgsql", "p-cpe:/a:fermilab:scientific_linux:php-snmp", "p-cpe:/a:fermilab:scientific_linux:php-soap", "p-cpe:/a:fermilab:scientific_linux:php-xml", "p-cpe:/a:fermilab:scientific_linux:php-xmlrpc", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120627_PHP_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61357", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61357);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4153\", \"CVE-2012-0057\", \"CVE-2012-0789\", \"CVE-2012-1172\", \"CVE-2012-2336\");\n script_xref(name:\"TRA\", value:\"TRA-2012-01\");\n\n script_name(english:\"Scientific Linux Security Update : php on SL5.x i386/x86_64 (20120627)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file\nwriting capability of libxslt. A remote attacker could use this flaw\nto create or overwrite an arbitrary file that is writable by the user\nrunning PHP, if a PHP script processed untrusted eXtensible Style\nSheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP\nconfiguration directive, 'xsl.security_prefs', can be used to enable\nfile writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload\nrequests. A remote attacker could possibly use this flaw to bypass the\nsanitization of the uploaded file names, and cause a PHP script to\nstore the uploaded file in an unexpected directory, by using a\ndirectory traversal attack. (CVE-2012-1172)\n\nIt was discovered that the fix for CVE-2012-1823, released via a\nprevious update, did not properly filter all php-cgi command line\narguments. A specially crafted request to a PHP script could cause the\nPHP interpreter to output usage information that triggers an Internal\nServer Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A\nremote attacker could possibly use this flaw to cause excessive memory\nconsumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nIt was found that PHP did not check the zend_strndup() function's\nreturn value in certain cases. A remote attacker could possibly use\nthis flaw to crash a PHP application. (CVE-2011-4153)\n\nAll php users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1207&L=scientific-linux-errata&T=0&P=469\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b017321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2012-01\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"php-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-bcmath-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-cli-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-common-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-dba-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-debuginfo-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-devel-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-gd-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-imap-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-ldap-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-mbstring-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-mysql-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-ncurses-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-odbc-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-pdo-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-pgsql-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-snmp-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-soap-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-xml-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-xmlrpc-5.1.6-39.el5_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:11:45", "description": "From Red Hat Security Advisory 2012:1045 :\n\nUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP configuration directive, 'xsl.security_prefs', can be used to enable file writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172)\n\nIt was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0546, did not properly filter all php-cgi command line arguments. A specially crafted request to a PHP script could cause the PHP interpreter to output usage information that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nIt was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153)\n\nAll php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : php (ELSA-2012-1045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4153", "CVE-2012-0057", "CVE-2012-0789", "CVE-2012-1172", "CVE-2012-1823", "CVE-2012-2336"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:php", "p-cpe:/a:oracle:linux:php-bcmath", "p-cpe:/a:oracle:linux:php-cli", "p-cpe:/a:oracle:linux:php-common", "p-cpe:/a:oracle:linux:php-dba", "p-cpe:/a:oracle:linux:php-devel", "p-cpe:/a:oracle:linux:php-gd", "p-cpe:/a:oracle:linux:php-imap", "p-cpe:/a:oracle:linux:php-ldap", "p-cpe:/a:oracle:linux:php-mbstring", "p-cpe:/a:oracle:linux:php-mysql", "p-cpe:/a:oracle:linux:php-ncurses", "p-cpe:/a:oracle:linux:php-odbc", "p-cpe:/a:oracle:linux:php-pdo", "p-cpe:/a:oracle:linux:php-pgsql", "p-cpe:/a:oracle:linux:php-snmp", "p-cpe:/a:oracle:linux:php-soap", "p-cpe:/a:oracle:linux:php-xml", "p-cpe:/a:oracle:linux:php-xmlrpc", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2012-1045.NASL", "href": "https://www.tenable.com/plugins/nessus/68569", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1045 and \n# Oracle Linux Security Advisory ELSA-2012-1045 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68569);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4153\", \"CVE-2012-0057\", \"CVE-2012-0789\", \"CVE-2012-1172\", \"CVE-2012-2336\");\n script_bugtraq_id(51417, 51806, 52043, 53388, 53403);\n script_xref(name:\"RHSA\", value:\"2012:1045\");\n script_xref(name:\"TRA\", value:\"TRA-2012-01\");\n\n script_name(english:\"Oracle Linux 5 : php (ELSA-2012-1045)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1045 :\n\nUpdated php packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file\nwriting capability of libxslt. A remote attacker could use this flaw\nto create or overwrite an arbitrary file that is writable by the user\nrunning PHP, if a PHP script processed untrusted eXtensible Style\nSheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP\nconfiguration directive, 'xsl.security_prefs', can be used to enable\nfile writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload\nrequests. A remote attacker could possibly use this flaw to bypass the\nsanitization of the uploaded file names, and cause a PHP script to\nstore the uploaded file in an unexpected directory, by using a\ndirectory traversal attack. (CVE-2012-1172)\n\nIt was discovered that the fix for CVE-2012-1823, released via\nRHSA-2012:0546, did not properly filter all php-cgi command line\narguments. A specially crafted request to a PHP script could cause the\nPHP interpreter to output usage information that triggers an Internal\nServer Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A\nremote attacker could possibly use this flaw to cause excessive memory\nconsumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nIt was found that PHP did not check the zend_strndup() function's\nreturn value in certain cases. A remote attacker could possibly use\nthis flaw to crash a PHP application. (CVE-2011-4153)\n\nAll php users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-June/002879.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2012-01\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"php-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-bcmath-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-cli-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-common-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-dba-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-devel-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-gd-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-imap-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-ldap-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-mbstring-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-mysql-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-ncurses-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-odbc-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-pdo-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-pgsql-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-snmp-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-soap-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-xml-5.1.6-39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php-xmlrpc-5.1.6-39.el5_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:42:15", "description": "php development team reports :\n\nSecurity Enhancements for both PHP 5.3.11 and PHP 5.4.1 :\n\n- Insufficient validating of upload name leading to corrupted $_FILES indices. (CVE-2012-1172) \n\n- Add open_basedir checks to readline_write_history and readline_read_history.\n\nSecurity Enhancements for both PHP 5.3.11 only :\n\n- Regression in magic_quotes_gpc fix for CVE-2012-0831.", "cvss3": {}, "published": "2012-05-01T00:00:00", "type": "nessus", "title": "FreeBSD : php -- multiple vulnerabilities (2cde1892-913e-11e1-b44c-001fd0af1a4c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0831", "CVE-2012-1172"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:php5", "p-cpe:/a:freebsd:freebsd:php53", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_2CDE1892913E11E1B44C001FD0AF1A4C.NASL", "href": "https://www.tenable.com/plugins/nessus/58938", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58938);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-0831\", \"CVE-2012-1172\");\n script_bugtraq_id(53403);\n\n script_name(english:\"FreeBSD : php -- multiple vulnerabilities (2cde1892-913e-11e1-b44c-001fd0af1a4c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"php development team reports :\n\nSecurity Enhancements for both PHP 5.3.11 and PHP 5.4.1 :\n\n- Insufficient validating of upload name leading to corrupted $_FILES\nindices. (CVE-2012-1172) \n\n- Add open_basedir checks to readline_write_history and\nreadline_read_history.\n\nSecurity Enhancements for both PHP 5.3.11 only :\n\n- Regression in magic_quotes_gpc fix for CVE-2012-0831.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2012.php#id2012-04-26-1\"\n );\n # https://vuxml.freebsd.org/freebsd/2cde1892-913e-11e1-b44c-001fd0af1a4c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2801190\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php53<5.3.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5<5.3.11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T16:12:25", "description": "Upstream Security Enhancements :\n\n - Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).\n\n - Add open_basedir checks to readline_write_history and readline_read_history.\n\n - Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).\n\nUpstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1\n\nRPM changes :\n\n - php-fpm: add comment about security.limit_extensions in provided conf\n\n - php-fpm: add /etc/sysconfig/php-fpm environment file\n\n - php-common provides zip extension, as in previous fedora version\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-05-07T00:00:00", "type": "nessus", "title": "Fedora 16 : maniadrive-1.2-32.fc16.3 / php-5.3.11-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.3 (2012-6907)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0831", "CVE-2012-1172"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:maniadrive", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-6907.NASL", "href": "https://www.tenable.com/plugins/nessus/59007", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-6907.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59007);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0831\", \"CVE-2012-1172\");\n script_bugtraq_id(53403);\n script_xref(name:\"FEDORA\", value:\"2012-6907\");\n\n script_name(english:\"Fedora 16 : maniadrive-1.2-32.fc16.3 / php-5.3.11-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.3 (2012-6907)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream Security Enhancements :\n\n - Fixed bug #54374 (Insufficient validating of upload name\n leading to corrupted $_FILES indices). (CVE-2012-1172).\n\n - Add open_basedir checks to readline_write_history and\n readline_read_history.\n\n - Fixed bug #61043 (Regression in magic_quotes_gpc fix\n for CVE-2012-0831).\n\nUpstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1\n\nRPM changes :\n\n - php-fpm: add comment about security.limit_extensions in\n provided conf\n\n - php-fpm: add /etc/sysconfig/php-fpm environment file\n\n - php-common provides zip extension, as in previous\n fedora version\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2012.php#id2012-04-26-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=789468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=799187\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ca0cb5e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/080042.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f92e740e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/080043.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2707931a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"maniadrive-1.2-32.fc16.3\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"php-5.3.11-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"php-eaccelerator-0.9.6.1-9.fc16.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T16:12:23", "description": "Upstream Security Enhancements :\n\n - Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).\n\n - Add open_basedir checks to readline_write_history and readline_read_history.\n\n - Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).\n\nUpstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1\n\nRPM changes :\n\n - php-fpm: add comment about security.limit_extensions in provided conf\n\n - php-fpm: add /etc/sysconfig/php-fpm environment file\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-05-07T00:00:00", "type": "nessus", "title": "Fedora 15 : maniadrive-1.2-32.fc15.3 / php-5.3.11-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15.3 (2012-6911)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0831", "CVE-2012-1172"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:maniadrive", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-6911.NASL", "href": "https://www.tenable.com/plugins/nessus/59008", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-6911.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59008);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0831\", \"CVE-2012-1172\");\n script_bugtraq_id(53403);\n script_xref(name:\"FEDORA\", value:\"2012-6911\");\n\n script_name(english:\"Fedora 15 : maniadrive-1.2-32.fc15.3 / php-5.3.11-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15.3 (2012-6911)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream Security Enhancements :\n\n - Fixed bug #54374 (Insufficient validating of upload name\n leading to corrupted $_FILES indices). (CVE-2012-1172).\n\n - Add open_basedir checks to readline_write_history and\n readline_read_history.\n\n - Fixed bug #61043 (Regression in magic_quotes_gpc fix\n for CVE-2012-0831).\n\nUpstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1\n\nRPM changes :\n\n - php-fpm: add comment about security.limit_extensions in\n provided conf\n\n - php-fpm: add /etc/sysconfig/php-fpm environment file\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2012.php#id2012-04-26-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=789468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=799187\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/080036.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d38ea4b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?04ed8787\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/080038.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27394f46\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"maniadrive-1.2-32.fc15.3\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"php-5.3.11-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"php-eaccelerator-0.9.6.1-9.fc15.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:10:58", "description": "Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP configuration directive, 'xsl.security_prefs', can be used to enable file writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the PHP phar extension processed certain fields of tar archive files. A remote attacker could provide a specially crafted tar archive file that, when processed by a PHP application using the phar extension, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running PHP. (CVE-2012-2386)\n\nA format string flaw was found in the way the PHP phar extension processed certain PHAR files. A remote attacker could provide a specially crafted PHAR file, which once processed in a PHP application using the phar extension, could lead to information disclosure and possibly arbitrary code execution via a crafted phar:// URI.\n(CVE-2010-2950)\n\nA flaw was found in the DES algorithm implementation in the crypt() password hashing function in PHP. If the password string to be hashed contained certain characters, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. (CVE-2012-2143)\n\nNote: With this update, passwords are no longer truncated when performing DES hashing. Therefore, new hashes of the affected passwords will not match stored hashes generated using vulnerable PHP versions, and will need to be updated.\n\nIt was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0547, did not properly filter all php-cgi command line arguments. A specially crafted request to a PHP script could cause the PHP interpreter to execute the script in a loop, or output usage information that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nIt was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153)\n\nUpstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of CVE-2012-2143.\n\nAll php53 users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-06-29T00:00:00", "type": "nessus", "title": "CentOS 5 : php53 (CESA-2012:1047)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2950", "CVE-2011-4153", "CVE-2012-0057", "CVE-2012-0789", "CVE-2012-1172", "CVE-2012-1823", "CVE-2012-2143", "CVE-2012-2336", "CVE-2012-2386"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:php53", "p-cpe:/a:centos:centos:php53-bcmath", "p-cpe:/a:centos:centos:php53-cli", "p-cpe:/a:centos:centos:php53-common", "p-cpe:/a:centos:centos:php53-dba", "p-cpe:/a:centos:centos:php53-devel", "p-cpe:/a:centos:centos:php53-gd", "p-cpe:/a:centos:centos:php53-imap", "p-cpe:/a:centos:centos:php53-intl", "p-cpe:/a:centos:centos:php53-ldap", "p-cpe:/a:centos:centos:php53-mbstring", "p-cpe:/a:centos:centos:php53-mysql", "p-cpe:/a:centos:centos:php53-odbc", "p-cpe:/a:centos:centos:php53-pdo", "p-cpe:/a:centos:centos:php53-pgsql", "p-cpe:/a:centos:centos:php53-process", "p-cpe:/a:centos:centos:php53-pspell", "p-cpe:/a:centos:centos:php53-snmp", "p-cpe:/a:centos:centos:php53-soap", "p-cpe:/a:centos:centos:php53-xml", "p-cpe:/a:centos:centos:php53-xmlrpc", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2012-1047.NASL", "href": "https://www.tenable.com/plugins/nessus/67089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1047 and \n# CentOS Errata and Security Advisory 2012:1047 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67089);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2950\", \"CVE-2011-4153\", \"CVE-2012-0057\", \"CVE-2012-0789\", \"CVE-2012-1172\", \"CVE-2012-2143\", \"CVE-2012-2336\", \"CVE-2012-2386\");\n script_bugtraq_id(40173, 47545, 53729);\n script_xref(name:\"RHSA\", value:\"2012:1047\");\n script_xref(name:\"TRA\", value:\"TRA-2012-01\");\n\n script_name(english:\"CentOS 5 : php53 (CESA-2012:1047)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php53 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file\nwriting capability of libxslt. A remote attacker could use this flaw\nto create or overwrite an arbitrary file that is writable by the user\nrunning PHP, if a PHP script processed untrusted eXtensible Style\nSheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP\nconfiguration directive, 'xsl.security_prefs', can be used to enable\nfile writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload\nrequests. A remote attacker could possibly use this flaw to bypass the\nsanitization of the uploaded file names, and cause a PHP script to\nstore the uploaded file in an unexpected directory, by using a\ndirectory traversal attack. (CVE-2012-1172)\n\nMultiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in the way the PHP phar extension processed\ncertain fields of tar archive files. A remote attacker could provide a\nspecially crafted tar archive file that, when processed by a PHP\napplication using the phar extension, could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running PHP. (CVE-2012-2386)\n\nA format string flaw was found in the way the PHP phar extension\nprocessed certain PHAR files. A remote attacker could provide a\nspecially crafted PHAR file, which once processed in a PHP application\nusing the phar extension, could lead to information disclosure and\npossibly arbitrary code execution via a crafted phar:// URI.\n(CVE-2010-2950)\n\nA flaw was found in the DES algorithm implementation in the crypt()\npassword hashing function in PHP. If the password string to be hashed\ncontained certain characters, the remainder of the string was ignored\nwhen calculating the hash, significantly reducing the password\nstrength. (CVE-2012-2143)\n\nNote: With this update, passwords are no longer truncated when\nperforming DES hashing. Therefore, new hashes of the affected\npasswords will not match stored hashes generated using vulnerable PHP\nversions, and will need to be updated.\n\nIt was discovered that the fix for CVE-2012-1823, released via\nRHSA-2012:0547, did not properly filter all php-cgi command line\narguments. A specially crafted request to a PHP script could cause the\nPHP interpreter to execute the script in a loop, or output usage\ninformation that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A\nremote attacker could possibly use this flaw to cause excessive memory\nconsumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nIt was found that PHP did not check the zend_strndup() function's\nreturn value in certain cases. A remote attacker could possibly use\nthis flaw to crash a PHP application. (CVE-2011-4153)\n\nUpstream acknowledges Rubin Xu and Joseph Bonneau as the original\nreporters of CVE-2012-2143.\n\nAll php53 users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-June/018703.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b8e42a3a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2012-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php53 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2386\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-bcmath-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-cli-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-common-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-dba-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-devel-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-gd-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-imap-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-intl-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-ldap-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-mbstring-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-mysql-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-odbc-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-pdo-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-pgsql-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-process-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-pspell-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-snmp-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-soap-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-xml-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-xmlrpc-5.3.3-13.el5_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53 / php53-bcmath / php53-cli / php53-common / php53-dba / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:55", "description": "According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.0, and, therefore, potentially affected by multiple vulnerabilities :\n\n - crypt_blowfish as used in PHP does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.\n (CVE-2011-2483)\n\n - Multiple NULL Pointer Dereference with the zend_strndup() fucntion could allow a remote attacker to cause a denial of service. (CVE-2011-4153)\n\n - A flaw in SSL sockets with SSL 3.0 / TLS 1.0 was addressed. (CVE-2011-3389)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-03-04T00:00:00", "type": "nessus", "title": "PHP 5.4.x < 5.4.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483", "CVE-2011-3389", "CVE-2011-4153"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_4_0.NASL", "href": "https://www.tenable.com/plugins/nessus/122590", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122590);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-3389\", \"CVE-2011-4153\");\n script_bugtraq_id(49241, 49778, 51417);\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"PHP 5.4.x < 5.4.0 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP installed on the remote\nhost is 5.4.x earlier than 5.4.0, and, therefore, potentially affected\nby multiple vulnerabilities :\n\n - crypt_blowfish as used in PHP does not properly handle\n 8-bit characters, which makes it easier for\n context-dependent attackers to determine a cleartext\n password by leveraging knowledge of a password hash.\n (CVE-2011-2483)\n\n - Multiple NULL Pointer Dereference with the\n zend_strndup() fucntion could allow a remote attacker\n to cause a denial of service. (CVE-2011-4153)\n\n - A flaw in SSL sockets with SSL 3.0 / TLS 1.0 was\n addressed. (CVE-2011-3389)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=55748\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.4.0\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/releases/5_4_0.php\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.4.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-2483\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ \"^5(\\.4)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.4\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.4.x\", port);\n\nif (version =~ \"^5\\.4\\.0(alpha|beta|rc|RC)\")\n{\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.4.0\\n';\n security_report_v4(severity:SECURITY_WARNING, port:port, extra:report);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:14:47", "description": "From Red Hat Security Advisory 2012:1047 :\n\nUpdated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP configuration directive, 'xsl.security_prefs', can be used to enable file writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the PHP phar extension processed certain fields of tar archive files. A remote attacker could provide a specially crafted tar archive file that, when processed by a PHP application using the phar extension, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running PHP. (CVE-2012-2386)\n\nA format string flaw was found in the way the PHP phar extension processed certain PHAR files. A remote attacker could provide a specially crafted PHAR file, which once processed in a PHP application using the phar extension, could lead to information disclosure and possibly arbitrary code execution via a crafted phar:// URI.\n(CVE-2010-2950)\n\nA flaw was found in the DES algorithm implementation in the crypt() password hashing function in PHP. If the password string to be hashed contained certain characters, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. (CVE-2012-2143)\n\nNote: With this update, passwords are no longer truncated when performing DES hashing. Therefore, new hashes of the affected passwords will not match stored hashes generated using vulnerable PHP versions, and will need to be updated.\n\nIt was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0547, did not properly filter all php-cgi command line arguments. A specially crafted request to a PHP script could cause the PHP interpreter to execute the script in a loop, or output usage information that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nIt was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153)\n\nUpstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of CVE-2012-2143.\n\nAll php53 users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : php53 (ELSA-2012-1047)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2950", "CVE-2011-4153", "CVE-2012-0057", "CVE-2012-0789", "CVE-2012-1172", "CVE-2012-1823", "CVE-2012-2143", "CVE-2012-2336", "CVE-2012-2386"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:php53", "p-cpe:/a:oracle:linux:php53-bcmath", "p-cpe:/a:oracle:linux:php53-cli", "p-cpe:/a:oracle:linux:php53-common", "p-cpe:/a:oracle:linux:php53-dba", "p-cpe:/a:oracle:linux:php53-devel", "p-cpe:/a:oracle:linux:php53-gd", "p-cpe:/a:oracle:linux:php53-imap", "p-cpe:/a:oracle:linux:php53-intl", "p-cpe:/a:oracle:linux:php53-ldap", "p-cpe:/a:oracle:linux:php53-mbstring", "p-cpe:/a:oracle:linux:php53-mysql", "p-cpe:/a:oracle:linux:php53-odbc", "p-cpe:/a:oracle:linux:php53-pdo", "p-cpe:/a:oracle:linux:php53-pgsql", "p-cpe:/a:oracle:linux:php53-process", "p-cpe:/a:oracle:linux:php53-pspell", "p-cpe:/a:oracle:linux:php53-snmp", "p-cpe:/a:oracle:linux:php53-soap", "p-cpe:/a:oracle:linux:php53-xml", "p-cpe:/a:oracle:linux:php53-xmlrpc", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2012-1047.NASL", "href": "https://www.tenable.com/plugins/nessus/68571", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1047 and \n# Oracle Linux Security Advisory ELSA-2012-1047 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68571);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2950\", \"CVE-2011-4153\", \"CVE-2012-0057\", \"CVE-2012-0789\", \"CVE-2012-1172\", \"CVE-2012-2143\", \"CVE-2012-2336\", \"CVE-2012-2386\");\n script_bugtraq_id(40173, 47545, 51417, 51806, 52043, 53388, 53403, 53729);\n script_xref(name:\"RHSA\", value:\"2012:1047\");\n script_xref(name:\"TRA\", value:\"TRA-2012-01\");\n\n script_name(english:\"Oracle Linux 5 : php53 (ELSA-2012-1047)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1047 :\n\nUpdated php53 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file\nwriting capability of libxslt. A remote attacker could use this flaw\nto create or overwrite an arbitrary file that is writable by the user\nrunning PHP, if a PHP script processed untrusted eXtensible Style\nSheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP\nconfiguration directive, 'xsl.security_prefs', can be used to enable\nfile writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload\nrequests. A remote attacker could possibly use this flaw to bypass the\nsanitization of the uploaded file names, and cause a PHP script to\nstore the uploaded file in an unexpected directory, by using a\ndirectory traversal attack. (CVE-2012-1172)\n\nMultiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in the way the PHP phar extension processed\ncertain fields of tar archive files. A remote attacker could provide a\nspecially crafted tar archive file that, when processed by a PHP\napplication using the phar extension, could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running PHP. (CVE-2012-2386)\n\nA format string flaw was found in the way the PHP phar extension\nprocessed certain PHAR files. A remote attacker could provide a\nspecially crafted PHAR file, which once processed in a PHP application\nusing the phar extension, could lead to information disclosure and\npossibly arbitrary code execution via a crafted phar:// URI.\n(CVE-2010-2950)\n\nA flaw was found in the DES algorithm implementation in the crypt()\npassword hashing function in PHP. If the password string to be hashed\ncontained certain characters, the remainder of the string was ignored\nwhen calculating the hash, significantly reducing the password\nstrength. (CVE-2012-2143)\n\nNote: With this update, passwords are no longer truncated when\nperforming DES hashing. Therefore, new hashes of the affected\npasswords will not match stored hashes generated using vulnerable PHP\nversions, and will need to be updated.\n\nIt was discovered that the fix for CVE-2012-1823, released via\nRHSA-2012:0547, did not properly filter all php-cgi command line\narguments. A specially crafted request to a PHP script could cause the\nPHP interpreter to execute the script in a loop, or output usage\ninformation that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A\nremote attacker could possibly use this flaw to cause excessive memory\nconsumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nIt was found that PHP did not check the zend_strndup() function's\nreturn value in certain cases. A remote attacker could possibly use\nthis flaw to crash a PHP application. (CVE-2011-4153)\n\nUpstream acknowledges Rubin Xu and Joseph Bonneau as the original\nreporters of CVE-2012-2143.\n\nAll php53 users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-June/002880.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2012-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php53 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"php53-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-bcmath-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-cli-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-common-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-dba-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-devel-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-gd-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-imap-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-intl-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-ldap-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-mbstring-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-mysql-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-odbc-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-pdo-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-pgsql-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-process-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-pspell-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-snmp-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-soap-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-xml-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-xmlrpc-5.3.3-13.el5_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53 / php53-bcmath / php53-cli / php53-common / php53-dba / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:44:19", "description": "Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP configuration directive, 'xsl.security_prefs', can be used to enable file writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the PHP phar extension processed certain fields of tar archive files. A remote attacker could provide a specially crafted tar archive file that, when processed by a PHP application using the phar extension, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running PHP. (CVE-2012-2386)\n\nA format string flaw was found in the way the PHP phar extension processed certain PHAR files. A remote attacker could provide a specially crafted PHAR file, which once processed in a PHP application using the phar extension, could lead to information disclosure and possibly arbitrary code execution via a crafted phar:// URI.\n(CVE-2010-2950)\n\nA flaw was found in the DES algorithm implementation in the crypt() password hashing function in PHP. If the password string to be hashed contained certain characters, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. (CVE-2012-2143)\n\nNote: With this update, passwords are no longer truncated when performing DES hashing. Therefore, new hashes of the affected passwords will not match stored hashes generated using vulnerable PHP versions, and will need to be updated.\n\nIt was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0547, did not properly filter all php-cgi command line arguments. A specially crafted request to a PHP script could cause the PHP interpreter to execute the script in a loop, or output usage information that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nIt was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153)\n\nUpstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of CVE-2012-2143.\n\nAll php53 users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-06-28T00:00:00", "type": "nessus", "title": "RHEL 5 : php53 (RHSA-2012:1047)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2950", "CVE-2011-4153", "CVE-2012-0057", "CVE-2012-0789", "CVE-2012-1172", "CVE-2012-1823", "CVE-2012-2143", "CVE-2012-2336", "CVE-2012-2386"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php53", "p-cpe:/a:redhat:enterprise_linux:php53-bcmath", "p-cpe:/a:redhat:enterprise_linux:php53-cli", "p-cpe:/a:redhat:enterprise_linux:php53-common", "p-cpe:/a:redhat:enterprise_linux:php53-dba", "p-cpe:/a:redhat:enterprise_linux:php53-debuginfo", "p-cpe:/a:redhat:enterprise_linux:php53-devel", "p-cpe:/a:redhat:enterprise_linux:php53-gd", "p-cpe:/a:redhat:enterprise_linux:php53-imap", "p-cpe:/a:redhat:enterprise_linux:php53-intl", "p-cpe:/a:redhat:enterprise_linux:php53-ldap", "p-cpe:/a:redhat:enterprise_linux:php53-mbstring", "p-cpe:/a:redhat:enterprise_linux:php53-mysql", "p-cpe:/a:redhat:enterprise_linux:php53-odbc", "p-cpe:/a:redhat:enterprise_linux:php53-pdo", "p-cpe:/a:redhat:enterprise_linux:php53-pgsql", "p-cpe:/a:redhat:enterprise_linux:php53-process", "p-cpe:/a:redhat:enterprise_linux:php53-pspell", "p-cpe:/a:redhat:enterprise_linux:php53-snmp", "p-cpe:/a:redhat:enterprise_linux:php53-soap", "p-cpe:/a:redhat:enterprise_linux:php53-xml", "p-cpe:/a:redhat:enterprise_linux:php53-xmlrpc", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2012-1047.NASL", "href": "https://www.tenable.com/plugins/nessus/59753", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1047. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59753);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2950\", \"CVE-2011-4153\", \"CVE-2012-0057\", \"CVE-2012-0789\", \"CVE-2012-1172\", \"CVE-2012-2143\", \"CVE-2012-2336\", \"CVE-2012-2386\");\n script_bugtraq_id(40173, 47545, 53729);\n script_xref(name:\"RHSA\", value:\"2012:1047\");\n script_xref(name:\"TRA\", value:\"TRA-2012-01\");\n\n script_name(english:\"RHEL 5 : php53 (RHSA-2012:1047)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php53 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file\nwriting capability of libxslt. A remote attacker could use this flaw\nto create or overwrite an arbitrary file that is writable by the user\nrunning PHP, if a PHP script processed untrusted eXtensible Style\nSheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP\nconfiguration directive, 'xsl.security_prefs', can be used to enable\nfile writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload\nrequests. A remote attacker could possibly use this flaw to bypass the\nsanitization of the uploaded file names, and cause a PHP script to\nstore the uploaded file in an unexpected directory, by using a\ndirectory traversal attack. (CVE-2012-1172)\n\nMultiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in the way the PHP phar extension processed\ncertain fields of tar archive files. A remote attacker could provide a\nspecially crafted tar archive file that, when processed by a PHP\napplication using the phar extension, could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running PHP. (CVE-2012-2386)\n\nA format string flaw was found in the way the PHP phar extension\nprocessed certain PHAR files. A remote attacker could provide a\nspecially crafted PHAR file, which once processed in a PHP application\nusing the phar extension, could lead to information disclosure and\npossibly arbitrary code execution via a crafted phar:// URI.\n(CVE-2010-2950)\n\nA flaw was found in the DES algorithm implementation in the crypt()\npassword hashing function in PHP. If the password string to be hashed\ncontained certain characters, the remainder of the string was ignored\nwhen calculating the hash, significantly reducing the password\nstrength. (CVE-2012-2143)\n\nNote: With this update, passwords are no longer truncated when\nperforming DES hashing. Therefore, new hashes of the affected\npasswords will not match stored hashes generated using vulnerable PHP\nversions, and will need to be updated.\n\nIt was discovered that the fix for CVE-2012-1823, released via\nRHSA-2012:0547, did not properly filter all php-cgi command line\narguments. A specially crafted request to a PHP script could cause the\nPHP interpreter to execute the script in a loop, or output usage\ninformation that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A\nremote attacker could possibly use this flaw to cause excessive memory\nconsumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nIt was found that PHP did not check the zend_strndup() function's\nreturn value in certain cases. A remote attacker could possibly use\nthis flaw to crash a PHP application. (CVE-2011-4153)\n\nUpstream acknowledges Rubin Xu and Joseph Bonneau as the original\nreporters of CVE-2012-2143.\n\nAll php53 users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://rhn.redhat.com/errata/RHSA-2012-0547.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2012-01\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1047\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-bcmath-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-bcmath-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-bcmath-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-cli-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-cli-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-cli-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-common-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-common-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-common-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-dba-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-dba-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-dba-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-debuginfo-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-debuginfo-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-debuginfo-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-devel-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-devel-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-devel-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-gd-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-gd-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-gd-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-imap-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-imap-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-imap-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-intl-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-intl-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-intl-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-ldap-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-ldap-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-ldap-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-mbstring-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-mbstring-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-mbstring-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-mysql-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-mysql-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-mysql-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-odbc-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-odbc-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-odbc-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-pdo-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-pdo-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-pdo-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-pgsql-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-pgsql-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-pgsql-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-process-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-process-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-process-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-pspell-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-pspell-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-pspell-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-snmp-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-snmp-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-snmp-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-soap-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-soap-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-soap-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-xml-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-xml-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-xml-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-xmlrpc-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-xmlrpc-5.3.3-13.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-xmlrpc-5.3.3-13.el5_8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53 / php53-bcmath / php53-cli / php53-common / php53-dba / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:46:52", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP configuration directive, 'xsl.security_prefs', can be used to enable file writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the PHP phar extension processed certain fields of tar archive files. A remote attacker could provide a specially crafted tar archive file that, when processed by a PHP application using the phar extension, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running PHP. (CVE-2012-2386)\n\nA format string flaw was found in the way the PHP phar extension processed certain PHAR files. A remote attacker could provide a specially crafted PHAR file, which once processed in a PHP application using the phar extension, could lead to information disclosure and possibly arbitrary code execution via a crafted phar:// URI.\n(CVE-2010-2950)\n\nA flaw was found in the DES algorithm implementation in the crypt() password hashing function in PHP. If the password string to be hashed contained certain characters, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. (CVE-2012-2143)\n\nNote: With this update, passwords are no longer truncated when performing DES hashing. Therefore, new hashes of the affected passwords will not match stored hashes generated using vulnerable PHP versions, and will need to be updated.\n\nIt was discovered that the fix for CVE-2012-1823, released via a previous update, did not properly filter all php-cgi command line arguments. A specially crafted request to a PHP script could cause the PHP interpreter to execute the script in a loop, or output usage information that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nIt was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153)\n\nAll php53 users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20120627)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2950", "CVE-2011-4153", "CVE-2012-0057", "CVE-2012-0789", "CVE-2012-1172", "CVE-2012-1823", "CVE-2012-2143", "CVE-2012-2336", "CVE-2012-2386"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:php53", "p-cpe:/a:fermilab:scientific_linux:php53-bcmath", "p-cpe:/a:fermilab:scientific_linux:php53-cli", "p-cpe:/a:fermilab:scientific_linux:php53-common", "p-cpe:/a:fermilab:scientific_linux:php53-dba", "p-cpe:/a:fermilab:scientific_linux:php53-debuginfo", "p-cpe:/a:fermilab:scientific_linux:php53-devel", "p-cpe:/a:fermilab:scientific_linux:php53-gd", "p-cpe:/a:fermilab:scientific_linux:php53-imap", "p-cpe:/a:fermilab:scientific_linux:php53-intl", "p-cpe:/a:fermilab:scientific_linux:php53-ldap", "p-cpe:/a:fermilab:scientific_linux:php53-mbstring", "p-cpe:/a:fermilab:scientific_linux:php53-mysql", "p-cpe:/a:fermilab:scientific_linux:php53-odbc", "p-cpe:/a:fermilab:scientific_linux:php53-pdo", "p-cpe:/a:fermilab:scientific_linux:php53-pgsql", "p-cpe:/a:fermilab:scientific_linux:php53-process", "p-cpe:/a:fermilab:scientific_linux:php53-pspell", "p-cpe:/a:fermilab:scientific_linux:php53-snmp", "p-cpe:/a:fermilab:scientific_linux:php53-soap", "p-cpe:/a:fermilab:scientific_linux:php53-xml", "p-cpe:/a:fermilab:scientific_linux:php53-xmlrpc", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120627_PHP53_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61356", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61356);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2950\", \"CVE-2011-4153\", \"CVE-2012-0057\", \"CVE-2012-0789\", \"CVE-2012-1172\", \"CVE-2012-2143\", \"CVE-2012-2336\", \"CVE-2012-2386\");\n script_xref(name:\"TRA\", value:\"TRA-2012-01\");\n\n script_name(english:\"Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20120627)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file\nwriting capability of libxslt. A remote attacker could use this flaw\nto create or overwrite an arbitrary file that is writable by the user\nrunning PHP, if a PHP script processed untrusted eXtensible Style\nSheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP\nconfiguration directive, 'xsl.security_prefs', can be used to enable\nfile writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload\nrequests. A remote attacker could possibly use this flaw to bypass the\nsanitization of the uploaded file names, and cause a PHP script to\nstore the uploaded file in an unexpected directory, by using a\ndirectory traversal attack. (CVE-2012-1172)\n\nMultiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in the way the PHP phar extension processed\ncertain fields of tar archive files. A remote attacker could provide a\nspecially crafted tar archive file that, when processed by a PHP\napplication using the phar extension, could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running PHP. (CVE-2012-2386)\n\nA format string flaw was found in the way the PHP phar extension\nprocessed certain PHAR files. A remote attacker could provide a\nspecially crafted PHAR file, which once processed in a PHP application\nusing the phar extension, could lead to information disclosure and\npossibly arbitrary code execution via a crafted phar:// URI.\n(CVE-2010-2950)\n\nA flaw was found in the DES algorithm implementation in the crypt()\npassword hashing function in PHP. If the password string to be hashed\ncontained certain characters, the remainder of the string was ignored\nwhen calculating the hash, significantly reducing the password\nstrength. (CVE-2012-2143)\n\nNote: With this update, passwords are no longer truncated when\nperforming DES hashing. Therefore, new hashes of the affected\npasswords will not match stored hashes generated using vulnerable PHP\nversions, and will need to be updated.\n\nIt was discovered that the fix for CVE-2012-1823, released via a\nprevious update, did not properly filter all php-cgi command line\narguments. A specially crafted request to a PHP script could cause the\nPHP interpreter to execute the script in a loop, or output usage\ninformation that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A\nremote attacker could possibly use this flaw to cause excessive memory\nconsumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nIt was found that PHP did not check the zend_strndup() function's\nreturn value in certain cases. A remote attacker could possibly use\nthis flaw to crash a PHP application. (CVE-2011-4153)\n\nAll php53 users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1207&L=scientific-linux-errata&T=0&P=594\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84d5fe48\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2012-01\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"php53-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-bcmath-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-cli-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-common-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-dba-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-debuginfo-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-devel-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-gd-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-imap-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-intl-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-ldap-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-mbstring-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-mysql-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-odbc-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-pdo-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-pgsql-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-process-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-pspell-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-snmp-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-soap-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-xml-5.3.3-13.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-xmlrpc-5.3.3-13.el5_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53 / php53-bcmath / php53-cli / php53-common / php53-dba / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:44:18", "description": "Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP configuration directive, 'xsl.security_prefs', can be used to enable file writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the PHP phar extension processed certain fields of tar archive files. A remote attacker could provide a specially crafted tar archive file that, when processed by a PHP application using the phar extension, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running PHP. (CVE-2012-2386)\n\nA format string flaw was found in the way the PHP phar extension processed certain PHAR files. A remote attacker could provide a specially crafted PHAR file, which once processed in a PHP application using the phar extension, could lead to information disclosure and possibly arbitrary code execution via a crafted phar:// URI.\n(CVE-2010-2950)\n\nA flaw was found in the DES algorithm implementation in the crypt() password hashing function in PHP. If the password string to be hashed contained certain characters, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. (CVE-2012-2143)\n\nNote: With this update, passwords are no longer truncated when performing DES hashing. Therefore, new hashes of the affected passwords will not match stored hashes generated using vulnerable PHP versions, and will need to be updated.\n\nIt was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0546, did not properly filter all php-cgi command line arguments. A specially crafted request to a PHP script could cause the PHP interpreter to execute the script in a loop, or output usage information that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nA NULL pointer dereference flaw was found in the PHP tidy_diagnose() function. A remote attacker could use specially crafted input to crash an application that uses tidy::diagnose. (CVE-2012-0781)\n\nIt was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153)\n\nUpstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of CVE-2012-2143.\n\nAll php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-06-28T00:00:00", "type": "nessus", "title": "RHEL 6 : php (RHSA-2012:1046)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2950", "CVE-2011-4153", "CVE-2012-0057", "CVE-2012-0781", "CVE-2012-0789", "CVE-2012-1172", "CVE-2012-1823", "CVE-2012-2143", "CVE-2012-2336", "CVE-2012-2386"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-debuginfo", "p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-embedded", "p-cpe:/a:redhat:enterprise_linux:php-enchant", "p-cpe:/a:redhat:enterprise_linux:php-gd", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-intl", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "p-cpe:/a:redhat:enterprise_linux:php-process", "p-cpe:/a:redhat:enterprise_linux:php-pspell", "p-cpe:/a:redhat:enterprise_linux:php-recode", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-tidy", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:php-zts", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.3"], "id": "REDHAT-RHSA-2012-1046.NASL", "href": "https://www.tenable.com/plugins/nessus/59752", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1046. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59752);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2950\", \"CVE-2011-4153\", \"CVE-2012-0057\", \"CVE-2012-0781\", \"CVE-2012-0789\", \"CVE-2012-1172\", \"CVE-2012-2143\", \"CVE-2012-2336\", \"CVE-2012-2386\");\n script_bugtraq_id(40173, 47545, 51992, 53729);\n script_xref(name:\"RHSA\", value:\"2012:1046\");\n script_xref(name:\"TRA\", value:\"TRA-2012-01\");\n\n script_name(english:\"RHEL 6 : php (RHSA-2012:1046)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file\nwriting capability of libxslt. A remote attacker could use this flaw\nto create or overwrite an arbitrary file that is writable by the user\nrunning PHP, if a PHP script processed untrusted eXtensible Style\nSheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP\nconfiguration directive, 'xsl.security_prefs', can be used to enable\nfile writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload\nrequests. A remote attacker could possibly use this flaw to bypass the\nsanitization of the uploaded file names, and cause a PHP script to\nstore the uploaded file in an unexpected directory, by using a\ndirectory traversal attack. (CVE-2012-1172)\n\nMultiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in the way the PHP phar extension processed\ncertain fields of tar archive files. A remote attacker could provide a\nspecially crafted tar archive file that, when processed by a PHP\napplication using the phar extension, could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running PHP. (CVE-2012-2386)\n\nA format string flaw was found in the way the PHP phar extension\nprocessed certain PHAR files. A remote attacker could provide a\nspecially crafted PHAR file, which once processed in a PHP application\nusing the phar extension, could lead to information disclosure and\npossibly arbitrary code execution via a crafted phar:// URI.\n(CVE-2010-2950)\n\nA flaw was found in the DES algorithm implementation in the crypt()\npassword hashing function in PHP. If the password string to be hashed\ncontained certain characters, the remainder of the string was ignored\nwhen calculating the hash, significantly reducing the password\nstrength. (CVE-2012-2143)\n\nNote: With this update, passwords are no longer truncated when\nperforming DES hashing. Therefore, new hashes of the affected\npasswords will not match stored hashes generated using vulnerable PHP\nversions, and will need to be updated.\n\nIt was discovered that the fix for CVE-2012-1823, released via\nRHSA-2012:0546, did not properly filter all php-cgi command line\narguments. A specially crafted request to a PHP script could cause the\nPHP interpreter to execute the script in a loop, or output usage\ninformation that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A\nremote attacker could possibly use this flaw to cause excessive memory\nconsumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nA NULL pointer dereference flaw was found in the PHP tidy_diagnose()\nfunction. A remote attacker could use specially crafted input to crash\nan application that uses tidy::diagnose. (CVE-2012-0781)\n\nIt was found that PHP did not check the zend_strndup() function's\nreturn value in certain cases. A remote attacker could possibly use\nthis flaw to crash a PHP application. (CVE-2011-4153)\n\nUpstream acknowledges Rubin Xu and Joseph Bonneau as the original\nreporters of CVE-2012-2143.\n\nAll php users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://rhn.redhat.com/errata/RHSA-2012-0546.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2012-01\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1046\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-bcmath-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-bcmath-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-bcmath-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-cli-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-cli-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-cli-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-common-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-common-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-common-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-dba-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-dba-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-dba-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-debuginfo-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-debuginfo-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-debuginfo-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-devel-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-devel-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-devel-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-embedded-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-embedded-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-embedded-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-enchant-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-enchant-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-enchant-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-gd-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-gd-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-gd-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-imap-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-imap-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-imap-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-intl-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-intl-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-intl-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-ldap-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-ldap-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-ldap-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-mbstring-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-mbstring-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-mbstring-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-mysql-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-mysql-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-mysql-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-odbc-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-odbc-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-odbc-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-pdo-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-pdo-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-pdo-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-pgsql-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-pgsql-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-pgsql-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-process-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-process-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-process-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-pspell-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-pspell-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-pspell-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-recode-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-recode-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-recode-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-snmp-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-snmp-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-snmp-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-soap-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-soap-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-soap-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-tidy-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-tidy-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-tidy-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-xml-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-xml-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-xml-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-xmlrpc-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-xmlrpc-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-zts-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-zts-5.3.3-14.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-zts-5.3.3-14.el6_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:04:30", "description": "It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398)\n\nAn integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688)\n\nIt was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831)\n\nAfter installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-03-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : php on SL6.x i386/x86_64 (20130221)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1398", "CVE-2012-0831", "CVE-2012-2688"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:php", "p-cpe:/a:fermilab:scientific_linux:php-bcmath", "p-cpe:/a:fermilab:scientific_linux:php-cli", "p-cpe:/a:fermilab:scientific_linux:php-common", "p-cpe:/a:fermilab:scientific_linux:php-dba", "p-cpe:/a:fermilab:scientific_linux:php-debuginfo", "p-cpe:/a:fermilab:scientific_linux:php-devel", "p-cpe:/a:fermilab:scientific_linux:php-embedded", "p-cpe:/a:fermilab:scientific_linux:php-enchant", "p-cpe:/a:fermilab:scientific_linux:php-fpm", "p-cpe:/a:fermilab:scientific_linux:php-gd", "p-cpe:/a:fermilab:scientific_linux:php-imap", "p-cpe:/a:fermilab:scientific_linux:php-intl", "p-cpe:/a:fermilab:scientific_linux:php-ldap", "p-cpe:/a:fermilab:scientific_linux:php-mbstring", "p-cpe:/a:fermilab:scientific_linux:php-mysql", "p-cpe:/a:fermilab:scientific_linux:php-odbc", "p-cpe:/a:fermilab:scientific_linux:php-pdo", "p-cpe:/a:fermilab:scientific_linux:php-pgsql", "p-cpe:/a:fermilab:scientific_linux:php-process", "p-cpe:/a:fermilab:scientific_linux:php-pspell", "p-cpe:/a:fermilab:scientific_linux:php-recode", "p-cpe:/a:fermilab:scientific_linux:php-snmp", "p-cpe:/a:fermilab:scientific_linux:php-soap", "p-cpe:/a:fermilab:scientific_linux:php-tidy", "p-cpe:/a:fermilab:scientific_linux:php-xml", "p-cpe:/a:fermilab:scientific_linux:php-xmlrpc", "p-cpe:/a:fermilab:scientific_linux:php-zts", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130221_PHP_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/64957", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64957);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1398\", \"CVE-2012-0831\", \"CVE-2012-2688\");\n\n script_name(english:\"Scientific Linux Security Update : php on SL6.x i386/x86_64 (20130221)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that PHP did not check for carriage returns in HTTP\nheaders, allowing intended HTTP response splitting protections to be\nbypassed. Depending on the web browser the victim is using, a remote\nattacker could use this flaw to perform HTTP response splitting\nattacks. (CVE-2011-1398)\n\nAn integer signedness issue, leading to a heap-based buffer underflow,\nwas found in the PHP scandir() function. If a remote attacker could\nupload an excessively large number of files to a directory the\nscandir() function runs on, it could cause the PHP interpreter to\ncrash or, possibly, execute arbitrary code. (CVE-2012-2688)\n\nIt was found that PHP did not correctly handle the magic_quotes_gpc\nconfiguration directive. This could result in magic_quotes_gpc input\nescaping not being applied in all cases, possibly making it easier for\na remote attacker to perform SQL injection attacks. (CVE-2012-0831)\n\nAfter installing the updated packages, the httpd daemon must be\nrestarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1302&L=scientific-linux-errata&T=0&P=3911\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd84e392\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"php-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-bcmath-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-cli-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-common-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-dba-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-debuginfo-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-devel-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-embedded-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-enchant-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-fpm-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-gd-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-imap-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-intl-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-ldap-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-mbstring-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-mysql-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-odbc-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-pdo-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-pgsql-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-process-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-pspell-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-recode-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-snmp-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-soap-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-tidy-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-xml-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-xmlrpc-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-zts-5.3.3-22.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:05:56", "description": "Updated php packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398)\n\nAn integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688)\n\nIt was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831)\n\nThese updated php packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes.\n\nAll users of php are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-03-10T00:00:00", "type": "nessus", "title": "CentOS 6 : php (CESA-2013:0514)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1398", "CVE-2012-0831", "CVE-2012-2688"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:php", "p-cpe:/a:centos:centos:php-bcmath", "p-cpe:/a:centos:centos:php-cli", "p-cpe:/a:centos:centos:php-common", "p-cpe:/a:centos:centos:php-dba", "p-cpe:/a:centos:centos:php-devel", "p-cpe:/a:centos:centos:php-embedded", "p-cpe:/a:centos:centos:php-enchant", "p-cpe:/a:centos:centos:php-fpm", "p-cpe:/a:centos:centos:php-gd", "p-cpe:/a:centos:centos:php-imap", "p-cpe:/a:centos:centos:php-intl", "p-cpe:/a:centos:centos:php-ldap", "p-cpe:/a:centos:centos:php-mbstring", "p-cpe:/a:centos:centos:php-mysql", "p-cpe:/a:centos:centos:php-odbc", "p-cpe:/a:centos:centos:php-pdo", "p-cpe:/a:centos:centos:php-pgsql", "p-cpe:/a:centos:centos:php-process", "p-cpe:/a:centos:centos:php-pspell", "p-cpe:/a:centos:centos:php-recode", "p-cpe:/a:centos:centos:php-snmp", "p-cpe:/a:centos:centos:php-soap", "p-cpe:/a:centos:centos:php-tidy", "p-cpe:/a:centos:centos:php-xml", "p-cpe:/a:centos:centos:php-xmlrpc", "p-cpe:/a:centos:centos:php-zts", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2013-0514.NASL", "href": "https://www.tenable.com/plugins/nessus/65146", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0514 and \n# CentOS Errata and Security Advisory 2013:0514 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65146);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-1398\", \"CVE-2012-0831\", \"CVE-2012-2688\");\n script_bugtraq_id(51954, 54638, 55297);\n script_xref(name:\"RHSA\", value:\"2013:0514\");\n\n script_name(english:\"CentOS 6 : php (CESA-2013:0514)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php packages that fix three security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was found that PHP did not check for carriage returns in HTTP\nheaders, allowing intended HTTP response splitting protections to be\nbypassed. Depending on the web browser the victim is using, a remote\nattacker could use this flaw to perform HTTP response splitting\nattacks. (CVE-2011-1398)\n\nAn integer signedness issue, leading to a heap-based buffer underflow,\nwas found in the PHP scandir() function. If a remote attacker could\nupload an excessively large number of files to a directory the\nscandir() function runs on, it could cause the PHP interpreter to\ncrash or, possibly, execute arbitrary code. (CVE-2012-2688)\n\nIt was found that PHP did not correctly handle the magic_quotes_gpc\nconfiguration directive. This could result in magic_quotes_gpc input\nescaping not being applied in all cases, possibly making it easier for\na remote attacker to perform SQL injection attacks. (CVE-2012-0831)\n\nThese updated php packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.4\nTechnical Notes, linked to in the References, for information on the\nmost significant of these changes.\n\nAll users of php are advised to upgrade to these updated packages,\nwhich fix these issues and add these enhancements. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019469.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?024d6295\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000660.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e421e893\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2688\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-bcmath-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-cli-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-common-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-dba-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-devel-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-embedded-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-enchant-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-fpm-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-gd-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-imap-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-intl-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-ldap-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-mbstring-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-mysql-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-odbc-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-pdo-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-pgsql-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-process-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-pspell-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-recode-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-snmp-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-soap-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-tidy-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-xml-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-xmlrpc-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-zts-5.3.3-22.el6\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:47:57", "description": "From Red Hat Security Advisory 2013:0514 :\n\nUpdated php packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398)\n\nAn integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688)\n\nIt was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831)\n\nThese updated php packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes.\n\nAll users of php are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : php (ELSA-2013-0514)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1398", "CVE-2012-0831", "CVE-2012-2688"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:php", "p-cpe:/a:oracle:linux:php-bcmath", "p-cpe:/a:oracle:linux:php-cli", "p-cpe:/a:oracle:linux:php-common", "p-cpe:/a:oracle:linux:php-dba", "p-cpe:/a:oracle:linux:php-devel", "p-cpe:/a:oracle:linux:php-embedded", "p-cpe:/a:oracle:linux:php-enchant", "p-cpe:/a:oracle:linux:php-fpm", "p-cpe:/a:oracle:linux:php-gd", "p-cpe:/a:oracle:linux:php-imap", "p-cpe:/a:oracle:linux:php-intl", "p-cpe:/a:oracle:linux:php-ldap", "p-cpe:/a:oracle:linux:php-mbstring", "p-cpe:/a:oracle:linux:php-mysql", "p-cpe:/a:oracle:linux:php-odbc", "p-cpe:/a:oracle:linux:php-pdo", "p-cpe:/a:oracle:linux:php-pgsql", "p-cpe:/a:oracle:linux:php-process", "p-cpe:/a:oracle:linux:php-pspell", "p-cpe:/a:oracle:linux:php-recode", "p-cpe:/a:oracle:linux:php-snmp", "p-cpe:/a:oracle:linux:php-soap", "p-cpe:/a:oracle:linux:php-tidy", "p-cpe:/a:oracle:linux:php-xml", "p-cpe:/a:oracle:linux:php-xmlrpc", "p-cpe:/a:oracle:linux:php-zts", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2013-0514.NASL", "href": "https://www.tenable.com/plugins/nessus/68751", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0514 and \n# Oracle Linux Security Advisory ELSA-2013-0514 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68751);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1398\", \"CVE-2012-0831\", \"CVE-2012-2688\");\n script_bugtraq_id(51954, 51992, 54638, 55297);\n script_xref(name:\"RHSA\", value:\"2013:0514\");\n\n script_name(english:\"Oracle Linux 6 : php (ELSA-2013-0514)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0514 :\n\nUpdated php packages that fix three security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was found that PHP did not check for carriage returns in HTTP\nheaders, allowing intended HTTP response splitting protections to be\nbypassed. Depending on the web browser the victim is using, a remote\nattacker could use this flaw to perform HTTP response splitting\nattacks. (CVE-2011-1398)\n\nAn integer signedness issue, leading to a heap-based buffer underflow,\nwas found in the PHP scandir() function. If a remote attacker could\nupload an excessively large number of files to a directory the\nscandir() function runs on, it could cause the PHP interpreter to\ncrash or, possibly, execute arbitrary code. (CVE-2012-2688)\n\nIt was found that PHP did not correctly handle the magic_quotes_gpc\nconfiguration directive. This could result in magic_quotes_gpc input\nescaping not being applied in all cases, possibly making it easier for\na remote attacker to perform SQL injection attacks. (CVE-2012-0831)\n\nThese updated php packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.4\nTechnical Notes, linked to in the References, for information on the\nmost significant of these changes.\n\nAll users of php are advised to upgrade to these updated packages,\nwhich fix these issues and add these enhancements. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-February/003294.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"php-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-bcmath-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-cli-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-common-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-dba-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-devel-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-embedded-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-enchant-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-fpm-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-gd-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-imap-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-intl-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-ldap-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-mbstring-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-mysql-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-odbc-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-pdo-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-pgsql-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-process-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-pspell-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-recode-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-snmp-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-soap-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-tidy-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-xml-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-xmlrpc-5.3.3-22.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-zts-5.3.3-22.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:43:32", "description": "According to its banner, the version of PHP installed on the remote host is earlier than 5.3.11, and as such is potentially affected by multiple vulnerabilities :\n\n - During the import of environment variables, temporary changes to the 'magic_quotes_gpc' directive are not handled properly. This can lower the difficulty for SQL injection attacks. (CVE-2012-0831)\n\n - The '$_FILES' variable can be corrupted because the names of uploaded files are not properly validated.\n (CVE-2012-1172)\n\n - The 'open_basedir' directive is not properly handled by the functions 'readline_write_history' and 'readline_read_history'.\n\n - The 'header()' function does not detect multi-line headers with a CR. (Bug #60227 / CVE-2011-1398)", "cvss3": {}, "published": "2012-05-02T00:00:00", "type": "nessus", "title": "PHP < 5.3.11 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1398", "CVE-2012-0831", "CVE-2012-1172"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_3_11.NASL", "href": "https://www.tenable.com/plugins/nessus/58966", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58966);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2011-1398\", \"CVE-2012-0831\", \"CVE-2012-1172\");\n script_bugtraq_id(51954, 53403, 55297);\n\n script_name(english:\"PHP < 5.3.11 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by \nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP installed on the remote\nhost is earlier than 5.3.11, and as such is potentially affected by\nmultiple vulnerabilities :\n\n - During the import of environment variables, temporary\n changes to the 'magic_quotes_gpc' directive are not\n handled properly. This can lower the difficulty for\n SQL injection attacks. (CVE-2012-0831)\n\n - The '$_FILES' variable can be corrupted because the\n names of uploaded files are not properly validated.\n (CVE-2012-1172)\n\n - The 'open_basedir' directive is not properly handled by\n the functions 'readline_write_history' and\n 'readline_read_history'.\n\n - The 'header()' function does not detect multi-line\n headers with a CR. (Bug #60227 / CVE-2011-1398)\");\n # https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e81d4026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=61043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=54374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=60227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://marc.info/?l=oss-security&m=134626481806571&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/archive/2012.php#id2012-04-26-1\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.3.11\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.3.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0831\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# All before 5.3.11 are affected.\nfixed_version = '5.3.11';\n\nif (\n version =~ \"^[0-4]($|\\.)\" ||\n version =~ \"^5\\.[0-2]($|\\.)\" ||\n version =~ \"^5\\.3\\.([0-9]|10)($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : '+fixed_version+'\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:04:22", "description": "Updated php packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398)\n\nAn integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688)\n\nIt was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831)\n\nThese updated php packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes.\n\nAll users of php are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-02-21T00:00:00", "type": "nessus", "title": "RHEL 6 : php (RHSA-2013:0514)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1398", "CVE-2012-0831", "CVE-2012-2688"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-debuginfo", "p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-embedded", "p-cpe:/a:redhat:enterprise_linux:php-enchant", "p-cpe:/a:redhat:enterprise_linux:php-fpm", "p-cpe:/a:redhat:enterprise_linux:php-gd", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-intl", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "p-cpe:/a:redhat:enterprise_linux:php-process", "p-cpe:/a:redhat:enterprise_linux:php-pspell", "p-cpe:/a:redhat:enterprise_linux:php-recode", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-tidy", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:php-zts", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-0514.NASL", "href": "https://www.tenable.com/plugins/nessus/64762", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0514. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64762);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1398\", \"CVE-2012-0831\", \"CVE-2012-2688\");\n script_xref(name:\"RHSA\", value:\"2013:0514\");\n\n script_name(english:\"RHEL 6 : php (RHSA-2013:0514)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php packages that fix three security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was found that PHP did not check for carriage returns in HTTP\nheaders, allowing intended HTTP response splitting protections to be\nbypassed. Depending on the web browser the victim is using, a remote\nattacker could use this flaw to perform HTTP response splitting\nattacks. (CVE-2011-1398)\n\nAn integer signedness issue, leading to a heap-based buffer underflow,\nwas found in the PHP scandir() function. If a remote attacker could\nupload an excessively large number of files to a directory the\nscandir() function runs on, it could cause the PHP interpreter to\ncrash or, possibly, execute arbitrary code. (CVE-2012-2688)\n\nIt was found that PHP did not correctly handle the magic_quotes_gpc\nconfiguration directive. This could result in magic_quotes_gpc input\nescaping not being applied in all cases, possibly making it easier for\na remote attacker to perform SQL injection attacks. (CVE-2012-0831)\n\nThese updated php packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 6.4\nTechnical Notes, linked to in the References, for information on the\nmost significant of these changes.\n\nAll users of php are advised to upgrade to these updated packages,\nwhich fix these issues and add these enhancements. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n # https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5caa05f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0831\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0514\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-bcmath-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-bcmath-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-bcmath-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-cli-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-cli-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-cli-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-common-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-common-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-common-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-dba-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-dba-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-dba-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-debuginfo-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-debuginfo-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-debuginfo-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-devel-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-devel-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-devel-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-embedded-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-embedded-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-embedded-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-enchant-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-enchant-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-enchant-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-fpm-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-fpm-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-fpm-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-gd-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-gd-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-gd-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-imap-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-imap-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-imap-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-intl-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-intl-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-intl-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-ldap-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-ldap-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-ldap-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-mbstring-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-mbstring-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-mbstring-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-mysql-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-mysql-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-mysql-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-odbc-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-odbc-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-odbc-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-pdo-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-pdo-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-pdo-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-pgsql-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-pgsql-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-pgsql-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-process-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-process-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-process-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-pspell-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-pspell-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-pspell-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-recode-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-recode-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-recode-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-snmp-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-snmp-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-snmp-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-soap-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-soap-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-soap-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-tidy-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-tidy-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-tidy-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-xml-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-xml-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-xml-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-xmlrpc-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-xmlrpc-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-zts-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-zts-5.3.3-22.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-zts-5.3.3-22.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:46:52", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP configuration directive, 'xsl.security_prefs', can be used to enable file writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the PHP phar extension processed certain fields of tar archive files. A remote attacker could provide a specially crafted tar archive file that, when processed by a PHP application using the phar extension, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running PHP. (CVE-2012-2386)\n\nA format string flaw was found in the way the PHP phar extension processed certain PHAR files. A remote attacker could provide a specially crafted PHAR file, which once processed in a PHP application using the phar extension, could lead to information disclosure and possibly arbitrary code execution via a crafted phar:// URI.\n(CVE-2010-2950)\n\nA flaw was found in the DES algorithm implementation in the crypt() password hashing function in PHP. If the password string to be hashed contained certain characters, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. (CVE-2012-2143)\n\nNote: With this update, passwords are no longer truncated when performing DES hashing. Therefore, new hashes of the affected passwords will not match stored hashes generated using vulnerable PHP versions, and will need to be updated.\n\nIt was discovered that the fix for CVE-2012-1823, released via a previous update, did not properly filter all php-cgi command line arguments. A specially crafted request to a PHP script could cause the PHP interpreter to execute the script in a loop, or output usage information that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nA NULL pointer dereference flaw was found in the PHP tidy_diagnose() function. A remote attacker could use specially crafted input to crash an application that uses tidy::diagnose. (CVE-2012-0781)\n\nIt was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153)\n\nAll php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : php on SL6.x i386/x86_64 (20120627)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2950", "CVE-2011-4153", "CVE-2012-0057", "CVE-2012-0781", "CVE-2012-0789", "CVE-2012-1172", "CVE-2012-1823", "CVE-2012-2143", "CVE-2012-2336", "CVE-2012-2386"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:php", "p-cpe:/a:fermilab:scientific_linux:php-bcmath", "p-cpe:/a:fermilab:scientific_linux:php-cli", "p-cpe:/a:fermilab:scientific_linux:php-common", "p-cpe:/a:fermilab:scientific_linux:php-dba", "p-cpe:/a:fermilab:scientific_linux:php-debuginfo", "p-cpe:/a:fermilab:scientific_linux:php-devel", "p-cpe:/a:fermilab:scientific_linux:php-embedded", "p-cpe:/a:fermilab:scientific_linux:php-enchant", "p-cpe:/a:fermilab:scientific_linux:php-gd", "p-cpe:/a:fermilab:scientific_linux:php-imap", "p-cpe:/a:fermilab:scientific_linux:php-intl", "p-cpe:/a:fermilab:scientific_linux:php-ldap", "p-cpe:/a:fermilab:scientific_linux:php-mbstring", "p-cpe:/a:fermilab:scientific_linux:php-mysql", "p-cpe:/a:fermilab:scientific_linux:php-odbc", "p-cpe:/a:fermilab:scientific_linux:php-pdo", "p-cpe:/a:fermilab:scientific_linux:php-pgsql", "p-cpe:/a:fermilab:scientific_linux:php-process", "p-cpe:/a:fermilab:scientific_linux:php-pspell", "p-cpe:/a:fermilab:scientific_linux:php-recode", "p-cpe:/a:fermilab:scientific_linux:php-snmp", "p-cpe:/a:fermilab:scientific_linux:php-soap", "p-cpe:/a:fermilab:scientific_linux:php-tidy", "p-cpe:/a:fermilab:scientific_linux:php-xml", "p-cpe:/a:fermilab:scientific_linux:php-xmlrpc", "p-cpe:/a:fermilab:scientific_linux:php-zts", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120627_PHP_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61358", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61358);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2950\", \"CVE-2011-4153\", \"CVE-2012-0057\", \"CVE-2012-0781\", \"CVE-2012-0789\", \"CVE-2012-1172\", \"CVE-2012-2143\", \"CVE-2012-2336\", \"CVE-2012-2386\");\n script_xref(name:\"TRA\", value:\"TRA-2012-01\");\n\n script_name(english:\"Scientific Linux Security Update : php on SL6.x i386/x86_64 (20120627)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file\nwriting capability of libxslt. A remote attacker could use this flaw\nto create or overwrite an arbitrary file that is writable by the user\nrunning PHP, if a PHP script processed untrusted eXtensible Style\nSheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP\nconfiguration directive, 'xsl.security_prefs', can be used to enable\nfile writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload\nrequests. A remote attacker could possibly use this flaw to bypass the\nsanitization of the uploaded file names, and cause a PHP script to\nstore the uploaded file in an unexpected directory, by using a\ndirectory traversal attack. (CVE-2012-1172)\n\nMultiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in the way the PHP phar extension processed\ncertain fields of tar archive files. A remote attacker could provide a\nspecially crafted tar archive file that, when processed by a PHP\napplication using the phar extension, could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running PHP. (CVE-2012-2386)\n\nA format string flaw was found in the way the PHP phar extension\nprocessed certain PHAR files. A remote attacker could provide a\nspecially crafted PHAR file, which once processed in a PHP application\nusing the phar extension, could lead to information disclosure and\npossibly arbitrary code execution via a crafted phar:// URI.\n(CVE-2010-2950)\n\nA flaw was found in the DES algorithm implementation in the crypt()\npassword hashing function in PHP. If the password string to be hashed\ncontained certain characters, the remainder of the string was ignored\nwhen calculating the hash, significantly reducing the password\nstrength. (CVE-2012-2143)\n\nNote: With this update, passwords are no longer truncated when\nperforming DES hashing. Therefore, new hashes of the affected\npasswords will not match stored hashes generated using vulnerable PHP\nversions, and will need to be updated.\n\nIt was discovered that the fix for CVE-2012-1823, released via a\nprevious update, did not properly filter all php-cgi command line\narguments. A specially crafted request to a PHP script could cause the\nPHP interpreter to execute the script in a loop, or output usage\ninformation that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A\nremote attacker could possibly use this flaw to cause excessive memory\nconsumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nA NULL pointer dereference flaw was found in the PHP tidy_diagnose()\nfunction. A remote attacker could use specially crafted input to crash\nan application that uses tidy::diagnose. (CVE-2012-0781)\n\nIt was found that PHP did not check the zend_strndup() function's\nreturn value in certain cases. A remote attacker could possibly use\nthis flaw to crash a PHP application. (CVE-2011-4153)\n\nAll php users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1207&L=scientific-linux-errata&T=0&P=2427\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?055113e5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2012-01\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"php-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-bcmath-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-cli-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-common-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-dba-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-debuginfo-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-devel-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-embedded-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-enchant-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-gd-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-imap-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-intl-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-ldap-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-mbstring-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-mysql-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-odbc-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-pdo-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-pgsql-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-process-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-pspell-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-recode-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-snmp-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-soap-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-tidy-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-xml-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-xmlrpc-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-zts-5.3.3-14.el6_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:23:09", "description": "PHP versions earlier than 5.3.11 are affected by the following vulnerabilities : \n\n - During the import of environment variables, temporary changes to the 'magic_quotes_gpc' directive are not handled properly. This can lower the difficulty for SQL injection attacks. (CVE-2012-0831)\n\n - The '$_FILES' variable can be corrupted because the names of uploaded files are not properly validated. (CVE-2012-1172)\n\n - The 'open_basedir' directive is not properly handled by the functions 'readline_write_history' and 'readline_read_history'.\n\n - The 'header()' function does not detect multi-line headers with a CR. (Bug #60227 / CVE-2011-1398)", "cvss3": {}, "published": "2013-08-20T00:00:00", "type": "nessus", "title": "PHP < 5.3.11 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1398", "CVE-2012-0831", "CVE-2012-1172"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "6995.PRM", "href": "https://www.tenable.com/plugins/nnm/6995", "sourceData": "Binary data 6995.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-30T14:51:40", "description": "Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP configuration directive, 'xsl.security_prefs', can be used to enable file writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the PHP phar extension processed certain fields of tar archive files. A remote attacker could provide a specially crafted tar archive file that, when processed by a PHP application using the phar extension, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running PHP. (CVE-2012-2386)\n\nA format string flaw was found in the way the PHP phar extension processed certain PHAR files. A remote attacker could provide a specially crafted PHAR file, which once processed in a PHP application using the phar extension, could lead to information disclosure and possibly arbitrary code execution via a crafted phar:// URI.\n(CVE-2010-2950)\n\nA flaw was found in the DES algorithm implementation in the crypt() password hashing function in PHP. If the password string to be hashed contained certain characters, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. (CVE-2012-2143)\n\nNote: With this update, passwords are no longer truncated when performing DES hashing. Therefore, new hashes of the affected passwords will not match stored hashes generated using vulnerable PHP versions, and will need to be updated.\n\nIt was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0546, did not properly filter all php-cgi command line arguments. A specially crafted request to a PHP script could cause the PHP interpreter to execute the script in a loop, or output usage information that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nA NULL pointer dereference flaw was found in the PHP tidy_diagnose() function. A remote attacker could use specially crafted input to crash an application that uses tidy::diagnose. (CVE-2012-0781)\n\nIt was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153)\n\nUpstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of CVE-2012-2143.\n\nAll php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-07-11T00:00:00", "type": "nessus", "title": "CentOS 6 : php (CESA-2012:1046)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2950", "CVE-2011-4153", "CVE-2012-0057", "CVE-2012-0781", "CVE-2012-0789", "CVE-2012-1172", "CVE-2012-1823", "CVE-2012-2143", "CVE-2012-2336", "CVE-2012-2386"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:php-gd", "p-cpe:/a:centos:centos:php-imap", "p-cpe:/a:centos:centos:php-intl", "p-cpe:/a:centos:centos:php-ldap", "p-cpe:/a:centos:centos:php-mbstring", "p-cpe:/a:centos:centos:php-mysql", "p-cpe:/a:centos:centos:php-odbc", "p-cpe:/a:centos:centos:php-pdo", "p-cpe:/a:centos:centos:php-pgsql", "p-cpe:/a:centos:centos:php-process", "p-cpe:/a:centos:centos:php-pspell", "p-cpe:/a:centos:centos:php-recode", "p-cpe:/a:centos:centos:php-snmp", "p-cpe:/a:centos:centos:php-soap", "p-cpe:/a:centos:centos:php-tidy", "p-cpe:/a:centos:centos:php-xml", "p-cpe:/a:centos:centos:php-xmlrpc", "p-cpe:/a:centos:centos:php-zts", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:php", "p-cpe:/a:centos:centos:php-bcmath", "p-cpe:/a:centos:centos:php-cli", "p-cpe:/a:centos:centos:php-common", "p-cpe:/a:centos:centos:php-dba", "p-cpe:/a:centos:centos:php-devel", "p-cpe:/a:centos:centos:php-embedded", "p-cpe:/a:centos:centos:php-enchant"], "id": "CENTOS_RHSA-2012-1046.NASL", "href": "https://www.tenable.com/plugins/nessus/59938", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1046 and \n# CentOS Errata and Security Advisory 2012:1046 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59938);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2950\", \"CVE-2011-4153\", \"CVE-2012-0057\", \"CVE-2012-0781\", \"CVE-2012-0789\", \"CVE-2012-1172\", \"CVE-2012-2143\", \"CVE-2012-2336\", \"CVE-2012-2386\");\n script_bugtraq_id(40173, 47545, 51992, 53729);\n script_xref(name:\"RHSA\", value:\"2012:1046\");\n script_xref(name:\"TRA\", value:\"TRA-2012-01\");\n\n script_name(english:\"CentOS 6 : php (CESA-2012:1046)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file\nwriting capability of libxslt. A remote attacker could use this flaw\nto create or overwrite an arbitrary file that is writable by the user\nrunning PHP, if a PHP script processed untrusted eXtensible Style\nSheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP\nconfiguration directive, 'xsl.security_prefs', can be used to enable\nfile writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload\nrequests. A remote attacker could possibly use this flaw to bypass the\nsanitization of the uploaded file names, and cause a PHP script to\nstore the uploaded file in an unexpected directory, by using a\ndirectory traversal attack. (CVE-2012-1172)\n\nMultiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in the way the PHP phar extension processed\ncertain fields of tar archive files. A remote attacker could provide a\nspecially crafted tar archive file that, when processed by a PHP\napplication using the phar extension, could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running PHP. (CVE-2012-2386)\n\nA format string flaw was found in the way the PHP phar extension\nprocessed certain PHAR files. A remote attacker could provide a\nspecially crafted PHAR file, which once processed in a PHP application\nusing the phar extension, could lead to information disclosure and\npossibly arbitrary code execution via a crafted phar:// URI.\n(CVE-2010-2950)\n\nA flaw was found in the DES algorithm implementation in the crypt()\npassword hashing function in PHP. If the password string to be hashed\ncontained certain characters, the remainder of the string was ignored\nwhen calculating the hash, significantly reducing the password\nstrength. (CVE-2012-2143)\n\nNote: With this update, passwords are no longer truncated when\nperforming DES hashing. Therefore, new hashes of the affected\npasswords will not match stored hashes generated using vulnerable PHP\nversions, and will need to be updated.\n\nIt was discovered that the fix for CVE-2012-1823, released via\nRHSA-2012:0546, did not properly filter all php-cgi command line\narguments. A specially crafted request to a PHP script could cause the\nPHP interpreter to execute the script in a loop, or output usage\ninformation that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A\nremote attacker could possibly use this flaw to cause excessive memory\nconsumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nA NULL pointer dereference flaw was found in the PHP tidy_diagnose()\nfunction. A remote attacker could use specially crafted input to crash\nan application that uses tidy::diagnose. (CVE-2012-0781)\n\nIt was found that PHP did not check the zend_strndup() function's\nreturn value in certain cases. A remote attacker could possibly use\nthis flaw to crash a PHP application. (CVE-2011-4153)\n\nUpstream acknowledges Rubin Xu and Joseph Bonneau as the original\nreporters of CVE-2012-2143.\n\nAll php users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-July/018730.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1128679e\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2012-01\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2386\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-bcmath-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-cli-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-common-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-dba-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-devel-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-embedded-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-enchant-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-gd-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-imap-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-intl-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-ldap-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-mbstring-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-mysql-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-odbc-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-pdo-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-pgsql-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-process-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-pspell-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-recode-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-snmp-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-soap-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-tidy-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-xml-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-xmlrpc-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-zts-5.3.3-14.el6_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:14:14", "description": "From Red Hat Security Advisory 2012:1046 :\n\nUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP configuration directive, 'xsl.security_prefs', can be used to enable file writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the PHP phar extension processed certain fields of tar archive files. A remote attacker could provide a specially crafted tar archive file that, when processed by a PHP application using the phar extension, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running PHP. (CVE-2012-2386)\n\nA format string flaw was found in the way the PHP phar extension processed certain PHAR files. A remote attacker could provide a specially crafted PHAR file, which once processed in a PHP application using the phar extension, could lead to information disclosure and possibly arbitrary code execution via a crafted phar:// URI.\n(CVE-2010-2950)\n\nA flaw was found in the DES algorithm implementation in the crypt() password hashing function in PHP. If the password string to be hashed contained certain characters, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. (CVE-2012-2143)\n\nNote: With this update, passwords are no longer truncated when performing DES hashing. Therefore, new hashes of the affected passwords will not match stored hashes generated using vulnerable PHP versions, and will need to be updated.\n\nIt was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0546, did not properly filter all php-cgi command line arguments. A specially crafted request to a PHP script could cause the PHP interpreter to execute the script in a loop, or output usage information that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nA NULL pointer dereference flaw was found in the PHP tidy_diagnose() function. A remote attacker could use specially crafted input to crash an application that uses tidy::diagnose. (CVE-2012-0781)\n\nIt was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153)\n\nUpstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of CVE-2012-2143.\n\nAll php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : php (ELSA-2012-1046)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2950", "CVE-2011-4153", "CVE-2012-0057", "CVE-2012-0781", "CVE-2012-0789", "CVE-2012-1172", "CVE-2012-1823", "CVE-2012-2143", "CVE-2012-2336", "CVE-2012-2386"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:php", "p-cpe:/a:oracle:linux:php-bcmath", "p-cpe:/a:oracle:linux:php-cli", "p-cpe:/a:oracle:linux:php-common", "p-cpe:/a:oracle:linux:php-dba", "p-cpe:/a:oracle:linux:php-devel", "p-cpe:/a:oracle:linux:php-embedded", "p-cpe:/a:oracle:linux:php-enchant", "p-cpe:/a:oracle:linux:php-gd", "p-cpe:/a:oracle:linux:php-imap", "p-cpe:/a:oracle:linux:php-intl", "p-cpe:/a:oracle:linux:php-ldap", "p-cpe:/a:oracle:linux:php-mbstring", "p-cpe:/a:oracle:linux:php-mysql", "p-cpe:/a:oracle:linux:php-odbc", "p-cpe:/a:oracle:linux:php-pdo", "p-cpe:/a:oracle:linux:php-pgsql", "p-cpe:/a:oracle:linux:php-process", "p-cpe:/a:oracle:linux:php-pspell", "p-cpe:/a:oracle:linux:php-recode", "p-cpe:/a:oracle:linux:php-snmp", "p-cpe:/a:oracle:linux:php-soap", "p-cpe:/a:oracle:linux:php-tidy", "p-cpe:/a:oracle:linux:php-xml", "p-cpe:/a:oracle:linux:php-xmlrpc", "p-cpe:/a:oracle:linux:php-zts", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-1046.NASL", "href": "https://www.tenable.com/plugins/nessus/68570", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1046 and \n# Oracle Linux Security Advisory ELSA-2012-1046 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68570);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2950\", \"CVE-2011-4153\", \"CVE-2012-0057\", \"CVE-2012-0781\", \"CVE-2012-0789\", \"CVE-2012-1172\", \"CVE-2012-2143\", \"CVE-2012-2336\", \"CVE-2012-2386\");\n script_bugtraq_id(40173, 46365, 46967, 46969, 46970, 46975, 46977, 47545, 47950, 48259, 49241, 51193, 51417, 51806, 51992, 52043, 53388, 53403, 53729);\n script_xref(name:\"RHSA\", value:\"2012:1046\");\n script_xref(name:\"TRA\", value:\"TRA-2012-01\");\n\n script_name(english:\"Oracle Linux 6 : php (ELSA-2012-1046)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1046 :\n\nUpdated php packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was discovered that the PHP XSL extension did not restrict the file\nwriting capability of libxslt. A remote attacker could use this flaw\nto create or overwrite an arbitrary file that is writable by the user\nrunning PHP, if a PHP script processed untrusted eXtensible Style\nSheet Language Transformations (XSLT) content. (CVE-2012-0057)\n\nNote: This update disables file writing by default. A new PHP\nconfiguration directive, 'xsl.security_prefs', can be used to enable\nfile writing in XSLT.\n\nA flaw was found in the way PHP validated file names in file upload\nrequests. A remote attacker could possibly use this flaw to bypass the\nsanitization of the uploaded file names, and cause a PHP script to\nstore the uploaded file in an unexpected directory, by using a\ndirectory traversal attack. (CVE-2012-1172)\n\nMultiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in the way the PHP phar extension processed\ncertain fields of tar archive files. A remote attacker could provide a\nspecially crafted tar archive file that, when processed by a PHP\napplication using the phar extension, could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running PHP. (CVE-2012-2386)\n\nA format string flaw was found in the way the PHP phar extension\nprocessed certain PHAR files. A remote attacker could provide a\nspecially crafted PHAR file, which once processed in a PHP application\nusing the phar extension, could lead to information disclosure and\npossibly arbitrary code execution via a crafted phar:// URI.\n(CVE-2010-2950)\n\nA flaw was found in the DES algorithm implementation in the crypt()\npassword hashing function in PHP. If the password string to be hashed\ncontained certain characters, the remainder of the string was ignored\nwhen calculating the hash, significantly reducing the password\nstrength. (CVE-2012-2143)\n\nNote: With this update, passwords are no longer truncated when\nperforming DES hashing. Therefore, new hashes of the affected\npasswords will not match stored hashes generated using vulnerable PHP\nversions, and will need to be updated.\n\nIt was discovered that the fix for CVE-2012-1823, released via\nRHSA-2012:0546, did not properly filter all php-cgi command line\narguments. A specially crafted request to a PHP script could cause the\nPHP interpreter to execute the script in a loop, or output usage\ninformation that triggers an Internal Server Error. (CVE-2012-2336)\n\nA memory leak flaw was found in the PHP strtotime() function call. A\nremote attacker could possibly use this flaw to cause excessive memory\nconsumption by triggering many strtotime() function calls.\n(CVE-2012-0789)\n\nA NULL pointer dereference flaw was found in the PHP tidy_diagnose()\nfunction. A remote attacker could use specially crafted input to crash\nan application that uses tidy::diagnose. (CVE-2012-0781)\n\nIt was found that PHP did not check the zend_strndup() function's\nreturn value in certain cases. A remote attacker could possibly use\nthis flaw to crash a PHP application. (CVE-2011-4153)\n\nUpstream acknowledges Rubin Xu and Joseph Bonneau as the original\nreporters of CVE-2012-2143.\n\nAll php users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-June/002894.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2012-01\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"php-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-bcmath-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-cli-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-common-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-dba-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-devel-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-embedded-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-enchant-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-gd-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-imap-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-intl-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-ldap-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-mbstring-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-mysql-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-odbc-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-pdo-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-pgsql-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-process-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-pspell-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-recode-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-snmp-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-soap-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-tidy-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-xml-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-xmlrpc-5.3.3-14.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-zts-5.3.3-14.el6_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:29", "description": "Versions of PHP earlier than 5.3.9 are potentially affected by multiple vulnerabilities :\n\n - It is possible to create a denial of service condition by sending multiple, specially crafted requests containing parameter values that cause hash collisions when computing the hash values for storage in a hash table. (CVE-2011-4885)\n\n - An integer overflow exists in the exif_process_IFD_TAG function in exif.c that can allow a remote attacker to read arbitrary memory locations or cause a denial of service condition. This vulnerability only affects PHP 5.4.0beta2 on 32-bit platforms. (CVE-2011-4566)\n\n - Calls to libxslt are not restricted via xsltSetSecurityPrefs(), which could allow an attacker to create or overwrite file, resulting in arbitrary code execution. (CVE-2012-0057)\n\n - An error exists in the function 'tidy_diagnose' that can allow an attacker to cause the application to dereference a null pointer. This causes the application to crash. (CVE-2012-0781)\n\n - The 'PDORow' implementation contains an error that can cause application crashes when interacting with the session feature. C(VE-2012-0788)\n\n - An error exists in the timezone handling such that repeated calls to the function 'strtotime' can allow a denial of service attack via memory consuption. (CVE-2012-0789)", "cvss3": {}, "published": "2012-01-16T00:00:00", "type": "nessus", "title": "PHP < 5.3.9 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4566", "CVE-2011-4885", "CVE-2012-0057", "CVE-2012-0781", "CVE-2012-0789"], "modified": "2012-01-16T00:00:00", "cpe": [], "id": "801116.PRM", "href": "https://www.tenable.com/plugins/lce/801116", "sourceData": "Binary data 801116.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:42", "description": "Versions of PHP earlier than 5.3.9 are potentially affected by multiple vulnerabilities :\n\n - It is possible to create a denial of service condition by sending multiple, specially crafted requests containing parameter values that cause hash collisions when computing the hash values for storage in a hash table. (CVE-2011-4885)\n - An integer overflow exists in the exif_process_IFD_TAG function in exif.c that can allow a remote attacker to read arbitrary memory locations or cause a denial of service condition. This vulnerability only affects PHP 5.4.0beta2 on 32-bit platforms. (CVE-2011-4566)\n - Calls to libxslt are not restricted via xsltSetSecurityPrefs(), which could allow an attacker to create or overwrite file, resulting in arbitrary code execution. (CVE-2012-0057)\n - An error exists in the function 'tidy_diagnose' that can allow an attacker to cause the application to dereference a null pointer. This causes the application to crash. (CVE-2012-0781)\n - The 'PDORow' implementation contains an error that can cause application crashes when interacting with the session feature. C(VE-2012-0788)\n - An error exists in the timezone handling such that repeated calls to the function 'strtotime' can allow a denial of service attack via memory consuption. (CVE-2012-0789)", "cvss3": {}, "published": "2012-01-16T00:00:00", "type": "nessus", "title": "PHP < 5.3.9 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4566", "CVE-2011-4885", "CVE-2012-0057", "CVE-2012-0781", "CVE-2012-0789"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "6263.PRM", "href": "https://www.tenable.com/plugins/nnm/6263", "sourceData": "Binary data 6263.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:38:39", "description": "Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues :\n\n - CVE-2011-1938 The UNIX socket handling allowed attackers to trigger a buffer overflow via a long path name.\n\n - CVE-2011-2483 The crypt_blowfish function did not properly handle 8-bit characters, which made it easier for attackers to determine a cleartext password by using knowledge of a password hash.\n\n - CVE-2011-4566 When used on 32 bit platforms, the exif extension could be used to trigger an integer overflow in the exif_process_IFD_TAG function when processing a JPEG file.\n\n - CVE-2011-4885 It was possible to trigger hash collisions predictably when parsing form parameters, which allows remote attackers to cause a denial of service by sending many crafted parameters.\n\n - CVE-2012-0057 When applying a crafted XSLT transform, an attacker could write files to arbitrary places in the filesystem.\n\nNOTE: the fix for CVE-2011-2483 required changing the behaviour of this function: it is now incompatible with some old (wrongly) generated hashes for passwords containing 8-bit characters. See the package NEWS entry for details. This change has not been applied to the Lenny version of PHP.", "cvss3": {}, "published": "2012-02-01T00:00:00", "type": "nessus", "title": "Debian DSA-2399-2 : php5 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1938", "CVE-2011-2483", "CVE-2011-4566", "CVE-2011-4885", "CVE-2012-0057"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:php5", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2399.NASL", "href": "https://www.tenable.com/plugins/nessus/57753", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2399. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57753);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1938\", \"CVE-2011-2483\", \"CVE-2011-4566\", \"CVE-2011-4885\", \"CVE-2012-0057\");\n script_bugtraq_id(47950, 49241, 50907, 51193);\n script_xref(name:\"DSA\", value:\"2399\");\n\n script_name(english:\"Debian DSA-2399-2 : php5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues :\n\n - CVE-2011-1938\n The UNIX socket handling allowed attackers to trigger a\n buffer overflow via a long path name.\n\n - CVE-2011-2483\n The crypt_blowfish function did not properly handle\n 8-bit characters, which made it easier for attackers to\n determine a cleartext password by using knowledge of a\n password hash.\n\n - CVE-2011-4566\n When used on 32 bit platforms, the exif extension could\n be used to trigger an integer overflow in the\n exif_process_IFD_TAG function when processing a JPEG\n file.\n\n - CVE-2011-4885\n It was possible to trigger hash collisions predictably\n when parsing form parameters, which allows remote\n attackers to cause a denial of service by sending many\n crafted parameters.\n\n - CVE-2012-0057\n When applying a crafted XSLT transform, an attacker\n could write files to arbitrary places in the filesystem.\n\nNOTE: the fix for CVE-2011-2483 required changing the behaviour of\nthis function: it is now incompatible with some old (wrongly)\ngenerated hashes for passwords containing 8-bit characters. See the\npackage NEWS entry for details. This change has not been applied to\nthe Lenny version of PHP.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2399\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php5 packages.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 5.2.6.dfsg.1-1+lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 5.3.3-7+squeeze6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"php5\", reference:\"5.2.6.dfsg.1-1+lenny15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php-pear\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cgi\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cli\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-common\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-curl\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dbg\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dev\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-enchant\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gd\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gmp\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-imap\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-interbase\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-intl\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-ldap\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mcrypt\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mysql\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-odbc\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pgsql\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pspell\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-recode\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-snmp\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sqlite\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sybase\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-tidy\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xmlrpc\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xsl\", reference:\"5.3.3-7+squeeze6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T16:16:29", "description": "The PostgreSQL Global Development Group reports :\n\nThe PostgreSQL Global Development Group today released security updates for all active branches of the PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. This update patches security holes associated with libxml2 and libxslt, similar to those affecting other open source projects. All users are urged to update their installations at the first available opportunity\n\nUsers who are relying on the built-in XML functionality to validate external DTDs will need to implement a workaround, as this security patch disables that functionality. Users who are using xslt_process() to fetch documents or stylesheets from external URLs will no longer be able to do so. The PostgreSQL project regrets the need to disable both of these features in order to maintain our security standards. These security issues with XML are substantially similar to issues patched recently by the Webkit (CVE-2011-1774), XMLsec (CVE-2011-1425) and PHP5 (CVE-2012-0057) projects.", "cvss3": {}, "published": "2012-08-20T00:00:00", "type": "nessus", "title": "FreeBSD : databases/postgresql*-server -- multiple vulnerabilities (07234e78-e899-11e1-b38d-0023ae8e59f0)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1425", "CVE-2011-1774", "CVE-2012-0057", "CVE-2012-3488", "CVE-2012-3489"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:postgresql-server", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_07234E78E89911E1B38D0023AE8E59F0.NASL", "href": "https://www.tenable.com/plugins/nessus/61586", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61586);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n\n script_name(english:\"FreeBSD : databases/postgresql*-server -- multiple vulnerabilities (07234e78-e899-11e1-b38d-0023ae8e59f0)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The PostgreSQL Global Development Group reports :\n\nThe PostgreSQL Global Development Group today released security\nupdates for all active branches of the PostgreSQL database system,\nincluding versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. This update\npatches security holes associated with libxml2 and libxslt, similar to\nthose affecting other open source projects. All users are urged to\nupdate their installations at the first available opportunity\n\nUsers who are relying on the built-in XML functionality to validate\nexternal DTDs will need to implement a workaround, as this security\npatch disables that functionality. Users who are using xslt_process()\nto fetch documents or stylesheets from external URLs will no longer be\nable to do so. The PostgreSQL project regrets the need to disable both\nof these features in order to maintain our security standards. These\nsecurity issues with XML are substantially similar to issues patched\nrecently by the Webkit (CVE-2011-1774), XMLsec (CVE-2011-1425) and\nPHP5 (CVE-2012-0057) projects.\"\n );\n # http://www.postgresql.org/about/news/1407/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/about/news/1407/\"\n );\n # https://vuxml.freebsd.org/freebsd/07234e78-e899-11e1-b38d-0023ae8e59f0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?32ad7cf3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>8.3.*<8.3.20\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>8.4.*<8.4.13\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>9.0.*<9.0.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>9.1.*<9.1.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:18:23", "description": "From Red Hat Security Advisory 2013:1307 :\n\nUpdated php53 packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243)\n\nIt was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398)\n\nA flaw was found in PHP's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. If an attacker was able to get a carefully crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate to conduct man-in-the-middle attacks to spoof SSL servers.\n(CVE-2013-4248)\n\nAn integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688)\n\nIt was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831)\n\nIt was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension.\n(CVE-2013-1643)\n\nThese updated php53 packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.10 Technical Notes, linked to in the References, for information on the most significant of these changes.\n\nAll PHP users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-10-03T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : php53 (ELSA-2013-1307)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2011-1398", "CVE-2012-0831", "CVE-2012-2688", "CVE-2013-1643", "CVE-2013-4248"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:php53", "p-cpe:/a:oracle:linux:php53-bcmath", "p-cpe:/a:oracle:linux:php53-cli", "p-cpe:/a:oracle:linux:php53-common", "p-cpe:/a:oracle:linux:php53-dba", "p-cpe:/a:oracle:linux:php53-devel", "p-cpe:/a:oracle:linux:php53-gd", "p-cpe:/a:oracle:linux:php53-imap", "p-cpe:/a:oracle:linux:php53-intl", "p-cpe:/a:oracle:linux:php53-ldap", "p-cpe:/a:oracle:linux:php53-mbstring", "p-cpe:/a:oracle:linux:php53-mysql", "p-cpe:/a:oracle:linux:php53-odbc", "p-cpe:/a:oracle:linux:php53-pdo", "p-cpe:/a:oracle:linux:php53-pgsql", "p-cpe:/a:oracle:linux:php53-process", "p-cpe:/a:oracle:linux:php53-pspell", "p-cpe:/a:oracle:linux:php53-snmp", "p-cpe:/a:oracle:linux:php53-soap", "p-cpe:/a:oracle:linux:php53-xml", "p-cpe:/a:oracle:linux:php53-xmlrpc", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2013-1307.NASL", "href": "https://www.tenable.com/plugins/nessus/70284", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:1307 and \n# Oracle Linux Security Advisory ELSA-2013-1307 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70284);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2011-1398\", \"CVE-2012-0831\", \"CVE-2012-2688\", \"CVE-2013-1643\", \"CVE-2013-4248\");\n script_bugtraq_id(44951, 51954, 54638, 55297, 58766, 61128, 61776);\n script_xref(name:\"RHSA\", value:\"2013:1307\");\n\n script_name(english:\"Oracle Linux 5 : php53 (ELSA-2013-1307)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:1307 :\n\nUpdated php53 packages that fix multiple security issues, several\nbugs, and add one enhancement are now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was found that PHP did not properly handle file names with a NULL\ncharacter. A remote attacker could possibly use this flaw to make a\nPHP script access unexpected files and bypass intended file system\naccess restrictions. (CVE-2006-7243)\n\nIt was found that PHP did not check for carriage returns in HTTP\nheaders, allowing intended HTTP response splitting protections to be\nbypassed. Depending on the web browser the victim is using, a remote\nattacker could use this flaw to perform HTTP response splitting\nattacks. (CVE-2011-1398)\n\nA flaw was found in PHP's SSL client's hostname identity check when\nhandling certificates that contain hostnames with NULL bytes. If an\nattacker was able to get a carefully crafted certificate signed by a\ntrusted Certificate Authority, the attacker could use the certificate\nto conduct man-in-the-middle attacks to spoof SSL servers.\n(CVE-2013-4248)\n\nAn integer signedness issue, leading to a heap-based buffer underflow,\nwas found in the PHP scandir() function. If a remote attacker could\nupload an excessively large number of files to a directory the\nscandir() function runs on, it could cause the PHP interpreter to\ncrash or, possibly, execute arbitrary code. (CVE-2012-2688)\n\nIt was found that PHP did not correctly handle the magic_quotes_gpc\nconfiguration directive. This could result in magic_quotes_gpc input\nescaping not being applied in all cases, possibly making it easier for\na remote attacker to perform SQL injection attacks. (CVE-2012-0831)\n\nIt was found that the PHP SOAP parser allowed the expansion of\nexternal XML entities during SOAP message parsing. A remote attacker\ncould possibly use this flaw to read arbitrary files that are\naccessible to a PHP application using a SOAP extension.\n(CVE-2013-1643)\n\nThese updated php53 packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 5.10\nTechnical Notes, linked to in the References, for information on the\nmost significant of these changes.\n\nAll PHP users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement. After installing the updated packages, the httpd daemon\nmust be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-October/003703.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php53 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"php53-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-bcmath-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-cli-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-common-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-dba-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-devel-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-gd-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-imap-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-intl-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-ldap-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-mbstring-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-mysql-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-odbc-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-pdo-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-pgsql-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-process-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-pspell-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-snmp-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-soap-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-xml-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-xmlrpc-5.3.3-21.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53 / php53-bcmath / php53-cli / php53-common / php53-dba / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:40:44", "description": "Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues :\n\n - CVE-2011-1072 It was discovered that insecure handling of temporary files in the PEAR installer could lead to denial of service.\n\n - CVE-2011-4153 Maksymilian Arciemowicz discovered that a NULL pointer dereference in the zend_strndup() function could lead to denial of service.\n\n - CVE-2012-0781 Maksymilian Arciemowicz discovered that a NULL pointer dereference in the tidy_diagnose() function could lead to denial of service.\n\n - CVE-2012-0788 It was discovered that missing checks in the handling of PDORow objects could lead to denial of service.\n\n - CVE-2012-0831 It was discovered that the magic_quotes_gpc setting could be disabled remotely.\n\nThis update also addresses PHP bugs, which are not treated as security issues in Debian (see README.Debian.security), but which were fixed nonetheless: CVE-2010-4697, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1467 CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1657, CVE-2011-3182 CVE-2011-3267", "cvss3": {}, "published": "2012-02-14T00:00:00", "type": "nessus", "title": "Debian DSA-2408-1 : php5 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4697", "CVE-2011-1072", "CVE-2011-1092", "CVE-2011-1148", "CVE-2011-1464", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1657", "CVE-2011-3182", "CVE-2011-3267", "CVE-2011-4153", "CVE-2012-0781", "CVE-2012-0788", "CVE-2012-0831"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:php5", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2408.NASL", "href": "https://www.tenable.com/plugins/nessus/57925", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2408. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57925);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-4697\", \"CVE-2011-1072\", \"CVE-2011-1092\", \"CVE-2011-1148\", \"CVE-2011-1464\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1657\", \"CVE-2011-3182\", \"CVE-2011-3267\", \"CVE-2011-4153\", \"CVE-2012-0781\", \"CVE-2012-0788\", \"CVE-2012-0831\");\n script_bugtraq_id(46605, 51417, 51952, 51954);\n script_xref(name:\"DSA\", value:\"2408\");\n\n script_name(english:\"Debian DSA-2408-1 : php5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues :\n\n - CVE-2011-1072\n It was discovered that insecure handling of temporary\n files in the PEAR installer could lead to denial of\n service.\n\n - CVE-2011-4153\n Maksymilian Arciemowicz discovered that a NULL pointer\n dereference in the zend_strndup() function could lead to\n denial of service.\n\n - CVE-2012-0781\n Maksymilian Arciemowicz discovered that a NULL pointer\n dereference in the tidy_diagnose() function could lead\n to denial of service.\n\n - CVE-2012-0788\n It was discovered that missing checks in the handling of\n PDORow objects could lead to denial of service.\n\n - CVE-2012-0831\n It was discovered that the magic_quotes_gpc setting\n could be disabled remotely.\n\nThis update also addresses PHP bugs, which are not treated as security\nissues in Debian (see README.Debian.security), but which were fixed\nnonetheless: CVE-2010-4697, CVE-2011-1092, CVE-2011-1148,\nCVE-2011-1464, CVE-2011-1467 CVE-2011-1468, CVE-2011-1469,\nCVE-2011-1470, CVE-2011-1657, CVE-2011-3182 CVE-2011-3267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2408\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php5 packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze8.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php-pear\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cgi\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cli\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-common\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-curl\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dbg\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dev\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-enchant\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gd\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gmp\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-imap\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-interbase\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-intl\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-ldap\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mcrypt\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mysql\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-odbc\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pgsql\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pspell\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-recode\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-snmp\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sqlite\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sybase\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-tidy\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xmlrpc\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xsl\", reference:\"5.3.3-7+squeeze8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:16:17", "description": "Updated php53 packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243)\n\nIt was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398)\n\nA flaw was found in PHP's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. If an attacker was able to get a carefully crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate to conduct man-in-the-middle attacks to spoof SSL servers.\n(CVE-2013-4248)\n\nAn integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688)\n\nIt was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831)\n\nIt was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension.\n(CVE-2013-1643)\n\nThese updated php53 packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.10 Technical Notes, linked to in the References, for information on the most significant of these changes.\n\nAll PHP users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-10-01T00:00:00", "type": "nessus", "title": "RHEL 5 : php53 (RHSA-2013:1307)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2011-1398", "CVE-2012-0831", "CVE-2012-2688", "CVE-2013-1643", "CVE-2013-4248"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php53", "p-cpe:/a:redhat:enterprise_linux:php53-bcmath", "p-cpe:/a:redhat:enterprise_linux:php53-cli", "p-cpe:/a:redhat:enterprise_linux:php53-common", "p-cpe:/a:redhat:enterprise_linux:php53-dba", "p-cpe:/a:redhat:enterprise_linux:php53-debuginfo", "p-cpe:/a:redhat:enterprise_linux:php53-devel", "p-cpe:/a:redhat:enterprise_linux:php53-gd", "p-cpe:/a:redhat:enterprise_linux:php53-imap", "p-cpe:/a:redhat:enterprise_linux:php53-intl", "p-cpe:/a:redhat:enterprise_linux:php53-ldap", "p-cpe:/a:redhat:enterprise_linux:php53-mbstring", "p-cpe:/a:redhat:enterprise_linux:php53-mysql", "p-cpe:/a:redhat:enterprise_linux:php53-odbc", "p-cpe:/a:redhat:enterprise_linux:php53-pdo", "p-cpe:/a:redhat:enterprise_linux:php53-pgsql", "p-cpe:/a:redhat:enterprise_linux:php53-process", "p-cpe:/a:redhat:enterprise_linux:php53-pspell", "p-cpe:/a:redhat:enterprise_linux:php53-snmp", "p-cpe:/a:redhat:enterprise_linux:php53-soap", "p-cpe:/a:redhat:enterprise_linux:php53-xml", "p-cpe:/a:redhat:enterprise_linux:php53-xmlrpc", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2013-1307.NASL", "href": "https://www.tenable.com/plugins/nessus/70244", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1307. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70244);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2011-1398\", \"CVE-2012-0831\", \"CVE-2012-2688\", \"CVE-2013-1643\", \"CVE-2013-4248\");\n script_bugtraq_id(44951, 51954, 55297, 58766, 61776);\n script_xref(name:\"RHSA\", value:\"2013:1307\");\n\n script_name(english:\"RHEL 5 : php53 (RHSA-2013:1307)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php53 packages that fix multiple security issues, several\nbugs, and add one enhancement are now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was found that PHP did not properly handle file names with a NULL\ncharacter. A remote attacker could possibly use this flaw to make a\nPHP script access unexpected files and bypass intended file system\naccess restrictions. (CVE-2006-7243)\n\nIt was found that PHP did not check for carriage returns in HTTP\nheaders, allowing intended HTTP response splitting protections to be\nbypassed. Depending on the web browser the victim is using, a remote\nattacker could use this flaw to perform HTTP response splitting\nattacks. (CVE-2011-1398)\n\nA flaw was found in PHP's SSL client's hostname identity check when\nhandling certificates that contain hostnames with NULL bytes. If an\nattacker was able to get a carefully crafted certificate signed by a\ntrusted Certificate Authority, the attacker could use the certificate\nto conduct man-in-the-middle attacks to spoof SSL servers.\n(CVE-2013-4248)\n\nAn integer signedness issue, leading to a heap-based buffer underflow,\nwas found in the PHP scandir() function. If a remote attacker could\nupload an excessively large number of files to a directory the\nscandir() function runs on, it could cause the PHP interpreter to\ncrash or, possibly, execute arbitrary code. (CVE-2012-2688)\n\nIt was found that PHP did not correctly handle the magic_quotes_gpc\nconfiguration directive. This could result in magic_quotes_gpc input\nescaping not being applied in all cases, possibly making it easier for\na remote attacker to perform SQL injection attacks. (CVE-2012-0831)\n\nIt was found that the PHP SOAP parser allowed the expansion of\nexternal XML entities during SOAP message parsing. A remote attacker\ncould possibly use this flaw to read arbitrary files that are\naccessible to a PHP application using a SOAP extension.\n(CVE-2013-1643)\n\nThese updated php53 packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 5.10\nTechnical Notes, linked to in the References, for information on the\nmost significant of these changes.\n\nAll PHP users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement. After installing the updated packages, the httpd daemon\nmust be restarted for the update to take effect.\"\n );\n # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6b506c4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-7243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4248\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1307\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-bcmath-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-bcmath-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-bcmath-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-cli-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-cli-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-cli-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-common-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-common-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-common-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-dba-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-dba-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-dba-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-debuginfo-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-debuginfo-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-debuginfo-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-devel-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-devel-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-devel-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-gd-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-gd-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-gd-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-imap-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-imap-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-imap-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-intl-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-intl-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-intl-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-ldap-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-ldap-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-ldap-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-mbstring-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-mbstring-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-mbstring-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-mysql-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-mysql-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-mysql-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-odbc-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-odbc-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-odbc-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-pdo-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-pdo-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-pdo-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-pgsql-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-pgsql-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-pgsql-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-process-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-process-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-process-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-pspell-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-pspell-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-pspell-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-snmp-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-snmp-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-snmp-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-soap-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-soap-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-soap-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-xml-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-xml-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-xml-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-xmlrpc-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-xmlrpc-5.3.3-21.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-xmlrpc-5.3.3-21.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53 / php53-bcmath / php53-cli / php53-common / php53-dba / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:39:29", "description": "Updated php53 packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nIt was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243)\n\nIt was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398)\n\nA flaw was found in PHP's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. If an attacker was able to get a carefully crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate to conduct man-in-the-middle attacks to spoof SSL servers.\n(CVE-2013-4248)\n\nAn integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688)\n\nIt was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831)\n\nIt was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension.\n(CVE-2013-1643)\n\nThese updated php53 packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.10 Technical Notes, linked to in the References, for information on the most significant of these changes.\n\nAll PHP users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2014-11-12T00:00:00", "type": "nessus", "title": "CentOS 5 : php53 (CESA-2013:1307)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2011-1398", "CVE-2012-0831", "CVE-2012-2688", "CVE-2013-1643", "CVE-2013-4248"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:php53", "p-cpe:/a:centos:centos:php53-bcmath", "p-cpe:/a:centos:centos:php53-cli", "p-cpe:/a:centos:centos:php53-common", "p-cpe:/a:centos:centos:php53-dba", "p-cpe:/a:centos:centos:php53-devel", "p-cpe:/a:centos:centos:php53-gd", "p-cpe:/a:centos:centos:php53-imap", "p-cpe:/a:centos:centos:php53-intl", "p-cpe:/a:centos:centos:php53-ldap", "p-cpe:/a:centos:centos:php53-mbstring", "p-cpe:/a:centos:centos:php53-mysql", "p-cpe:/a:centos:centos:php53-odbc", "p-cpe:/a:centos:centos:php53-pdo", "p-cpe:/a:centos:centos:php53-pgsql", "p-cpe:/a:centos:centos:php53-process", "p-cpe:/a:centos:centos:php53-pspell", "p-cpe:/a:centos:centos:php53-snmp", "p-cpe:/a:centos:centos:php53-soap", "p-cpe:/a:centos:centos:php53-xml", "p-cpe:/a:centos:centos:php53-xmlrpc", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2013-1307.NASL", "href": "https://www.tenable.com/plugins/nessus/79149", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1307 and \n# CentOS Errata and Security Advisory 2013:1307 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79149);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2011-1398\", \"CVE-2012-0831\", \"CVE-2012-2688\", \"CVE-2013-1643\", \"CVE-2013-4248\");\n script_bugtraq_id(44951, 51954, 55297, 58766, 61776);\n script_xref(name:\"RHSA\", value:\"2013:1307\");\n\n script_name(english:\"CentOS 5 : php53 (CESA-2013:1307)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php53 packages that fix multiple security issues, several\nbugs, and add one enhancement are now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nIt was found that PHP did not properly handle file names with a NULL\ncharacter. A remote attacker could possibly use this flaw to make a\nPHP script access unexpected files and bypass intended file system\naccess restrictions. (CVE-2006-7243)\n\nIt was found that PHP did not check for carriage returns in HTTP\nheaders, allowing intended HTTP response splitting protections to be\nbypassed. Depending on the web browser the victim is using, a remote\nattacker could use this flaw to perform HTTP response splitting\nattacks. (CVE-2011-1398)\n\nA flaw was found in PHP's SSL client's hostname identity check when\nhandling certificates that contain hostnames with NULL bytes. If an\nattacker was able to get a carefully crafted certificate signed by a\ntrusted Certificate Authority, the attacker could use the certificate\nto conduct man-in-the-middle attacks to spoof SSL servers.\n(CVE-2013-4248)\n\nAn integer signedness issue, leading to a heap-based buffer underflow,\nwas found in the PHP scandir() function. If a remote attacker could\nupload an excessively large number of files to a directory the\nscandir() function runs on, it could cause the PHP interpreter to\ncrash or, possibly, execute arbitrary code. (CVE-2012-2688)\n\nIt was found that PHP did not correctly handle the magic_quotes_gpc\nconfiguration directive. This could result in magic_quotes_gpc input\nescaping not being applied in all cases, possibly making it easier for\na remote attacker to perform SQL injection attacks. (CVE-2012-0831)\n\nIt was found that the PHP SOAP parser allowed the expansion of\nexternal XML entities during SOAP message parsing. A remote attacker\ncould possibly use this flaw to read arbitrary files that are\naccessible to a PHP application using a SOAP extension.\n(CVE-2013-1643)\n\nThese updated php53 packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Users are directed to the Red Hat Enterprise Linux 5.10\nTechnical Notes, linked to in the References, for information on the\nmost significant of these changes.\n\nAll PHP users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement. After installing the updated packages, the httpd daemon\nmust be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-October/000863.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b34ddbc9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php53 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2688\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-bcmath-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-cli-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-common-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-dba-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-devel-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-gd-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-imap-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-intl-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-ldap-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-mbstring-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-mysql-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-odbc-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-pdo-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-pgsql-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-process-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-pspell-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-snmp-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-soap-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-xml-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-xmlrpc-5.3.3-21.el5\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53 / php53-bcmath / php53-cli / php53-common / php53-dba / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:17:34", "description": "It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243)\n\nIt was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398)\n\nA flaw was found in PHP's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. If an attacker was able to get a carefully crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate to conduct man-in-the-middle attacks to spoof SSL servers.\n(CVE-2013-4248)\n\nAn integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688)\n\nIt was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831)\n\nIt was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension.\n(CVE-2013-1643)\n\nAfter installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-10-11T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20130930)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2011-1398", "CVE-2012-0831", "CVE-2012-2688", "CVE-2013-1643", "CVE-2013-4248"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:php53", "p-cpe:/a:fermilab:scientific_linux:php53-bcmath", "p-cpe:/a:fermilab:scientific_linux:php53-cli", "p-cpe:/a:fermilab:scientific_linux:php53-common", "p-cpe:/a:fermilab:scientific_linux:php53-dba", "p-cpe:/a:fermilab:scientific_linux:php53-debuginfo", "p-cpe:/a:fermilab:scientific_linux:php53-devel", "p-cpe:/a:fermilab:scientific_linux:php53-gd", "p-cpe:/a:fermilab:scientific_linux:php53-imap", "p-cpe:/a:fermilab:scientific_linux:php53-intl", "p-cpe:/a:fermilab:scientific_linux:php53-ldap", "p-cpe:/a:fermilab:scientific_linux:php53-mbstring", "p-cpe:/a:fermilab:scientific_linux:php53-mysql", "p-cpe:/a:fermilab:scientific_linux:php53-odbc", "p-cpe:/a:fermilab:scientific_linux:php53-pdo", "p-cpe:/a:fermilab:scientific_linux:php53-pgsql", "p-cpe:/a:fermilab:scientific_linux:php53-process", "p-cpe:/a:fermilab:scientific_linux:php53-pspell", "p-cpe:/a:fermilab:scientific_linux:php53-snmp", "p-cpe:/a:fermilab:scientific_linux:php53-soap", "p-cpe:/a:fermilab:scientific_linux:php53-xml", "p-cpe:/a:fermilab:scientific_linux:php53-xmlrpc", "p-cpe:/a:fermilab:scientific_linux:unixodbc", "p-cpe:/a:fermilab:scientific_linux:unixodbc-devel", "p-cpe:/a:fermilab:scientific_linux:unixodbc-kde", "p-cpe:/a:fermilab:scientific_linux:unixodbc-libs", "p-cpe:/a:fermilab:scientific_linux:unixodbc64", "p-cpe:/a:fermilab:scientific_linux:unixodbc64-devel", "p-cpe:/a:fermilab:scientific_linux:unixodbc64-libs", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130930_PHP53_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/70389", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70389);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2011-1398\", \"CVE-2012-0831\", \"CVE-2012-2688\", \"CVE-2013-1643\", \"CVE-2013-4248\");\n\n script_name(english:\"Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20130930)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that PHP did not properly handle file names with a NULL\ncharacter. A remote attacker could possibly use this flaw to make a\nPHP script access unexpected files and bypass intended file system\naccess restrictions. (CVE-2006-7243)\n\nIt was found that PHP did not check for carriage returns in HTTP\nheaders, allowing intended HTTP response splitting protections to be\nbypassed. Depending on the web browser the victim is using, a remote\nattacker could use this flaw to perform HTTP response splitting\nattacks. (CVE-2011-1398)\n\nA flaw was found in PHP's SSL client's hostname identity check when\nhandling certificates that contain hostnames with NULL bytes. If an\nattacker was able to get a carefully crafted certificate signed by a\ntrusted Certificate Authority, the attacker could use the certificate\nto conduct man-in-the-middle attacks to spoof SSL servers.\n(CVE-2013-4248)\n\nAn integer signedness issue, leading to a heap-based buffer underflow,\nwas found in the PHP scandir() function. If a remote attacker could\nupload an excessively large number of files to a directory the\nscandir() function runs on, it could cause the PHP interpreter to\ncrash or, possibly, execute arbitrary code. (CVE-2012-2688)\n\nIt was found that PHP did not correctly handle the magic_quotes_gpc\nconfiguration directive. This could result in magic_quotes_gpc input\nescaping not being applied in all cases, possibly making it easier for\na remote attacker to perform SQL injection attacks. (CVE-2012-0831)\n\nIt was found that the PHP SOAP parser allowed the expansion of\nexternal XML entities during SOAP message parsing. A remote attacker\ncould possibly use this flaw to read arbitrary files that are\naccessible to a PHP application using a SOAP extension.\n(CVE-2013-1643)\n\nAfter installing the updated packages, the httpd daemon must be\nrestarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1310&L=scientific-linux-errata&T=0&P=809\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?98848f7c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:unixODBC-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:unixODBC-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:unixODBC-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:unixODBC64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:unixODBC64-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:unixODBC64-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"php53-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-bcmath-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-cli-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-common-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-dba-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-debuginfo-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-devel-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-gd-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-imap-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-intl-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-ldap-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-mbstring-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-mysql-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-odbc-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-pdo-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-pgsql-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-process-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-pspell-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-snmp-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-soap-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-xml-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-xmlrpc-5.3.3-21.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"unixODBC-2.2.11-10.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"unixODBC-devel-2.2.11-10.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"unixODBC-kde-2.2.11-10.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"unixODBC-libs-2.2.11-10.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"unixODBC64-2.2.14-3.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"unixODBC64-devel-2.2.14-3.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"unixODBC64-libs-2.2.14-3.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53 / php53-bcmath / php53-cli / php53-common / php53-dba / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:39:20", "description": "According to its banner, the version of PHP installed on the remote host is older than 5.3.9. As such, it may be affected by the following security issues :\n\n - The 'is_a()' function in PHP 5.3.7 and 5.3.8 triggers a call to '__autoload()'. (CVE-2011-3379)\n\n - It is possible to create a denial of service condition by sending multiple, specially crafted requests containing parameter values that cause hash collisions when computing the hash values for storage in a hash table. (CVE-2011-4885) \n - An integer overflow exists in the exif_process_IFD_TAG function in exif.c that can allow a remote attacker to read arbitrary memory locations or cause a denial of service condition. This vulnerability only affects PHP 5.4.0beta2 on 32-bit platforms. (CVE-2011-4566)\n\n - Calls to libxslt are not restricted via xsltSetSecurityPrefs(), which could allow an attacker to create or overwrite files, resulting in arbitrary code execution. (CVE-2012-0057)\n\n - An error exists in the function 'tidy_diagnose' that can allow an attacker to cause the application to dereference a NULL pointer. This causes the application to crash. (CVE-2012-0781)\n\n - The 'PDORow' implementation contains an error that can cause application crashes when interacting with the session feature. (CVE-2012-0788)\n\n - An error exists in the timezone handling such that repeated calls to the function 'strtotime' can allow a denial of service attack via memory consumption.\n (CVE-2012-0789)", "cvss3": {}, "published": "2012-01-13T00:00:00", "type": "nessus", "title": "PHP < 5.3.9 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3379", "CVE-2011-4566", "CVE-2011-4885", "CVE-2012-0057", "CVE-2012-0781", "CVE-2012-0788", "CVE-2012-0789"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_3_9.NASL", "href": "https://www.tenable.com/plugins/nessus/57537", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57537);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2011-3379\",\n \"CVE-2011-4566\",\n \"CVE-2011-4885\",\n \"CVE-2012-0057\",\n \"CVE-2012-0781\",\n \"CVE-2012-0788\",\n \"CVE-2012-0789\"\n );\n script_bugtraq_id(\n 49754,\n 50907,\n 51193,\n 51806,\n 51952,\n 51992,\n 52043\n );\n script_xref(name:\"TRA\", value:\"TRA-2012-01\");\n\n script_name(english:\"PHP < 5.3.9 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple flaws.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP installed on the remote\nhost is older than 5.3.9. As such, it may be affected by the following\nsecurity issues :\n\n - The 'is_a()' function in PHP 5.3.7 and 5.3.8 triggers a \n call to '__autoload()'. (CVE-2011-3379)\n\n - It is possible to create a denial of service condition \n by sending multiple, specially crafted requests \n containing parameter values that cause hash collisions \n when computing the hash values for storage in a hash \n table. (CVE-2011-4885)\n \n - An integer overflow exists in the exif_process_IFD_TAG \n function in exif.c that can allow a remote attacker to \n read arbitrary memory locations or cause a denial of \n service condition. This vulnerability only affects PHP \n 5.4.0beta2 on 32-bit platforms. (CVE-2011-4566)\n\n - Calls to libxslt are not restricted via\n xsltSetSecurityPrefs(), which could allow an attacker\n to create or overwrite files, resulting in arbitrary\n code execution. (CVE-2012-0057)\n\n - An error exists in the function 'tidy_diagnose' that\n can allow an attacker to cause the application to \n dereference a NULL pointer. This causes the application\n to crash. (CVE-2012-0781)\n\n - The 'PDORow' implementation contains an error that can\n cause application crashes when interacting with the \n session feature. (CVE-2012-0788)\n\n - An error exists in the timezone handling such that\n repeated calls to the function 'strtotime' can allow\n a denial of service attack via memory consumption.\n (CVE-2012-0789)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/research/tra-2012-01\");\n script_set_attribute(attribute:\"see_also\", value:\"http://xhe.myxwiki.org/xwiki/bin/view/XSLT/Application_PHP5\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/archive/2012.php#id2012-01-11-1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2012/Jan/91\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=55475\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=55776\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=53502\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.3.9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.3.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (\n version =~ \"^[0-4]\\.\" || \n version =~ \"^5\\.[0-2]\\.\" ||\n version =~ \"^5\\.3\\.[0-8]($|[^0-9])\" ||\n version =~ \"^5\\.4\\.0(alpha|beta)\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.3.9\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:49:26", "description": "The remote host is affected by the vulnerability described in GLSA-201209-03 (PHP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, create arbitrary files, conduct directory traversal attacks, bypass protection mechanisms, or perform further attacks with unspecified impact.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2012-09-24T00:00:00", "type": "nessus", "title": "GLSA-201209-03 : PHP: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1398", "CVE-2011-3379", "CVE-2011-4566", "CVE-2011-4885", "CVE-2012-0057", "CVE-2012-0788", "CVE-2012-0789", "CVE-2012-0830", "CVE-2012-0831", "CVE-2012-1172", "CVE-2012-1823", "CVE-2012-2143", "CVE-2012-2311", "CVE-2012-2335", "CVE-2012-2336", "CVE-2012-2386", "CVE-2012-2688", "CVE-2012-3365", "CVE-2012-3450"], "modified": "2022-03-28T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:php", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201209-03.NASL", "href": "https://www.tenable.com/plugins/nessus/62236", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201209-03.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62236);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/28\");\n\n script_cve_id(\n \"CVE-2011-1398\",\n \"CVE-2011-3379\",\n \"CVE-2011-4566\",\n \"CVE-2011-4885\",\n \"CVE-2012-0057\",\n \"CVE-2012-0788\",\n \"CVE-2012-0789\",\n \"CVE-2012-0830\",\n \"CVE-2012-0831\",\n \"CVE-2012-1172\",\n \"CVE-2012-1823\",\n \"CVE-2012-2143\",\n \"CVE-2012-2311\",\n \"CVE-2012-2335\",\n \"CVE-2012-2336\",\n \"CVE-2012-2386\",\n \"CVE-2012-2688\",\n \"CVE-2012-3365\",\n \"CVE-2012-3450\"\n );\n script_bugtraq_id(\n 47545,\n 49754,\n 50907,\n 51193,\n 51806,\n 51830,\n 51952,\n 51954,\n 52043,\n 53388,\n 53403,\n 53729,\n 54612,\n 54638,\n 54777,\n 55297\n );\n script_xref(name:\"GLSA\", value:\"201209-03\");\n script_xref(name:\"TRA\", value:\"TRA-2012-01\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n\n script_name(english:\"GLSA-201209-03 : PHP: Multiple vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-201209-03\n(PHP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in PHP. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could execute arbitrary code with the privileges of\n the process, cause a Denial of Service condition, obtain sensitive\n information, create arbitrary files, conduct directory traversal attacks,\n bypass protection mechanisms, or perform further attacks with unspecified\n impact.\n \nWorkaround :\n\n There is no known workaround at this time.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/201209-03\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/research/tra-2012-01\");\n script_set_attribute(attribute:\"solution\", value:\n\"All PHP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-5.3.15'\n All PHP users on ARM should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-5.4.5'\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP CGI Argument Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/php\", unaffected:make_list(\"ge 5.3.15\", \"ge 5.4.5\"), vulnerable:make_list(\"lt 5.3.15\", \"lt 5.4.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PHP\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:41:22", "description": "The remote host is affected by the vulnerability described in GLSA-201412-10 (Multiple packages, Multiple vulnerabilities fixed in 2012)\n\n Vulnerabilities have been discovered in the packages listed below.\n Please review the CVE identifiers in the Reference section for details.\n EGroupware VTE Layer Four Traceroute (LFT) Suhosin Slock Ganglia Jabber to GaduGadu Gateway Impact :\n\n A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2014-12-15T00:00:00", "type": "nessus", "title": "GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4776", "CVE-2010-2713", "CVE-2010-3313", "CVE-2010-3314", "CVE-2011-0765", "CVE-2011-2198", "CVE-2012-0807", "CVE-2012-0808", "CVE-2012-1620", "CVE-2012-2738", "CVE-2012-3448"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:egroupware", "p-cpe:/a:gentoo:linux:ganglia", "p-cpe:/a:gentoo:linux:gg-transport", "p-cpe:/a:gentoo:linux:lft", "p-cpe:/a:gentoo:linux:slock", "p-cpe:/a:gentoo:linux:suhosin", "p-cpe:/a:gentoo:linux:vte", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201412-10.NASL", "href": "https://www.tenable.com/plugins/nessus/79963", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-10.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79963);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-4776\", \"CVE-2010-2713\", \"CVE-2010-3313\", \"CVE-2010-3314\", \"CVE-2011-0765\", \"CVE-2011-2198\", \"CVE-2012-0807\", \"CVE-2012-0808\", \"CVE-2012-1620\", \"CVE-2012-2738\", \"CVE-2012-3448\");\n script_bugtraq_id(41716, 46477, 48645, 51574, 52642, 52922, 54281, 54699);\n script_xref(name:\"GLSA\", value:\"201412-10\");\n\n script_name(english:\"GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-10\n(Multiple packages, Multiple vulnerabilities fixed in 2012)\n\n Vulnerabilities have been discovered in the packages listed below.\n Please review the CVE identifiers in the Reference section for details.\n EGroupware\n VTE\n Layer Four Traceroute (LFT)\n Suhosin\n Slock\n Ganglia\n Jabber to GaduGadu Gateway\n \nImpact :\n\n A context-dependent attacker may be able to gain escalated privileges,\n execute arbitrary code, cause Denial of Service, obtain sensitive\n information, or otherwise bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All EGroupware users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-apps/egroupware-1.8.004.20120613'\n All VTE 0.32 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-libs/vte-0.32.2'\n All VTE 0.28 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-libs/vte-0.28.2-r204'\n All Layer Four Traceroute users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/lft-3.33'\n All Suhosin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-php/suhosin-0.9.33'\n All Slock users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-misc/slock-1.0'\n All Ganglia users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-cluster/ganglia-3.3.7'\n All Jabber to GaduGadu Gateway users should upgrade to the latest\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/gg-transport-2.2.4'\n NOTE: This is a legacy GLSA. Updates for all affected architectures have\n been available since 2013. It is likely that your system is already no\n longer affected by these issues.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:egroupware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ganglia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gg-transport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:slock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:vte\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-php/suhosin\", unaffected:make_list(\"ge 0.9.33\"), vulnerable:make_list(\"lt 0.9.33\"))) flag++;\nif (qpkg_check(package:\"net-analyzer/lft\", unaffected:make_list(\"ge 3.33\"), vulnerable:make_list(\"lt 3.33\"))) flag++;\nif (qpkg_check(package:\"x11-libs/vte\", unaffected:make_list(\"ge 0.32.2\", \"rge 0.28.2-r204\", \"rge 0.28.2-r206\"), vulnerable:make_list(\"lt 0.32.2\"))) flag++;\nif (qpkg_check(package:\"net-im/gg-transport\", unaffected:make_list(\"ge 2.2.4\"), vulnerable:make_list(\"lt 2.2.4\"))) flag++;\nif (qpkg_check(package:\"sys-cluster/ganglia\", unaffected:make_list(\"ge 3.3.7\"), vulnerable:make_list(\"lt 3.3.7\"))) flag++;\nif (qpkg_check(package:\"x11-misc/slock\", unaffected:make_list(\"ge 1.0\"), vulnerable:make_list(\"lt 1.0\"))) flag++;\nif (qpkg_check(package:\"www-apps/egroupware\", unaffected:make_list(\"ge 1.8.004.20120613\"), vulnerable:make_list(\"lt 1.8.004.20120613\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dev-php/suhosin / net-analyzer/lft / x11-libs/vte / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:45:38", "description": "According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote host is earlier than 7.1.1 and is, therefore, reportedly affected by the following vulnerabilities :\n\n - The bundled version of the libxml2 library contains multiple vulnerabilities. (CVE-2011-1944, CVE-2011-2821, CVE-2011-2834)\n\n - The bundled version of PHP contains multiple vulnerabilities. (CVE-2011-3379, CVE-2011-4153, CVE-2011-4885, CVE-2012-1823, CVE-2012-0057, CVE-2012-0830)\n\n - The bundled version of the Apache HTTP Server contains multiple vulnerabilities. (CVE-2011-3607, CVE-2011-4317, CVE-2011-4415, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053)\n\n - An issue exists in the 'include/iniset.php' script in the embedded RoundCube Webmail version that could lead to a denial of service. (CVE-2011-4078)\n\n - The bundled version of OpenSSL contains multiple vulnerabilities. (CVE-2011-4108, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2012-1165)\n\n - The bundled version of curl and libcurl does not properly consider special characters during extraction of a pathname from a URL. (CVE-2012-0036) \n - An off autocomplete attribute does not exist for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. (CVE-2012-2012)\n\n - An unspecified vulnerability exists that could allow a remote attacker to cause a denial of service, or possibly obtain sensitive information or modify data.\n (CVE-2012-2013)\n\n - An unspecified vulnerability exists related to improper input validation. (CVE-2012-2014)\n\n - An unspecified vulnerability allows remote, unauthenticated users to gain privileges and obtain sensitive information. (CVE-2012-2015)\n\n - An unspecified vulnerability allows local users to obtain sensitive information via unknown vectors.\n (CVE-2012-2016)", "cvss3": {}, "published": "2012-07-05T00:00:00", "type": "nessus", "title": "HP System Management Homepage < 7.1.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1944", "CVE-2011-2821", "CVE-2011-2834", "CVE-2011-3379", "CVE-2011-3607", "CVE-2011-4078", "CVE-2011-4108", "CVE-2011-4153", "CVE-2011-4317", "CVE-2011-4415", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2011-4885", "CVE-2012-0021", "CVE-2012-0027", "CVE-2012-0031", "CVE-2012-0036", "CVE-2012-0053", "CVE-2012-0057", "CVE-2012-0830", "CVE-2012-1165", "CVE-2012-1823", "CVE-2012-2012", "CVE-2012-2013", "CVE-2012-2014", "CVE-2012-2015", "CVE-2012-2016"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:hp:system_management_homepage"], "id": "HPSMH_7_1_1_1.NASL", "href": "https://www.tenable.com/plugins/nessus/59851", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59851);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2011-1944\",\n \"CVE-2011-2821\",\n \"CVE-2011-2834\",\n \"CVE-2011-3379\",\n \"CVE-2011-3607\",\n \"CVE-2011-4078\",\n \"CVE-2011-4108\",\n \"CVE-2011-4153\",\n \"CVE-2011-4317\",\n \"CVE-2011-4415\",\n \"CVE-2011-4576\",\n \"CVE-2011-4577\",\n \"CVE-2011-4619\",\n \"CVE-2011-4885\",\n \"CVE-2012-0021\",\n \"CVE-2012-0027\",\n \"CVE-2012-0031\",\n \"CVE-2012-0036\",\n \"CVE-2012-0053\",\n \"CVE-2012-0057\",\n \"CVE-2012-0830\",\n \"CVE-2012-1165\",\n \"CVE-2012-1823\",\n \"CVE-2012-2012\",\n \"CVE-2012-2013\",\n \"CVE-2012-2014\",\n \"CVE-2012-2015\",\n \"CVE-2012-2016\"\n );\n script_bugtraq_id(\n 48056,\n 49754,\n 50402,\n 50494,\n 50639,\n 50802,\n 51193,\n 51281,\n 51407,\n 51417,\n 51665,\n 51705,\n 51706,\n 51806,\n 51830,\n 52764,\n 53388,\n 54218\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n\n script_name(english:\"HP System Management Homepage < 7.1.1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the web server's banner, the version of HP System\nManagement Homepage (SMH) hosted on the remote host is earlier than\n7.1.1 and is, therefore, reportedly affected by the following\nvulnerabilities :\n\n - The bundled version of the libxml2 library contains\n multiple vulnerabilities. (CVE-2011-1944, CVE-2011-2821,\n CVE-2011-2834)\n\n - The bundled version of PHP contains multiple\n vulnerabilities. (CVE-2011-3379, CVE-2011-4153, \n CVE-2011-4885, CVE-2012-1823, CVE-2012-0057, \n CVE-2012-0830)\n\n - The bundled version of the Apache HTTP Server contains\n multiple vulnerabilities. (CVE-2011-3607, CVE-2011-4317,\n CVE-2011-4415, CVE-2012-0021, CVE-2012-0031, \n CVE-2012-0053)\n\n - An issue exists in the 'include/iniset.php' script in\n the embedded RoundCube Webmail version that could lead\n to a denial of service. (CVE-2011-4078)\n\n - The bundled version of OpenSSL contains multiple \n vulnerabilities. (CVE-2011-4108, CVE-2011-4576,\n CVE-2011-4577, CVE-2011-4619, CVE-2012-0027,\n CVE-2012-1165)\n\n - The bundled version of curl and libcurl does not \n properly consider special characters during extraction\n of a pathname from a URL. (CVE-2012-0036)\n \n - An off autocomplete attribute does not exist for \n unspecified form fields, which makes it easier for \n remote attackers to obtain access by leveraging an\n unattended workstation. (CVE-2012-2012)\n\n - An unspecified vulnerability exists that could allow a\n remote attacker to cause a denial of service, or\n possibly obtain sensitive information or modify data.\n (CVE-2012-2013)\n\n - An unspecified vulnerability exists related to improper\n input validation. (CVE-2012-2014)\n\n - An unspecified vulnerability allows remote, \n unauthenticated users to gain privileges and obtain \n sensitive information. (CVE-2012-2015)\n\n - An unspecified vulnerability allows local users to\n obtain sensitive information via unknown vectors.\n (CVE-2012-2016)\");\n # http://web.archive.org/web/20130927061716/http://h20000.www2.hp.com:80/bizsupport/TechSupport/Document.jsp?objectID=c03360041\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d07467b6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/523320/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to HP System Management Homepage 7.1.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP CGI Argument Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:system_management_homepage\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"compaq_wbem_detect.nasl\");\n script_require_keys(\"www/hp_smh\");\n script_require_ports(\"Services/www\", 2301, 2381);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\n\nport = get_http_port(default:2381, embedded:TRUE);\ninstall = get_install_from_kb(appname:'hp_smh', port:port, exit_on_fail:TRUE);\ndir = install['dir'];\nversion = install['ver'];\nprod = get_kb_item_or_exit(\"www/\"+port+\"/hp_smh/variant\");\n\nif (version == UNKNOWN_VER) \n exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+\"/\")+' is unknown.');\n\n# nb: 'version' can have non-numeric characters in it so we'll create \n# an alternate form and make sure that's safe for use in 'ver_compare()'.\nversion_alt = ereg_replace(pattern:\"[_-]\", replace:\".\", string:version);\nif (!ereg(pattern:\"^[0-9][0-9.]+$\", string:version_alt))\n exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+\"/\")+' does not look valid ('+version+').');\n\nfixed_version = '7.1.1.1';\nif (ver_compare(ver:version_alt, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n source_line = get_kb_item(\"www/\"+port+\"/hp_smh/source\");\n\n report = '\\n Product : ' + prod;\n if (!isnull(source_line)) \n report += '\\n Version source : ' + source_line;\n report += \n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, prod, port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:49:45", "description": "The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.2. The newer version contains multiple security-related fixes for the following components :\n\n - BIND\n - Data Security\n - LoginWindow\n - Mobile Accounts\n - PHP", "cvss3": {}, "published": "2012-09-20T00:00:00", "type": "nessus", "title": "Mac OS X 10.8.x < 10.8.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4313", "CVE-2012-0831", "CVE-2012-1172", "CVE-2012-1667", "CVE-2012-1823", "CVE-2012-2143", "CVE-2012-2311", "CVE-2012-2386", "CVE-2012-2688", "CVE-2012-3718", "CVE-2012-3720"], "modified": "2022-03-28T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_8_2.NASL", "href": "https://www.tenable.com/plugins/nessus/62215", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62215);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/28\");\n\n script_cve_id(\n \"CVE-2011-4313\",\n \"CVE-2012-0831\",\n \"CVE-2012-1172\",\n \"CVE-2012-1667\",\n \"CVE-2012-1823\",\n \"CVE-2012-2143\",\n \"CVE-2012-2311\",\n \"CVE-2012-2386\",\n \"CVE-2012-2688\",\n \"CVE-2012-3718\",\n \"CVE-2012-3720\"\n );\n script_bugtraq_id(\n 47545,\n 50690,\n 51954,\n 53388,\n 53403,\n 53729,\n 53772,\n 54638,\n 56243,\n 56252\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n\n script_name(english:\"Mac OS X 10.8.x < 10.8.2 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.8.x that is prior\nto 10.8.2. The newer version contains multiple security-related fixes\nfor the following components :\n\n - BIND\n - Data Security\n - LoginWindow\n - Mobile Accounts\n - PHP\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5501\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.8.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP CGI Argument Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.8($|\\.[0-1]([^0-9]|$))\", string:os)) security_hole(0);\nelse exit(0, \"The host is not affected as it is running \"+os+\".\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:50:19", "description": "The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-004 applied. This update contains multiple security-related fixes for the following components :\n\n - Apache\n - Data Security\n - DirectoryService\n - ImageIO\n - International Components for Unicode\n - Mail\n - PHP\n - QuickLook\n - QuickTime\n - Ruby", "cvss3": {}, "published": "2012-09-20T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026", "CVE-2011-3048", "CVE-2011-3368", "CVE-2011-3389", "CVE-2011-3607", "CVE-2011-4317", "CVE-2011-4599", "CVE-2012-0021", "CVE-2012-0031", "CVE-2012-0053", "CVE-2012-0650", "CVE-2012-0668", "CVE-2012-0670", "CVE-2012-0671", "CVE-2012-0831", "CVE-2012-1172", "CVE-2012-1173", "CVE-2012-1667", "CVE-2012-1823", "CVE-2012-2143", "CVE-2012-2311", "CVE-2012-2386", "CVE-2012-2688", "CVE-2012-3719", "CVE-2012-3722"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2012-004.NASL", "href": "https://www.tenable.com/plugins/nessus/62213", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62213);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2011-3026\",\n \"CVE-2011-3048\",\n \"CVE-2011-3368\",\n \"CVE-2011-3389\",\n \"CVE-2011-3607\",\n \"CVE-2011-4317\",\n \"CVE-2011-4599\",\n \"CVE-2012-0021\",\n \"CVE-2012-0031\",\n \"CVE-2012-0053\",\n \"CVE-2012-0650\",\n \"CVE-2012-0668\",\n \"CVE-2012-0670\",\n \"CVE-2012-0671\",\n \"CVE-2012-0831\",\n \"CVE-2012-1172\",\n \"CVE-2012-1173\",\n \"CVE-2012-1667\",\n \"CVE-2012-1823\",\n \"CVE-2012-2143\",\n \"CVE-2012-2311\",\n \"CVE-2012-2386\",\n \"CVE-2012-2688\",\n \"CVE-2012-3719\",\n \"CVE-2012-3722\"\n );\n script_bugtraq_id(\n 47545,\n 49778,\n 49957,\n 50494,\n 50802,\n 51006,\n 51407,\n 51705,\n 51706,\n 51954,\n 52049,\n 52830,\n 52891,\n 53388,\n 53403,\n 53579,\n 53582,\n 53584,\n 53729,\n 53772,\n 54638,\n 56240,\n 56241\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2012-09-19-2\");\n script_xref(name:\"CERT\", value:\"864643\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.6 that does not\nhave Security Update 2012-004 applied. This update contains multiple\nsecurity-related fixes for the following components :\n\n - Apache\n - Data Security\n - DirectoryService\n - ImageIO\n - International Components for Unicode\n - Mail\n - PHP\n - QuickLook\n - QuickTime\n - Ruby\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-185/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2012/Nov/111\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5501\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2012-004 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP CGI Argument Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.6([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.6\");\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nif (\n egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2012\\.00[4-9]|201[3-9]\\.[0-9]+)(\\.snowleopard[0-9.]*)?\\.bom\", string:packages) ||\n egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.2012\\.004(\\.snowleopard)?\\.1\\.0\\.bom\", string:packages)\n) exit(0, \"The host has Security Update 2012-004 or later installed and is therefore not affected.\");\nelse\n{\n if (report_verbosity > 0)\n {\n security_boms = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\", string:packages);\n\n report = '\\n Installed security updates : ';\n if (security_boms) report += str_replace(find:'\\n', replace:'\\n ', string:security_boms);\n else report += 'n/a';\n report += '\\n';\n\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-30T14:55:22", "description": "The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.5. The newer version contains multiple security-related fixes for the following components :\n\n - Apache\n - BIND\n - CoreText\n - Data Security\n - ImageIO\n - Installer\n - International Components for Unicode\n - Kernel\n - Mail\n - PHP\n - Profile Manager\n - QuickLook\n - QuickTime\n - Ruby\n - USB", "cvss3": {}, "published": "2012-09-20T00:00:00", "type": "nessus", "title": "Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026", "CVE-2011-3048", "CVE-2011-3368", "CVE-2011-3389", "CVE-2011-3607", "CVE-2011-4313", "CVE-2011-4317", "CVE-2011-4599", "CVE-2012-0021", "CVE-2012-0031", "CVE-2012-0053", "CVE-2012-0643", "CVE-2012-0652", "CVE-2012-0668", "CVE-2012-0670", "CVE-2012-0671", "CVE-2012-0831", "CVE-2012-1172", "CVE-2012-1173", "CVE-2012-1667", "CVE-2012-1823", "CVE-2012-2143", "CVE-2012-2311", "CVE-2012-2386", "CVE-2012-2688", "CVE-2012-3716", "CVE-2012-3719", "CVE-2012-3721", "CVE-2012-3722", "CVE-2012-3723"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_7_5.NASL", "href": "https://www.tenable.com/plugins/nessus/62214", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62214);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2011-3026\",\n \"CVE-2011-3048\",\n \"CVE-2011-3368\",\n \"CVE-2011-3389\",\n \"CVE-2011-3607\",\n \"CVE-2011-4313\",\n \"CVE-2011-4317\",\n \"CVE-2011-4599\",\n \"CVE-2012-0021\",\n \"CVE-2012-0031\",\n \"CVE-2012-0053\",\n \"CVE-2012-0643\",\n \"CVE-2012-0652\",\n \"CVE-2012-0668\",\n \"CVE-2012-0670\",\n \"CVE-2012-0671\",\n \"CVE-2012-0831\",\n \"CVE-2012-1172\",\n \"CVE-2012-1173\",\n \"CVE-2012-1667\",\n \"CVE-2012-1823\",\n \"CVE-2012-2143\",\n \"CVE-2012-2311\",\n \"CVE-2012-2386\",\n \"CVE-2012-2688\",\n \"CVE-2012-3716\",\n \"CVE-2012-3719\",\n \"CVE-2012-3721\",\n \"CVE-2012-3722\",\n \"CVE-2012-3723\"\n );\n script_bugtraq_id(\n 47545,\n 49778,\n 49957,\n 50494,\n 50690,\n 50802,\n 51006,\n 51407,\n 51705,\n 51706,\n 51954,\n 52049,\n 52364,\n 52830,\n 52891,\n 53388,\n 53403,\n 53445,\n 53457,\n 53579,\n 53582,\n 53584,\n 53729,\n 53772,\n 54638,\n 56241,\n 56244,\n 56246,\n 56247\n );\n script_xref(name:\"CERT\", value:\"864643\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.7.x that is prior\nto 10.7.5. The newer version contains multiple security-related fixes\nfor the following components :\n\n - Apache\n - BIND\n - CoreText\n - Data Security\n - ImageIO\n - Installer\n - International Components for Unicode\n - Kernel\n - Mail\n - PHP\n - Profile Manager\n - QuickLook\n - QuickTime\n - Ruby\n - USB\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2012/Sep/94\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5501\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.7.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP CGI Argument Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (ereg(pattern:\"Mac OS X 10\\.7($|\\.[0-4]([^0-9]|$))\", string:os)) security_hole(0);\nelse exit(0, \"The host is not affected as it is running \"+os+\".\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2019-05-29T18:39:17", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1358-1", "cvss3": {}, "published": "2012-02-13T00:00:00", "type": "openvas", "title": "Ubuntu Update for php5 USN-1358-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0441", "CVE-2011-4885", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0057", "CVE-2012-0831", "CVE-2011-4153"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840891", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840891", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1358_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for php5 USN-1358-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1358-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840891\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-13 16:32:26 +0530 (Mon, 13 Feb 2012)\");\n script_cve_id(\"CVE-2011-4885\", \"CVE-2012-0830\", \"CVE-2011-4153\", \"CVE-2012-0057\",\n \"CVE-2012-0788\", \"CVE-2012-0831\", \"CVE-2011-0441\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1358-1\");\n script_name(\"Ubuntu Update for php5 USN-1358-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1358-1\");\n script_tag(name:\"affected\", value:\"php5 on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that PHP computed hash values for form parameters\n without restricting the ability to trigger hash collisions predictably.\n This could allow a remote attacker to cause a denial of service by\n sending many crafted parameters. (CVE-2011-4885)\n\n ATTENTION: this update changes previous PHP behavior by\n limiting the number of external input variables to 1000.\n This may be increased by adding a 'max_input_vars'\n directive to the php.ini configuration file. See\n the references for more information.\n\n Stefan Esser discovered that the fix to address the predictable hash\n collision issue, CVE-2011-4885, did not properly handle the situation\n where the limit was reached. This could allow a remote attacker to\n cause a denial of service or execute arbitrary code via a request\n containing a large number of variables. (CVE-2012-0830)\n\n It was discovered that PHP did not always check the return value of\n the zend_strndup function. This could allow a remote attacker to\n cause a denial of service. (CVE-2011-4153)\n\n It was discovered that PHP did not properly enforce libxslt security\n settings. This could allow a remote attacker to create arbitrary\n files via a crafted XSLT stylesheet that uses the libxslt output\n extension. (CVE-2012-0057)\n\n It was discovered that PHP did not properly enforce that PDORow\n objects could not be serialized and not be saved in a session. A\n remote attacker could use this to cause a denial of service via an\n application crash. (CVE-2012-0788)\n\n It was discovered that PHP allowed the magic_quotes_gpc setting to\n be disabled remotely. This could allow a remote attacker to bypass\n restrictions that could prevent an SQL injection. (CVE-2012-0831)\n\n USN 1126-1 addressed an issue where the /etc/cron.d/php5 cron job\n for PHP allowed local users to delete arbitrary files via a symlink\n attack on a directory under /var/lib/php5/. Emese Revfy discovered\n that the fix had not been applied to PHP for Ubuntu 10.04 LTS. This\n update corrects the issue. We apologize for the error. (CVE-2011-0441)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-1ubuntu9.9\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.3-1ubuntu9.9\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-1ubuntu9.9\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-1ubuntu9.9\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.3-1ubuntu9.9\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.3-1ubuntu9.9\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.2-1ubuntu4.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.2-1ubuntu4.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.2-1ubuntu4.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.2-1ubuntu4.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.2-1ubuntu4.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.2-1ubuntu4.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.5-1ubuntu7.6\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.5-1ubuntu7.6\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.5-1ubuntu7.6\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.5-1ubuntu7.6\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.5-1ubuntu7.6\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.5-1ubuntu7.6\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.4-2ubuntu5.22\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.4-2ubuntu5.22\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.4-2ubuntu5.22\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.4-2ubuntu5.22\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.4-2ubuntu5.22\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.4-2ubuntu5.22\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:42:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-12-13T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for update (openSUSE-SU-2012:0426-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1466", "CVE-2012-0789", "CVE-2011-4885", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0781", "CVE-2012-0057", "CVE-2011-4566", "CVE-2012-0831", "CVE-2011-4153", "CVE-2012-0807"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850217", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850217", "sourceData": "# Copyright (C) 2012 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850217\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:21 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2011-1466\", \"CVE-2011-4153\", \"CVE-2011-4566\", \"CVE-2011-4885\",\n \"CVE-2012-0057\", \"CVE-2012-0781\", \"CVE-2012-0788\", \"CVE-2012-0789\",\n \"CVE-2012-0807\", \"CVE-2012-0830\", \"CVE-2012-0831\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:0426-1\");\n script_name(\"openSUSE: Security Advisory for update (openSUSE-SU-2012:0426-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'update'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE12\\.1\");\n\n script_tag(name:\"affected\", value:\"update on openSUSE 12.1\");\n\n script_tag(name:\"insight\", value:\"php5 security update\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5-debuginfo\", rpm:\"apache2-mod_php5-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath-debuginfo\", rpm:\"php5-bcmath-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2-debuginfo\", rpm:\"php5-bz2-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar-debuginfo\", rpm:\"php5-calendar-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype-debuginfo\", rpm:\"php5-ctype-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl-debuginfo\", rpm:\"php5-curl-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba-debuginfo\", rpm:\"php5-dba-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debuginfo\", rpm:\"php5-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debugsource\", rpm:\"php5-debugsource~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom-debuginfo\", rpm:\"php5-dom-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant\", rpm:\"php5-enchant~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant-debuginfo\", rpm:\"php5-enchant-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif-debuginfo\", rpm:\"php5-exif-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi-debuginfo\", rpm:\"php5-fastcgi-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo\", rpm:\"php5-fileinfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo-debuginfo\", rpm:\"php5-fileinfo-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm\", rpm:\"php5-fpm~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm-debuginfo\", rpm:\"php5-fpm-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp-debuginfo\", rpm:\"php5-ftp-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd-debuginfo\", rpm:\"php5-gd-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext-debuginfo\", rpm:\"php5-gettext-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp-debuginfo\", rpm:\"php5-gmp-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv-debuginfo\", rpm:\"php5-iconv-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap-debuginfo\", rpm:\"php5-imap-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl\", rpm:\"php5-intl~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl-debuginfo\", rpm:\"php5-intl-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json-debuginfo\", rpm:\"php5-json-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap-debuginfo\", rpm:\"php5-ldap-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring-debuginfo\", rpm:\"php5-mbstring-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt-debuginfo\", rpm:\"php5-mcrypt-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql\", rpm:\"php5-mssql~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql-debuginfo\", rpm:\"php5-mssql-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql-debuginfo\", rpm:\"php5-mysql-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc-debuginfo\", rpm:\"php5-odbc-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl-debuginfo\", rpm:\"php5-openssl-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl-debuginfo\", rpm:\"php5-pcntl-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo-debuginfo\", rpm:\"php5-pdo-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql-debuginfo\", rpm:\"php5-pgsql-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar\", rpm:\"php5-phar~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar-debuginfo\", rpm:\"php5-phar-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix-debuginfo\", rpm:\"php5-posix-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell-debuginfo\", rpm:\"php5-pspell-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline-debuginfo\", rpm:\"php5-readline-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop-debuginfo\", rpm:\"php5-shmop-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp-debuginfo\", rpm:\"php5-snmp-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap-debuginfo\", rpm:\"php5-soap-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets-debuginfo\", rpm:\"php5-sockets-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite-debuginfo\", rpm:\"php5-sqlite-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin-debuginfo\", rpm:\"php5-suhosin-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg-debuginfo\", rpm:\"php5-sysvmsg-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem-debuginfo\", rpm:\"php5-sysvsem-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm-debuginfo\", rpm:\"php5-sysvshm-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy-debuginfo\", rpm:\"php5-tidy-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer-debuginfo\", rpm:\"php5-tokenizer-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx-debuginfo\", rpm:\"php5-wddx-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader-debuginfo\", rpm:\"php5-xmlreader-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc-debuginfo\", rpm:\"php5-xmlrpc-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter-debuginfo\", rpm:\"php5-xmlwriter-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl-debuginfo\", rpm:\"php5-xsl-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip-debuginfo\", rpm:\"php5-zip-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib-debuginfo\", rpm:\"php5-zlib-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.3.8~4.9.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:21:11", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1358-2", "cvss3": {}, "published": "2012-02-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for php5 USN-1358-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0441", "CVE-2011-4885", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0057", "CVE-2012-0831", "CVE-2011-4153"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840895", "href": "http://plugins.openvas.org/nasl.php?oid=840895", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1358_2.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for php5 USN-1358-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for\n CVE-2012-0831 introduced a regression where the state of the\n magic_quotes_gpc setting was not correctly reflected when calling\n the ini_get() function.\n\n We apologize for the inconvenience.\n\n Original advisory details:\n\n It was discovered that PHP computed hash values for form parameters\n without restricting the ability to trigger hash collisions predictably.\n This could allow a remote attacker to cause a denial of service by\n sending many crafted parameters. (CVE-2011-4885)\n\n ATTENTION: this update changes previous PHP behavior by\n limiting the number of external input variables to 1000.\n This may be increased by adding a "max_input_vars"\n directive to the php.ini configuration file. See\n http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars\n for more information.\n\n Stefan Esser discovered that the fix to address the predictable hash\n collision issue, CVE-2011-4885, did not properly handle the situation\n where the limit was reached. This could allow a remote attacker to\n cause a denial of service or execute arbitrary code via a request\n containing a large number of variables. (CVE-2012-0830)\n\n It was discovered that PHP did not always check the return value of\n the zend_strndup function. This could allow a remote attacker to\n cause a denial of service. (CVE-2011-4153)\n\n It was discovered that PHP did not properly enforce libxslt security\n settings. This could allow a remote attacker to create arbitrary\n files via a crafted XSLT stylesheet that uses the libxslt output\n extension. (CVE-2012-0057)\n\n It was discovered that PHP did not properly enforce that PDORow\n objects could not be serialized and not be saved in a session. A\n remote attacker could use this to cause a denial of service via an\n application crash. (CVE-2012-0788)\n\n It was discovered that PHP allowed the magic_quotes_gpc setting to\n be disabled remotely. This could allow a remote attacker to bypass\n restrictions that could prevent an SQL injection. (CVE-2012-0831)\n\n USN 1126-1 addressed an issue where the /etc/cron.d/php5 cron job\n for PHP allowed local users to delete arbitrary files via a symlink\n attack on a directory under /var/lib/php5/. Emese Revfy discovered\n that the fix had not been applied to PHP for Ubuntu 10.04 LTS. This\n update corrects the issue. We apologize for the error. (CVE-2011-0441)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1358-2\";\ntag_affected = \"php5 on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1358-2/\");\n script_id(840895);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:59:05 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2012-0831\", \"CVE-2011-4885\", \"CVE-2012-0830\", \"CVE-2011-4153\",\n \"CVE-2012-0057\", \"CVE-2012-0788\", \"CVE-2011-0441\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1358-2\");\n script_name(\"Ubuntu Update for php5 USN-1358-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-1ubuntu9.10\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.3-1ubuntu9.10\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-1ubuntu9.10\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-1ubuntu9.10\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.2-1ubuntu4.14\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.2-1ubuntu4.14\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.2-1ubuntu4.14\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.2-1ubuntu4.14\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.5-1ubuntu7.7\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.5-1ubuntu7.7\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.5-1ubuntu7.7\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.5-1ubuntu7.7\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.4-2ubuntu5.23\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.4-2ubuntu5.23\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.4-2ubuntu5.23\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.4-2ubuntu5.23\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:20:52", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1358-1", "cvss3": {}, "published": "2012-02-13T00:00:00", "type": "openvas", "title": "Ubuntu Update for php5 USN-1358-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0441", "CVE-2011-4885", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0057", "CVE-2012-0831", "CVE-2011-4153"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840891", "href": "http://plugins.openvas.org/nasl.php?oid=840891", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1358_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for php5 USN-1358-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that PHP computed hash values for form parameters\n without restricting the ability to trigger hash collisions predictably.\n This could allow a remote attacker to cause a denial of service by\n sending many crafted parameters. (CVE-2011-4885)\n\n ATTENTION: this update changes previous PHP behavior by\n limiting the number of external input variables to 1000.\n This may be increased by adding a "max_input_vars"\n directive to the php.ini configuration file. See\n http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars\n for more information.\n\n Stefan Esser discovered that the fix to address the predictable hash\n collision issue, CVE-2011-4885, did not properly handle the situation\n where the limit was reached. This could allow a remote attacker to\n cause a denial of service or execute arbitrary code via a request\n containing a large number of variables. (CVE-2012-0830)\n\n It was discovered that PHP did not always check the return value of\n the zend_strndup function. This could allow a remote attacker to\n cause a denial of service. (CVE-2011-4153)\n\n It was discovered that PHP did not properly enforce libxslt security\n settings. This could allow a remote attacker to create arbitrary\n files via a crafted XSLT stylesheet that uses the libxslt output\n extension. (CVE-2012-0057)\n\n It was discovered that PHP did not properly enforce that PDORow\n objects could not be serialized and not be saved in a session. A\n remote attacker could use this to cause a denial of service via an\n application crash. (CVE-2012-0788)\n\n It was discovered that PHP allowed the magic_quotes_gpc setting to\n be disabled remotely. This could allow a remote attacker to bypass\n restrictions that could prevent an SQL injection. (CVE-2012-0831)\n\n USN 1126-1 addressed an issue where the /etc/cron.d/php5 cron job\n for PHP allowed local users to delete arbitrary files via a symlink\n attack on a directory under /var/lib/php5/. Emese Revfy discovered\n that the fix had not been applied to PHP for Ubuntu 10.04 LTS. This\n update corrects the issue. We apologize for the error. (CVE-2011-0441)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1358-1\";\ntag_affected = \"php5 on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1358-1/\");\n script_id(840891);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-13 16:32:26 +0530 (Mon, 13 Feb 2012)\");\n script_cve_id(\"CVE-2011-4885\", \"CVE-2012-0830\", \"CVE-2011-4153\", \"CVE-2012-0057\",\n \"CVE-2012-0788\", \"CVE-2012-0831\", \"CVE-2011-0441\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1358-1\");\n script_name(\"Ubuntu Update for php5 USN-1358-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-1ubuntu9.9\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.3-1ubuntu9.9\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-1ubuntu9.9\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-1ubuntu9.9\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.3-1ubuntu9.9\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.3-1ubuntu9.9\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.2-1ubuntu4.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.2-1ubuntu4.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.2-1ubuntu4.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.2-1ubuntu4.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.2-1ubuntu4.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.2-1ubuntu4.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.5-1ubuntu7.6\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.5-1ubuntu7.6\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.5-1ubuntu7.6\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.5-1ubuntu7.6\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.5-1ubuntu7.6\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.5-1ubuntu7.6\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.4-2ubuntu5.22\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.4-2ubuntu5.22\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.4-2ubuntu5.22\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.4-2ubuntu5.22\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.4-2ubuntu5.22\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.4-2ubuntu5.22\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:24", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1358-2", "cvss3": {}, "published": "2012-02-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for php5 USN-1358-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0441", "CVE-2011-4885", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0057", "CVE-2012-0831", "CVE-2011-4153"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840895", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840895", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1358_2.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for php5 USN-1358-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1358-2/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840895\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:59:05 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2012-0831\", \"CVE-2011-4885\", \"CVE-2012-0830\", \"CVE-2011-4153\",\n \"CVE-2012-0057\", \"CVE-2012-0788\", \"CVE-2011-0441\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1358-2\");\n script_name(\"Ubuntu Update for php5 USN-1358-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1358-2\");\n script_tag(name:\"affected\", value:\"php5 on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for\n CVE-2012-0831 introduced a regression where the state of the\n magic_quotes_gpc setting was not correctly reflected when calling\n the ini_get() function.\n\n We apologize for the inconvenience.\n\n Original advisory details:\n\n It was discovered that PHP computed hash values for form parameters\n without restricting the ability to trigger hash collisions predictably.\n This could allow a remote attacker to cause a denial of service by\n sending many crafted parameters. (CVE-2011-4885)\n\n ATTENTION: this update changes previous PHP behavior by\n limiting the number of external input variables to 1000.\n This may be increased by adding a 'max_input_vars'\n directive to the php.ini configuration file. See\n the references for more information.\n\n Stefan Esser discovered that the fix to address the predictable hash\n collision issue, CVE-2011-4885, did not properly handle the situation\n where the limit was reached. This could allow a remote attacker to\n cause a denial of service or execute arbitrary code via a request\n containing a large number of variables. (CVE-2012-0830)\n\n It was discovered that PHP did not always check the return value of\n the zend_strndup function. This could allow a remote attacker to\n cause a denial of service. (CVE-2011-4153)\n\n It was discovered that PHP did not properly enforce libxslt security\n settings. This could allow a remote attacker to create arbitrary\n files via a crafted XSLT stylesheet that uses the libxslt output\n extension. (CVE-2012-0057)\n\n It was discovered that PHP did not properly enforce that PDORow\n objects could not be serialized and not be saved in a session. A\n remote attacker could use this to cause a denial of service via an\n application crash. (CVE-2012-0788)\n\n It was discovered that PHP allowed the magic_quotes_gpc setting to\n be disabled remotely. This could allow a remote attacker to bypass\n restrictions that could prevent an SQL injection. (CVE-2012-0831)\n\n USN 1126-1 addressed an issue where the /etc/cron.d/php5 cron job\n for PHP allowed local users to delete arbitrary files via a symlink\n attack on a directory under /var/lib/php5/. Emese Revfy discovered\n that the fix had not been applied to PHP for Ubuntu 10.04 LTS. This\n update corrects the issue. We apologize for the error. (CVE-2011-0441)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-1ubuntu9.10\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.3-1ubuntu9.10\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-1ubuntu9.10\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-1ubuntu9.10\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.2-1ubuntu4.14\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.2-1ubuntu4.14\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.2-1ubuntu4.14\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.2-1ubuntu4.14\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.5-1ubuntu7.7\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.5-1ubuntu7.7\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.5-1ubuntu7.7\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.5-1ubuntu7.7\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.4-2ubuntu5.23\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.4-2ubuntu5.23\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.4-2ubuntu5.23\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.4-2ubuntu5.23\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:57:07", "description": "Check for the Version of update", "cvss3": {}, "published": "2012-12-13T00:00:00", "type": "openvas", "title": "SuSE Update for update openSUSE-SU-2012:0426-1 (update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1466", "CVE-2012-0789", "CVE-2011-4885", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0781", "CVE-2012-0057", "CVE-2011-4566", "CVE-2012-0831", "CVE-2011-4153", "CVE-2012-0807"], "modified": "2017-12-26T00:00:00", "id": "OPENVAS:850217", "href": "http://plugins.openvas.org/nasl.php?oid=850217", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0426_1.nasl 8245 2017-12-26 06:29:59Z teissa $\n#\n# SuSE Update for update openSUSE-SU-2012:0426-1 (update)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"update on openSUSE 12.1\";\ntag_insight = \"php5 security update\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850217);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:21 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2011-1466\", \"CVE-2011-4153\", \"CVE-2011-4566\", \"CVE-2011-4885\",\n \"CVE-2012-0057\", \"CVE-2012-0781\", \"CVE-2012-0788\", \"CVE-2012-0789\",\n \"CVE-2012-0807\", \"CVE-2012-0830\", \"CVE-2012-0831\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0426_1\");\n script_name(\"SuSE Update for update openSUSE-SU-2012:0426-1 (update)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of update\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE12.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-mod_php5-debuginfo\", rpm:\"apache2-mod_php5-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-bcmath-debuginfo\", rpm:\"php5-bcmath-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-bz2-debuginfo\", rpm:\"php5-bz2-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-calendar-debuginfo\", rpm:\"php5-calendar-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-ctype-debuginfo\", rpm:\"php5-ctype-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-curl-debuginfo\", rpm:\"php5-curl-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-dba-debuginfo\", rpm:\"php5-dba-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-debuginfo\", rpm:\"php5-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-debugsource\", rpm:\"php5-debugsource~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-dom-debuginfo\", rpm:\"php5-dom-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-enchant\", rpm:\"php5-enchant~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-enchant-debuginfo\", rpm:\"php5-enchant-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-exif-debuginfo\", rpm:\"php5-exif-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-fastcgi-debuginfo\", rpm:\"php5-fastcgi-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-fileinfo\", rpm:\"php5-fileinfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-fileinfo-debuginfo\", rpm:\"php5-fileinfo-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-fpm\", rpm:\"php5-fpm~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-fpm-debuginfo\", rpm:\"php5-fpm-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-ftp-debuginfo\", rpm:\"php5-ftp-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-gd-debuginfo\", rpm:\"php5-gd-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-gettext-debuginfo\", rpm:\"php5-gettext-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-gmp-debuginfo\", rpm:\"php5-gmp-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-iconv-debuginfo\", rpm:\"php5-iconv-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-imap-debuginfo\", rpm:\"php5-imap-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-intl\", rpm:\"php5-intl~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-intl-debuginfo\", rpm:\"php5-intl-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-json-debuginfo\", rpm:\"php5-json-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-ldap-debuginfo\", rpm:\"php5-ldap-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mbstring-debuginfo\", rpm:\"php5-mbstring-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mcrypt-debuginfo\", rpm:\"php5-mcrypt-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mssql\", rpm:\"php5-mssql~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mssql-debuginfo\", rpm:\"php5-mssql-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mysql-debuginfo\", rpm:\"php5-mysql-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-odbc-debuginfo\", rpm:\"php5-odbc-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-openssl-debuginfo\", rpm:\"php5-openssl-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pcntl-debuginfo\", rpm:\"php5-pcntl-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pdo-debuginfo\", rpm:\"php5-pdo-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pgsql-debuginfo\", rpm:\"php5-pgsql-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-phar\", rpm:\"php5-phar~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-phar-debuginfo\", rpm:\"php5-phar-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-posix-debuginfo\", rpm:\"php5-posix-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pspell-debuginfo\", rpm:\"php5-pspell-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-readline-debuginfo\", rpm:\"php5-readline-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-shmop-debuginfo\", rpm:\"php5-shmop-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-snmp-debuginfo\", rpm:\"php5-snmp-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-soap-debuginfo\", rpm:\"php5-soap-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sockets-debuginfo\", rpm:\"php5-sockets-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sqlite-debuginfo\", rpm:\"php5-sqlite-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-suhosin-debuginfo\", rpm:\"php5-suhosin-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sysvmsg-debuginfo\", rpm:\"php5-sysvmsg-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sysvsem-debuginfo\", rpm:\"php5-sysvsem-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sysvshm-debuginfo\", rpm:\"php5-sysvshm-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-tidy-debuginfo\", rpm:\"php5-tidy-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-tokenizer-debuginfo\", rpm:\"php5-tokenizer-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-wddx-debuginfo\", rpm:\"php5-wddx-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xmlreader-debuginfo\", rpm:\"php5-xmlreader-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xmlrpc-debuginfo\", rpm:\"php5-xmlrpc-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xmlwriter-debuginfo\", rpm:\"php5-xmlwriter-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xsl-debuginfo\", rpm:\"php5-xsl-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-zip-debuginfo\", rpm:\"php5-zip-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-zlib-debuginfo\", rpm:\"php5-zlib-debuginfo~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.3.8~4.9.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:10", "description": "Oracle Linux Local Security Checks ELSA-2012-1045", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-1045", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2336", "CVE-2012-0789", "CVE-2012-0057", "CVE-2012-1172", "CVE-2011-4153"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123893", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123893", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1045.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123893\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:09:56 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1045\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1045 - php security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1045\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1045.html\");\n script_cve_id(\"CVE-2011-4153\", \"CVE-2012-0057\", \"CVE-2012-0789\", \"CVE-2012-1172\", \"CVE-2012-2336\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.1.6~39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:39:13", "description": "PHP is prone to a security-bypass vulnerability.", "cvss3": {}, "published": "2012-04-12T00:00:00", "type": "openvas", "title": "PHP Security Bypass Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0057"], "modified": "2018-07-09T00:00:00", "id": "OPENVAS:1361412562310103464", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103464", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_51806.nasl 10458 2018-07-09 06:47:36Z cfischer $\n#\n# PHP Security Bypass Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103464\");\n script_bugtraq_id(51806);\n script_cve_id(\"CVE-2012-0057\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_version(\"$Revision: 10458 $\");\n script_name(\"PHP Security Bypass Vulnerability\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-09 08:47:36 +0200 (Mon, 09 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-12 10:58:35 +0200 (Thu, 12 Apr 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/51806\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=54446\");\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=782657\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"http://www.php.net/\");\n\n script_tag(name:\"impact\", value:\"Remote attackers can exploit this issue to bypass certain security\n restrictions and create arbitrary files in the context of the application.\");\n\n script_tag(name:\"affected\", value:\"Versions prior to PHP 5.3.9 are vulnerable.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"PHP is prone to a security-bypass vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_in_range(version:phpVer, test_version:\"5.3\",test_version2:\"5.3.8\")) {\n report = report_fixed_ver(installed_version:phpVer, fixed_version:\"5.3.9\");\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:47", "description": "This host is installed with PHP and is prone to security bypass\n vulnerability.", "cvss3": {}, "published": "2012-02-10T00:00:00", "type": "openvas", "title": "PHP 'magic_quotes_gpc' Directive Security Bypass Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0831"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310802591", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802591", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_magic_quotes_gpc_sec_bypass_vuln_win.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# PHP 'magic_quotes_gpc' Directive Security Bypass Vulnerability (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802591\");\n script_version(\"$Revision: 11857 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-10 11:24:19 +0530 (Fri, 10 Feb 2012)\");\n script_cve_id(\"CVE-2012-0831\");\n script_bugtraq_id(51954);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"PHP 'magic_quotes_gpc' Directive Security Bypass Vulnerability (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"os_detection.nasl\", \"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow remote attackers to gain sensitive\n information via a crafted request.\");\n\n script_tag(name:\"affected\", value:\"PHP Version 5.3.9 and prior on Windows.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an error in importing environment variables,\n it not properly performing a temporary change to the 'magic_quotes_gpc'\n directive during the importing of environment variables.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP Version 5.3.10 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone to security bypass\n vulnerability.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/51954/info\");\n script_xref(name:\"URL\", value:\"http://svn.php.net/viewvc?view=revision&revision=323016\");\n\n script_xref(name:\"URL\", value:\"http://php.net/downloads.php\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_less(version:phpVer, test_version:\"5.3.10\")){\n report = report_fixed_ver(installed_version:phpVer, fixed_version:\"5.3.10\");\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for php CESA-2012:1045 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2336", "CVE-2012-0789", "CVE-2012-1823", "CVE-2012-0057", "CVE-2012-1172", "CVE-2011-4153"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881154", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881154", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2012:1045 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-June/018702.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881154\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:24:11 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-4153\", \"CVE-2012-0057\", \"CVE-2012-0789\", \"CVE-2012-1172\",\n \"CVE-2012-2336\", \"CVE-2012-1823\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2012:1045\");\n script_name(\"CentOS Update for php CESA-2012:1045 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"php on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n It was discovered that the PHP XSL extension did not restrict the file\n writing capability of libxslt. A remote attacker could use this flaw to\n create or overwrite an arbitrary file that is writable by the user running\n PHP, if a PHP script processed untrusted eXtensible Style Sheet Language\n Transformations (XSLT) content. (CVE-2012-0057)\n\n Note: This update disables file writing by default. A new PHP configuration\n directive, 'xsl.security_prefs', can be used to enable file writing in\n XSLT.\n\n A flaw was found in the way PHP validated file names in file upload\n requests. A remote attacker could possibly use this flaw to bypass the\n sanitization of the uploaded file names, and cause a PHP script to store\n the uploaded file in an unexpected directory, by using a directory\n traversal attack. (CVE-2012-1172)\n\n It was discovered that the fix for CVE-2012-1823, released via\n RHSA-2012:0546, did not properly filter all php-cgi command line arguments.\n A specially-crafted request to a PHP script could cause the PHP interpreter\n to output usage information that triggers an Internal Server Error.\n (CVE-2012-2336)\n\n A memory leak flaw was found in the PHP strtotime() function call. A remote\n attacker could possibly use this flaw to cause excessive memory consumption\n by triggering many strtotime() function calls. (CVE-2012-0789)\n\n It was found that PHP did not check the zend_strndup() function's return\n value in certain cases. A remote attacker could possibly use this flaw to\n crash a PHP application. (CVE-2011-4153)\n\n All php users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.1.6~39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-06T13:07:40", "description": "Check for the Version of php", "cvss3": {}, "published": "2012-06-28T00:00:00", "type": "openvas", "title": "RedHat Update for php RHSA-2012:1045-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2336", "CVE-2012-0789", "CVE-2012-1823", "CVE-2012-0057", "CVE-2012-1172", "CVE-2011-4153"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:870780", "href": "http://plugins.openvas.org/nasl.php?oid=870780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for php RHSA-2012:1045-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n It was discovered that the PHP XSL extension did not restrict the file\n writing capability of libxslt. A remote attacker could use this flaw to\n create or overwrite an arbitrary file that is writable by the user running\n PHP, if a PHP script processed untrusted eXtensible Style Sheet Language\n Transformations (XSLT) content. (CVE-2012-0057)\n\n Note: This update disables file writing by default. A new PHP configuration\n directive, "xsl.security_prefs", can be used to enable file writing in\n XSLT.\n\n A flaw was found in the way PHP validated file names in file upload\n requests. A remote attacker could possibly use this flaw to bypass the\n sanitization of the uploaded file names, and cause a PHP script to store\n the uploaded file in an unexpected directory, by using a directory\n traversal attack. (CVE-2012-1172)\n\n It was discovered that the fix for CVE-2012-1823, released via\n RHSA-2012:0546, did not properly filter all php-cgi command line arguments.\n A specially-crafted request to a PHP script could cause the PHP interpreter\n to output usage information that triggers an Internal Server Error.\n (CVE-2012-2336)\n\n A memory leak flaw was found in the PHP strtotime() function call. A remote\n attacker could possibly use this flaw to cause excessive memory consumption\n by triggering many strtotime() function calls. (CVE-2012-0789)\n\n It was found that PHP did not check the zend_strndup() function's return\n value in certain cases. A remote attacker could possibly use this flaw to\n crash a PHP application. (CVE-2011-4153)\n\n All php users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\";\n\ntag_affected = \"php on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-June/msg00055.html\");\n script_id(870780);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-28 10:35:49 +0530 (Thu, 28 Jun 2012)\");\n script_cve_id(\"CVE-2011-4153\", \"CVE-2012-0057\", \"CVE-2012-0789\",\n \"CVE-2012-1172\", \"CVE-2012-2336\", \"CVE-2012-1823\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:1045-01\");\n script_name(\"RedHat Update for php RHSA-2012:1045-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.1.6~39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:58:23", "description": "Check for the Version of php", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for php CESA-2012:1045 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2336", "CVE-2012-0789", "CVE-2012-1823", "CVE-2012-0057", "CVE-2012-1172", "CVE-2011-4153"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:881154", "href": "http://plugins.openvas.org/nasl.php?oid=881154", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2012:1045 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n It was discovered that the PHP XSL extension did not restrict the file\n writing capability of libxslt. A remote attacker could use this flaw to\n create or overwrite an arbitrary file that is writable by the user running\n PHP, if a PHP script processed untrusted eXtensible Style Sheet Language\n Transformations (XSLT) content. (CVE-2012-0057)\n \n Note: This update disables file writing by default. A new PHP configuration\n directive, "xsl.security_prefs", can be used to enable file writing in\n

SuSE 11.2 Security Update : PHP5 (SAT Patch Number 5958)

Description

Related