Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1307-1.NASL
HistoryDec 15, 2011 - 12:00 a.m.

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerability (USN-1307-1)

2011-12-1500:00:00
Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

Florent Hochwelker discovered that PHP incorrectly handled certain EXIF headers in JPEG files. A remote attacker could exploit this issue to view sensitive information or cause the PHP server to crash.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1307-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(57314);
  script_version("1.6");
  script_cvs_date("Date: 2019/09/19 12:54:27");

  script_cve_id("CVE-2011-4566");
  script_bugtraq_id(50907);
  script_xref(name:"USN", value:"1307-1");

  script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerability (USN-1307-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Florent Hochwelker discovered that PHP incorrectly handled certain
EXIF headers in JPEG files. A remote attacker could exploit this issue
to view sensitive information or cause the PHP server to crash.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1307-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected php5-cgi and / or php5-cli packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cli");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/11/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/12/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(8\.04|10\.04|10\.10|11\.04|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"8.04", pkgname:"php5-cgi", pkgver:"5.2.4-2ubuntu5.19")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"php5-cli", pkgver:"5.2.4-2ubuntu5.19")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"php5-cgi", pkgver:"5.3.2-1ubuntu4.11")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"php5-cli", pkgver:"5.3.2-1ubuntu4.11")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"php5-cgi", pkgver:"5.3.3-1ubuntu9.7")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"php5-cli", pkgver:"5.3.3-1ubuntu9.7")) flag++;
if (ubuntu_check(osver:"11.04", pkgname:"php5-cgi", pkgver:"5.3.5-1ubuntu7.4")) flag++;
if (ubuntu_check(osver:"11.04", pkgname:"php5-cli", pkgver:"5.3.5-1ubuntu7.4")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"php5-cgi", pkgver:"5.3.6-13ubuntu3.3")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"php5-cli", pkgver:"5.3.6-13ubuntu3.3")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php5-cgi / php5-cli");
}
VendorProductVersionCPE
canonicalubuntu_linuxphp5-cgip-cpe:/a:canonical:ubuntu_linux:php5-cgi
canonicalubuntu_linuxphp5-clip-cpe:/a:canonical:ubuntu_linux:php5-cli
canonicalubuntu_linux10.04cpe:/o:canonical:ubuntu_linux:10.04:-:lts
canonicalubuntu_linux10.10cpe:/o:canonical:ubuntu_linux:10.10
canonicalubuntu_linux11.04cpe:/o:canonical:ubuntu_linux:11.04
canonicalubuntu_linux11.10cpe:/o:canonical:ubuntu_linux:11.10
canonicalubuntu_linux8.04cpe:/o:canonical:ubuntu_linux:8.04:-:lts

Related

seebug 1
openvas 47
veracode 1
checkpoint_advisories 2
ubuntu 1
nessus 26
freebsd 1
fedora 6
oraclelinux 4
redhat 3
ubuntucve 1
cve 1
amazon 1
prion 1
centos 3
securityvulns 3
osv 1
debian 2
suse 3
f5 2
gentoo 1
seebug
seebug
PHP &quot;exif_process_IFD_TAG()&quot;θΏœη¨‹ζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄ž
2011-12-07 00:00:00
openvas
openvas
Ubuntu Update for php5 USN-1307-1
2011-12-16 00:00:00
PHP EXIF Header Denial of Service Vulnerability (Windows)
2011-12-01 00:00:00
Ubuntu Update for php5 USN-1307-1
2011-12-16 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:06:05
checkpoint_advisories
checkpoint_advisories
PHP Exif Header Parsing Integer Overflow (CVE-2011-4566)
2012-08-27 00:00:00
PHP Exif Header Parsing Integer Overflow - Ver2 (CVE-2011-4566)
2015-03-26 00:00:00
ubuntu
ubuntu
PHP vulnerability
2011-12-14 00:00:00
nessus
nessus
CentOS 5 / 6 : php / php53 (CESA-2012:0019)
2012-01-12 00:00:00
Amazon Linux AMI : php (ALAS-2012-37)
2013-09-04 00:00:00
Fedora 16 : maniadrive-1.2-32.fc16.1 / php-5.3.9-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.1 (2012-0504)
2012-01-20 00:00:00
freebsd
freebsd
php -- multiple vulnerabilities
2011-12-29 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: php-eaccelerator-0.9.6.1-9.fc16.1
2012-01-19 22:00:25
[SECURITY] Fedora 16 Update: php-5.3.9-1.fc16
2012-01-19 22:00:25
[SECURITY] Fedora 16 Update: maniadrive-1.2-32.fc16.1
2012-01-19 22:00:25
oraclelinux
oraclelinux
php53 and php security update
2012-01-11 00:00:00
php security update
2012-01-30 00:00:00
php security update
2012-01-18 00:00:00
redhat
redhat
(RHSA-2012:0019) Moderate: php53 and php security update
2012-01-11 00:00:00
(RHSA-2012:0071) Moderate: php security update
2012-01-30 00:00:00
(RHSA-2012:0033) Moderate: php security update
2012-01-18 00:00:00
ubuntucve
ubuntucve
CVE-2011-4566
2011-11-28 00:00:00
cve
cve
CVE-2011-4566
2011-11-29 00:55:00
amazon
amazon
Medium: php
2012-01-19 20:10:00
prion
prion
Integer overflow
2011-11-29 00:55:00
centos
centos
php, php53 security update
2012-01-11 19:19:36
php security update
2012-01-30 20:44:11
php security update
2012-01-18 19:55:58
securityvulns
securityvulns
PHP security vulnerabilities
2012-02-08 00:00:00
[ MDVSA-2012:071 ] php
2012-05-14 00:00:00
Apple Mac OS X multiple security vulnerabilities
2012-08-20 00:00:00
osv
osv
php5 - several
2012-01-31 00:00:00
debian
debian
[SECURITY] [DSA 2399-1] php5 security update
2012-01-31 07:22:58
[SECURITY] [DSA 2399-2] php5 regression fix
2012-01-31 15:26:47
suse
suse
update for php5 (important)
2012-03-29 15:08:14
Security update for PHP5 (important)
2012-04-12 23:08:15
Security update for PHP5 (important)
2013-08-16 21:04:11
f5
f5
SOL13519 - Multiple PHP vulnerabilities
2012-04-04 00:00:00
K13519 : Multiple PHP vulnerabilities
2013-09-20 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2012-09-24 00:00:00
JSON
Related for UBUNTU_USN-1307-1.NASL
seebug1openvas47veracode1checkpoint_advisories2ubuntu1nessus26freebsd1fedora6oraclelinux4redhat3ubuntucve1cve1amazon1prion1centos3securityvulns3osv1debian2suse3f52gentoo1