Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 Tenable Network Security, Inc.SUSE_APACHE2-MOD_PHP5-7110.NASL
HistoryOct 11, 2010 - 12:00 a.m.

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7110)

2010-10-1100:00:00
This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.
www.tenable.com
19
JSON

PHP was updated to version 5.2.14 to fix serveral security issues :

  • CVE-2010-1860

  • CVE-2010-1862

  • CVE-2010-1864

  • CVE-2010-1914

  • CVE-2010-1915

  • CVE-2010-1917

  • CVE-2010-2093

  • CVE-2010-2094

  • CVE-2010-2097

  • CVE-2010-2100

  • CVE-2010-2101

  • CVE-2010-2190

  • CVE-2010-2191

  • CVE-2010-2225

  • CVE-2010-2484

  • CVE-2010-2531

  • CVE-2010-3062

  • CVE-2010-3063

  • CVE-2010-3064

  • CVE-2010-3065

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(49830);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2010-1860", "CVE-2010-1862", "CVE-2010-1864", "CVE-2010-1914", "CVE-2010-1915", "CVE-2010-1917", "CVE-2010-2093", "CVE-2010-2094", "CVE-2010-2097", "CVE-2010-2100", "CVE-2010-2101", "CVE-2010-2190", "CVE-2010-2191", "CVE-2010-2225", "CVE-2010-2484", "CVE-2010-2531", "CVE-2010-3062", "CVE-2010-3063", "CVE-2010-3064", "CVE-2010-3065");

  script_name(english:"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7110)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 10 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"PHP was updated to version 5.2.14 to fix serveral security issues :

  - CVE-2010-1860

  - CVE-2010-1862

  - CVE-2010-1864

  - CVE-2010-1914

  - CVE-2010-1915

  - CVE-2010-1917

  - CVE-2010-2093

  - CVE-2010-2094

  - CVE-2010-2097

  - CVE-2010-2100

  - CVE-2010-2101

  - CVE-2010-2190

  - CVE-2010-2191

  - CVE-2010-2225

  - CVE-2010-2484

  - CVE-2010-2531

  - CVE-2010-3062

  - CVE-2010-3063

  - CVE-2010-3064

  - CVE-2010-3065"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-1860.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-1862.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-1864.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-1914.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-1915.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-1917.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2093.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2094.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2097.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2100.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2101.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2190.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2191.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2225.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2484.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2531.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3062.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3063.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3064.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3065.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7110.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/08/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLES10", sp:3, reference:"apache2-mod_php5-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-bcmath-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-bz2-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-calendar-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-ctype-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-curl-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-dba-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-dbase-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-devel-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-dom-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-exif-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-fastcgi-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-ftp-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-gd-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-gettext-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-gmp-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-hash-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-iconv-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-imap-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-json-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-ldap-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-mbstring-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-mcrypt-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-mhash-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-mysql-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-ncurses-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-odbc-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-openssl-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-pcntl-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-pdo-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-pear-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-pgsql-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-posix-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-pspell-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-shmop-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-snmp-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-soap-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-sockets-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-sqlite-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-suhosin-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-sysvmsg-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-sysvsem-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-sysvshm-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-tokenizer-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-wddx-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-xmlreader-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-xmlrpc-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-xsl-5.2.14-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"php5-zlib-5.2.14-0.4.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else exit(0, "The host is not affected.");
VendorProductVersionCPE
susesuse_linuxcpe:/o:suse:suse_linux

References

Related

nessus 28
openvas 55
fedora 6
securityvulns 7
osv 2
slackware 1
seebug 6
ubuntucve 22
ubuntu 2
debian 3
gentoo 1
redhat 1
oraclelinux 1
centos 1
prion 22
cve 22
checkpoint_advisories 3
f5 6
attackerkb 1
veracode 4
freebsd 1
thn 2
threatpost 1
debiancve 1
nessus
nessus
openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0678-1)
2010-10-06 00:00:00
SuSE 11 / 11.1 Security Update : Apache 2 (SAT Patch Numbers 2880 / 2881)
2010-12-02 00:00:00
openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0599-1)
2014-06-13 00:00:00
openvas
openvas
PHP < 5.3.3 Multiple Vulnerabilities
2012-06-21 00:00:00
PHP < 5.3.3 Multiple Vulnerabilities
2020-08-17 00:00:00
PHP < 5.2.14 Multiple Vulnerabilities
2012-06-21 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: php-5.3.3-1.fc12
2010-08-23 22:08:06
[SECURITY] Fedora 13 Update: php-5.3.3-1.fc13
2010-08-23 22:00:56
[SECURITY] Fedora 12 Update: php-eaccelerator-0.9.6.1-2.fc12
2010-08-23 22:08:06
securityvulns
securityvulns
PHP multiple security vulnerabilities
2010-05-11 00:00:00
PHP multiple security vulnerabilities
2010-09-27 00:00:00
[USN-989-1] PHP vulnerabilities
2010-09-27 00:00:00
osv
osv
php5 - several vulnerabilities
2010-08-06 00:00:00
php5 - several
2011-06-29 00:00:00
slackware
slackware
[slackware-security] php
2010-08-28 16:53:00
seebug
seebug
PHP 多个函数中断处理地址信息泄露漏洞
2010-06-01 00:00:00
PHP htmlentities()和htmlspecialchars()函数中断处理地址信息泄露漏洞
2010-05-31 00:00:00
PHP http_build_query()函数中断处理地址信息泄露漏洞
2010-05-31 00:00:00
ubuntucve
ubuntucve
CVE-2010-2101
2010-05-27 00:00:00
CVE-2010-1915
2010-05-12 00:00:00
CVE-2010-2100
2010-05-27 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2010-09-20 00:00:00
PHP Vulnerabilities
2011-10-18 00:00:00
debian
debian
[SECURITY] [DSA-2089-1] New php5 packages fix several vulnerabilities
2010-08-06 05:42:32
[SECURITY] [DSA 2262-2] php5 update
2011-07-01 20:00:32
[SECURITY] [DSA 2266-1] php5 security update
2011-06-29 18:42:45
gentoo
gentoo
PHP: Multiple vulnerabilities
2011-10-10 00:00:00
redhat
redhat
(RHSA-2010:0919) Moderate: php security update
2010-11-29 00:00:00
oraclelinux
oraclelinux
php security update
2010-11-29 00:00:00
centos
centos
php security update
2010-11-30 12:21:14
prion
prion
Design/Logic Flaw
2010-06-24 12:30:00
Design/Logic Flaw
2010-05-27 22:30:00
Heap overflow
2010-08-20 20:00:00
cve
cve
CVE-2010-2093
2010-05-27 22:30:00
CVE-2010-2101
2010-05-27 22:30:00
CVE-2010-1915
2010-05-12 11:46:00
checkpoint_advisories
checkpoint_advisories
PhpMyAdmin ENV Superglobal Remote Variable Manipulation (CVE-2010-3065)
2014-09-14 00:00:00
PHP Session Serializer Session Data Injection (CVE-2010-3065)
2013-10-20 00:00:00
Zend PHP Advanced Local File Inclusion (CVE-2010-2094)
2015-02-02 00:00:00
f5
f5
K12253 : PHP vulnerability CVE-2010-2225
2013-07-03 00:00:00
SOL12253 - PHP vulnerability CVE-2010-2225
2010-11-03 00:00:00
SOL15885 - GNU C Library vulnerability CVE-2011-1071
2014-11-27 00:00:00
attackerkb
attackerkb
CVE-2010-1914
2010-05-12 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:53:57
Information Disclosure
2020-04-10 00:53:58
Authorization Bypass
2020-04-10 00:53:58
freebsd
freebsd
pecl-phar -- format string vulnerability
2010-12-13 00:00:00
thn
thn
Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers
2013-09-09 17:45:00
Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers
2013-09-09 06:45:00
threatpost
threatpost
Call for Ban on Vulnerable PHP SuperGlobal Variables
2013-09-09 14:54:04
debiancve
debiancve
CVE-2011-1071
2011-04-08 15:17:00
JSON
Related for SUSE_APACHE2-MOD_PHP5-7110.NASL
nessus28openvas55fedora6securityvulns7osv2slackware1seebug6ubuntucve22ubuntu2debian3gentoo1redhat1oraclelinux1centos1prion22cve22checkpoint_advisories3f56attackerkb1veracode4freebsd1thn2threatpost1debiancve1