Search...

PHP crypt() returns only the salt for MD5

2011-08-25T00:00:00

ID OPENVAS:1361412562310103225
Type openvas
Reporter This script is Copyright (C) 2011 Greenbone Networks GmbH
Modified 2018-07-10T00:00:00

Description

PHP 5.3.7, if crypt()is executed with MD5 salts, the return value conists of the salt only.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_php_5_7_3.nasl 10472 2018-07-10 05:32:43Z cfischer $
#
# PHP crypt() returns only the salt for MD5
#
# Authors:
# Michael Meyer &lt;michael.meyer@greenbone.net&gt;
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

CPE = "cpe:/a:php:php";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.103225");
  script_version("$Revision: 10472 $");
  script_cve_id("CVE-2011-3189");
  script_tag(name:"last_modification", value:"$Date: 2018-07-10 07:32:43 +0200 (Tue, 10 Jul 2018) $");
  script_tag(name:"creation_date", value:"2011-08-25 15:23:29 +0200 (Thu, 25 Aug 2011)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_name("PHP crypt() returns only the salt for MD5");
  script_category(ACT_GATHER_INFO);
  script_family("Web application abuses");
  script_copyright("This script is Copyright (C) 2011 Greenbone Networks GmbH");
  script_dependencies("gb_php_detect.nasl");
  script_mandatory_keys("php/installed");

  script_xref(name:"URL", value:"http://www.h-online.com/open/news/item/PHP-users-warned-not-to-upgrade-to-5-3-7-1327427.html");
  script_xref(name:"URL", value:"http://www.php.net/archive/2011.php#id2011-08-22-1");
  script_xref(name:"URL", value:"http://www.php.net/ChangeLog-5.php#5.3.8");

  script_tag(name:"affected", value:"PHP 5.3.7 is vulnerable.");

  script_tag(name:"solution", value:"Updates are available. Please see the references for more information.");

  script_tag(name:"summary", value:"PHP 5.3.7, if crypt()is executed with MD5 salts, the return value conists of the
  salt only.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );
if( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );

if(version_is_equal(version:phpVer, test_version:"5.3.7")) {
  report = report_fixed_ver(installed_version:phpVer, fixed_version:"5.3.8");
  security_message(data:report, port:phpPort);
  exit(0);
}

exit(99);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310103225", "bulletinFamily": "scanner", "title": "PHP crypt() returns only the salt for MD5", "description": "PHP 5.3.7, if crypt()is executed with MD5 salts, the return value conists of the\n salt only.", "published": "2011-08-25T00:00:00", "modified": "2018-07-10T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103225", "reporter": "This script is Copyright (C) 2011 Greenbone Networks GmbH", "references": ["http://www.php.net/ChangeLog-5.php#5.3.8", "http://www.h-online.com/open/news/item/PHP-users-warned-not-to-upgrade-to-5-3-7-1327427.html", "http://www.php.net/archive/2011.php#id2011-08-22-1"], "cvelist": ["CVE-2011-3189"], "type": "openvas", "lastseen": "2019-05-29T18:39:29", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2011-3189"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "PHP 5.3.7, if crypt()is executed with MD5 salts, the return value conists of the\n salt only.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "de6a796287417b2824e6c59374b75f36091658556113db162813b5639108b519", "hashmap": [{"hash": "0b096151f899970e9a97f10321d19431", "key": "reporter"}, {"hash": "361658ac6c9ecf9036bc197f3f1e819f", "key": "description"}, {"hash": "126aa6199253ddc5259666d479153208", "key": "modified"}, {"hash": "1e05a3e1071df7a9240af4d20107f9c1", "key": "href"}, {"hash": "e87df96a8de1d8a994cd8c252720c45f", "key": "sourceData"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d600149e8796a4a78f4d4b317a639922", "key": "pluginID"}, {"hash": "c4df3faa6380af496240736abd343cf3", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "53182acf23b5fabc171eca341daecc51", "key": "published"}, {"hash": "ed078319d669e662016cc41207a9bc58", "key": "title"}, {"hash": "313c58f8876d4caf709e50e89fbdd9d2", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103225", "id": "OPENVAS:1361412562310103225", "lastseen": "2018-08-30T19:27:12", "modified": "2018-07-10T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310103225", "published": "2011-08-25T00:00:00", "references": ["http://www.php.net/ChangeLog-5.php#5.3.8", "http://www.h-online.com/open/news/item/PHP-users-warned-not-to-upgrade-to-5-3-7-1327427.html", "http://www.php.net/archive/2011.php#id2011-08-22-1"], "reporter": "This script is Copyright (C) 2011 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_5_7_3.nasl 10472 2018-07-10 05:32:43Z cfischer $\n#\n# PHP crypt() returns only the salt for MD5\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103225\");\n script_version(\"$Revision: 10472 $\");\n script_cve_id(\"CVE-2011-3189\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-10 07:32:43 +0200 (Tue, 10 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-25 15:23:29 +0200 (Thu, 25 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"PHP crypt() returns only the salt for MD5\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.h-online.com/open/news/item/PHP-users-warned-not-to-upgrade-to-5-3-7-1327427.html\");\n script_xref(name:\"URL\", value:\"http://www.php.net/archive/2011.php#id2011-08-22-1\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php#5.3.8\");\n\n script_tag(name:\"affected\", value:\"PHP 5.3.7 is vulnerable.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"PHP 5.3.7, if crypt()is executed with MD5 salts, the return value conists of the\n salt only.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_equal(version:phpVer, test_version:\"5.3.7\")) {\n report = report_fixed_ver(installed_version:phpVer, fixed_version:\"5.3.8\");\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "title": "PHP crypt() returns only the salt for MD5", "type": "openvas", "viewCount": 3}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:27:12"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2011-3189"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "PHP 5.3.7, if crypt()is executed with MD5 salts, the return value conists of the\n salt only.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "2e2a95da44eb00cb0b4325a5862a6be7fa5cd092d83af23cafe2690c5822a980", "hashmap": [{"hash": "0b096151f899970e9a97f10321d19431", "key": "reporter"}, {"hash": "361658ac6c9ecf9036bc197f3f1e819f", "key": "description"}, {"hash": "126aa6199253ddc5259666d479153208", "key": "modified"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "1e05a3e1071df7a9240af4d20107f9c1", "key": "href"}, {"hash": "e87df96a8de1d8a994cd8c252720c45f", "key": "sourceData"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "d600149e8796a4a78f4d4b317a639922", "key": "pluginID"}, {"hash": "c4df3faa6380af496240736abd343cf3", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "53182acf23b5fabc171eca341daecc51", "key": "published"}, {"hash": "ed078319d669e662016cc41207a9bc58", "key": "title"}, {"hash": "313c58f8876d4caf709e50e89fbdd9d2", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103225", "id": "OPENVAS:1361412562310103225", "lastseen": "2018-07-10T17:53:34", "modified": "2018-07-10T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310103225", "published": "2011-08-25T00:00:00", "references": ["http://www.php.net/ChangeLog-5.php#5.3.8", "http://www.h-online.com/open/news/item/PHP-users-warned-not-to-upgrade-to-5-3-7-1327427.html", "http://www.php.net/archive/2011.php#id2011-08-22-1"], "reporter": "This script is Copyright (C) 2011 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_5_7_3.nasl 10472 2018-07-10 05:32:43Z cfischer $\n#\n# PHP crypt() returns only the salt for MD5\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103225\");\n script_version(\"$Revision: 10472 $\");\n script_cve_id(\"CVE-2011-3189\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-10 07:32:43 +0200 (Tue, 10 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-25 15:23:29 +0200 (Thu, 25 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"PHP crypt() returns only the salt for MD5\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.h-online.com/open/news/item/PHP-users-warned-not-to-upgrade-to-5-3-7-1327427.html\");\n script_xref(name:\"URL\", value:\"http://www.php.net/archive/2011.php#id2011-08-22-1\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php#5.3.8\");\n\n script_tag(name:\"affected\", value:\"PHP 5.3.7 is vulnerable.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"PHP 5.3.7, if crypt()is executed with MD5 salts, the return value conists of the\n salt only.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_equal(version:phpVer, test_version:\"5.3.7\")) {\n report = report_fixed_ver(installed_version:phpVer, fixed_version:\"5.3.8\");\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "title": "PHP crypt() returns only the salt for MD5", "type": "openvas", "viewCount": 3}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-07-10T17:53:34"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "PHP 5.3.7, if crypt() is executed with MD5 salts, the return value conists of the\n salt only.", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "400113930c304fa4976828da9c438e5d98d3c9e543c0646fa95db3b3da349c17", "hashmap": [{"hash": "0b096151f899970e9a97f10321d19431", "key": "reporter"}, {"hash": "6e251a5b9a04fd5ae7e9f2d04ef2685e", "key": "description"}, {"hash": "f560fa0e665857735285c1d109a25768", "key": "sourceData"}, {"hash": "1e05a3e1071df7a9240af4d20107f9c1", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d600149e8796a4a78f4d4b317a639922", "key": "pluginID"}, {"hash": "c4df3faa6380af496240736abd343cf3", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "3044cdbad1ed41bd94a84f79f899b09e", "key": "modified"}, {"hash": "53182acf23b5fabc171eca341daecc51", "key": "published"}, {"hash": "ed078319d669e662016cc41207a9bc58", "key": "title"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103225", "id": "OPENVAS:1361412562310103225", "lastseen": "2017-07-02T21:13:27", "modified": "2016-11-14T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310103225", "published": "2011-08-25T00:00:00", "references": ["http://www.php.net/ChangeLog-5.php#5.3.8", "http://www.h-online.com/open/news/item/PHP-users-warned-not-to-upgrade-to-5-3-7-1327427.html", "http://www.php.net/archive/2011.php#id2011-08-22-1"], "reporter": "This script is Copyright (C) 2011 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_5_7_3.nasl 4502 2016-11-14 14:48:19Z cfi $\n#\n# PHP crypt() returns only the salt for MD5\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103225\");\n script_version(\"$Revision: 4502 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-11-14 15:48:19 +0100 (Mon, 14 Nov 2016) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-25 15:23:29 +0200 (Thu, 25 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"PHP crypt() returns only the salt for MD5\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"php/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.h-online.com/open/news/item/PHP-users-warned-not-to-upgrade-to-5-3-7-1327427.html\");\n script_xref(name:\"URL\", value:\"http://www.php.net/archive/2011.php#id2011-08-22-1\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php#5.3.8\");\n\n tag_summary = \"PHP 5.3.7, if crypt() is executed with MD5 salts, the return value conists of the\n salt only.\";\n\n tag_affected = \"PHP 5.3.7 is vulnerable.\";\n\n tag_solution = \"Updates are available. Please see the references for more information.\";\n\n script_tag(name:\"affected\", value:tag_affected);\n script_tag(name:\"solution\", value:tag_solution);\n script_tag(name:\"summary\", value:tag_summary);\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_equal(version:phpVer, test_version:\"5.3.7\")) {\n report = report_fixed_ver(installed_version:phpVer, fixed_version:\"5.3.8\");\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "title": "PHP crypt() returns only the salt for MD5", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss", "description", "cvelist", "modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T21:13:27"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2011-3189"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "PHP 5.3.7, if crypt()is executed with MD5 salts, the return value conists of the\n salt only.", "edition": 4, "enchantments": {"dependencies": {"modified": "2018-09-02T00:02:49", "references": [{"idList": ["CVE-2011-3189"], "type": "cve"}, {"idList": ["SECURITYVULNS:DOC:27147", "SECURITYVULNS:VULN:11967", "SECURITYVULNS:DOC:27600", "SECURITYVULNS:VULN:12164"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310802392", "OPENVAS:1361412562310802329", "OPENVAS:136141256231070769", "OPENVAS:70769", "OPENVAS:802392"], "type": "openvas"}, {"idList": ["GLSA-201110-06"], "type": "gentoo"}, {"idList": ["GENTOO_GLSA-201110-06.NASL", "MACOSX_10_7_3.NASL", "MACOSX_SECUPD2012-001.NASL", "HPSMH_7_0_0_24.NASL", "PHP_5_3_8.NASL"], "type": "nessus"}, {"idList": ["SSV:30077"], "type": "seebug"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "2e2a95da44eb00cb0b4325a5862a6be7fa5cd092d83af23cafe2690c5822a980", "hashmap": [{"hash": "0b096151f899970e9a97f10321d19431", "key": "reporter"}, {"hash": "361658ac6c9ecf9036bc197f3f1e819f", "key": "description"}, {"hash": "126aa6199253ddc5259666d479153208", "key": "modified"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "1e05a3e1071df7a9240af4d20107f9c1", "key": "href"}, {"hash": "e87df96a8de1d8a994cd8c252720c45f", "key": "sourceData"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "d600149e8796a4a78f4d4b317a639922", "key": "pluginID"}, {"hash": "c4df3faa6380af496240736abd343cf3", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "53182acf23b5fabc171eca341daecc51", "key": "published"}, {"hash": "ed078319d669e662016cc41207a9bc58", "key": "title"}, {"hash": "313c58f8876d4caf709e50e89fbdd9d2", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103225", "id": "OPENVAS:1361412562310103225", "lastseen": "2018-09-02T00:02:49", "modified": "2018-07-10T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310103225", "published": "2011-08-25T00:00:00", "references": ["http://www.php.net/ChangeLog-5.php#5.3.8", "http://www.h-online.com/open/news/item/PHP-users-warned-not-to-upgrade-to-5-3-7-1327427.html", "http://www.php.net/archive/2011.php#id2011-08-22-1"], "reporter": "This script is Copyright (C) 2011 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_5_7_3.nasl 10472 2018-07-10 05:32:43Z cfischer $\n#\n# PHP crypt() returns only the salt for MD5\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103225\");\n script_version(\"$Revision: 10472 $\");\n script_cve_id(\"CVE-2011-3189\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-10 07:32:43 +0200 (Tue, 10 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-25 15:23:29 +0200 (Thu, 25 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"PHP crypt() returns only the salt for MD5\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.h-online.com/open/news/item/PHP-users-warned-not-to-upgrade-to-5-3-7-1327427.html\");\n script_xref(name:\"URL\", value:\"http://www.php.net/archive/2011.php#id2011-08-22-1\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php#5.3.8\");\n\n script_tag(name:\"affected\", value:\"PHP 5.3.7 is vulnerable.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"PHP 5.3.7, if crypt()is executed with MD5 salts, the return value conists of the\n salt only.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_equal(version:phpVer, test_version:\"5.3.7\")) {\n report = report_fixed_ver(installed_version:phpVer, fixed_version:\"5.3.8\");\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "title": "PHP crypt() returns only the salt for MD5", "type": "openvas", "viewCount": 10}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-09-02T00:02:49"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "313c58f8876d4caf709e50e89fbdd9d2"}, {"key": "cvss", "hash": "876f47c4ebc2b9e0dd17afaa22819f2a"}, {"key": "description", "hash": "361658ac6c9ecf9036bc197f3f1e819f"}, {"key": "href", "hash": "1e05a3e1071df7a9240af4d20107f9c1"}, {"key": "modified", "hash": "126aa6199253ddc5259666d479153208"}, {"key": "naslFamily", "hash": "55199d25018fbdb9b50e6b64d444c3a4"}, {"key": "pluginID", "hash": "d600149e8796a4a78f4d4b317a639922"}, {"key": "published", "hash": "53182acf23b5fabc171eca341daecc51"}, {"key": "references", "hash": "c4df3faa6380af496240736abd343cf3"}, {"key": "reporter", "hash": "0b096151f899970e9a97f10321d19431"}, {"key": "sourceData", "hash": "e87df96a8de1d8a994cd8c252720c45f"}, {"key": "title", "hash": "ed078319d669e662016cc41207a9bc58"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "3e6c3329242d2c0795fb77fa9057f2a990afeeb51ec50568cd50ad908df90c79", "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-3189"]}, {"type": "nessus", "idList": ["PHP_5_3_8.NASL", "MACOSX_SECUPD2012-001.NASL", "MACOSX_10_7_3.NASL", "HPSMH_7_0_0_24.NASL", "GENTOO_GLSA-201110-06.NASL"]}, {"type": "seebug", "idList": ["SSV:30077"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310802329", "OPENVAS:802392", "OPENVAS:1361412562310802392", "OPENVAS:136141256231070769", "OPENVAS:70769"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11967", "SECURITYVULNS:DOC:27600", "SECURITYVULNS:VULN:12164", "SECURITYVULNS:DOC:27147"]}, {"type": "gentoo", "idList": ["GLSA-201110-06"]}], "modified": "2019-05-29T18:39:29"}, "score": {"value": 7.1, "vector": "NONE", "modified": "2019-05-29T18:39:29"}, "vulnersScore": 7.1}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_5_7_3.nasl 10472 2018-07-10 05:32:43Z cfischer $\n#\n# PHP crypt() returns only the salt for MD5\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103225\");\n script_version(\"$Revision: 10472 $\");\n script_cve_id(\"CVE-2011-3189\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-10 07:32:43 +0200 (Tue, 10 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-25 15:23:29 +0200 (Thu, 25 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"PHP crypt() returns only the salt for MD5\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.h-online.com/open/news/item/PHP-users-warned-not-to-upgrade-to-5-3-7-1327427.html\");\n script_xref(name:\"URL\", value:\"http://www.php.net/archive/2011.php#id2011-08-22-1\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php#5.3.8\");\n\n script_tag(name:\"affected\", value:\"PHP 5.3.7 is vulnerable.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"PHP 5.3.7, if crypt()is executed with MD5 salts, the return value conists of the\n salt only.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_equal(version:phpVer, test_version:\"5.3.7\")) {\n report = report_fixed_ver(installed_version:phpVer, fixed_version:\"5.3.8\");\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "naslFamily": "Web application abuses", "pluginID": "1361412562310103225", "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:11:20", "bulletinFamily": "NVD", "description": "The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483.", "modified": "2017-08-29T01:30:00", "id": "CVE-2011-3189", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3189", "published": "2011-08-25T14:22:00", "title": "CVE-2011-3189", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2019-02-21T01:15:18", "bulletinFamily": "scanner", "description": "According to its banner, PHP 5.3.7 is installed on the remote host. This version contains a bug in the crypt() function when generating salted MD5 hashes. The function only returns the salt rather than the salt and hash. Any authentication mechanism that uses crypt() could authorize all authentication attempts due to this bug.", "modified": "2018-07-24T00:00:00", "id": "PHP_5_3_8.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55969", "published": "2011-08-24T00:00:00", "title": "PHP 5.3.7 crypt() MD5 Incorrect Return Value", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55969);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/24 18:56:10\");\n\n script_cve_id(\"CVE-2011-3189\");\n script_bugtraq_id(49376);\n script_xref(name:\"Secunia\", value:\"45678\");\n\n script_name(english:\"PHP 5.3.7 crypt() MD5 Incorrect Return Value\");\n script_summary(english:\"Checks version of PHP\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server uses a version of PHP that is affected by\na security bypass vulnerability.\"\n );\n \n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, PHP 5.3.7 is installed on the\nremote host. This version contains a bug in the crypt()\nfunction when generating salted MD5 hashes. The function only\nreturns the salt rather than the salt and hash. Any\nauthentication mechanism that uses crypt() could authorize all\nauthentication attempts due to this bug.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=55439\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/archive/2011.php#id2011-08-23-1\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to PHP 5.3.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\n# 5.3.7 was only around for a few days, it's unlikely that backporting will be a concern\n#backported = get_kb_item('www/php/'+port+'/backported');\n#if (report_paranoia < 2 && backported)\n# exit(1, \"Security patches may have been backported.\");\n\nif (version =~ '^5(\\\\.3)?$') exit(1, \"The banner for PHP on port \"+port+\" - \"+source+\" - is not granular enough to make a determination.\");\n\nif (version =~ \"^5\\.3\\.7($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.3.8\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:15:58", "bulletinFamily": "scanner", "description": "The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-001 applied. This update contains multiple security-related fixes for the following components :\n\n - Apache\n - ATS\n - ColorSync\n - CoreAudio\n - CoreMedia\n - CoreText\n - curl\n - Data Security\n - dovecot\n - filecmds\n - libresolv\n - libsecurity\n - OpenGL\n - PHP\n - QuickTime\n - SquirrelMail\n - Subversion\n - Tomcat\n - X11", "modified": "2018-07-14T00:00:00", "id": "MACOSX_SECUPD2012-001.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57798", "published": "2012-02-02T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(57798);\n script_version(\"1.25\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2010-1637\",\n \"CVE-2010-2813\",\n \"CVE-2010-4554\",\n \"CVE-2010-4555\",\n \"CVE-2011-0200\",\n \"CVE-2011-1148\",\n \"CVE-2011-1657\",\n \"CVE-2011-1752\",\n \"CVE-2011-1783\",\n \"CVE-2011-1921\",\n \"CVE-2011-1938\",\n \"CVE-2011-2023\",\n \"CVE-2011-2192\",\n \"CVE-2011-2202\",\n \"CVE-2011-2204\",\n \"CVE-2011-2483\",\n \"CVE-2011-2895\",\n \"CVE-2011-3182\",\n \"CVE-2011-3189\",\n \"CVE-2011-3248\",\n \"CVE-2011-3249\",\n \"CVE-2011-3250\",\n \"CVE-2011-3252\",\n \"CVE-2011-3267\",\n \"CVE-2011-3268\",\n \"CVE-2011-3348\",\n \"CVE-2011-3389\",\n \"CVE-2011-3422\",\n \"CVE-2011-3446\",\n \"CVE-2011-3448\",\n \"CVE-2011-3449\",\n \"CVE-2011-3453\",\n \"CVE-2011-3457\",\n \"CVE-2011-3458\",\n \"CVE-2011-3459\",\n \"CVE-2011-3460\"\n );\n script_bugtraq_id(\n 40291,\n 42399,\n 46843,\n 47950,\n 48091,\n 48259,\n 48416,\n 48434,\n 48456,\n 48648,\n 49124,\n 49241,\n 49249,\n 49252,\n 49376,\n 49429,\n 49616,\n 49778,\n 50065,\n 50400,\n 50401,\n 50404,\n 51807,\n 51808,\n 51809,\n 51811,\n 51812,\n 51814,\n 51817,\n 51832\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2012-02-03-1\");\n script_xref(name:\"CERT\", value:\"403593\");\n script_xref(name:\"CERT\", value:\"410281\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST)\");\n script_summary(english:\"Check for the presence of Security Update 2012-001.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running a version of Mac OS X 10.6 that does not\nhave Security Update 2012-001 applied. This update contains multiple\nsecurity-related fixes for the following components :\n\n - Apache\n - ATS\n - ColorSync\n - CoreAudio\n - CoreMedia\n - CoreText\n - curl\n - Data Security\n - dovecot\n - filecmds\n - libresolv\n - libsecurity\n - OpenGL\n - PHP\n - QuickTime\n - SquirrelMail\n - Subversion\n - Tomcat\n - X11\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-058/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-103/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-130/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2012/Aug/59\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5130\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Feb/msg00001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Feb/msg00002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(attribute:\"solution\", value:\"Install Security Update 2012-001 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.6([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.6\");\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nif (\n egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2012\\.00[1-9]|201[3-9]\\.[0-9]+)(\\.snowleopard[0-9.]*)?\\.bom\", string:packages) ||\n egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.2012\\.001(\\.snowleopard)?\\.1\\.1\\.bom\", string:packages)\n) exit(0, \"The host has Security Update 2012-001 or later installed and therefore is not affected.\");\nelse\n{\n if (report_verbosity > 0)\n {\n security_boms = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\", string:packages);\n\n report = '\\n Installed security updates : ';\n if (security_boms) report += str_replace(find:'\\n', replace:'\\n ', string:security_boms);\n else report += 'n/a';\n report += '\\n';\n\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:58", "bulletinFamily": "scanner", "description": "The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.3. The newer version contains multiple security-related fixes for the following components :\n\n - Address Book\n - Apache\n - ATS\n - CFNetwork\n - CoreMedia\n - CoreText\n - CoreUI\n - curl\n - Data Security\n - dovecot\n - filecmds\n - ImageIO\n - Internet Sharing\n - Libinfo\n - libresolv\n - libsecurity\n - OpenGL\n - PHP\n - QuickTime\n - Subversion\n - Time Machine\n - WebDAV Sharing\n - Webmail\n - X11", "modified": "2018-07-14T00:00:00", "id": "MACOSX_10_7_3.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57797", "published": "2012-02-02T00:00:00", "title": "Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs.\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(57797);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2011-1148\",\n \"CVE-2011-1167\",\n \"CVE-2011-1657\",\n \"CVE-2011-1752\",\n \"CVE-2011-1783\",\n \"CVE-2011-1921\",\n \"CVE-2011-1938\",\n \"CVE-2011-2192\",\n \"CVE-2011-2202\",\n \"CVE-2011-2483\",\n \"CVE-2011-2895\",\n \"CVE-2011-2937\",\n \"CVE-2011-3182\",\n \"CVE-2011-3189\",\n \"CVE-2011-3246\",\n \"CVE-2011-3248\",\n \"CVE-2011-3249\",\n \"CVE-2011-3250\",\n \"CVE-2011-3256\",\n \"CVE-2011-3267\",\n \"CVE-2011-3268\",\n \"CVE-2011-3328\",\n \"CVE-2011-3348\",\n \"CVE-2011-3389\",\n \"CVE-2011-3422\",\n \"CVE-2011-3441\",\n \"CVE-2011-3444\",\n \"CVE-2011-3446\",\n \"CVE-2011-3447\",\n \"CVE-2011-3448\",\n \"CVE-2011-3449\",\n \"CVE-2011-3450\",\n \"CVE-2011-3452\",\n \"CVE-2011-3453\",\n \"CVE-2011-3457\",\n \"CVE-2011-3458\",\n \"CVE-2011-3459\",\n \"CVE-2011-3460\",\n \"CVE-2011-3462\",\n \"CVE-2011-3463\"\n );\n script_bugtraq_id(\n 46843,\n 46951,\n 47950,\n 48091,\n 48259,\n 48434,\n 49124,\n 49229,\n 49241,\n 49249,\n 49252,\n 49376,\n 49429,\n 49616,\n 49744,\n 49778,\n 50115,\n 50155,\n 50400,\n 50401,\n 50404,\n 50641,\n 51807,\n 51808,\n 51809,\n 51810,\n 51811,\n 51812,\n 51813,\n 51814,\n 51815,\n 51816,\n 51817,\n 51818,\n 51819,\n 51832\n );\n script_xref(name:\"CERT\", value:\"403593\");\n script_xref(name:\"CERT\", value:\"410281\");\n script_xref(name:\"CERT\", value:\"864643\");\n script_xref(name:\"ZDI\", value:\"ZDI-12-058\");\n script_xref(name:\"ZDI\", value:\"ZDI-12-103\");\n script_xref(name:\"ZDI\", value:\"ZDI-12-130\");\n\n script_name(english:\"Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)\");\n script_summary(english:\"Check the version of Mac OS X.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.7.x that is prior\nto 10.7.3. The newer version contains multiple security-related fixes\nfor the following components :\n\n - Address Book\n - Apache\n - ATS\n - CFNetwork\n - CoreMedia\n - CoreText\n - CoreUI\n - curl\n - Data Security\n - dovecot\n - filecmds\n - ImageIO\n - Internet Sharing\n - Libinfo\n - libresolv\n - libsecurity\n - OpenGL\n - PHP\n - QuickTime\n - Subversion\n - Time Machine\n - WebDAV Sharing\n - Webmail\n - X11\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-058/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-103/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-130/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2012/Aug/59\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT5130\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2012/Feb/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to Mac OS X 10.7.3 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item(\"Host/OS\");\n if (isnull(os)) exit(0, \"The 'Host/OS' KB item is missing.\");\n if (\"Mac OS X\" >!< os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.7($|\\.[0-2]([^0-9]|$))\", string:os)) security_hole(0);\nelse exit(0, \"The host is not affected as it is running \"+os+\".\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:16:33", "bulletinFamily": "scanner", "description": "According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote host is earlier than 7.0. As such, it is reportedly affected by the following vulnerabilities :\n\n - An error exists in the 'generate-id' function in the bundled libxslt library that can allow disclosure of heap memory addresses. (CVE-2011-0195)\n\n - An unspecified input validation error exists and can allow cross-site request forgery attacks. (CVE-2011-3846)\n\n - Unspecified errors can allow attackers to carry out denial of service attacks via unspecified vectors.\n (CVE-2012-0135, CVE-2012-1993)\n\n - The bundled version of PHP contains multiple vulnerabilities. (CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3267, CVE-2011-3268)\n\n - The bundled version of Apache contains multiple vulnerabilities. (CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2011-0419, CVE-2011-1928, CVE-2011-3192, CVE-2011-3348, CVE-2011-3368, CVE-2011-3639)\n\n - OpenSSL libraries are contained in several of the bundled components and contain multiple vulnerabilities.\n (CVE-2011-0014, CVE-2011-1468, CVE-2011-1945, CVE-2011-3207,CVE-2011-3210)\n\n - Curl libraries are contained in several of the bundled components and contain multiple vulnerabilities.\n (CVE-2009-0037, CVE-2010-0734, CVE-2011-2192)", "modified": "2018-11-15T00:00:00", "id": "HPSMH_7_0_0_24.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58811", "published": "2012-04-20T00:00:00", "title": "HP System Management Homepage < 7.0 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(58811);\n script_version(\"1.26\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\n \"CVE-2009-0037\",\n \"CVE-2010-0734\",\n \"CVE-2010-1452\",\n \"CVE-2010-1623\",\n \"CVE-2010-2068\",\n \"CVE-2010-2791\",\n \"CVE-2010-3436\",\n \"CVE-2010-4409\",\n \"CVE-2010-4645\",\n \"CVE-2011-0014\",\n \"CVE-2011-0195\",\n \"CVE-2011-0419\",\n \"CVE-2011-1148\",\n \"CVE-2011-1153\",\n \"CVE-2011-1464\",\n \"CVE-2011-1467\",\n \"CVE-2011-1468\",\n \"CVE-2011-1470\",\n \"CVE-2011-1471\",\n \"CVE-2011-1928\",\n \"CVE-2011-1938\",\n \"CVE-2011-1945\",\n \"CVE-2011-2192\",\n \"CVE-2011-2202\",\n \"CVE-2011-2483\",\n \"CVE-2011-3182\",\n \"CVE-2011-3189\",\n \"CVE-2011-3192\",\n \"CVE-2011-3207\",\n \"CVE-2011-3210\",\n \"CVE-2011-3267\",\n \"CVE-2011-3268\",\n \"CVE-2011-3348\",\n \"CVE-2011-3368\",\n \"CVE-2011-3639\",\n \"CVE-2011-3846\",\n \"CVE-2012-0135\",\n \"CVE-2012-1993\"\n );\n script_bugtraq_id(\n 33962,\n 38162,\n 40827,\n 41963,\n 42102,\n 43673,\n 44723,\n 45119,\n 45668,\n 46264,\n 46843,\n 46854,\n 46968,\n 46969,\n 46975,\n 46977,\n 47668,\n 47820,\n 47888,\n 47929,\n 47950,\n 48259,\n 48434,\n 49241,\n 49249,\n 49303,\n 49376,\n 49469,\n 49471,\n 49616,\n 49957,\n 52974,\n 53121\n );\n\n script_name(english:\"HP System Management Homepage < 7.0 Multiple Vulnerabilities\");\n script_summary(english:\"Does a banner check\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote web server is affected by multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to the web server's banner, the version of HP System\nManagement Homepage (SMH) hosted on the remote host is earlier than\n7.0. As such, it is reportedly affected by the following\nvulnerabilities :\n\n - An error exists in the 'generate-id' function in the\n bundled libxslt library that can allow disclosure of\n heap memory addresses. (CVE-2011-0195)\n\n - An unspecified input validation error exists and can\n allow cross-site request forgery attacks. (CVE-2011-3846)\n\n - Unspecified errors can allow attackers to carry out \n denial of service attacks via unspecified vectors.\n (CVE-2012-0135, CVE-2012-1993)\n\n - The bundled version of PHP contains multiple\n vulnerabilities. (CVE-2010-3436, CVE-2010-4409,\n CVE-2010-4645, CVE-2011-1148, CVE-2011-1153,\n CVE-2011-1464, CVE-2011-1467, CVE-2011-1468,\n CVE-2011-1470, CVE-2011-1471, CVE-2011-1938,\n CVE-2011-2202, CVE-2011-2483, CVE-2011-3182,\n CVE-2011-3189, CVE-2011-3267, CVE-2011-3268)\n\n - The bundled version of Apache contains multiple\n vulnerabilities. (CVE-2010-1452, CVE-2010-1623,\n CVE-2010-2068, CVE-2010-2791, CVE-2011-0419,\n CVE-2011-1928, CVE-2011-3192, CVE-2011-3348,\n CVE-2011-3368, CVE-2011-3639)\n\n - OpenSSL libraries are contained in several of the\n bundled components and contain multiple vulnerabilities.\n (CVE-2011-0014, CVE-2011-1468, CVE-2011-1945,\n CVE-2011-3207,CVE-2011-3210)\n\n - Curl libraries are contained in several of the bundled\n components and contain multiple vulnerabilities.\n (CVE-2009-0037, CVE-2010-0734, CVE-2011-2192)\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.nessus.org/u?106ec533\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to HP System Management Homepage 7.0 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-14-410\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(352);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/20\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:system_management_homepage\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"compaq_wbem_detect.nasl\");\n script_require_keys(\"www/hp_smh\");\n script_require_ports(\"Services/www\", 2301, 2381);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\n\nport = get_http_port(default:2381, embedded:TRUE);\ninstall = get_install_from_kb(appname:'hp_smh', port:port, exit_on_fail:TRUE);\ndir = install['dir'];\nversion = install['ver'];\nprod = get_kb_item_or_exit(\"www/\"+port+\"/hp_smh/variant\");\n\nif (version == UNKNOWN_VER) \n exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+\"/\")+' is unknown.');\n\n# nb: 'version' can have non-numeric characters in it so we'll create \n# an alternate form and make sure that's safe for use in 'ver_compare()'.\nversion_alt = ereg_replace(pattern:\"[_-]\", replace:\".\", string:version);\nif (!ereg(pattern:\"^[0-9][0-9.]+$\", string:version_alt))\n exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+\"/\")+' does not look valid ('+version+').');\n\nfixed_version = '7.0.0.24';\nif (ver_compare(ver:version_alt, fix:fixed_version, strict:FALSE) == -1)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);\n if (report_verbosity > 0)\n {\n source_line = get_kb_item(\"www/\"+port+\"/hp_smh/source\");\n\n report = '\\n Product : ' + prod;\n if (!isnull(source_line)) \n report += '\\n Version source : ' + source_line;\n report += \n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, prod, port, version);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:27", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201110-06 (PHP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A context-dependent attacker could execute arbitrary code, obtain sensitive information from process memory, bypass intended access restrictions, or cause a Denial of Service in various ways.\n A remote attacker could cause a Denial of Service in various ways, bypass spam detections, or bypass open_basedir restrictions.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-07-11T00:00:00", "id": "GENTOO_GLSA-201110-06.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56459", "published": "2011-10-12T00:00:00", "title": "GLSA-201110-06 : PHP: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201110-06.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56459);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2009-5016\", \"CVE-2010-1128\", \"CVE-2010-1129\", \"CVE-2010-1130\", \"CVE-2010-1860\", \"CVE-2010-1861\", \"CVE-2010-1862\", \"CVE-2010-1864\", \"CVE-2010-1866\", \"CVE-2010-1868\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\", \"CVE-2010-2093\", \"CVE-2010-2094\", \"CVE-2010-2097\", \"CVE-2010-2100\", \"CVE-2010-2101\", \"CVE-2010-2190\", \"CVE-2010-2191\", \"CVE-2010-2225\", \"CVE-2010-2484\", \"CVE-2010-2531\", \"CVE-2010-2950\", \"CVE-2010-3062\", \"CVE-2010-3063\", \"CVE-2010-3064\", \"CVE-2010-3065\", \"CVE-2010-3436\", \"CVE-2010-3709\", \"CVE-2010-3710\", \"CVE-2010-3870\", \"CVE-2010-4150\", \"CVE-2010-4409\", \"CVE-2010-4645\", \"CVE-2010-4697\", \"CVE-2010-4698\", \"CVE-2010-4699\", \"CVE-2010-4700\", \"CVE-2011-0420\", \"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-0752\", \"CVE-2011-0753\", \"CVE-2011-0755\", \"CVE-2011-1092\", \"CVE-2011-1148\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\", \"CVE-2011-1657\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3189\", \"CVE-2011-3267\", \"CVE-2011-3268\");\n script_xref(name:\"GLSA\", value:\"201110-06\");\n\n script_name(english:\"GLSA-201110-06 : PHP: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201110-06\n(PHP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in PHP. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A context-dependent attacker could execute arbitrary code, obtain\n sensitive information from process memory, bypass intended access\n restrictions, or cause a Denial of Service in various ways.\n A remote attacker could cause a Denial of Service in various ways,\n bypass spam detections, or bypass open_basedir restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201110-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All PHP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-5.3.8'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/php\", unaffected:make_list(\"ge 5.3.8\"), vulnerable:make_list(\"lt 5.3.8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PHP\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:55:09", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 49376\r\nCVE ID: CVE-2011-3189\r\n\r\nPHP\u662f\u4e00\u79cd\u5728\u7535\u8111\u4e0a\u8fd0\u884c\u7684\u811a\u672c\u8bed\u8a00\uff0c\u4e3b\u8981\u7528\u9014\u662f\u5728\u4e8e\u5904\u7406\u52a8\u6001\u7f51\u9875\uff0c\u5305\u542b\u4e86\u547d\u4ee4\u884c\u8fd0\u884c\u63a5\u53e3\u6216\u8005\u4ea7\u751f\u56fe\u5f62\u7528\u6237\u754c\u9762\u7a0b\u5e8f\u3002\r\n\r\nPHP\u5728crypt()\u51fd\u6570\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u3002\n0\nPHP PHP 5.3.7\r\nPHP PHP 5.3.6\r\nPHP PHP 5.3.5\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPHP\r\n---\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.php.net", "modified": "2012-02-04T00:00:00", "published": "2012-02-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-30077", "id": "SSV:30077", "type": "seebug", "title": "PHP "crypt()"\u51fd\u6570\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e", "sourceData": "\n HTTP Request:\r\n====\r\nPOST /file-upload-fuzz/recv_dump.php HTTP/1.0\r\nhost: blog.security.localhost\r\ncontent-type: multipart/form-data; boundary=----------ThIs_Is_tHe_bouNdaRY_$\r\ncontent-length: 200\r\n\r\n------------ThIs_Is_tHe_bouNdaRY_$\r\nContent-Disposition: form-data; name="contents"; filename="/anything.here.slash-will-pass";\r\nContent-Type: text/plain\r\n\r\nany\r\n------------ThIs_Is_tHe_bouNdaRY_$--\r\n\r\nHTTP Response:\r\n====\r\nHTTP/1.1 200 OK\r\nDate: Fri, 27 May 2011 11:35:08 GMT\r\nServer: Apache/2.2.14 (Ubuntu)\r\nX-Powered-By: PHP/5.3.2-1ubuntu4.9\r\nContent-Length: 30\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n/anything.here.slash-will-pass\r\n\r\nPHP script:\r\n=====\r\n<?php\r\nif (!empty($_FILES['contents'])) { // process file upload\r\n echo $_FILES['contents']['name'];\r\n unlink($_FILES['contents']['tmp_name']);\r\n}\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-30077", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2019-05-29T18:39:58", "bulletinFamily": "scanner", "description": "This host is running PHP and is prone to security bypass\n vulnerability.", "modified": "2018-10-22T00:00:00", "published": "2011-09-07T00:00:00", "id": "OPENVAS:1361412562310802329", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802329", "title": "PHP 'crypt()' Function Security Bypass Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_crypt_func_sec_bypass_vuln_win.nasl 12006 2018-10-22 07:42:16Z mmartin $\n#\n# PHP 'crypt()' Function Security Bypass Vulnerability\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802329\");\n script_version(\"$Revision: 12006 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-22 09:42:16 +0200 (Mon, 22 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:36:57 +0200 (Wed, 07 Sep 2011)\");\n script_cve_id(\"CVE-2011-3189\");\n script_bugtraq_id(48259);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"PHP 'crypt()' Function Security Bypass Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"os_detection.nasl\", \"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/45678\");\n script_xref(name:\"URL\", value:\"http://www.php.net/archive/2011.php#id2011-08-22-1\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow remote attackers to bypass authentication\n via an arbitrary password.\");\n\n script_tag(name:\"affected\", value:\"PHP version 5.3.7 on Windows\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an error in 'crypt()' function which returns the\n salt value instead of hash value when executed with MD5 hash, which allows\n attacker to bypass authentication via an arbitrary password.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.3.8 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is running PHP and is prone to security bypass\n vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/downloads.php\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\n##To check PHP version equal to 5.3.7\nif(version_is_equal(version:phpVer, test_version:\"5.3.7\")){\n report = report_fixed_ver(installed_version:phpVer, fixed_version:\"5.3.8\");\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-19T10:50:27", "bulletinFamily": "scanner", "description": "This host is missing an important security update according to\n Mac OS X Update/Mac OS X Security Update 2012-001.", "modified": "2017-07-04T00:00:00", "published": "2012-02-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802392", "id": "OPENVAS:802392", "title": "Mac OS X Multiple Vulnerabilities (2012-001)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su12-001.nasl 6521 2017-07-04 14:51:10Z cfischer $\n#\n# Mac OS X Multiple Vulnerabilities (2012-001)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions or cause a denial-of-service condition.\n Impact Level: System/Application\";\ntag_affected = \"Address Book, Apache, CFNetwork, ColorSync, CoreAudio, CoreText, CoreUI\n curl, Data Security, dovecot, filecmds, ImageIO, Internet Sharing, Libinfo,\n libresolv, libsecurity, OpenGL, PHP, QuickTime, SquirrelMail, X11, Webmail,\n Tomcat, WebDAV Sharing.\";\ntag_insight = \"For more information on the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to Mac OS X 10.7.3 or\n Run Mac Updates and update the Security Update 2012-001\n For updates refer to http://support.apple.com/kb/HT1222\";\ntag_summary = \"This host is missing an important security update according to\n Mac OS X Update/Mac OS X Security Update 2012-001.\";\n\nif(description)\n{\n script_id(802392);\n script_version(\"$Revision: 6521 $\");\n script_cve_id(\"CVE-2011-3444\", \"CVE-2011-3348\", \"CVE-2011-3389\", \"CVE-2011-3246\",\n \"CVE-2011-3447\", \"CVE-2011-0200\", \"CVE-2011-3252\", \"CVE-2011-3448\",\n \"CVE-2011-3449\", \"CVE-2011-3450\", \"CVE-2011-2192\", \"CVE-2011-2895\",\n \"CVE-2011-3452\", \"CVE-2011-3441\", \"CVE-2011-3453\", \"CVE-2011-3422\",\n \"CVE-2011-3457\", \"CVE-2011-1148\", \"CVE-2011-1657\", \"CVE-2011-1938\",\n \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3189\",\n \"CVE-2011-3267\", \"CVE-2011-3268\", \"CVE-2011-3256\", \"CVE-2011-3328\",\n \"CVE-2011-3458\", \"CVE-2011-3248\", \"CVE-2011-3459\", \"CVE-2011-3250\",\n \"CVE-2011-3460\", \"CVE-2011-3249\", \"CVE-2010-1637\", \"CVE-2010-2813\",\n \"CVE-2010-4554\", \"CVE-2010-4555\", \"CVE-2011-2023\", \"CVE-2011-1752\",\n \"CVE-2011-1783\", \"CVE-2011-1921\", \"CVE-2011-3462\", \"CVE-2011-2204\",\n \"CVE-2011-3463\", \"CVE-2011-2937\", \"CVE-2011-0241\", \"CVE-2011-1167\");\n script_bugtraq_id(51810, 49616, 49778, 50115, 51813, 48416, 50065, 51817, 51812,\n 51815, 48434, 49124, 48833, 46951, 49744, 51819, 50641, 51807,\n 49429, 51808, 46843, 49252, 47950, 48259, 49241, 49249, 49376,\n 50155, 51809, 50400, 51811, 50401, 51814, 50404, 40291, 42399,\n 48648, 48091, 51818, 48456, 51816, 49229, 47820, 49303, 50092,\n 50112, 50091, 50099, 48007, 48566, 37118);\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-04 16:51:10 +0200 (Tue, 04 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-06 17:42:28 +0530 (Mon, 06 Feb 2012)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X Multiple Vulnerabilities (2012-001)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5130\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/47843/\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1026627\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2012/Feb/msg00001.html\");\n\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"pkg-lib-macosx.inc\");\n\n## Variables Initialization\nosName = \"\";\nosVer = NULL;\n\n## Get the OS name\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName){\n exit (0);\n}\n\n## Get the OS Version\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\n## Check for the Mac OS X and Mac OS X Server\nif(\"Mac OS X\" >< osName)\n{\n ## Check the affected OS versions\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n ## Check for the security update 2011.006\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2012.001\"))\n {\n security_message(0);\n exit(0);\n }\n }\n\n ## Check if OS is 10.7 through 10.7.2\n if(version_in_range(version:osVer, test_version:\"10.7\", test_version2:\"10.7.2\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:14", "bulletinFamily": "scanner", "description": "This host is missing an important security update according to\n Mac OS X Update/Mac OS X Security Update 2012-001.", "modified": "2019-03-19T00:00:00", "published": "2012-02-06T00:00:00", "id": "OPENVAS:1361412562310802392", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802392", "title": "Mac OS X Multiple Vulnerabilities (2012-001)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su12-001.nasl 14307 2019-03-19 10:09:27Z cfischer $\n#\n# Mac OS X Multiple Vulnerabilities (2012-001)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802392\");\n script_version(\"$Revision: 14307 $\");\n script_cve_id(\"CVE-2011-3444\", \"CVE-2011-3348\", \"CVE-2011-3389\", \"CVE-2011-3246\",\n \"CVE-2011-3447\", \"CVE-2011-0200\", \"CVE-2011-3252\", \"CVE-2011-3448\",\n \"CVE-2011-3449\", \"CVE-2011-3450\", \"CVE-2011-2192\", \"CVE-2011-2895\",\n \"CVE-2011-3452\", \"CVE-2011-3441\", \"CVE-2011-3453\", \"CVE-2011-3422\",\n \"CVE-2011-3457\", \"CVE-2011-1148\", \"CVE-2011-1657\", \"CVE-2011-1938\",\n \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3189\",\n \"CVE-2011-3267\", \"CVE-2011-3268\", \"CVE-2011-3256\", \"CVE-2011-3328\",\n \"CVE-2011-3458\", \"CVE-2011-3248\", \"CVE-2011-3459\", \"CVE-2011-3250\",\n \"CVE-2011-3460\", \"CVE-2011-3249\", \"CVE-2010-1637\", \"CVE-2010-2813\",\n \"CVE-2010-4554\", \"CVE-2010-4555\", \"CVE-2011-2023\", \"CVE-2011-1752\",\n \"CVE-2011-1783\", \"CVE-2011-1921\", \"CVE-2011-3462\", \"CVE-2011-2204\",\n \"CVE-2011-3463\", \"CVE-2011-2937\", \"CVE-2011-0241\", \"CVE-2011-1167\");\n script_bugtraq_id(51810, 49616, 49778, 50115, 51813, 48416, 50065, 51817, 51812,\n 51815, 48434, 49124, 48833, 46951, 49744, 51819, 50641, 51807,\n 49429, 51808, 46843, 49252, 47950, 48259, 49241, 49249, 49376,\n 50155, 51809, 50400, 51811, 50401, 51814, 50404, 40291, 42399,\n 48648, 48091, 51818, 48456, 51816, 49229, 47820, 49303, 50092,\n 50112, 50091, 50099, 48007, 48566, 37118);\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-06 17:42:28 +0530 (Mon, 06 Feb 2012)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X Multiple Vulnerabilities (2012-001)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5130\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47843/\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1026627\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2012/Feb/msg00001.html\");\n\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[67]\\.\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions or cause a denial-of-service condition.\");\n script_tag(name:\"affected\", value:\"Address Book, Apache, CFNetwork, ColorSync, CoreAudio, CoreText, CoreUI\n curl, Data Security, dovecot, filecmds, ImageIO, Internet Sharing, Libinfo,\n libresolv, libsecurity, OpenGL, PHP, QuickTime, SquirrelMail, X11, Webmail,\n Tomcat, WebDAV Sharing.\");\n script_tag(name:\"insight\", value:\"For more information on the vulnerabilities refer the reference section.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mac OS X 10.7.3 or\n Run Mac Updates and update the Security Update 2012-001\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Mac OS X Update/Mac OS X Security Update 2012-001.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT1222\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"pkg-lib-macosx.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName)\n{\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2012.001\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n\n if(version_in_range(version:osVer, test_version:\"10.7\", test_version2:\"10.7.2\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:00", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-06.", "modified": "2018-10-12T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:136141256231070769", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070769", "title": "Gentoo Security Advisory GLSA 201110-06 (php)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201110_06.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70769\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2006-7243\", \"CVE-2009-5016\", \"CVE-2010-1128\", \"CVE-2010-1129\", \"CVE-2010-1130\", \"CVE-2010-1860\", \"CVE-2010-1861\", \"CVE-2010-1862\", \"CVE-2010-1864\", \"CVE-2010-1866\", \"CVE-2010-1868\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\", \"CVE-2010-2093\", \"CVE-2010-2094\", \"CVE-2010-2097\", \"CVE-2010-2100\", \"CVE-2010-2101\", \"CVE-2010-2190\", \"CVE-2010-2191\", \"CVE-2010-2225\", \"CVE-2010-2484\", \"CVE-2010-2531\", \"CVE-2010-2950\", \"CVE-2010-3062\", \"CVE-2010-3063\", \"CVE-2010-3064\", \"CVE-2010-3065\", \"CVE-2010-3436\", \"CVE-2010-3709\", \"CVE-2010-3710\", \"CVE-2010-3870\", \"CVE-2010-4150\", \"CVE-2010-4409\", \"CVE-2010-4645\", \"CVE-2010-4697\", \"CVE-2010-4698\", \"CVE-2010-4699\", \"CVE-2010-4700\", \"CVE-2011-0420\", \"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-0752\", \"CVE-2011-0753\", \"CVE-2011-0755\", \"CVE-2011-1092\", \"CVE-2011-1148\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\", \"CVE-2011-1657\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3189\", \"CVE-2011-3267\", \"CVE-2011-3268\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:39 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-06 (php)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in PHP, the worst of which\n leading to remote execution of arbitrary code.\");\n script_tag(name:\"solution\", value:\"All PHP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-5.3.8'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-06\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=306939\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=332039\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=340807\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=350908\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=355399\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=358791\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=358975\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=369071\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=372745\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=373965\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=380261\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201110-06.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"dev-lang/php\", unaffected: make_list(\"ge 5.3.8\"), vulnerable: make_list(\"lt 5.3.8\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:51:09", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-06.", "modified": "2017-07-07T00:00:00", "published": "2012-02-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=70769", "id": "OPENVAS:70769", "title": "Gentoo Security Advisory GLSA 201110-06 (php)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were found in PHP, the worst of which\n leading to remote execution of arbitrary code.\";\ntag_solution = \"All PHP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-5.3.8'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-06\nhttp://bugs.gentoo.org/show_bug.cgi?id=306939\nhttp://bugs.gentoo.org/show_bug.cgi?id=332039\nhttp://bugs.gentoo.org/show_bug.cgi?id=340807\nhttp://bugs.gentoo.org/show_bug.cgi?id=350908\nhttp://bugs.gentoo.org/show_bug.cgi?id=355399\nhttp://bugs.gentoo.org/show_bug.cgi?id=358791\nhttp://bugs.gentoo.org/show_bug.cgi?id=358975\nhttp://bugs.gentoo.org/show_bug.cgi?id=369071\nhttp://bugs.gentoo.org/show_bug.cgi?id=372745\nhttp://bugs.gentoo.org/show_bug.cgi?id=373965\nhttp://bugs.gentoo.org/show_bug.cgi?id=380261\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201110-06.\";\n\n \n \nif(description)\n{\n script_id(70769);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2006-7243\", \"CVE-2009-5016\", \"CVE-2010-1128\", \"CVE-2010-1129\", \"CVE-2010-1130\", \"CVE-2010-1860\", \"CVE-2010-1861\", \"CVE-2010-1862\", \"CVE-2010-1864\", \"CVE-2010-1866\", \"CVE-2010-1868\", \"CVE-2010-1914\", \"CVE-2010-1915\", \"CVE-2010-1917\", \"CVE-2010-2093\", \"CVE-2010-2094\", \"CVE-2010-2097\", \"CVE-2010-2100\", \"CVE-2010-2101\", \"CVE-2010-2190\", \"CVE-2010-2191\", \"CVE-2010-2225\", \"CVE-2010-2484\", \"CVE-2010-2531\", \"CVE-2010-2950\", \"CVE-2010-3062\", \"CVE-2010-3063\", \"CVE-2010-3064\", \"CVE-2010-3065\", \"CVE-2010-3436\", \"CVE-2010-3709\", \"CVE-2010-3710\", \"CVE-2010-3870\", \"CVE-2010-4150\", \"CVE-2010-4409\", \"CVE-2010-4645\", \"CVE-2010-4697\", \"CVE-2010-4698\", \"CVE-2010-4699\", \"CVE-2010-4700\", \"CVE-2011-0420\", \"CVE-2011-0421\", \"CVE-2011-0708\", \"CVE-2011-0752\", \"CVE-2011-0753\", \"CVE-2011-0755\", \"CVE-2011-1092\", \"CVE-2011-1148\", \"CVE-2011-1153\", \"CVE-2011-1464\", \"CVE-2011-1466\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1471\", \"CVE-2011-1657\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3189\", \"CVE-2011-3267\", \"CVE-2011-3268\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:39 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-06 (php)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"dev-lang/php\", unaffected: make_list(\"ge 5.3.8\"), vulnerable: make_list(\"lt 5.3.8\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:44", "bulletinFamily": "software", "description": "Memory corruptions in different functions.", "modified": "2011-10-12T00:00:00", "published": "2011-10-12T00:00:00", "id": "SECURITYVULNS:VULN:11967", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11967", "title": "PHP multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:43", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001\r\n\r\nOS X Lion v10.7.3 and Security Update 2012-001 is now available and\r\naddresses the following:\r\n\r\nAddress Book\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: An attacker in a privileged network position may intercept\r\nCardDAV data\r\nDescription: Address Book supports Secure Sockets Layer (SSL) for\r\naccessing CardDAV. A downgrade issue caused Address Book to attempt\r\nan unencrypted connection if an encrypted connection failed. An\r\nattacker in a privileged network position could abuse this behavior\r\nto intercept CardDAV data. This issue is addressed by not downgrading\r\nto an unencrypted connection without user approval.\r\nCVE-ID\r\nCVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation\r\n\r\nApache\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Multiple vulnerabilities in Apache\r\nDescription: Apache is updated to version 2.2.21 to address several\r\nvulnerabilities, the most serious of which may lead to a denial of\r\nservice. Further information is available via the Apache web site at\r\nhttp://httpd.apache.org/\r\nCVE-ID\r\nCVE-2011-3348\r\n\r\nApache\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There are known attacks on the confidentiality of SSL\r\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode.\r\nApache disabled the 'empty fragment' countermeasure which prevented\r\nthese attacks. This issue is addressed by providing a configuration\r\nparameter to control the countermeasure and enabling it by default.\r\nCVE-ID\r\nCVE-2011-3389\r\n\r\nCFNetwork\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of malformed\r\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\r\nthe request to an incorrect origin server. This issue does not affect\r\nsystems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3246 : Erling Ellingsen of Facebook\r\n\r\nCFNetwork\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of malformed\r\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\r\nunexpected request headers. This issue does not affect systems prior\r\nto OS X Lion.\r\nCVE-ID\r\nCVE-2011-3447 : Erling Ellingsen of Facebook\r\n\r\nColorSync\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted image with an embedded\r\nColorSync profile may lead to an unexpected application termination\r\nor arbitrary code execution\r\nDescription: An integer overflow existed in the handling of images\r\nwith an embedded ColorSync profile, which may lead to a heap buffer\r\noverflow. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-0200 : binaryproof working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreAudio\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Playing maliciously crafted audio content may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of AAC\r\nencoded audio streams. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreMedia\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in CoreMedia's handling\r\nof H.264 encoded movie files.\r\nCVE-ID\r\nCVE-2011-3448 : Scott Stender of iSEC Partners\r\n\r\nCoreText\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing or downloading a document containing a maliciously\r\ncrafted embedded font may lead to an unexpected application\r\ntermination or arbitrary code execution\r\nDescription: A use after free issue existed in the handling of font\r\nfiles.\r\nCVE-ID\r\nCVE-2011-3449 : Will Dormann of the CERT/CC\r\n\r\nCoreUI\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Visiting a malicious website may lead to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: An unbounded stack allocation issue existed in the\r\nhandling of long URLs. This issue does not affect systems prior to OS\r\nX Lion.\r\nCVE-ID\r\nCVE-2011-3450 : Ben Syverson\r\n\r\ncurl\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: A remote server may be able to impersonate clients via\r\nGSSAPI requests\r\nDescription: When doing GSSAPI authentication, libcurl\r\nunconditionally performs credential delegation. This issue is\r\naddressed by disabling GSSAPI credential delegation.\r\nCVE-ID\r\nCVE-2011-2192\r\n\r\nData Security\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials or other sensitive information\r\nDescription: Two certificate authorities in the list of trusted root\r\ncertificates have independently issued intermediate certificates to\r\nDigiCert Malaysia. DigiCert Malaysia has issued certificates with\r\nweak keys that it is unable to revoke. An attacker with a privileged\r\nnetwork position could intercept user credentials or other sensitive\r\ninformation intended for a site with a certificate issued by DigiCert\r\nMalaysia. This issue is addressed by configuring default system trust\r\nsettings so that DigiCert Malaysia's certificates are not trusted. We\r\nwould like to acknowledge Bruce Morton of Entrust, Inc. for reporting\r\nthis issue.\r\n\r\ndovecot\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There are known attacks on the confidentiality of SSL\r\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode.\r\nDovecot disabled the 'empty fragment' countermeasure which prevented\r\nthese attacks. This issue is addressed by enabling the\r\ncountermeasure.\r\nCVE-ID\r\nCVE-2011-3389 : Apple\r\n\r\nfilecmds\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Decompressing a maliciously crafted compressed file may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the 'uncompress' command\r\nline tool.\r\nCVE-ID\r\nCVE-2011-2895\r\n\r\nImageIO\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted TIFF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in ImageIO's handling of\r\nCCITT Group 4 encoded TIFF files. This issue does not affect OS X\r\nLion systems.\r\nCVE-ID\r\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\r\n\r\nImageIO\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted TIFF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in libtiff's handling of\r\nThunderScan encoded TIFF images. This issue is address by updating\r\nlibtiff to version 3.9.5.\r\nCVE-ID\r\nCVE-2011-1167\r\n\r\nImageIO\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Multiple vulnerabilities in libpng 1.5.4\r\nDescription: libpng is updated to version 1.5.5 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-3328\r\n\r\nInternet Sharing\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: A Wi-Fi network created by Internet Sharing may lose\r\nsecurity settings after a system update\r\nDescription: After updating to a version of OS X Lion prior to\r\n10.7.3, the Wi-Fi configuration used by Internet Sharing may revert\r\nto factory defaults, which disables the WEP password. This issue only\r\naffects systems with Internet Sharing enabled and sharing the\r\nconnection to Wi-Fi. This issue is addressed by preserving the Wi-Fi\r\nconfiguration during a system update.\r\nCVE-ID\r\nCVE-2011-3452 : an anonymous researcher\r\n\r\nLibinfo\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in Libinfo's handling of hostname\r\nlookup requests. Libinfo could return incorrect results for a\r\nmaliciously crafted hostname. This issue does not affect systems\r\nprior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3441 : Erling Ellingsen of Facebook\r\n\r\nlibresolv\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Applications that use OS X's libresolv library may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer overflow existed in the parsing of DNS\r\nresource records, which may lead to heap memory corruption.\r\nCVE-ID\r\nCVE-2011-3453 : Ilja van Sprundel of IOActive\r\n\r\nlibsecurity\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Some EV certificates may be trusted even if the\r\ncorresponding root has been marked as untrusted\r\nDescription: The certificate code trusted a root certificate to sign\r\nEV certificates if it was on the list of known EV issuers, even if\r\nthe user had marked it as 'Never Trust' in Keychain. The root would\r\nnot be trusted to sign non-EV certificates.\r\nCVE-ID\r\nCVE-2011-3422 : Alastair Houghton\r\n\r\nOpenGL\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Applications that use OS X's OpenGL implementation may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of GLSL compilation.\r\nCVE-ID\r\nCVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and\r\nMarc Schoenefeld of the Red Hat Security Response Team\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Multiple vulnerabilities in PHP 5.3.6\r\nDescription: PHP is updated to version 5.3.8 to address several\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the PHP web site at\r\nhttp://www.php.net\r\nCVE-ID\r\nCVE-2011-1148\r\nCVE-2011-1657\r\nCVE-2011-1938\r\nCVE-2011-2202\r\nCVE-2011-2483\r\nCVE-2011-3182\r\nCVE-2011-3189\r\nCVE-2011-3267\r\nCVE-2011-3268\r\n\r\nPHP\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in FreeType's\r\nhandling of Type 1 fonts. This issue is addressed by updating\r\nFreeType to version 2.4.7. Further information is available via the\r\nFreeType site at http://www.freetype.org/\r\nCVE-ID\r\nCVE-2011-3256 : Apple\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Multiple vulnerabilities in libpng 1.5.4\r\nDescription: libpng is updated to version 1.5.5 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-3328\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Opening a maliciously crafted MP4 encoded file may lead to\r\nan unexpected application termination or arbitrary code execution\r\nDescription: An uninitialized memory access issue existed in the\r\nhandling of MP4 encoded files.\r\nCVE-ID\r\nCVE-2011-3458 : Luigi Auriemma and pa_kt both working with\r\nTippingPoint's Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A signedness issue existed in the handling of font\r\ntables embedded in QuickTime movie files.\r\nCVE-ID\r\nCVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An off by one buffer overflow existed in the handling\r\nof rdrf atoms in QuickTime movie files.\r\nCVE-ID\r\nCVE-2011-3459 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted JPEG2000 image file may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of JPEG2000\r\nfiles.\r\nCVE-ID\r\nCVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Processing a maliciously crafted PNG image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of PNG files.\r\nCVE-ID\r\nCVE-2011-3460 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of FLC\r\nencoded movie files\r\nCVE-ID\r\nCVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nSquirrelMail\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in SquirrelMail\r\nDescription: SquirrelMail is updated to version 1.4.22 to address\r\nseveral vulnerabilities, the most serious of which is a cross-site\r\nscripting issue. This issue does not affect OS X Lion systems.\r\nFurther information is available via the SquirrelMail web site at\r\nhttp://www.SquirrelMail.org/\r\nCVE-ID\r\nCVE-2010-1637\r\nCVE-2010-2813\r\nCVE-2010-4554\r\nCVE-2010-4555\r\nCVE-2011-2023\r\n\r\nSubversion\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Accessing a Subversion repository may lead to the disclosure\r\nof sensitive information\r\nDescription: Subversion is updated to version 1.6.17 to address\r\nmultiple vulnerabilities, the most serious of which may lead to the\r\ndisclosure of sensitive information. Further information is available\r\nvia the Subversion web site at http://subversion.tigris.org/\r\nCVE-ID\r\nCVE-2011-1752\r\nCVE-2011-1783\r\nCVE-2011-1921\r\n\r\nTime Machine\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: A remote attacker may access new backups created by the\r\nuser's system\r\nDescription: The user may designate a remote AFP volume or Time\r\nCapsule to be used for Time Machine backups. Time Machine did not\r\nverify that the same device was being used for subsequent backup\r\noperations. An attacker who is able to spoof the remote volume could\r\ngain access to new backups created by the user's system. This issue\r\nis addressed by verifying the unique identifier associated with a\r\ndisk for backup operations.\r\nCVE-ID\r\nCVE-2011-3462 : Michael Roitzsch of the Technische Universitat\r\nDresden\r\n\r\nTomcat\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in Tomcat 6.0.32\r\nDescription: Tomcat is updated to version 6.0.33 to address multiple\r\nvulnerabilities, the most serious of which may lead to the disclosure\r\nof sensitive information. Tomcat is only provided on Mac OS X Server\r\nsystems. This issue does not affect OS X Lion systems. Further\r\ninformation is available via the Tomcat site at\r\nhttp://tomcat.apache.org/\r\nCVE-ID\r\nCVE-2011-2204\r\n\r\nWebDAV Sharing\r\nAvailable for: OS X Lion Server v10.7 to v10.7.2\r\nImpact: Local users may obtain system privileges\r\nDescription: An issue existed in WebDAV Sharing's handling of user\r\nauthentication. A user with a valid account on the server or one of\r\nits bound directories could cause the execution of arbitrary code\r\nwith system privileges. This issue does not affect systems prior to\r\nOS X Lion.\r\nCVE-ID\r\nCVE-2011-3463 : Gordon Davisson of Crywolf\r\n\r\nWebmail\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted e-mail message may lead to the\r\ndisclosure of message content\r\nDescription: A cross-site scripting vulnerability existed in the\r\nhandling of mail messages. This issue is addressed by updating\r\nRoundcube Webmail to version 0.6. This issue does not affect systems\r\nprior to OS X Lion. Further information is available via the\r\nRoundcube site at http://trac.roundcube.net/\r\nCVE-ID\r\nCVE-2011-2937\r\n\r\nX11\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in FreeType's\r\nhandling of Type 1 fonts. This issue is addressed by updating\r\nFreeType to version 2.4.7. Further information is available via the\r\nFreeType site at http://www.freetype.org/\r\nCVE-ID\r\nCVE-2011-3256 : Apple\r\n\r\nOS X Lion v10.7.3 and Security Update 2012-001 may be obtained from\r\nthe Software Update pane in System Preferences, or Apple's Software\r\nDownloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nThe Software Update utility will present the update that applies\r\nto your system configuration. Only one is needed, either\r\nSecurity Update 2021-001 or OS X v10.7.3.\r\n\r\nFor OS X Lion v10.7.2\r\nThe download file is named: MacOSXUpd10.7.3.dmg\r\nIts SHA-1 digest is: 7102fe8f9f47286c45dfa35f6e84e7f730493a7c\r\n\r\nFor OS X Lion v10.7 and v10.7.1\r\nThe download file is named: MacOSXUpdCombo10.7.3.dmg\r\nIts SHA-1 digest is: 07dfce300f6801eb63d9ac13e0bec84e1862a16c\r\n\r\nFor OS X Lion Server v10.7.2\r\nThe download file is named: MacOSXServerUpd10.7.3.dmg\r\nIts SHA-1 digest is: 55a9571635d4ec088c142d68132d0d69fcb8867d\r\n\r\nFor OS X Lion Server v10.7 and v10.7.1\r\nThe download file is named: MacOSXServerUpdCombo10.7.3.dmg\r\nIts SHA-1 digest is: 2c87824f09734499ea166ea0617a3ac21ecf832b\r\n\r\nFor Mac OS X v10.6.8\r\nThe download file is named: SecUpd2012-001Snow.dmg\r\nIts SHA-1 digest is: 40875ee8cb609bbaefc8f421a9c34cc353db42b8\r\n\r\nFor Mac OS X Server v10.6.8\r\nThe download file is named: SecUpdSrvr2012-001.dmg\r\nIts SHA-1 digest is: 53b3ca5548001a9920aeabed4a034c6e4657fe20\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJPKYxNAAoJEGnF2JsdZQeeLiIIAMLhH2ipDFrhCsw/n4VDeF1V\r\nP6jSkGXC9tBBVMvw1Xq4c2ok4SI34bDfMlURAVR+dde/h6nIZR24aLQVoDLjJuIp\r\nRrO2dm1nQeozLJSx2NbxhVh54BucJdKp4xS1GkDNxkqcdh04RE9hRURXdKagnfGy\r\n9P8QQPOQmKAiWos/LYhCPDInMfrpVNvEVwP8MCDP15g6hylN4De/Oyt7ZshPshSf\r\nMnAFObfBTGX5KioVqTyfdlBkKUfdXHJux61QEFHn8eadX6+/6IuKbUvK9B0icc8E\r\npvbjOxQatFRps0KNWeIsKQc5i6iQoJhocAiIy6Y6LCuZQuSXCImY2RWXkVYzbWo=\r\n=c1eU\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2012-02-03T00:00:00", "published": "2012-02-03T00:00:00", "id": "SECURITYVULNS:DOC:27600", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27600", "title": "APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "description": "Graphics, Video, Audio and documents parsing vulnerabilities. Information leakage, code execution via DNS resolver. Privilege escalation. Vulnerabilities in 3rd party packages.", "modified": "2012-02-03T00:00:00", "published": "2012-02-03T00:00:00", "id": "SECURITYVULNS:VULN:12164", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12164", "title": "Apple OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 201110-06\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: High\r\n Title: PHP: Multiple vulnerabilities\r\n Date: October 10, 2011\r\n Bugs: #306939, #332039, #340807, #350908, #355399, #358791,\r\n #358975, #369071, #372745, #373965, #380261\r\n ID: 201110-06\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nMultiple vulnerabilities were found in PHP, the worst of which leading\r\nto remote execution of arbitrary code.\r\n\r\nBackground\r\n==========\r\n\r\nPHP is a widely-used general-purpose scripting language that is\r\nespecially suited for Web development and can be embedded into HTML.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 dev-lang/php < 5.3.8 >= 5.3.8\r\n\r\nDescription\r\n===========\r\n\r\nMultiple vulnerabilities have been discovered in PHP. Please review the\r\nCVE identifiers referenced below for details.\r\n\r\nImpact\r\n======\r\n\r\nA context-dependent attacker could execute arbitrary code, obtain\r\nsensitive information from process memory, bypass intended access\r\nrestrictions, or cause a Denial of Service in various ways.\r\n\r\nA remote attacker could cause a Denial of Service in various ways,\r\nbypass spam detections, or bypass open_basedir restrictions.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll PHP users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.8"\r\n\r\nReferences\r\n==========\r\n\r\n[ 1 ] CVE-2006-7243\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7243\r\n[ 2 ] CVE-2009-5016\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5016\r\n[ 3 ] CVE-2010-1128\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1128\r\n[ 4 ] CVE-2010-1129\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1129\r\n[ 5 ] CVE-2010-1130\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1130\r\n[ 6 ] CVE-2010-1860\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1860\r\n[ 7 ] CVE-2010-1861\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1861\r\n[ 8 ] CVE-2010-1862\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1862\r\n[ 9 ] CVE-2010-1864\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1864\r\n[ 10 ] CVE-2010-1866\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1866\r\n[ 11 ] CVE-2010-1868\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1868\r\n[ 12 ] CVE-2010-1914\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1914\r\n[ 13 ] CVE-2010-1915\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1915\r\n[ 14 ] CVE-2010-1917\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1917\r\n[ 15 ] CVE-2010-2093\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2093\r\n[ 16 ] CVE-2010-2094\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2094\r\n[ 17 ] CVE-2010-2097\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2097\r\n[ 18 ] CVE-2010-2100\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2100\r\n[ 19 ] CVE-2010-2101\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2101\r\n[ 20 ] CVE-2010-2190\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2190\r\n[ 21 ] CVE-2010-2191\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2191\r\n[ 22 ] CVE-2010-2225\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2225\r\n[ 23 ] CVE-2010-2484\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2484\r\n[ 24 ] CVE-2010-2531\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2531\r\n[ 25 ] CVE-2010-2950\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2950\r\n[ 26 ] CVE-2010-3062\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3062\r\n[ 27 ] CVE-2010-3063\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3063\r\n[ 28 ] CVE-2010-3064\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3064\r\n[ 29 ] CVE-2010-3065\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3065\r\n[ 30 ] CVE-2010-3436\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3436\r\n[ 31 ] CVE-2010-3709\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709\r\n[ 32 ] CVE-2010-3709\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709\r\n[ 33 ] CVE-2010-3710\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710\r\n[ 34 ] CVE-2010-3710\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710\r\n[ 35 ] CVE-2010-3870\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3870\r\n[ 36 ] CVE-2010-4150\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4150\r\n[ 37 ] CVE-2010-4409\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4409\r\n[ 38 ] CVE-2010-4645\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4645\r\n[ 39 ] CVE-2010-4697\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4697\r\n[ 40 ] CVE-2010-4698\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4698\r\n[ 41 ] CVE-2010-4699\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4699\r\n[ 42 ] CVE-2010-4700\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4700\r\n[ 43 ] CVE-2011-0420\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0420\r\n[ 44 ] CVE-2011-0421\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0421\r\n[ 45 ] CVE-2011-0708\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0708\r\n[ 46 ] CVE-2011-0752\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0752\r\n[ 47 ] CVE-2011-0753\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0753\r\n[ 48 ] CVE-2011-0755\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0755\r\n[ 49 ] CVE-2011-1092\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1092\r\n[ 50 ] CVE-2011-1148\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1148\r\n[ 51 ] CVE-2011-1153\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1153\r\n[ 52 ] CVE-2011-1464\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1464\r\n[ 53 ] CVE-2011-1466\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1466\r\n[ 54 ] CVE-2011-1467\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1467\r\n[ 55 ] CVE-2011-1468\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1468\r\n[ 56 ] CVE-2011-1469\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1469\r\n[ 57 ] CVE-2011-1470\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1470\r\n[ 58 ] CVE-2011-1471\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1471\r\n[ 59 ] CVE-2011-1657\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1657\r\n[ 60 ] CVE-2011-1938\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1938\r\n[ 61 ] CVE-2011-2202\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2202\r\n[ 62 ] CVE-2011-2483\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2483\r\n[ 63 ] CVE-2011-3182\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3182\r\n[ 64 ] CVE-2011-3189\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3189\r\n[ 65 ] CVE-2011-3267\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3267\r\n[ 66 ] CVE-2011-3268\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3268\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-201110-06.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users' machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttps://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2011 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5\r\n", "modified": "2011-10-12T00:00:00", "published": "2011-10-12T00:00:00", "id": "SECURITYVULNS:DOC:27147", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27147", "title": "[ GLSA 201110-06 ] PHP: Multiple vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:42", "bulletinFamily": "unix", "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker could execute arbitrary code, obtain sensitive information from process memory, bypass intended access restrictions, or cause a Denial of Service in various ways. \n\nA remote attacker could cause a Denial of Service in various ways, bypass spam detections, or bypass open_basedir restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PHP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/php-5.3.8\"", "modified": "2011-10-10T00:00:00", "published": "2011-10-10T00:00:00", "id": "GLSA-201110-06", "href": "https://security.gentoo.org/glsa/201110-06", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}