Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2021 Tenable Network Security, Inc.SUSE_PHP5-1590.NASL
HistoryOct 17, 2007 - 12:00 a.m.

openSUSE 10 Security Update : php5 (php5-1590)

2007-10-1700:00:00
This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.
www.tenable.com
16
JSON

This update fixes the following security issues: - invalid charactes in session names were not blocked - a bug in zend_hash_del() allowed attackers to prevent unsetting of some variables - bugs in the substr_compare() and wordwrap function could crash php (CVE-2006-1991, CVE-2006-1990) - a memory leak in the imagecreatefromgif() function

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update php5-1590.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(27389);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2006-1990", "CVE-2006-1991");

  script_name(english:"openSUSE 10 Security Update : php5 (php5-1590)");
  script_summary(english:"Check for the php5-1590 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes the following security issues: - invalid charactes
in session names were not blocked - a bug in zend_hash_del() allowed
attackers to prevent unsetting of some variables - bugs in the
substr_compare() and wordwrap function could crash php (CVE-2006-1991,
CVE-2006-1990) - a memory leak in the imagecreatefromgif() function"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php5 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/06/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE10.1", reference:"apache2-mod_php5-5.1.2-29.4") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"php5-5.1.2-29.4") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"php5-gd-5.1.2-29.4") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / php5 / php5-gd");
}
VendorProductVersionCPE
novellopensuseapache2-mod_php5p-cpe:/a:novell:opensuse:apache2-mod_php5
novellopensusephp5p-cpe:/a:novell:opensuse:php5
novellopensusephp5-gdp-cpe:/a:novell:opensuse:php5-gd
novellopensuse10.1cpe:/o:novell:opensuse:10.1

Related

nessus 9
openvas 3
gentoo 1
prion 3
ubuntucve 4
suse 1
cve 4
centos 2
redhat 2
ubuntu 1
seebug 1
nessus
nessus
Mandrake Linux Security Advisory : php (MDKSA-2006:091)
2006-05-27 00:00:00
GLSA-200605-08 : PHP: Multiple vulnerabilities
2006-05-13 00:00:00
SUSE-SA:2006:031: PHP4,PHP5
2007-02-18 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200605-08 (php)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200605-08 (php)
2008-09-24 00:00:00
Ubuntu: Security Advisory (USN-320-1)
2022-08-26 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2006-05-08 00:00:00
prion
prion
Design/Logic Flaw
2006-04-24 23:02:00
Integer overflow
2007-03-10 00:19:00
Integer overflow
2006-04-24 23:02:00
ubuntucve
ubuntucve
CVE-2006-1991
2006-04-24 00:00:00
CVE-2007-1375
2007-03-10 00:00:00
CVE-2006-1990
2006-04-24 00:00:00
suse
suse
remote code execution in PHP4,PHP5
2006-06-14 16:37:08
cve
cve
CVE-2006-1991
2006-04-24 23:02:00
CVE-2007-1375
2007-03-10 00:19:00
CVE-2006-1990
2006-04-24 23:02:00
centos
centos
php security update
2006-07-12 19:14:58
php security update
2006-05-24 01:13:50
redhat
redhat
(RHSA-2006:0568) php security update
2006-07-12 00:00:00
(RHSA-2006:0501) php security update
2006-05-23 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2006-07-19 00:00:00
seebug
seebug
Apple Mac OS X 2006-007存在多个安全漏洞
2006-11-29 00:00:00
JSON
Related for SUSE_PHP5-1590.NASL
nessus9openvas3gentoo1prion3ubuntucve4suse1cve4centos2redhat2ubuntu1seebug1