ID SUSE_PHP5-1590.NASL Type nessus Reporter Tenable Modified 2018-07-19T00:00:00
Description
This update fixes the following security issues: - invalid charactes
in session names were not blocked - a bug in zend_hash_del() allowed
attackers to prevent unsetting of some variables - bugs in the
substr_compare() and wordwrap function could crash php (CVE-2006-1991,
CVE-2006-1990) - a memory leak in the imagecreatefromgif() function
#%NASL_MIN_LEVEL 70103
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update php5-1590.
#
# The text description of this plugin is (C) SUSE LLC.
#
include("compat.inc");
if (description)
{
script_id(27389);
script_version ("1.9");
script_cvs_date("Date: 2018/07/19 23:54:24");
script_cve_id("CVE-2006-1990", "CVE-2006-1991");
script_name(english:"openSUSE 10 Security Update : php5 (php5-1590)");
script_summary(english:"Check for the php5-1590 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update fixes the following security issues: - invalid charactes
in session names were not blocked - a bug in zend_hash_del() allowed
attackers to prevent unsetting of some variables - bugs in the
substr_compare() and wordwrap function could crash php (CVE-2006-1991,
CVE-2006-1990) - a memory leak in the imagecreatefromgif() function"
);
script_set_attribute(attribute:"solution", value:"Update the affected php5 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
script_set_attribute(attribute:"patch_publication_date", value:"2006/06/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE10.1", reference:"apache2-mod_php5-5.1.2-29.4") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"php5-5.1.2-29.4") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"php5-gd-5.1.2-29.4") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / php5 / php5-gd");
}
{"id": "SUSE_PHP5-1590.NASL", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : php5 (php5-1590)", "description": "This update fixes the following security issues: - invalid charactes\nin session names were not blocked - a bug in zend_hash_del() allowed\nattackers to prevent unsetting of some variables - bugs in the\nsubstr_compare() and wordwrap function could crash php (CVE-2006-1991,\nCVE-2006-1990) - a memory leak in the imagecreatefromgif() function", "published": "2007-10-17T00:00:00", "modified": "2018-07-19T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27389", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2006-1990", "CVE-2006-1991"], "type": "nessus", "lastseen": "2019-01-16T20:07:37", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:php5-gd", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5"], "cvelist": ["CVE-2006-1990", "CVE-2006-1991"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "This update fixes the following security issues: - invalid charactes in session names were not blocked - a bug in zend_hash_del() allowed attackers to prevent unsetting of some variables - bugs in the substr_compare() and wordwrap function could crash php (CVE-2006-1991, CVE-2006-1990) - a memory leak in the imagecreatefromgif() function", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "8d96726c65514d8be440f6ad3a23cadbb49dad9839ee08d735702a557a7b1250", "hashmap": [{"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "cdac128292cf839344fa211297d391c9", "key": "cpe"}, {"hash": "3d2b08aa7cfa68fd54e3f4a4e7ffcf7d", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f21740a7d9e67a66aabf0ddfc84187c6", "key": "sourceData"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "1573417a10e5176d4ea934698c7d02b0", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "443e86b2ed251f8650bab53002d6376f", "key": "description"}, {"hash": "1fa7656408b8f355aace00f60926278e", "key": "cvelist"}, {"hash": "c13ec202aa3bb224a30d99b0531ddcbe", "key": "title"}, {"hash": "fa35df035a7792d7efde43b7a68dc9e3", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=27389", "id": "SUSE_PHP5-1590.NASL", "lastseen": "2017-10-29T13:38:10", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "27389", "published": "2007-10-17T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update php5-1590.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27389);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:36:48 $\");\n\n script_cve_id(\"CVE-2006-1990\", \"CVE-2006-1991\");\n\n script_name(english:\"openSUSE 10 Security Update : php5 (php5-1590)\");\n script_summary(english:\"Check for the php5-1590 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues: - invalid charactes\nin session names were not blocked - a bug in zend_hash_del() allowed\nattackers to prevent unsetting of some variables - bugs in the\nsubstr_compare() and wordwrap function could crash php (CVE-2006-1991,\nCVE-2006-1990) - a memory leak in the imagecreatefromgif() function\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"apache2-mod_php5-5.1.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-5.1.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-gd-5.1.2-29.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / php5 / php5-gd\");\n}\n", "title": "openSUSE 10 Security Update : php5 (php5-1590)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:38:10"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:php5-gd", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5"], "cvelist": ["CVE-2006-1990", "CVE-2006-1991"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "This update fixes the following security issues: - invalid charactes in session names were not blocked - a bug in zend_hash_del() allowed attackers to prevent unsetting of some variables - bugs in the substr_compare() and wordwrap function could crash php (CVE-2006-1991, CVE-2006-1990) - a memory leak in the imagecreatefromgif() function", "edition": 5, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "10723794b991e6ace04332b766112b722386474f19eeb6185d44a464e9c51600", "hashmap": [{"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "cdac128292cf839344fa211297d391c9", "key": "cpe"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "3d2b08aa7cfa68fd54e3f4a4e7ffcf7d", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "29593de74c467e88f0535ad3b24949bb", "key": "sourceData"}, {"hash": "1573417a10e5176d4ea934698c7d02b0", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "443e86b2ed251f8650bab53002d6376f", "key": "description"}, {"hash": "1fa7656408b8f355aace00f60926278e", "key": "cvelist"}, {"hash": "c13ec202aa3bb224a30d99b0531ddcbe", "key": "title"}, {"hash": "fa35df035a7792d7efde43b7a68dc9e3", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=27389", "id": "SUSE_PHP5-1590.NASL", "lastseen": "2018-09-01T23:46:42", "modified": "2018-07-19T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "27389", "published": "2007-10-17T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update php5-1590.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27389);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2006-1990\", \"CVE-2006-1991\");\n\n script_name(english:\"openSUSE 10 Security Update : php5 (php5-1590)\");\n script_summary(english:\"Check for the php5-1590 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues: - invalid charactes\nin session names were not blocked - a bug in zend_hash_del() allowed\nattackers to prevent unsetting of some variables - bugs in the\nsubstr_compare() and wordwrap function could crash php (CVE-2006-1991,\nCVE-2006-1990) - a memory leak in the imagecreatefromgif() function\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"apache2-mod_php5-5.1.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-5.1.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-gd-5.1.2-29.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / php5 / php5-gd\");\n}\n", "title": "openSUSE 10 Security Update : php5 (php5-1590)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-09-01T23:46:42"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:php5-gd", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5"], "cvelist": ["CVE-2006-1990", "CVE-2006-1991"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "This update fixes the following security issues: - invalid charactes in session names were not blocked - a bug in zend_hash_del() allowed attackers to prevent unsetting of some variables - bugs in the substr_compare() and wordwrap function could crash php (CVE-2006-1991, CVE-2006-1990) - a memory leak in the imagecreatefromgif() function", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "10723794b991e6ace04332b766112b722386474f19eeb6185d44a464e9c51600", "hashmap": [{"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "cdac128292cf839344fa211297d391c9", "key": "cpe"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "3d2b08aa7cfa68fd54e3f4a4e7ffcf7d", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "29593de74c467e88f0535ad3b24949bb", "key": "sourceData"}, {"hash": "1573417a10e5176d4ea934698c7d02b0", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "443e86b2ed251f8650bab53002d6376f", "key": "description"}, {"hash": "1fa7656408b8f355aace00f60926278e", "key": "cvelist"}, {"hash": "c13ec202aa3bb224a30d99b0531ddcbe", "key": "title"}, {"hash": "fa35df035a7792d7efde43b7a68dc9e3", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=27389", "id": "SUSE_PHP5-1590.NASL", "lastseen": "2018-08-02T07:53:25", "modified": "2018-07-19T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "27389", "published": "2007-10-17T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update php5-1590.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27389);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2006-1990\", \"CVE-2006-1991\");\n\n script_name(english:\"openSUSE 10 Security Update : php5 (php5-1590)\");\n script_summary(english:\"Check for the php5-1590 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues: - invalid charactes\nin session names were not blocked - a bug in zend_hash_del() allowed\nattackers to prevent unsetting of some variables - bugs in the\nsubstr_compare() and wordwrap function could crash php (CVE-2006-1991,\nCVE-2006-1990) - a memory leak in the imagecreatefromgif() function\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"apache2-mod_php5-5.1.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-5.1.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-gd-5.1.2-29.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / php5 / php5-gd\");\n}\n", "title": "openSUSE 10 Security Update : php5 (php5-1590)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-02T07:53:25"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2006-1990", "CVE-2006-1991"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "This update fixes the following security issues: - invalid charactes in session names were not blocked - a bug in zend_hash_del() allowed attackers to prevent unsetting of some variables - bugs in the substr_compare() and wordwrap function could crash php (CVE-2006-1991, CVE-2006-1990) - a memory leak in the imagecreatefromgif() function", "edition": 1, "enchantments": {}, "hash": "b0d81cf6e48180c2250fef0ab831f012e49f390dc3af5a468ba0522bc19c6acf", "hashmap": [{"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "3d2b08aa7cfa68fd54e3f4a4e7ffcf7d", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f21740a7d9e67a66aabf0ddfc84187c6", "key": "sourceData"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "1573417a10e5176d4ea934698c7d02b0", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "443e86b2ed251f8650bab53002d6376f", "key": "description"}, {"hash": "1fa7656408b8f355aace00f60926278e", "key": "cvelist"}, {"hash": "c13ec202aa3bb224a30d99b0531ddcbe", "key": "title"}, {"hash": "fa35df035a7792d7efde43b7a68dc9e3", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=27389", "id": "SUSE_PHP5-1590.NASL", "lastseen": "2016-09-26T17:24:37", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "27389", "published": "2007-10-17T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update php5-1590.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27389);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:36:48 $\");\n\n script_cve_id(\"CVE-2006-1990\", \"CVE-2006-1991\");\n\n script_name(english:\"openSUSE 10 Security Update : php5 (php5-1590)\");\n script_summary(english:\"Check for the php5-1590 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues: - invalid charactes\nin session names were not blocked - a bug in zend_hash_del() allowed\nattackers to prevent unsetting of some variables - bugs in the\nsubstr_compare() and wordwrap function could crash php (CVE-2006-1991,\nCVE-2006-1990) - a memory leak in the imagecreatefromgif() function\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"apache2-mod_php5-5.1.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-5.1.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-gd-5.1.2-29.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / php5 / php5-gd\");\n}\n", "title": "openSUSE 10 Security Update : php5 (php5-1590)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:37"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:php5-gd", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5"], "cvelist": ["CVE-2006-1990", "CVE-2006-1991"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This update fixes the following security issues: - invalid charactes in session names were not blocked - a bug in zend_hash_del() allowed attackers to prevent unsetting of some variables - bugs in the substr_compare() and wordwrap function could crash php (CVE-2006-1991, CVE-2006-1990) - a memory leak in the imagecreatefromgif() function", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "abce0b6bb0f278d39614dd226b1941391d6e5782e215ee11056f7c958d8ba699", "hashmap": [{"hash": "cdac128292cf839344fa211297d391c9", "key": "cpe"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "3d2b08aa7cfa68fd54e3f4a4e7ffcf7d", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "29593de74c467e88f0535ad3b24949bb", "key": "sourceData"}, {"hash": "1573417a10e5176d4ea934698c7d02b0", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "443e86b2ed251f8650bab53002d6376f", "key": "description"}, {"hash": "1fa7656408b8f355aace00f60926278e", "key": "cvelist"}, {"hash": "c13ec202aa3bb224a30d99b0531ddcbe", "key": "title"}, {"hash": "fa35df035a7792d7efde43b7a68dc9e3", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=27389", "id": "SUSE_PHP5-1590.NASL", "lastseen": "2018-08-30T19:40:24", "modified": "2018-07-19T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "27389", "published": "2007-10-17T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update php5-1590.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27389);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2006-1990\", \"CVE-2006-1991\");\n\n script_name(english:\"openSUSE 10 Security Update : php5 (php5-1590)\");\n script_summary(english:\"Check for the php5-1590 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues: - invalid charactes\nin session names were not blocked - a bug in zend_hash_del() allowed\nattackers to prevent unsetting of some variables - bugs in the\nsubstr_compare() and wordwrap function could crash php (CVE-2006-1991,\nCVE-2006-1990) - a memory leak in the imagecreatefromgif() function\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"apache2-mod_php5-5.1.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-5.1.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-gd-5.1.2-29.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / php5 / php5-gd\");\n}\n", "title": "openSUSE 10 Security Update : php5 (php5-1590)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:40:24"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "cdac128292cf839344fa211297d391c9"}, {"key": "cvelist", "hash": "1fa7656408b8f355aace00f60926278e"}, {"key": "cvss", "hash": "956b0cce3d9454921494ef535bcdf2a4"}, {"key": "description", "hash": "8f96318355cf23834d45af7efd86a9c4"}, {"key": "href", "hash": "1573417a10e5176d4ea934698c7d02b0"}, {"key": "modified", "hash": "e2914120514a29eeccc01e381df164d8"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "3d2b08aa7cfa68fd54e3f4a4e7ffcf7d"}, {"key": "published", "hash": "fa35df035a7792d7efde43b7a68dc9e3"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "29593de74c467e88f0535ad3b24949bb"}, {"key": "title", "hash": "c13ec202aa3bb224a30d99b0531ddcbe"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "b9c4f81a41565ba9492fe199581e4a1c52dd80ad2beaaf7740fd0e6cfacd9f31", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-1991", "CVE-2006-1990"]}, {"type": "nessus", "idList": ["MANDRAKE_MDKSA-2006-091.NASL", "GENTOO_GLSA-200605-08.NASL", "CENTOS_RHSA-2006-0568.NASL", "REDHAT-RHSA-2006-0568.NASL", "UBUNTU_USN-320-1.NASL", "PHP_4_4_3.NASL", "MANDRAKE_MDKSA-2006-122.NASL", "REDHAT-RHSA-2006-0501.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:56723"]}, {"type": "gentoo", "idList": ["GLSA-200605-08"]}, {"type": "suse", "idList": ["SUSE-SA:2006:031"]}, {"type": "osvdb", "idList": ["OSVDB:24946", "OSVDB:24944"]}, {"type": "centos", "idList": ["CESA-2006:0568", "CESA-2006:0501-02"]}, {"type": "redhat", "idList": ["RHSA-2006:0568", "RHSA-2006:0501"]}, {"type": "ubuntu", "idList": ["USN-320-1"]}, {"type": "seebug", "idList": ["SSV:623"]}], "modified": "2019-01-16T20:07:37"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update php5-1590.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27389);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2006-1990\", \"CVE-2006-1991\");\n\n script_name(english:\"openSUSE 10 Security Update : php5 (php5-1590)\");\n script_summary(english:\"Check for the php5-1590 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues: - invalid charactes\nin session names were not blocked - a bug in zend_hash_del() allowed\nattackers to prevent unsetting of some variables - bugs in the\nsubstr_compare() and wordwrap function could crash php (CVE-2006-1991,\nCVE-2006-1990) - a memory leak in the imagecreatefromgif() function\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"apache2-mod_php5-5.1.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-5.1.2-29.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"php5-gd-5.1.2-29.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / php5 / php5-gd\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "27389", "cpe": ["p-cpe:/a:novell:opensuse:php5-gd", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5"]}
{"cve": [{"lastseen": "2017-07-20T10:49:14", "bulletinFamily": "NVD", "description": "The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument.", "modified": "2017-07-19T21:31:05", "published": "2006-04-24T19:02:00", "id": "CVE-2006-1991", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1991", "title": "CVE-2006-1991", "type": "cve", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-19T11:35:58", "bulletinFamily": "NVD", "description": "Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396.", "modified": "2018-10-18T12:37:28", "published": "2006-04-24T19:02:00", "id": "CVE-2006-1990", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1990", "title": "CVE-2006-1990", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:06:38", "bulletinFamily": "scanner", "description": "An integer overflow in the wordwrap() function could allow attackers\nto execute arbitrary code via certain long arguments that cause a\nsmall buffer to be allocated, triggering a heap-based buffer overflow\n(CVE-2006-1990).\n\nThe substr_compare() function in PHP 5.x and 4.4.2 could allow\nattackers to cause a Denial of Service (memory access violation) via\nan out-of-bounds offset argument (CVE-2006-1991).\n\nThe second vulnerability only affects Mandriva Linux 2006; earlier\nversions shipped with older versions of PHP that do not contain the\nsubstr_compare() function.", "modified": "2018-07-19T00:00:00", "published": "2006-05-27T00:00:00", "id": "MANDRAKE_MDKSA-2006-091.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21602", "title": "Mandrake Linux Security Advisory : php (MDKSA-2006:091)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:091. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21602);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2006-1990\", \"CVE-2006-1991\");\n script_xref(name:\"MDKSA\", value:\"2006:091\");\n\n script_name(english:\"Mandrake Linux Security Advisory : php (MDKSA-2006:091)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow in the wordwrap() function could allow attackers\nto execute arbitrary code via certain long arguments that cause a\nsmall buffer to be allocated, triggering a heap-based buffer overflow\n(CVE-2006-1990).\n\nThe substr_compare() function in PHP 5.x and 4.4.2 could allow\nattackers to cause a Denial of Service (memory access violation) via\nan out-of-bounds offset argument (CVE-2006-1991).\n\nThe second vulnerability only affects Mandriva Linux 2006; earlier\nversions shipped with older versions of PHP that do not contain the\nsubstr_compare() function.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php_common432\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp_common432\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php432-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64php_common432-4.3.10-7.12.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libphp_common432-4.3.10-7.12.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"php-cgi-4.3.10-7.12.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"php-cli-4.3.10-7.12.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"php432-devel-4.3.10-7.12.102mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.0.4-9.9.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libphp5_common5-5.0.4-9.9.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-cgi-5.0.4-9.9.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-cli-5.0.4-9.9.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-devel-5.0.4-9.9.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-fcgi-5.0.4-9.9.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:06:36", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200605-08\n(PHP: Multiple vulnerabilities)\n\n Several vulnerabilities were discovered on PHP4 and PHP5 by Infigo,\n Tonu Samuel and Maksymilian Arciemowicz. These included a buffer\n overflow in the wordwrap() function, restriction bypasses in the copy()\n and tempname() functions, a cross-site scripting issue in the phpinfo()\n function, a potential crash in the substr_compare() function and a\n memory leak in the non-binary-safe html_entity_decode() function.\nImpact :\n\n Remote attackers might be able to exploit these issues in PHP\n applications making use of the affected functions, potentially\n resulting in the execution of arbitrary code, Denial of Service,\n execution of scripted contents in the context of the affected site,\n security bypass or information leak.\nWorkaround :\n\n There is no known workaround at this point.", "modified": "2018-08-10T00:00:00", "published": "2006-05-13T00:00:00", "id": "GENTOO_GLSA-200605-08.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21350", "title": "GLSA-200605-08 : PHP: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200605-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21350);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2006-0996\", \"CVE-2006-1490\", \"CVE-2006-1990\", \"CVE-2006-1991\");\n script_xref(name:\"GLSA\", value:\"200605-08\");\n\n script_name(english:\"GLSA-200605-08 : PHP: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200605-08\n(PHP: Multiple vulnerabilities)\n\n Several vulnerabilities were discovered on PHP4 and PHP5 by Infigo,\n Tonu Samuel and Maksymilian Arciemowicz. These included a buffer\n overflow in the wordwrap() function, restriction bypasses in the copy()\n and tempname() functions, a cross-site scripting issue in the phpinfo()\n function, a potential crash in the substr_compare() function and a\n memory leak in the non-binary-safe html_entity_decode() function.\n \nImpact :\n\n Remote attackers might be able to exploit these issues in PHP\n applications making use of the affected functions, potentially\n resulting in the execution of arbitrary code, Denial of Service,\n execution of scripted contents in the context of the affected site,\n security bypass or information leak.\n \nWorkaround :\n\n There is no known workaround at this point.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200605-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All PHP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose dev-lang/php\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\", \"Host/Gentoo/arch\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\nourarch = get_kb_item(\"Host/Gentoo/arch\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(alpha|amd64|ia64|ppc64)$\") audit(AUDIT_ARCH_NOT, \"alpha|amd64|ia64|ppc64\", ourarch);\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/php\", arch:\"alpha amd64 ia64 ppc64\", unaffected:make_list(\"ge 5.1.4-r4\", \"rge 4.4.2-r6\", \"rge 4.4.3-r1\", \"rge 4.4.4-r4\", \"rge 4.4.6\", \"ge 4.4.7\"), vulnerable:make_list(\"lt 5.1.4-r4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PHP\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:06:44", "bulletinFamily": "scanner", "description": "Updated PHP packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA directory traversal vulnerability was found in PHP. Local users\ncould bypass open_basedir restrictions allowing remote attackers to\ncreate files in arbitrary directories via the tempnam() function.\n(CVE-2006-1494)\n\nThe wordwrap() PHP function did not properly check for integer\noverflow in the handling of the 'break' parameter. An attacker who\ncould control the string passed to the 'break' parameter could cause a\nheap overflow. (CVE-2006-1990)\n\nA flaw was found in the zend_hash_del() PHP function. For PHP scripts\nthat rely on the use of the unset() function, a remote attacker could\nforce variable initialization to be bypassed. This would be a security\nissue particularly for installations that enable the\n'register_globals' setting. 'register_globals' is disabled by default\nin Red Hat Enterprise Linux. (CVE-2006-3017)\n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches that resolve these issues.", "modified": "2018-12-20T00:00:00", "published": "2006-07-13T00:00:00", "id": "REDHAT-RHSA-2006-0568.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22044", "title": "RHEL 3 / 4 : php (RHSA-2006:0568)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0568. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22044);\n script_version (\"1.21\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2006-1494\", \"CVE-2006-1990\", \"CVE-2006-3017\");\n script_xref(name:\"RHSA\", value:\"2006:0568\");\n\n script_name(english:\"RHEL 3 / 4 : php (RHSA-2006:0568)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA directory traversal vulnerability was found in PHP. Local users\ncould bypass open_basedir restrictions allowing remote attackers to\ncreate files in arbitrary directories via the tempnam() function.\n(CVE-2006-1494)\n\nThe wordwrap() PHP function did not properly check for integer\noverflow in the handling of the 'break' parameter. An attacker who\ncould control the string passed to the 'break' parameter could cause a\nheap overflow. (CVE-2006-1990)\n\nA flaw was found in the zend_hash_del() PHP function. For PHP scripts\nthat rely on the use of the unset() function, a remote attacker could\nforce variable initialization to be bypassed. This would be a security\nissue particularly for installations that enable the\n'register_globals' setting. 'register_globals' is disabled by default\nin Red Hat Enterprise Linux. (CVE-2006-3017)\n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches that resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3017\"\n );\n # http://www.php.net/register_globals\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://us1.php.net/manual/en/ini.core.php#ini.register-globals\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0568\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0568\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"php-4.3.2-33.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-devel-4.3.2-33.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-imap-4.3.2-33.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-ldap-4.3.2-33.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-mysql-4.3.2-33.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-odbc-4.3.2-33.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-pgsql-4.3.2-33.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-4.3.9-3.15\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-devel-4.3.9-3.15\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-domxml-4.3.9-3.15\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-gd-4.3.9-3.15\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-imap-4.3.9-3.15\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-ldap-4.3.9-3.15\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-mbstring-4.3.9-3.15\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-mysql-4.3.9-3.15\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-ncurses-4.3.9-3.15\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-odbc-4.3.9-3.15\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-pear-4.3.9-3.15\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-pgsql-4.3.9-3.15\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-snmp-4.3.9-3.15\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-xmlrpc-4.3.9-3.15\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:06:44", "bulletinFamily": "scanner", "description": "Updated PHP packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA directory traversal vulnerability was found in PHP. Local users\ncould bypass open_basedir restrictions allowing remote attackers to\ncreate files in arbitrary directories via the tempnam() function.\n(CVE-2006-1494)\n\nThe wordwrap() PHP function did not properly check for integer\noverflow in the handling of the 'break' parameter. An attacker who\ncould control the string passed to the 'break' parameter could cause a\nheap overflow. (CVE-2006-1990)\n\nA flaw was found in the zend_hash_del() PHP function. For PHP scripts\nthat rely on the use of the unset() function, a remote attacker could\nforce variable initialization to be bypassed. This would be a security\nissue particularly for installations that enable the\n'register_globals' setting. 'register_globals' is disabled by default\nin Red Hat Enterprise Linux. (CVE-2006-3017)\n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches that resolve these issues.", "modified": "2018-11-10T00:00:00", "published": "2006-07-13T00:00:00", "id": "CENTOS_RHSA-2006-0568.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22037", "title": "CentOS 3 / 4 : php (CESA-2006:0568)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0568 and \n# CentOS Errata and Security Advisory 2006:0568 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22037);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/10 11:49:27\");\n\n script_cve_id(\"CVE-2006-1494\", \"CVE-2006-1990\", \"CVE-2006-3017\");\n script_xref(name:\"RHSA\", value:\"2006:0568\");\n\n script_name(english:\"CentOS 3 / 4 : php (CESA-2006:0568)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA directory traversal vulnerability was found in PHP. Local users\ncould bypass open_basedir restrictions allowing remote attackers to\ncreate files in arbitrary directories via the tempnam() function.\n(CVE-2006-1494)\n\nThe wordwrap() PHP function did not properly check for integer\noverflow in the handling of the 'break' parameter. An attacker who\ncould control the string passed to the 'break' parameter could cause a\nheap overflow. (CVE-2006-1990)\n\nA flaw was found in the zend_hash_del() PHP function. For PHP scripts\nthat rely on the use of the unset() function, a remote attacker could\nforce variable initialization to be bypassed. This would be a security\nissue particularly for installations that enable the\n'register_globals' setting. 'register_globals' is disabled by default\nin Red Hat Enterprise Linux. (CVE-2006-3017)\n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches that resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-July/013004.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2b64d3f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-July/013006.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6851284\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-July/013012.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61c43641\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-July/013013.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?953a8202\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-July/013020.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43eb7035\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-July/013021.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef7a6b21\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-4.3.2-33.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-devel-4.3.2-33.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-imap-4.3.2-33.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-ldap-4.3.2-33.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-mysql-4.3.2-33.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-odbc-4.3.2-33.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-pgsql-4.3.2-33.ent\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"php-4.3.9-3.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-devel-4.3.9-3.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-domxml-4.3.9-3.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-gd-4.3.9-3.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-imap-4.3.9-3.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-ldap-4.3.9-3.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-mbstring-4.3.9-3.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-mysql-4.3.9-3.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-ncurses-4.3.9-3.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-odbc-4.3.9-3.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-pear-4.3.9-3.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-pgsql-4.3.9-3.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-snmp-4.3.9-3.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-xmlrpc-4.3.9-3.15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:06:48", "bulletinFamily": "scanner", "description": "According to its banner, the version of PHP installed on the remote\nhost is older than 4.4.3 / 5.1.4. Such versions may be affected by\nseveral issues, including a buffer overflow, heap corruption, and a\nflaw by which a variable may survive a call to 'unset()'.", "modified": "2018-11-15T00:00:00", "published": "2006-08-25T00:00:00", "id": "PHP_4_4_3.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22268", "title": "PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22268);\n script_version(\"1.24\");\n script_cvs_date(\"Date: 2018/11/15 20:50:18\");\n\n script_cve_id(\n \"CVE-2006-0996\",\n \"CVE-2006-1490\", \n \"CVE-2006-1494\", \n \"CVE-2006-1608\",\n \"CVE-2006-1990\",\n \"CVE-2006-1991\",\n \"CVE-2006-2563\",\n \"CVE-2006-2660\",\n \"CVE-2006-3011\",\n \"CVE-2006-3016\", \n \"CVE-2006-3017\", \n \"CVE-2006-3018\",\n \"CVE-2006-4433\"\n );\n script_bugtraq_id(17296, 17362, 17439, 17843, 18116, 18645, 49634);\n\n script_name(english:\"PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of PHP\");\n \n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple flaws.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the version of PHP installed on the remote\nhost is older than 4.4.3 / 5.1.4. Such versions may be affected by\nseveral issues, including a buffer overflow, heap corruption, and a\nflaw by which a variable may survive a call to 'unset()'.\"\n );\n # https://www.securityfocus.com/archive/1/20060409192313.20536.qmail@securityfocus.com\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a7553cd8\");\n # http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ccaf872d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/442437/100/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://us3.php.net/releases/4_4_3.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://us3.php.net/releases/5_1_3.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/release_5_1_4.php\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 4.4.3 / 5.1.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/03/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ \"^3\\.\" ||\n version =~ \"^4\\.([0-3]\\.|4\\.[0-2]($|[^0-9]))\" ||\n version =~ \"^5\\.(0\\.|1\\.[0-3]($|[^0-9]))\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 4.4.3 / 5.1.4\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:07:44", "bulletinFamily": "scanner", "description": "The phpinfo() PHP function did not properly sanitize long strings. A\nremote attacker could use this to perform cross-site scripting attacks\nagainst sites that have publicly-available PHP scripts that call\nphpinfo(). Please note that it is not recommended to publicly expose\nphpinfo(). (CVE-2006-0996)\n\nAn information disclosure has been reported in the\nhtml_entity_decode() function. A script which uses this function to\nprocess arbitrary user-supplied input could be exploited to expose a\nrandom part of memory, which could potentially reveal sensitive data.\n(CVE-2006-1490)\n\nThe wordwrap() function did not sufficiently check the validity of the\n'break' argument. An attacker who could control the string passed to\nthe 'break' parameter could cause a heap overflow; however, this\nshould not happen in practical applications. (CVE-2006-1990)\n\nThe substr_compare() function did not sufficiently check the validity\nof the 'offset' argument. A script which passes untrusted user-defined\nvalues to this parameter could be exploited to crash the PHP\ninterpreter. (CVE-2006-1991)\n\nIn certain situations, using unset() to delete a hash entry could\ncause the deletion of the wrong element, which would leave the\nspecified variable defined. This could potentially cause information\ndisclosure in security-relevant operations. (CVE-2006-3017)\n\nIn certain situations the session module attempted to close a data\nfile twice, which led to memory corruption. This could potentially be\nexploited to crash the PHP interpreter, though that could not be\nverified. (CVE-2006-3018)\n\nThis update also fixes various bugs which allowed local scripts to\nbypass open_basedir and 'safe mode' restrictions by passing special\narguments to tempnam() (CVE-2006-1494, CVE-2006-2660), copy()\n(CVE-2006-1608), the curl module (CVE-2006-2563), or error_log()\n(CVE-2006-3011).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2007-11-10T00:00:00", "id": "UBUNTU_USN-320-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27897", "title": "Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-320-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-320-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27897);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/12/01 15:12:38\");\n\n script_cve_id(\"CVE-2006-0996\", \"CVE-2006-1490\", \"CVE-2006-1494\", \"CVE-2006-1608\", \"CVE-2006-1990\", \"CVE-2006-1991\", \"CVE-2006-2563\", \"CVE-2006-2660\", \"CVE-2006-3011\", \"CVE-2006-3016\", \"CVE-2006-3017\", \"CVE-2006-3018\");\n script_xref(name:\"USN\", value:\"320-1\");\n\n script_name(english:\"Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-320-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The phpinfo() PHP function did not properly sanitize long strings. A\nremote attacker could use this to perform cross-site scripting attacks\nagainst sites that have publicly-available PHP scripts that call\nphpinfo(). Please note that it is not recommended to publicly expose\nphpinfo(). (CVE-2006-0996)\n\nAn information disclosure has been reported in the\nhtml_entity_decode() function. A script which uses this function to\nprocess arbitrary user-supplied input could be exploited to expose a\nrandom part of memory, which could potentially reveal sensitive data.\n(CVE-2006-1490)\n\nThe wordwrap() function did not sufficiently check the validity of the\n'break' argument. An attacker who could control the string passed to\nthe 'break' parameter could cause a heap overflow; however, this\nshould not happen in practical applications. (CVE-2006-1990)\n\nThe substr_compare() function did not sufficiently check the validity\nof the 'offset' argument. A script which passes untrusted user-defined\nvalues to this parameter could be exploited to crash the PHP\ninterpreter. (CVE-2006-1991)\n\nIn certain situations, using unset() to delete a hash entry could\ncause the deletion of the wrong element, which would leave the\nspecified variable defined. This could potentially cause information\ndisclosure in security-relevant operations. (CVE-2006-3017)\n\nIn certain situations the session module attempted to close a data\nfile twice, which led to memory corruption. This could potentially be\nexploited to crash the PHP interpreter, though that could not be\nverified. (CVE-2006-3018)\n\nThis update also fixes various bugs which allowed local scripts to\nbypass open_basedir and 'safe mode' restrictions by passing special\narguments to tempnam() (CVE-2006-1494, CVE-2006-2660), copy()\n(CVE-2006-1608), the curl module (CVE-2006-2563), or error_log()\n(CVE-2006-3011).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/320-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.04|5\\.10|6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.04 / 5.10 / 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libapache2-mod-php4\", pkgver:\"4:4.3.10-10ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4\", pkgver:\"4.3.10-10ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-cgi\", pkgver:\"4:4.3.10-10ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-cli\", pkgver:\"4:4.3.10-10ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-common\", pkgver:\"4.3.10-10ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"php4-dev\", pkgver:\"4.3.10-10ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php-pear\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-cgi\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-cli\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-common\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-curl\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-dev\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-gd\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-ldap\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-mhash\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-mysql\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-odbc\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-pgsql\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-recode\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-snmp\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-sqlite\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-sybase\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-xmlrpc\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"php5-xsl\", pkgver:\"5.0.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php-pear\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cgi\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cli\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-common\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-curl\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-dev\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-gd\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-ldap\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mhash\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysql\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysqli\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-odbc\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-pgsql\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-recode\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-snmp\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sqlite\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sybase\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xmlrpc\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xsl\", pkgver:\"5.1.2-1ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php4 / libapache2-mod-php5 / php-pear / php4 / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:06:44", "bulletinFamily": "scanner", "description": "Multiple buffer overflows in the gd graphics library (libgd) 2.0.21\nand earlier may allow remote attackers to execute arbitrary code via\nmalformed image files that trigger the overflows due to improper calls\nto the gdMalloc function. One instance in gd_io_dp.c does not appear\nto be corrected in the embedded copy of GD used in php to build the\nphp-gd package. (CVE-2004-0941)\n\nInteger overflows were reported in the GD Graphics Library (libgd)\n2.0.28, and possibly other versions. These overflows allow remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via PNG image files with large image rows values that lead to a\nheap-based buffer overflow in the gdImageCreateFromPngCtx() function.\nPHP, as packaged in Mandriva Linux, contains an embedded copy of the\nGD library, used to build the php-gd package. (CVE-2004-0990)\n\nThe c-client library 2000, 2001, or 2004 for PHP 3.x, 4.x, and 5.x,\nwhen used in applications that accept user-controlled input for the\nmailbox argument to the imap_open function, allow remote attackers to\nobtain access to an IMAP stream data structure and conduct\nunauthorized IMAP actions. (CVE-2006-1017)\n\nInteger overflow in the wordwrap function in string.c in might allow\ncontext-dependent attackers to execute arbitrary code via certain long\narguments that cause a small buffer to be allocated, which triggers a\nheap-based buffer overflow in a memcpy function call, a different\nvulnerability than CVE-2002-1396. (CVE-2006-1990) The previous update\nfor this issue did not resolve the issue on 64bit platforms.\n\nThe cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to\nbypass safe mode and read files via a file:// request containing nul\ncharacters. (CVE-2006-2563)\n\nBuffer consumption vulnerability in the tempnam function in PHP 5.1.4\nand 4.x before 4.4.3 allows local users to bypass restrictions and\ncreate PHP files with fixed names in other directories via a pathname\nargument longer than MAXPATHLEN, which prevents a unique string from\nbeing appended to the filename. (CVE-2006-2660)\n\nThe LZW decoding in the gdImageCreateFromGifPtr function in the Thomas\nBoutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote\nattackers to cause a denial of service (CPU consumption) via malformed\nGIF data that causes an infinite loop. PHP, as packaged in Mandriva\nLinux, contains an embedded copy of the GD library, used to build the\nphp-gd package. (CVE-2006-2906)\n\nThe error_log function in PHP allows local users to bypass safe mode\nand open_basedir restrictions via a 'php://' or other scheme in the\nthird argument, which disables safe mode. (CVE-2006-3011)\n\nAn unspecified vulnerability in session.c in PHP before 5.1.3 has\nunknown impact and attack vectors, related to 'certain characters in\nsession names', including special characters that are frequently\nassociated with CRLF injection, SQL injection, and cross-site\nscripting (XSS) vulnerabilities. NOTE: while the nature of the\nvulnerability is unspecified, it is likely that this is related to a\nviolation of an expectation by PHP applications that the session name\nis alphanumeric, as implied in the PHP manual for session_name().\n(CVE-2006-3016)\n\nAn unspecified vulnerability in PHP before 5.1.3 can prevent a\nvariable from being unset even when the unset function is called,\nwhich might cause the variable's value to be used in security-relevant\noperations. (CVE-2006-3017)\n\nAn unspecified vulnerability in the session extension functionality in\nPHP before 5.1.3 has unkown impact and attack vectors related to heap\ncorruption. (CVE-2006-3018)\n\nMultiple heap-based buffer overflows in the (1) str_repeat and (2)\nwordwrap functions in ext/standard/string.c in PHP before 5.1.5, when\nused on a 64-bit system, have unspecified impact and attack vectors, a\ndifferent vulnerability than CVE-2006-1990. (CVE-2006-4482)\n\nThe cURL extension files (1) ext/curl/interface.c and (2)\next/curl/streams.c in PHP before 5.1.5 permit the\nCURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is\nenabled, which allows attackers to perform unauthorized actions,\npossibly related to the realpath cache. (CVE-2006-4483)\n\nUnspecified vulnerability in PHP before 5.1.6, when running on a\n64-bit system, has unknown impact and attack vectors related to the\nmemory_limit restriction. (CVE-2006-4486)\n\nThe GD related issues (CVE-2004-0941, CVE-2004-0990, CVE-2006-2906)\naffect only Corporate 3 and Mandrake Network Firewall 2.\n\nThe php-curl issues (CVE-2006-2563, CVE-2006-4483) affect only\nMandriva 2006.0.\n\nUpdated packages have been patched to address all these issues. Once\nthese packages have been installed, you will need to restart Apache\n(service httpd restart) in order for the changes to take effect.", "modified": "2018-07-19T00:00:00", "published": "2006-07-17T00:00:00", "id": "MANDRAKE_MDKSA-2006-122.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22053", "title": "Mandrake Linux Security Advisory : php (MDKSA-2006:122)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:122. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22053);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/07/19 20:59:14\");\n\n script_cve_id(\"CVE-2004-0941\", \"CVE-2004-0990\", \"CVE-2006-1017\", \"CVE-2006-1990\", \"CVE-2006-1991\", \"CVE-2006-2563\", \"CVE-2006-2660\", \"CVE-2006-2906\", \"CVE-2006-3011\", \"CVE-2006-3016\", \"CVE-2006-3017\", \"CVE-2006-3018\", \"CVE-2006-4482\", \"CVE-2006-4483\", \"CVE-2006-4486\");\n script_bugtraq_id(11523);\n script_xref(name:\"MDKSA\", value:\"2006:122\");\n\n script_name(english:\"Mandrake Linux Security Advisory : php (MDKSA-2006:122)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple buffer overflows in the gd graphics library (libgd) 2.0.21\nand earlier may allow remote attackers to execute arbitrary code via\nmalformed image files that trigger the overflows due to improper calls\nto the gdMalloc function. One instance in gd_io_dp.c does not appear\nto be corrected in the embedded copy of GD used in php to build the\nphp-gd package. (CVE-2004-0941)\n\nInteger overflows were reported in the GD Graphics Library (libgd)\n2.0.28, and possibly other versions. These overflows allow remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via PNG image files with large image rows values that lead to a\nheap-based buffer overflow in the gdImageCreateFromPngCtx() function.\nPHP, as packaged in Mandriva Linux, contains an embedded copy of the\nGD library, used to build the php-gd package. (CVE-2004-0990)\n\nThe c-client library 2000, 2001, or 2004 for PHP 3.x, 4.x, and 5.x,\nwhen used in applications that accept user-controlled input for the\nmailbox argument to the imap_open function, allow remote attackers to\nobtain access to an IMAP stream data structure and conduct\nunauthorized IMAP actions. (CVE-2006-1017)\n\nInteger overflow in the wordwrap function in string.c in might allow\ncontext-dependent attackers to execute arbitrary code via certain long\narguments that cause a small buffer to be allocated, which triggers a\nheap-based buffer overflow in a memcpy function call, a different\nvulnerability than CVE-2002-1396. (CVE-2006-1990) The previous update\nfor this issue did not resolve the issue on 64bit platforms.\n\nThe cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to\nbypass safe mode and read files via a file:// request containing nul\ncharacters. (CVE-2006-2563)\n\nBuffer consumption vulnerability in the tempnam function in PHP 5.1.4\nand 4.x before 4.4.3 allows local users to bypass restrictions and\ncreate PHP files with fixed names in other directories via a pathname\nargument longer than MAXPATHLEN, which prevents a unique string from\nbeing appended to the filename. (CVE-2006-2660)\n\nThe LZW decoding in the gdImageCreateFromGifPtr function in the Thomas\nBoutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote\nattackers to cause a denial of service (CPU consumption) via malformed\nGIF data that causes an infinite loop. PHP, as packaged in Mandriva\nLinux, contains an embedded copy of the GD library, used to build the\nphp-gd package. (CVE-2006-2906)\n\nThe error_log function in PHP allows local users to bypass safe mode\nand open_basedir restrictions via a 'php://' or other scheme in the\nthird argument, which disables safe mode. (CVE-2006-3011)\n\nAn unspecified vulnerability in session.c in PHP before 5.1.3 has\nunknown impact and attack vectors, related to 'certain characters in\nsession names', including special characters that are frequently\nassociated with CRLF injection, SQL injection, and cross-site\nscripting (XSS) vulnerabilities. NOTE: while the nature of the\nvulnerability is unspecified, it is likely that this is related to a\nviolation of an expectation by PHP applications that the session name\nis alphanumeric, as implied in the PHP manual for session_name().\n(CVE-2006-3016)\n\nAn unspecified vulnerability in PHP before 5.1.3 can prevent a\nvariable from being unset even when the unset function is called,\nwhich might cause the variable's value to be used in security-relevant\noperations. (CVE-2006-3017)\n\nAn unspecified vulnerability in the session extension functionality in\nPHP before 5.1.3 has unkown impact and attack vectors related to heap\ncorruption. (CVE-2006-3018)\n\nMultiple heap-based buffer overflows in the (1) str_repeat and (2)\nwordwrap functions in ext/standard/string.c in PHP before 5.1.5, when\nused on a 64-bit system, have unspecified impact and attack vectors, a\ndifferent vulnerability than CVE-2006-1990. (CVE-2006-4482)\n\nThe cURL extension files (1) ext/curl/interface.c and (2)\next/curl/streams.c in PHP before 5.1.5 permit the\nCURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is\nenabled, which allows attackers to perform unauthorized actions,\npossibly related to the realpath cache. (CVE-2006-4483)\n\nUnspecified vulnerability in PHP before 5.1.6, when running on a\n64-bit system, has unknown impact and attack vectors related to the\nmemory_limit restriction. (CVE-2006-4486)\n\nThe GD related issues (CVE-2004-0941, CVE-2004-0990, CVE-2006-2906)\naffect only Corporate 3 and Mandrake Network Firewall 2.\n\nThe php-curl issues (CVE-2006-2563, CVE-2006-4483) affect only\nMandriva 2006.0.\n\nUpdated packages have been patched to address all these issues. Once\nthese packages have been installed, you will need to restart Apache\n(service httpd restart) in order for the changes to take effect.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php_common432\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp_common432\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php432-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64php_common432-4.3.10-7.14.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libphp_common432-4.3.10-7.14.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"php-cgi-4.3.10-7.14.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"php-cli-4.3.10-7.14.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"php-imap-4.3.10-6.3.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"php432-devel-4.3.10-7.14.102mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.0.4-9.12.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libphp5_common5-5.0.4-9.12.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-cgi-5.0.4-9.12.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-cli-5.0.4-9.12.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-curl-5.0.4-1.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-devel-5.0.4-9.12.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-fcgi-5.0.4-9.12.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"php-imap-5.0.4-2.3.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:06:38", "bulletinFamily": "scanner", "description": "Updated PHP packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nThe phpinfo() PHP function did not properly sanitize long strings. An\nattacker could use this to perform cross-site scripting attacks\nagainst sites that have publicly-available PHP scripts that call\nphpinfo(). (CVE-2006-0996)\n\nThe error handling output was found to not properly escape HTML output\nin certain cases. An attacker could use this flaw to perform\ncross-site scripting attacks against sites where both display_errors\nand html_errors are enabled. (CVE-2006-0208)\n\nA buffer overflow flaw was discovered in uw-imap, the University of\nWashington's IMAP Server. php-imap is compiled against the static\nc-client libraries from imap and therefore needed to be recompiled\nagainst the fixed version. (CVE-2005-2933)\n\nThe wordwrap() PHP function did not properly check for integer\noverflow in the handling of the 'break' parameter. An attacker who\ncould control the string passed to the 'break' parameter could cause a\nheap overflow. (CVE-2006-1990)\n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches that resolve these issues.", "modified": "2018-11-16T00:00:00", "published": "2006-05-24T00:00:00", "id": "REDHAT-RHSA-2006-0501.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21594", "title": "RHEL 2.1 : php (RHSA-2006:0501)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0501. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21594);\n script_version (\"1.21\");\n script_cvs_date(\"Date: 2018/11/16 15:19:25\");\n\n script_cve_id(\"CVE-2002-2215\", \"CVE-2003-1302\", \"CVE-2003-1303\", \"CVE-2005-2933\", \"CVE-2006-0208\", \"CVE-2006-0996\", \"CVE-2006-1990\");\n script_bugtraq_id(15009);\n script_xref(name:\"RHSA\", value:\"2006:0501\");\n\n script_name(english:\"RHEL 2.1 : php (RHSA-2006:0501)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nThe phpinfo() PHP function did not properly sanitize long strings. An\nattacker could use this to perform cross-site scripting attacks\nagainst sites that have publicly-available PHP scripts that call\nphpinfo(). (CVE-2006-0996)\n\nThe error handling output was found to not properly escape HTML output\nin certain cases. An attacker could use this flaw to perform\ncross-site scripting attacks against sites where both display_errors\nand html_errors are enabled. (CVE-2006-0208)\n\nA buffer overflow flaw was discovered in uw-imap, the University of\nWashington's IMAP Server. php-imap is compiled against the static\nc-client libraries from imap and therefore needed to be recompiled\nagainst the fixed version. (CVE-2005-2933)\n\nThe wordwrap() PHP function did not properly check for integer\noverflow in the handling of the 'break' parameter. An attacker who\ncould control the string passed to the 'break' parameter could cause a\nheap overflow. (CVE-2006-1990)\n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches that resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-2215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-1302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-1303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0501\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0501\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-4.1.2-2.6\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-devel-4.1.2-2.6\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-imap-4.1.2-2.6\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-ldap-4.1.2-2.6\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-manual-4.1.2-2.6\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-mysql-4.1.2-2.6\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-odbc-4.1.2-2.6\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-pgsql-4.1.2-2.6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-imap / php-ldap / php-manual / php-mysql / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T12:47:47", "bulletinFamily": "unix", "description": "This update fixes the following security issues in the PHP scripting language, both version 4 and 5:\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2006-06-14T16:37:08", "published": "2006-06-14T16:37:08", "id": "SUSE-SA:2006:031", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-06/msg00017.html", "type": "suse", "title": "remote code execution in PHP4,PHP5", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:03", "bulletinFamily": "unix", "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nSeveral vulnerabilities were discovered on PHP4 and PHP5 by Infigo, Tonu Samuel and Maksymilian Arciemowicz. These included a buffer overflow in the wordwrap() function, restriction bypasses in the copy() and tempname() functions, a cross-site scripting issue in the phpinfo() function, a potential crash in the substr_compare() function and a memory leak in the non-binary-safe html_entity_decode() function. \n\n### Impact\n\nRemote attackers might be able to exploit these issues in PHP applications making use of the affected functions, potentially resulting in the execution of arbitrary code, Denial of Service, execution of scripted contents in the context of the affected site, security bypass or information leak. \n\n### Workaround\n\nThere is no known workaround at this point. \n\n### Resolution\n\nAll PHP users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose dev-lang/php", "modified": "2007-05-15T00:00:00", "published": "2006-05-08T00:00:00", "id": "GLSA-200605-08", "href": "https://security.gentoo.org/glsa/200605-08", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:21", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200605-08.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56723", "id": "OPENVAS:56723", "title": "Gentoo Security Advisory GLSA 200605-08 (php)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is affected by multiple issues, including a buffer overflow in\nwordwrap() which may lead to execution of arbitrary code.\";\ntag_solution = \"All PHP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-5.1.4'\n\nPHP4 users that wish to keep that version line should upgrade to the\nlatest 4.x version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =dev-lang/php-4.4.2-r2\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200605-08\nhttp://bugs.gentoo.org/show_bug.cgi?id=127939\nhttp://bugs.gentoo.org/show_bug.cgi?id=128883\nhttp://bugs.gentoo.org/show_bug.cgi?id=131135\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200605-08.\";\n\n \n\nif(description)\n{\n script_id(56723);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-0996\", \"CVE-2006-1490\", \"CVE-2006-1990\", \"CVE-2006-1991\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200605-08 (php)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-lang/php\", unaffected: make_list(\"ge 5.1.4\", \"rge 4.4.2-r2\"), vulnerable: make_list(\"lt 5.1.4\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 5.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://us2.php.net/releases/5_1_3.php\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:122)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jun/0005.html)\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:091)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U.asc)\nSecurity Tracker: 1015979\n[Secunia Advisory ID:20222](https://secuniaresearch.flexerasoftware.com/advisories/20222/)\n[Secunia Advisory ID:19803](https://secuniaresearch.flexerasoftware.com/advisories/19803/)\n[Secunia Advisory ID:20269](https://secuniaresearch.flexerasoftware.com/advisories/20269/)\n[Secunia Advisory ID:21050](https://secuniaresearch.flexerasoftware.com/advisories/21050/)\n[Secunia Advisory ID:22225](https://secuniaresearch.flexerasoftware.com/advisories/22225/)\n[Secunia Advisory ID:20052](https://secuniaresearch.flexerasoftware.com/advisories/20052/)\n[Secunia Advisory ID:21125](https://secuniaresearch.flexerasoftware.com/advisories/21125/)\n[Secunia Advisory ID:21135](https://secuniaresearch.flexerasoftware.com/advisories/21135/)\n[Secunia Advisory ID:21252](https://secuniaresearch.flexerasoftware.com/advisories/21252/)\n[Secunia Advisory ID:20676](https://secuniaresearch.flexerasoftware.com/advisories/20676/)\n[Secunia Advisory ID:21031](https://secuniaresearch.flexerasoftware.com/advisories/21031/)\n[Secunia Advisory ID:21564](https://secuniaresearch.flexerasoftware.com/advisories/21564/)\n[Secunia Advisory ID:21723](https://secuniaresearch.flexerasoftware.com/advisories/21723/)\n[Related OSVDB ID: 24945](https://vulners.com/osvdb/OSVDB:24945)\n[Related OSVDB ID: 24944](https://vulners.com/osvdb/OSVDB:24944)\nRedHat RHSA: RHSA-2006:0549\nRedHat RHSA: RHSA-2006:0501\nRedHat RHSA: RHSA-2006:0568\nOther Advisory URL: http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-04-02\nOther Advisory URL: http://www.ubuntu.com/usn/usn-320-1\nOther Advisory URL: https://issues.rpath.com/browse/RPL-683\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200605-08.xml\nFrSIRT Advisory: ADV-2006-1500\n[CVE-2006-1991](https://vulners.com/cve/CVE-2006-1991)\n", "modified": "2006-04-24T05:17:39", "published": "2006-04-24T05:17:39", "href": "https://vulners.com/osvdb/OSVDB:24946", "id": "OSVDB:24946", "title": "PHP substr_compare() Function length Parameter Memory Corruption DoS", "type": "osvdb", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "description": "## Vulnerability Description\nPHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due the wordwrap function in string.c not properly sanitizing user-supplied input. By passing a crafted string an attacker could trigger a heap-based buffer overflow and execute arbitrary code.\n## Solution Description\nUpgrade to version 4.4.3, 5.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nPHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due the wordwrap function in string.c not properly sanitizing user-supplied input. By passing a crafted string an attacker could trigger a heap-based buffer overflow and execute arbitrary code.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://www.php.net/release_4_4_3.php\nVendor Specific News/Changelog Entry: http://us2.php.net/releases/5_1_3.php\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jun/0005.html)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=304829)\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:091)\nSecurity Tracker: 1015979\n[Secunia Advisory ID:23155](https://secuniaresearch.flexerasoftware.com/advisories/23155/)\n[Secunia Advisory ID:19803](https://secuniaresearch.flexerasoftware.com/advisories/19803/)\n[Secunia Advisory ID:20269](https://secuniaresearch.flexerasoftware.com/advisories/20269/)\n[Secunia Advisory ID:20052](https://secuniaresearch.flexerasoftware.com/advisories/20052/)\n[Secunia Advisory ID:21125](https://secuniaresearch.flexerasoftware.com/advisories/21125/)\n[Secunia Advisory ID:20676](https://secuniaresearch.flexerasoftware.com/advisories/20676/)\n[Related OSVDB ID: 24945](https://vulners.com/osvdb/OSVDB:24945)\n[Related OSVDB ID: 24946](https://vulners.com/osvdb/OSVDB:24946)\nOther Advisory URL: http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-04-02\nOther Advisory URL: http://www.ubuntu.com/usn/usn-320-1\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200605-08.xml\nNews Article: http://news.com.com/Apple+Mac+OS+X+patch+plugs+31+vulnerabilities/2100-1002_3-6139117.html\nFrSIRT Advisory: ADV-2006-1500\n[CVE-2006-1990](https://vulners.com/cve/CVE-2006-1990)\n", "modified": "2006-04-24T05:17:39", "published": "2006-04-24T05:17:39", "href": "https://vulners.com/osvdb/OSVDB:24944", "id": "OSVDB:24944", "title": "PHP wordwrap() Function Overflow", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:41:25", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server. \r\n\r\nA directory traversal vulnerability was found in PHP. Local users could\r\nbypass open_basedir restrictions allowing remote attackers to create files\r\nin arbitrary directories via the tempnam() function. (CVE-2006-1494)\r\n\r\nThe wordwrap() PHP function did not properly check for integer overflow in\r\nthe handling of the \"break\" parameter. An attacker who could control the\r\nstring passed to the \"break\" parameter could cause a heap overflow.\r\n(CVE-2006-1990) \r\n\r\nA flaw was found in the zend_hash_del() PHP function. For PHP scripts that\r\nrely on the use of the unset() function, a remote attacker could force\r\nvariable initialization to be bypassed. This would be a security issue\r\nparticularly for installations that enable the \"register_globals\" setting.\r\n\"register_globals\" is disabled by default in Red Hat Enterprise Linux.\r\n(CVE-2006-3017)\r\n\r\nUsers of PHP should upgrade to these updated packages, which contain\r\nbackported patches that resolve these issues.", "modified": "2017-09-08T11:57:08", "published": "2006-07-12T04:00:00", "id": "RHSA-2006:0568", "href": "https://access.redhat.com/errata/RHSA-2006:0568", "type": "redhat", "title": "(RHSA-2006:0568) php security update", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:42:36", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nThe phpinfo() PHP function did not properly sanitize long strings. An\r\nattacker could use this to perform cross-site scripting attacks against\r\nsites that have publicly-available PHP scripts that call phpinfo().\r\n(CVE-2006-0996)\r\n\r\nThe error handling output was found to not properly escape HTML output in\r\ncertain cases. An attacker could use this flaw to perform cross-site\r\nscripting attacks against sites where both display_errors and html_errors\r\nare enabled. (CVE-2006-0208) \r\n\r\nA buffer overflow flaw was discovered in uw-imap, the University of\r\nWashington's IMAP Server. php-imap is compiled against the static c-client\r\nlibraries from imap and therefore needed to be recompiled against the fixed\r\nversion. (CVE-2005-2933)\r\n\r\nThe wordwrap() PHP function did not properly check for integer overflow in\r\nthe handling of the \"break\" parameter. An attacker who could control the\r\nstring passed to the \"break\" parameter could cause a heap overflow. \r\n(CVE-2006-1990)\r\n\r\nUsers of PHP should upgrade to these updated packages, which contain\r\nbackported patches that resolve these issues.", "modified": "2018-03-14T19:25:49", "published": "2006-05-23T04:00:00", "id": "RHSA-2006:0501", "href": "https://access.redhat.com/errata/RHSA-2006:0501", "type": "redhat", "title": "(RHSA-2006:0501) php security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-12T14:46:27", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2006:0568\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server. \r\n\r\nA directory traversal vulnerability was found in PHP. Local users could\r\nbypass open_basedir restrictions allowing remote attackers to create files\r\nin arbitrary directories via the tempnam() function. (CVE-2006-1494)\r\n\r\nThe wordwrap() PHP function did not properly check for integer overflow in\r\nthe handling of the \"break\" parameter. An attacker who could control the\r\nstring passed to the \"break\" parameter could cause a heap overflow.\r\n(CVE-2006-1990) \r\n\r\nA flaw was found in the zend_hash_del() PHP function. For PHP scripts that\r\nrely on the use of the unset() function, a remote attacker could force\r\nvariable initialization to be bypassed. This would be a security issue\r\nparticularly for installations that enable the \"register_globals\" setting.\r\n\"register_globals\" is disabled by default in Red Hat Enterprise Linux.\r\n(CVE-2006-3017)\r\n\r\nUsers of PHP should upgrade to these updated packages, which contain\r\nbackported patches that resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-July/013004.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-July/013006.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-July/013008.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-July/013009.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-July/013012.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-July/013013.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-July/013014.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-July/013020.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-July/013021.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-domxml\nphp-gd\nphp-imap\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-ncurses\nphp-odbc\nphp-pear\nphp-pgsql\nphp-snmp\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0568.html", "modified": "2006-07-13T08:49:22", "published": "2006-07-12T19:14:58", "href": "http://lists.centos.org/pipermail/centos-announce/2006-July/013004.html", "id": "CESA-2006:0568", "title": "php security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-24T23:00:36", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2006:0501-02\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nThe phpinfo() PHP function did not properly sanitize long strings. An\r\nattacker could use this to perform cross-site scripting attacks against\r\nsites that have publicly-available PHP scripts that call phpinfo().\r\n(CVE-2006-0996)\r\n\r\nThe error handling output was found to not properly escape HTML output in\r\ncertain cases. An attacker could use this flaw to perform cross-site\r\nscripting attacks against sites where both display_errors and html_errors\r\nare enabled. (CVE-2006-0208) \r\n\r\nA buffer overflow flaw was discovered in uw-imap, the University of\r\nWashington's IMAP Server. php-imap is compiled against the static c-client\r\nlibraries from imap and therefore needed to be recompiled against the fixed\r\nversion. (CVE-2005-2933)\r\n\r\nThe wordwrap() PHP function did not properly check for integer overflow in\r\nthe handling of the \"break\" parameter. An attacker who could control the\r\nstring passed to the \"break\" parameter could cause a heap overflow. \r\n(CVE-2006-1990)\r\n\r\nUsers of PHP should upgrade to these updated packages, which contain\r\nbackported patches that resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-May/012917.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-imap\nphp-ldap\nphp-manual\nphp-mysql\nphp-odbc\nphp-pgsql\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2006-05-24T01:13:50", "published": "2006-05-24T01:13:50", "href": "http://lists.centos.org/pipermail/centos-announce/2006-May/012917.html", "id": "CESA-2006:0501-02", "title": "php security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2019-01-29T20:31:52", "bulletinFamily": "unix", "description": "The phpinfo() PHP function did not properly sanitize long strings. A remote attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo(). Please note that it is not recommended to publicly expose phpinfo(). (CVE-2006-0996)\n\nAn information disclosure has been reported in the html_entity_decode() function. A script which uses this function to process arbitrary user-supplied input could be exploited to expose a random part of memory, which could potentially reveal sensitive data. (CVE-2006-1490)\n\nThe wordwrap() function did not sufficiently check the validity of the \u2018break\u2019 argument. An attacker who could control the string passed to the \u2018break\u2019 parameter could cause a heap overflow; however, this should not happen in practical applications. (CVE-2006-1990)\n\nThe substr_compare() function did not sufficiently check the validity of the \u2018offset\u2019 argument. A script which passes untrusted user-defined values to this parameter could be exploited to crash the PHP interpreter. (CVE-2006-1991)\n\nIn certain situations, using unset() to delete a hash entry could cause the deletion of the wrong element, which would leave the specified variable defined. This could potentially cause information disclosure in security-relevant operations. (CVE-2006-3017)\n\nIn certain situations the session module attempted to close a data file twice, which led to memory corruption. This could potentially be exploited to crash the PHP interpreter, though that could not be verified. (CVE-2006-3018)\n\nThis update also fixes various bugs which allowed local scripts to bypass open_basedir and \u2018safe mode\u2019 restrictions by passing special arguments to tempnam() (CVE-2006-1494, CVE-2006-2660), copy() (CVE-2006-1608), the curl module (CVE-2006-2563), or error_log() (CVE-2006-3011).", "modified": "2006-07-19T00:00:00", "published": "2006-07-19T00:00:00", "id": "USN-320-1", "href": "https://usn.ubuntu.com/320-1/", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T22:20:08", "bulletinFamily": "exploit", "description": "Apple Mac OS X\u662f\u4e00\u6b3e\u57fa\u4e8eBSD\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple Mac OS X\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8fdc\u7a0b\u548c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u6076\u610f\u4ee3\u7801\u6267\u884c\uff0c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\uff0c\u7279\u6743\u63d0\u5347\uff0c\u8986\u76d6\u6587\u4ef6\uff0c\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u7b49\u653b\u51fb\u3002\r\n\r\n\u5177\u4f53\u95ee\u9898\u5982\u4e0b\uff1a\r\n\r\nAirPort\uff0dCVE-ID: CVE-2006-5710\uff1a\r\n\r\nAirPort\u65e0\u7ebf\u9a71\u52a8\u4e0d\u6b63\u786e\u5904\u7406\u5e94\u7b54\u5e27\uff0c\u53ef\u5bfc\u81f4\u57fa\u4e8e\u5806\u7684\u6ea2\u51fa\u3002\r\n\r\nATS\uff0dCVE-ID: CVE-2006-4396\uff1a\r\n\r\nApple Type\u670d\u52a1\u4e0d\u5b89\u5168\u5efa\u7acb\u9519\u8bef\u65e5\u81f3\u53ef\u5bfc\u81f4\u4efb\u610f\u6587\u4ef6\u8986\u76d6\u3002\r\n\r\nATS\uff0dCVE-ID: CVE-2006-4398\uff1a\r\n\r\nApple Type\u670d\u52a1\u5b58\u5728\u591a\u4e2a\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u53ef\u5bfc\u81f4\u4ee5\u9ad8\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nATS\uff0dCVE-ID: CVE-2006-4400\uff1a\r\n\r\n\u5229\u7528\u7279\u6b8a\u7684\u5b57\u4f53\u6587\u4ef6\uff0c\u53ef\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\n\r\nCFNetwork\uff0dCVE-ID: CVE-2006-4401\uff1a\r\n\r\n\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u6076\u610fftp URI\uff0c\u53ef\u5bfc\u81f4\u4efb\u610fftp\u547d\u4ee4\u6267\u884c\u3002\r\n\r\nClamAV\uff0dCVE-ID: CVE-2006-4182\uff1a\r\n\r\n\u6076\u610femail\u6d88\u606f\u53ef\u5bfc\u81f4ClamAV\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nFinder\uff0dCVE-ID: CVE-2006-4402\uff1a\r\n\r\n\u901a\u8fc7\u6d4f\u89c8\u5171\u4eab\u76ee\u5f55\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nftpd\uff0dCVE-ID: CVE-2006-4403\uff1a\r\n\r\n\u5f53ftp\u8bbf\u95ee\u542f\u7528\u65f6\uff0c\u672a\u6388\u6743\u7528\u6237\u53ef\u5224\u522b\u5408\u6cd5\u7684\u8d26\u6237\u540d\u3002\r\n\r\ngnuzip\uff0dCVE-ID: CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338\uff1a\r\n\r\ngunzip\u5904\u7406\u538b\u7f29\u6587\u4ef6\u5b58\u5728\u591a\u4e2a\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nInstaller\uff0dCVE-ID: CVE-2006-4404\uff1a\r\n\r\n\u5f53\u4ee5\u7ba1\u7406\u7528\u6237\u5b89\u88c5\u8f6f\u4ef6\u65f6\uff0c\u7cfb\u7edf\u6743\u9650\u53ef\u80fd\u88ab\u672a\u6388\u6743\u5229\u7528\u3002\r\n\r\nOpenSSL\uff0dCVE-ID: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339, CVE-2006-4343\uff1a\r\n\r\nOpenSSL\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u95ee\u9898\u53ef\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6216\u8005\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u3002\r\n\r\nperl\uff0dCVE-ID: CVE-2005-3962\uff1a\r\n\r\n\u4e0d\u5b89\u5168\u5904\u7406\u5b57\u7b26\u4e32\uff0c\u53ef\u5bfc\u81f4Perl\u5e94\u7528\u7a0b\u5e8f\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nPHP\uff0dCVE-ID: CVE-2006-1490, CVE-2006-1990\uff1a\r\n\r\nPhp\u5e94\u7528\u7a0b\u5e8f\u5b58\u5728\u591a\u4e2a\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nPHP\uff0dCVE-ID: CVE-2006-5465\uff1a\r\n\r\nPHP\u7684htmlentities()\u548chtmlspecialchars()\u51fd\u6570\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u53ef\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\n\r\nPPP\uff0dCVE-ID: CVE-2006-4406\uff1a\r\n\r\n\u5728\u4e0d\u53ef\u4fe1\u7684\u672c\u5730\u7f51\u7edc\u4e0a\u4f7f\u7528PPPoE\u53ef\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\n\r\nSamba\uff0dCVE-ID: CVE-2006-3403\uff1a\r\n\r\n\u5f53Windows\u5171\u4eab\u4f7f\u7528\u65f6\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\r\n\r\nSecurity Framework\uff0dCVE-ID: CVE-2006-4407\uff1a\r\n\r\n\u4e0d\u5b89\u5168\u7684\u4f20\u9001\u65b9\u6cd5\u53ef\u5bfc\u81f4\u4e0d\u534f\u5546\u6700\u5b89\u5168\u7684\u52a0\u5bc6\u4fe1\u606f\u3002\r\n\r\nSecurity Framework\uff0dCVE-ID: CVE-2006-4408\uff1a\r\n\r\n\u5904\u7406X.509\u8bc1\u4e66\u65f6\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\r\n\r\nSecurity Framework\uff0dCVE-ID: CVE-2006-4409\uff1a\r\n\r\n\u5f53\u4f7f\u7528http\u4ee3\u7406\u65f6\uff0c\u8bc1\u4e66\u5e9f\u5f03\u5217\u8868\u4e0d\u80fd\u83b7\u5f97\u3002\r\n\r\nSecurity Framework\uff0dCVE-ID: CVE-2006-4410\uff1a\r\n\r\n\u90e8\u5206\u8c03\u7528\u8bc1\u4e66\u9519\u8bef\u7684\u88ab\u6388\u6743\u3002\r\n\r\nVPN\uff0dCVE-ID: CVE-2006-4411:\r\n\r\n\u6076\u610f\u672c\u5730\u7528\u6237\u53ef\u83b7\u5f97\u7cfb\u7edf\u7279\u6743\u3002\r\n\r\nWebKit\uff0dCVE-ID: CVE-2006-4412\uff1a\r\n\r\n\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u6d4f\u89c8\u6076\u610fweb\u9875\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\n\n\nApple Mac OS X Server 10.4.8\r\nApple Mac OS X Server 10.4.7\r\nApple Mac OS X Server 10.4.6\r\nApple Mac OS X Server 10.4.5\r\nApple Mac OS X Server 10.4.4\r\nApple Mac OS X Server 10.4.3\r\nApple Mac OS X Server 10.4.2\r\nApple Mac OS X Server 10.4.1\r\nApple Mac OS X Server 10.4\r\nApple Mac OS X Server 10.3.9\r\nApple Mac OS X Server 10.3.8\r\nApple Mac OS X Server 10.3.7\r\nApple Mac OS X Server 10.3.6\r\nApple Mac OS X Server 10.3.5\r\nApple Mac OS X Server 10.3.4\r\nApple Mac OS X Server 10.3.3\r\nApple Mac OS X Server 10.3.2\r\nApple Mac OS X Server 10.3.1\r\nApple Mac OS X Server 10.3\r\nApple Mac OS X Server 10.2.8\r\nApple Mac OS X Server 10.2.7\r\nApple Mac OS X Server 10.2.6\r\nApple Mac OS X Server 10.2.5\r\nApple Mac OS X Server 10.2.4\r\nApple Mac OS X Server 10.2.3\r\nApple Mac OS X Server 10.2.2\r\nApple Mac OS X Server 10.2.1\r\nApple Mac OS X Server 10.2\r\nApple Mac OS X Server 10.1.5\r\nApple Mac OS X Server 10.1.4\r\nApple Mac OS X Server 10.1.3\r\nApple Mac OS X Server 10.1.2\r\nApple Mac OS X Server 10.1.1\r\nApple Mac OS X Server 10.1\r\nApple Mac OS X Server 10.0\r\nApple Mac OS X 10.4.8\r\nApple Mac OS X 10.4.7\r\nApple Mac OS X 10.4.6\r\nApple Mac OS X 10.4.5\r\nApple Mac OS X 10.4.4\r\nApple Mac OS X 10.4.3\r\nApple Mac OS X 10.4.2\r\nApple Mac OS X 10.4.1\r\nApple Mac OS X 10.4\r\nApple Mac OS X 10.3.9\r\nApple Mac OS X 10.3.8\r\nApple Mac OS X 10.3.7\r\nApple Mac OS X 10.3.6\r\nApple Mac OS X 10.3.5\r\nApple Mac OS X 10.3.4\r\nApple Mac OS X 10.3.3\r\nApple Mac OS X 10.3.2\r\nApple Mac OS X 10.3.1\r\nApple Mac OS X 10.3\r\nApple Mac OS X 10.2.8\r\nApple Mac OS X 10.2.7\r\nApple Mac OS X 10.2.6\r\nApple Mac OS X 10.2.5\r\nApple Mac OS X 10.2.4\r\nApple Mac OS X 10.2.3\r\nApple Mac OS X 10.2.2\r\nApple Mac OS X 10.2.1\r\nApple Mac OS X 10.2\r\nApple Mac OS X 10.1.5\r\nApple Mac OS X 10.1.4\r\nApple Mac OS X 10.1.3\r\nApple Mac OS X 10.1.2\r\nApple Mac OS X 10.1.1\r\nApple Mac OS X 10.1\r\nApple Mac OS X 10.1\r\nApple Mac OS X 10.0.4\r\nApple Mac OS X 10.0.3\r\nApple Mac OS X 10.0.2\r\nApple Mac OS X 10.0.1\r\nApple Mac OS X 10.0 3\r\nApple Mac OS X 10.0 \r\n\n <a href=\"http://docs.info.apple.com/article.html?artnum=304829\" target=\"_blank\">http://docs.info.apple.com/article.html?artnum=304829</a>", "modified": "2006-11-29T00:00:00", "published": "2006-11-29T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-623", "id": "SSV:623", "type": "seebug", "title": "Apple Mac OS X 2006-007\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}