Lucene search
This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.SUSE_APACHE2-MOD_PHP5-3289.NASLHistoryOct 17, 2007 - 12:00 a.m.
openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3289)
2007-10-1700:00:00
This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.
www.tenable.com
22
This Update fixes numerous vulnerabilities in PHP. Most of them were made public during the ‘Month of PHP Bugs’. The vulnerabilities potentially lead to crashes, information leaks or even execution of malicious code.
CVE-2007-1380, CVE-2007-0988, CVE-2007-1375, CVE-2007-1454 CVE-2007-1453, CVE-2007-1521, CVE-2007-1522, CVE-2007-1376 CVE-2007-1583, CVE-2007-1460, CVE-2007-1461, CVE-2007-1484 CVE-2007-1700, CVE-2007-1717, CVE-2007-1718, CVE-2007-1001 CVE-2007-1824, CVE-2007-1889, CVE-2007-1900
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update apache2-mod_php5-3289.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(27150);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2007-0988", "CVE-2007-1001", "CVE-2007-1375", "CVE-2007-1376", "CVE-2007-1380", "CVE-2007-1453", "CVE-2007-1454", "CVE-2007-1460", "CVE-2007-1461", "CVE-2007-1484", "CVE-2007-1521", "CVE-2007-1522", "CVE-2007-1583", "CVE-2007-1700", "CVE-2007-1717", "CVE-2007-1718", "CVE-2007-1824", "CVE-2007-1889");
script_name(english:"openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3289)");
script_summary(english:"Check for the apache2-mod_php5-3289 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This Update fixes numerous vulnerabilities in PHP. Most of them were
made public during the 'Month of PHP Bugs'. The vulnerabilities
potentially lead to crashes, information leaks or even execution of
malicious code.
CVE-2007-1380, CVE-2007-0988, CVE-2007-1375, CVE-2007-1454
CVE-2007-1453, CVE-2007-1521, CVE-2007-1522, CVE-2007-1376
CVE-2007-1583, CVE-2007-1460, CVE-2007-1461, CVE-2007-1484
CVE-2007-1700, CVE-2007-1717, CVE-2007-1718, CVE-2007-1001
CVE-2007-1824, CVE-2007-1889, CVE-2007-1900"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected apache2-mod_php5 packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_cwe_id(399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dbase");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-hash");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mhash");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ncurses");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
script_set_attribute(attribute:"patch_publication_date", value:"2007/05/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE10.2", reference:"apache2-mod_php5-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-bcmath-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-bz2-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-calendar-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-ctype-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-curl-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-dba-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-dbase-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-devel-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-dom-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-exif-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-fastcgi-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-ftp-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-gd-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-gettext-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-gmp-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-hash-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-iconv-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-imap-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-json-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-ldap-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-mbstring-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-mcrypt-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-mhash-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-mysql-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-ncurses-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-odbc-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-openssl-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-pcntl-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-pdo-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-pear-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-pgsql-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-posix-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-pspell-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-shmop-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-snmp-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-soap-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-sockets-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-sqlite-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-suhosin-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-sysvmsg-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-sysvsem-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-sysvshm-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-tidy-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-tokenizer-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-wddx-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-xmlreader-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-xmlrpc-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-xmlwriter-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-xsl-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-zip-5.2.0-14") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"php5-zlib-5.2.0-14") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / php5 / php5-bcmath / php5-bz2 / php5-calendar / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | apache2-mod_php5 | p-cpe:/a:novell:opensuse:apache2-mod_php5 |
| novell | opensuse | php5 | p-cpe:/a:novell:opensuse:php5 |
| novell | opensuse | php5-bcmath | p-cpe:/a:novell:opensuse:php5-bcmath |
| novell | opensuse | php5-bz2 | p-cpe:/a:novell:opensuse:php5-bz2 |
| novell | opensuse | php5-calendar | p-cpe:/a:novell:opensuse:php5-calendar |
| novell | opensuse | php5-ctype | p-cpe:/a:novell:opensuse:php5-ctype |
| novell | opensuse | php5-curl | p-cpe:/a:novell:opensuse:php5-curl |
| novell | opensuse | php5-dba | p-cpe:/a:novell:opensuse:php5-dba |
| novell | opensuse | php5-dbase | p-cpe:/a:novell:opensuse:php5-dbase |
| novell | opensuse | php5-devel | p-cpe:/a:novell:opensuse:php5-devel |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1375
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1376
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1380
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1453
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1454
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1460
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1461
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1484
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1521
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1522
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1700
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1717
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1824
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1889
Related
suse
suse
remote code execution in php4,php5
2007-05-23 13:16:49
openvas
openvas
SuSE Update for php4,php5 SUSE-SA:2007:032
2009-01-28 00:00:00
SLES9: Security update for PHP4
2009-10-10 00:00:00
SLES9: Security update for PHP4
2009-10-10 00:00:00
nessus
nessus
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3290)
2007-12-13 00:00:00
Ubuntu 6.06 LTS / 6.10 / 7.04 : php5 vulnerabilities (USN-455-1)
2007-11-10 00:00:00
Debian DSA-1283-1 : php5 - several vulnerabilities
2007-04-30 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2007-04-27 00:00:00
debian
debian
[SECURITY] [DSA 1283-1] New php5 packages fix several vulnerabilities
2007-04-29 20:16:06
[SECURITY] [DSA 1282-1] New php4 packages fix several vulnerabilities
2007-04-26 18:23:29
gentoo
gentoo
PHP: Multiple vulnerabilities
2007-05-26 00:00:00
PHP: Multiple vulnerabilities
2007-03-20 00:00:00
redhat
redhat
(RHSA-2007:0153) Moderate: php security update
2007-04-20 00:00:00
(RHSA-2007:0162) Moderate: php security update
2007-04-16 00:00:00
(RHSA-2007:0155) Important: php security update
2007-04-16 00:00:00
centos
centos
php security update
2007-04-21 13:47:06
php security update
2007-04-16 16:16:21
php security update
2007-02-25 06:02:10
securityvulns
securityvulns
PHP filtering extension multiple security vulnerabilities
2007-03-14 00:00:00
PHP invalid session id and session_regenerate_id() function double free() vulnerability
2007-03-17 00:00:00
PHP mail() function invalid characters processing
2007-03-29 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: php-5.1.6-3.5.fc6
2007-04-17 12:45:17
[SECURITY] Fedora Core 5 Update: php-5.1.6-1.5
2007-04-18 22:42:03
[SECURITY] Fedora Core 5 Update: php-5.1.6-1.6
2007-05-24 05:24:12
oraclelinux
oraclelinux
Important: php security update
2007-04-16 00:00:00
Important: php security update
2007-06-26 00:00:00
Important: php security update
2007-02-19 00:00:00
prion
prion
Code injection
2007-03-14 18:19:00
Buffer overflow
2007-04-02 23:19:00
Code injection
2007-03-14 18:19:00
redhatcve
redhatcve
cve
cve
ubuntucve
ubuntucve
f5
f5
K7859 : Multiple PHP vulnerabilities
2013-03-19 00:00:00
SOL7859 - Multiple PHP vulnerabilities
2007-09-16 00:00:00
debiancve
debiancve
CVE-2007-1001
2007-04-06 00:19:00
slackware
slackware
[slackware-security] php
2007-05-08 04:22:33
[slackware-security] php5
2007-06-01 21:19:18
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:15:22
CRLF Injection
2020-04-10 00:15:23
Denial Of Service (DoS)
2020-04-10 00:16:37
freebsd
freebsd
php -- multiple vulnerabilities
2007-05-03 00:00:00
seebug
seebug
Mac OS X 2007-007更新修复多个安全漏洞
2007-08-02 00:00:00
Related for SUSE_APACHE2-MOD_PHP5-3289.NASL