Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3045-1.NASL
HistoryAug 03, 2016 - 12:00 a.m.

Ubuntu 14.04 LTS / 16.04 LTS : PHP vulnerabilities (USN-3045-1)

2016-08-0300:00:00
Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
32
JSON

It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116)

It was discovered that PHP incorrectly handled recursive method calls.
A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8873)

It was discovered that PHP incorrectly validated certain Exception objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8876)

It was discovered that PHP header() function performed insufficient filtering for Internet Explorer. A remote attacker could possibly use this issue to perform a XSS attack. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8935)

It was discovered that PHP incorrectly handled certain locale operations. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5093)

It was discovered that the PHP php_html_entities() function incorrectly handled certain string lengths. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5094, CVE-2016-5095)

It was discovered that the PHP fread() function incorrectly handled certain lengths. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2016-5096)

It was discovered that the PHP FastCGI Process Manager (FPM) SAPI incorrectly handled memory in the access logging feature. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114)

It was discovered that PHP would not protect applications from contents of the HTTP_PROXY environment variable when based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with scripts that honour the HTTP_PROXY variable to redirect outgoing HTTP requests.
(CVE-2016-5385)

Hans Jerry Illikainen discovered that the PHP bzread() function incorrectly performed error handling. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-5399)

It was discovered that certain PHP multibyte string functions incorrectly handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-5768)

It was discovered that the PHP Mcrypt extension incorrectly handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.
This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2016-5769)

It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing malicious data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only addressed in Ubuntu Ubuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773)

It was discovered that PHP incorrectly handled memory when unserializing malicious xml data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5772)

It was discovered that the PHP php_url_parse_ex() function incorrectly handled string termination. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-6288)

It was discovered that PHP incorrectly handled path lengths when extracting certain Zip archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6289)

It was discovered that PHP incorrectly handled session deserialization. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6290)

It was discovered that PHP incorrectly handled exif headers when processing certain JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6291, CVE-2016-6292)

It was discovered that PHP incorrectly handled certain locale operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6294)

It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing SNMP data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6295)

It was discovered that the PHP xmlrpc_encode_request() function incorrectly handled certain lengths. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6296)

It was discovered that the PHP php_stream_zip_opener() function incorrectly handled memory. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6297).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3045-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(92699);
  script_version("2.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/23");

  script_cve_id(
    "CVE-2015-4116",
    "CVE-2015-8873",
    "CVE-2015-8876",
    "CVE-2015-8935",
    "CVE-2016-5093",
    "CVE-2016-5094",
    "CVE-2016-5095",
    "CVE-2016-5096",
    "CVE-2016-5114",
    "CVE-2016-5385",
    "CVE-2016-5399",
    "CVE-2016-5768",
    "CVE-2016-5769",
    "CVE-2016-5771",
    "CVE-2016-5772",
    "CVE-2016-5773",
    "CVE-2016-6288",
    "CVE-2016-6289",
    "CVE-2016-6290",
    "CVE-2016-6291",
    "CVE-2016-6292",
    "CVE-2016-6294",
    "CVE-2016-6295",
    "CVE-2016-6296",
    "CVE-2016-6297"
  );
  script_xref(name:"USN", value:"3045-1");

  script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS : PHP vulnerabilities (USN-3045-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"It was discovered that PHP incorrectly handled certain
SplMinHeap::compare operations. A remote attacker could use this issue
to cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and
Ubuntu 14.04 LTS. (CVE-2015-4116)

It was discovered that PHP incorrectly handled recursive method calls.
A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service. This issue only affected Ubuntu
12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8873)

It was discovered that PHP incorrectly validated certain Exception
objects when unserializing data. A remote attacker could use this
issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue only affected Ubuntu 12.04
LTS and Ubuntu 14.04 LTS. (CVE-2015-8876)

It was discovered that PHP header() function performed insufficient
filtering for Internet Explorer. A remote attacker could possibly use
this issue to perform a XSS attack. This issue only affected Ubuntu
12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8935)

It was discovered that PHP incorrectly handled certain locale
operations. An attacker could use this issue to cause PHP to crash,
resulting in a denial of service. This issue only affected Ubuntu
12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5093)

It was discovered that the PHP php_html_entities() function
incorrectly handled certain string lengths. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5094, CVE-2016-5095)

It was discovered that the PHP fread() function incorrectly handled
certain lengths. An attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2016-5096)

It was discovered that the PHP FastCGI Process Manager (FPM) SAPI
incorrectly handled memory in the access logging feature. An attacker
could use this issue to cause PHP to crash, resulting in a denial of
service, or possibly expose sensitive information. This issue only
affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114)

It was discovered that PHP would not protect applications from
contents of the HTTP_PROXY environment variable when based on the
contents of the Proxy header from HTTP requests. A remote attacker
could possibly use this issue in combination with scripts that honour
the HTTP_PROXY variable to redirect outgoing HTTP requests.
(CVE-2016-5385)

Hans Jerry Illikainen discovered that the PHP bzread() function
incorrectly performed error handling. A remote attacker could use this
issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2016-5399)

It was discovered that certain PHP multibyte string functions
incorrectly handled memory. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-5768)

It was discovered that the PHP Mcrypt extension incorrectly handled
memory. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2016-5769)

It was discovered that the PHP garbage collector incorrectly handled
certain objects when unserializing malicious data. A remote attacker
could use this issue to cause PHP to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue was only
addressed in Ubuntu Ubuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773)

It was discovered that PHP incorrectly handled memory when
unserializing malicious xml data. A remote attacker could use this
issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue only affected Ubuntu 12.04
LTS and Ubuntu 14.04 LTS. (CVE-2016-5772)

It was discovered that the PHP php_url_parse_ex() function incorrectly
handled string termination. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and
Ubuntu 14.04 LTS. (CVE-2016-6288)

It was discovered that PHP incorrectly handled path lengths when
extracting certain Zip archives. A remote attacker could use this
issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2016-6289)

It was discovered that PHP incorrectly handled session
deserialization. A remote attacker could use this issue to cause PHP
to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-6290)

It was discovered that PHP incorrectly handled exif headers when
processing certain JPEG images. A remote attacker could use this issue
to cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2016-6291, CVE-2016-6292)

It was discovered that PHP incorrectly handled certain locale
operations. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-6294)

It was discovered that the PHP garbage collector incorrectly handled
certain objects when unserializing SNMP data. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6295)

It was discovered that the PHP xmlrpc_encode_request() function
incorrectly handled certain lengths. An attacker could use this issue
to cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2016-6296)

It was discovered that the PHP php_stream_zip_opener() function
incorrectly handled memory. An attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-6297).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3045-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-6296");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/08/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5filter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libphp5-embed");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libphp7.0-embed");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-readline");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-sybase");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-bz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-interbase");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-phpdbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-readline");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-sqlite3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-sybase");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php7.0-zip");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release || '16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '14.04', 'pkgname': 'libapache2-mod-php5', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'libapache2-mod-php5filter', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'libphp5-embed', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php-pear', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-cgi', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-cli', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-common', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-curl', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-dev', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-enchant', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-fpm', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-gd', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-gmp', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-intl', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-ldap', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-mysql', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-mysqlnd', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-odbc', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-pgsql', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-pspell', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-readline', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-recode', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-snmp', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-sqlite', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-sybase', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-tidy', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-xmlrpc', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '14.04', 'pkgname': 'php5-xsl', 'pkgver': '5.5.9+dfsg-1ubuntu4.19'},
    {'osver': '16.04', 'pkgname': 'libapache2-mod-php7.0', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'libphp7.0-embed', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-bcmath', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-bz2', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-cgi', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-cli', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-common', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-curl', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-dba', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-dev', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-enchant', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-fpm', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-gd', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-gmp', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-imap', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-interbase', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-intl', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-json', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-ldap', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-mbstring', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-mcrypt', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-mysql', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-odbc', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-opcache', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-pgsql', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-phpdbg', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-pspell', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-readline', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-recode', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-snmp', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-soap', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-sqlite3', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-sybase', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-tidy', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-xml', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-xmlrpc', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-xsl', 'pkgver': '7.0.8-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'php7.0-zip', 'pkgver': '7.0.8-0ubuntu0.16.04.2'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libapache2-mod-php5 / libapache2-mod-php5filter / etc');
}
VendorProductVersionCPE
canonicalubuntu_linuxlibapache2-mod-php5p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5
canonicalubuntu_linuxlibapache2-mod-php5filterp-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5filter
canonicalubuntu_linuxlibapache2-mod-php7.0p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0
canonicalubuntu_linuxlibphp5-embedp-cpe:/a:canonical:ubuntu_linux:libphp5-embed
canonicalubuntu_linuxlibphp7.0-embedp-cpe:/a:canonical:ubuntu_linux:libphp7.0-embed
canonicalubuntu_linuxphp-pearp-cpe:/a:canonical:ubuntu_linux:php-pear
canonicalubuntu_linuxphp5p-cpe:/a:canonical:ubuntu_linux:php5
canonicalubuntu_linuxphp5-cgip-cpe:/a:canonical:ubuntu_linux:php5-cgi
canonicalubuntu_linuxphp5-clip-cpe:/a:canonical:ubuntu_linux:php5-cli
canonicalubuntu_linuxphp5-commonp-cpe:/a:canonical:ubuntu_linux:php5-common
Rows per page:
1-10 of 701

References

Related

openvas 52
ubuntu 1
cloudfoundry 1
nessus 61
debian 4
freebsd 3
mageia 3
f5 7
osv 2
suse 8
fedora 6
ibm 4
amazon 3
slackware 2
cve 3
redhatcve 2
debiancve 1
threatpost 1
prion 4
thn 1
ubuntucve 5
oraclelinux 1
redhat 2
centos 1
hackerone 1
veracode 20
openvas
openvas
Ubuntu: Security Advisory (USN-3045-1)
2016-08-08 00:00:00
Debian Security Advisory DSA 3631-1 (php5 - security update)
2016-08-02 00:00:00
Debian: Security Advisory (DSA-3631-1)
2016-08-02 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2016-08-02 00:00:00
cloudfoundry
cloudfoundry
USN-3045-1 PHP vulnerabilities | Cloud Foundry
2016-09-09 00:00:00
nessus
nessus
Debian DSA-3631-1 : php5 - security update (httpoxy)
2016-07-27 00:00:00
FreeBSD : php -- multiple vulnerabilities (b6402385-533b-11e6-a7bd-14dae9d210b8) (httpoxy)
2016-07-27 00:00:00
Debian DLA-628-1 : php5 security update
2016-09-19 00:00:00
debian
debian
[SECURITY] [DSA 3631-1] php5 security update
2016-07-26 20:46:29
[SECURITY] [DLA 628-1] php5 security update
2016-09-18 15:12:08
[SECURITY] [DSA 3618-1] php5 security update
2016-07-14 19:50:00
freebsd
freebsd
php -- multiple vulnerabilities
2016-07-21 00:00:00
php -- multiple vulnerabilities
2016-06-23 00:00:00
php -- multiple vulnerabilities
2016-05-26 00:00:00
mageia
mageia
Updated php/xmlrpc-epi/timezone packages fix security vulnerability
2016-07-27 00:59:16
Updated php packages fix security vulnerability
2016-07-05 18:47:08
Updated php packages fix security vulnerabilities
2016-06-03 00:40:03
f5
f5
K35799130 : Multiple PHP vulnerabilities
2016-10-11 00:00:00
SOL35799130 - Multiple PHP vulnerabilities
2016-10-11 00:00:00
K34985231 : PHP vulnerabilities CVE-2016-6288 and CVE-2016-6289
2016-12-07 00:00:00
osv
osv
php5 - security update
2016-09-18 00:00:00
php5 - security update
2016-06-29 00:00:00
suse
suse
Security update for php5 (important)
2016-08-16 13:10:01
Security update for php5 (important)
2016-07-07 18:08:23
Security update for php5 (important)
2016-06-11 14:14:42
fedora
fedora
[SECURITY] Fedora 22 Update: php-5.6.22-1.fc22
2016-06-03 15:23:06
[SECURITY] Fedora 23 Update: php-5.6.23-1.fc23
2016-07-02 19:34:49
[SECURITY] Fedora 24 Update: php-5.6.23-1.fc24
2016-07-02 15:45:25
ibm
ibm
Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On
2018-06-16 20:06:28
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple php vulnerabilities
2018-06-18 01:33:37
Security Bulletin: Vulnerabilities in PHP affect IBM Flex System Chassis Management Module
2019-01-31 02:25:02
amazon
amazon
Medium: php56
2016-06-02 17:44:00
Medium: php55, php56
2016-08-01 13:30:00
Medium: php55
2016-06-02 17:47:00
slackware
slackware
[slackware-security] php
2016-06-24 23:46:10
[slackware-security] php
2016-05-27 23:33:54
cve
cve
CVE-2016-6295
2016-07-25 14:59:00
CVE-2016-5095
2016-08-07 10:59:00
CVE-2015-8935
2016-08-07 10:59:00
redhatcve
redhatcve
CVE-2016-6295
2016-07-25 14:19:51
CVE-2016-5095
2016-07-11 13:49:30
debiancve
debiancve
CVE-2016-6295
2016-07-25 14:59:00
threatpost
threatpost
Pornhub Hack Earns Researchers $22,000
2016-07-25 13:01:30
prion
prion
Design/Logic Flaw
2016-07-25 14:59:00
Integer overflow
2016-08-07 10:59:00
Cross site scripting
2016-08-07 10:59:00
thn
thn
PornHub Pays Hackers $20,000 to Find Zero-day Flaws in its Website
2016-07-24 20:25:00
ubuntucve
ubuntucve
CVE-2016-6295
2016-07-25 00:00:00
CVE-2016-5095
2016-05-30 00:00:00
CVE-2015-8935
2016-06-21 00:00:00
oraclelinux
oraclelinux
php security and bug fix update
2016-11-09 00:00:00
redhat
redhat
(RHSA-2016:2598) Moderate: php security and bug fix update
2016-11-03 06:07:16
(RHSA-2016:2750) Moderate: rh-php56 security, bug fix, and enhancement update
2016-11-15 11:13:31
centos
centos
php security update
2016-11-25 15:41:35
hackerone
hackerone
Nextcloud: Response Header injection using redirect_uri together with PHP that utilizes Header Folding according to RFC1945 and Internet Explorer 11
2016-06-17 13:20:10
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:02:26
Arbitrary Code Execution
2019-05-02 06:02:23
Null Pointer Dereference
2019-05-02 06:02:24
JSON
Related for UBUNTU_USN-3045-1.NASL
openvas52ubuntu1cloudfoundry1nessus61debian4freebsd3mageia3f57osv2suse8fedora6ibm4amazon3slackware2cve3redhatcve2debiancve1threatpost1prion4thn1ubuntucve5oraclelinux1redhat2centos1hackerone1veracode20