{"id": "OPENVAS:1361412562310120222", "type": "openvas", "bulletinFamily": "scanner", "title": "Amazon Linux: Security Advisory (ALAS-2015-536)", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "published": "2015-09-08T00:00:00", "modified": "2020-03-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120222", "reporter": "Copyright (C) 2015 Eero Volotinen", "references": ["https://alas.aws.amazon.com/ALAS-2015-536.html"], "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "lastseen": "2020-03-17T22:58:41", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2015-534", "ALAS-2015-535", "ALAS-2015-536", "ALAS-2015-562", "ALAS-2015-563"]}, {"type": "centos", "idList": ["CESA-2015:1135", "CESA-2015:1218"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-0690", "CPAI-2015-0775", "CPAI-2015-0869"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}, {"type": "cve", "idList": ["CVE-2015-2325", "CVE-2015-2326", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4643"]}, {"type": "debian", "idList": ["DEBIAN:DLA-307-1:2C3AB", "DEBIAN:DSA-3280-1:3B96E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-2325", "DEBIANCVE:CVE-2015-2326"]}, {"type": "f5", "idList": ["F5:K16826", "F5:K16983", "F5:K16993", "F5:K80285422", "SOL16764", "SOL16826", "SOL16983", "SOL16984", "SOL16993", "SOL17070", "SOL80285422"]}, {"type": "fedora", "idList": ["FEDORA:2E68F60906AD", "FEDORA:8FC086090BCB", "FEDORA:E6D8C600FD68"]}, {"type": "freebsd", "idList": ["31DE2E13-00D2-11E5-A072-D050996490D0", "4A88E3ED-00D3-11E5-A072-D050996490D0"]}, {"type": "gentoo", "idList": ["GLSA-201606-10"]}, {"type": "hackerone", "idList": ["H1:104027", "H1:73240"]}, {"type": "ibm", "idList": ["257FE3C03DF1EAAF4C91B06A98D64FF55D1CBD8F44963992BA87CE378431E9ED", "5F468E7095FD7CDC6ACB31C903D40522F03AE2C875C15B90AB7E04C796279517", "95197CBE86632E54219C0C8A24673D63826A01DE30AD9A4149DAC0247F5B9DBC", "F517D4971D3B7090FE87DD49D6C7AD2F2DC35A7C2F0FB205EA7ADD9BC7BF68A7"]}, {"type": "mageia", "idList": ["MGASA-2015-0231"]}, {"type": "nessus", "idList": ["8785.PRM", "8786.PRM", "8787.PRM", "8981.PRM", "ALA_ALAS-2015-534.NASL", "ALA_ALAS-2015-535.NASL", "ALA_ALAS-2015-536.NASL", "ALA_ALAS-2015-562.NASL", "ALA_ALAS-2015-563.NASL", "CENTOS_RHSA-2015-1135.NASL", "CENTOS_RHSA-2015-1218.NASL", "DEBIAN_DLA-307.NASL", "DEBIAN_DSA-3280.NASL", "EULEROS_SA-2019-1543.NASL", "EULEROS_SA-2019-1544.NASL", "F5_BIGIP_SOL16826.NASL", "F5_BIGIP_SOL16983.NASL", "F5_BIGIP_SOL16993.NASL", "FEDORA_2015-8281.NASL", "FEDORA_2015-8370.NASL", "FEDORA_2015-8383.NASL", "FREEBSD_PKG_31DE2E1300D211E5A072D050996490D0.NASL", "FREEBSD_PKG_4A88E3ED00D311E5A072D050996490D0.NASL", "GENTOO_GLSA-201606-10.NASL", "HPSMH_7_5_4.NASL", "MACOSX_10_10_5.NASL", "MACOSX_SECUPD2015-006.NASL", "OPENSUSE-2015-353.NASL", "OPENSUSE-2015-396.NASL", "OPENSUSE-2015-479.NASL", "OPENSUSE-2016-1448.NASL", "ORACLELINUX_ELSA-2015-1135.NASL", "ORACLELINUX_ELSA-2015-1218.NASL", "PFSENSE_SA-15_06.NASL", "PHP_5_4_41.NASL", "PHP_5_4_42.NASL", "PHP_5_5_25.NASL", "PHP_5_5_26.NASL", "PHP_5_6_10.NASL", "PHP_5_6_9.NASL", "REDHAT-RHSA-2015-1135.NASL", "REDHAT-RHSA-2015-1218.NASL", "SECURITYCENTER_PHP_5_4_41.NASL", "SLACKWARE_SSA_2015-162-02.NASL", "SLACKWARE_SSA_2015-198-02.NASL", "SL_20150623_PHP_ON_SL7_X.NASL", "SL_20150709_PHP_ON_SL6_X.NASL", "SUSE_SU-2015-1018-1.NASL", "SUSE_SU-2015-1253-1.NASL", "SUSE_SU-2015-1273-1.NASL", "SUSE_SU-2016-1638-1.NASL", "SUSE_SU-2016-2971-1.NASL", "SUSE_SU-2016-3161-1.NASL", "UBUNTU_USN-2658-1.NASL", "UBUNTU_USN-2694-1.NASL", "UBUNTU_USN-2943-1.NASL", "WEB_APPLICATION_SCANNING_98802", "WEB_APPLICATION_SCANNING_98832"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105367", "OPENVAS:1361412562310120107", "OPENVAS:1361412562310120108", "OPENVAS:1361412562310120224", "OPENVAS:1361412562310120225", "OPENVAS:1361412562310122867", "OPENVAS:1361412562310122871", "OPENVAS:1361412562310123083", "OPENVAS:1361412562310123097", "OPENVAS:1361412562310703280", "OPENVAS:1361412562310805655", "OPENVAS:1361412562310805660", "OPENVAS:1361412562310842265", "OPENVAS:1361412562310842393", "OPENVAS:1361412562310842704", "OPENVAS:1361412562310850663", "OPENVAS:1361412562310850932", "OPENVAS:1361412562310869423", "OPENVAS:1361412562310869430", "OPENVAS:1361412562310869623", "OPENVAS:1361412562310871379", "OPENVAS:1361412562310871388", "OPENVAS:1361412562310882203", "OPENVAS:1361412562310882219", "OPENVAS:1361412562311220191543", "OPENVAS:1361412562311220191544", "OPENVAS:703280"]}, {"type": "openwrt", "idList": ["OPENWRT-SA-000002"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1135", "ELSA-2015-1186", "ELSA-2015-1218", "ELSA-2015-1219"]}, {"type": "osv", "idList": ["OSV:DLA-307-1", "OSV:DSA-3280-1"]}, {"type": "redhat", "idList": ["RHSA-2015:1135", "RHSA-2015:1186", "RHSA-2015:1187", "RHSA-2015:1218", "RHSA-2015:1219", "RHSA-2016:2750"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32196", "SECURITYVULNS:DOC:32315", "SECURITYVULNS:DOC:32379", "SECURITYVULNS:DOC:32390", "SECURITYVULNS:VULN:14528", "SECURITYVULNS:VULN:14580", "SECURITYVULNS:VULN:14615", "SECURITYVULNS:VULN:14630"]}, {"type": "slackware", "idList": ["SSA-2015-162-02", "SSA-2015-198-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1216-1", "SUSE-SU-2015:1253-1", "SUSE-SU-2015:1253-2", "SUSE-SU-2015:1273-1", "SUSE-SU-2016:1638-1", "SUSE-SU-2017:2699-1", "SUSE-SU-2017:2700-1"]}, {"type": "ubuntu", "idList": ["USN-2658-1", "USN-2694-1", "USN-2943-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-2325", "UB:CVE-2015-2326", "UB:CVE-2015-2327", "UB:CVE-2015-3210", "UB:CVE-2015-4021", "UB:CVE-2015-4022", "UB:CVE-2015-4024", "UB:CVE-2015-4025", "UB:CVE-2015-4026", "UB:CVE-2015-4643", "UB:CVE-2015-5073", "UB:CVE-2015-8384", "UB:CVE-2015-8388"]}]}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2015-534"]}, {"type": "centos", "idList": ["CESA-2015:1135", "CESA-2015:1218"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-0869"]}, {"type": "cve", "idList": ["CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3280-1:3B96E"]}, {"type": "f5", "idList": ["F5:K16983", "SOL16983", "SOL16984"]}, {"type": "fedora", "idList": ["FEDORA:2E68F60906AD"]}, {"type": "freebsd", "idList": ["4A88E3ED-00D3-11E5-A072-D050996490D0"]}, {"type": "gentoo", "idList": ["GLSA-201606-10"]}, {"type": "hackerone", "idList": ["H1:104027"]}, {"type": "ibm", "idList": ["5F468E7095FD7CDC6ACB31C903D40522F03AE2C875C15B90AB7E04C796279517"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/AIX-7.1.4-BIND_ADVISORY14_CVE-2016-8864/", "MSF:ILITIES/PHP-CVE-2015-4025/"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_4A88E3ED00D311E5A072D050996490D0.NASL", "PHP_5_4_41.NASL", "SECURITYCENTER_PHP_5_4_41.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120225", "OPENVAS:1361412562310123083", "OPENVAS:1361412562310123097"]}, {"type": "openwrt", "idList": ["OPENWRT-SA-000002"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1218"]}, {"type": "redhat", "idList": ["RHSA-2015:1187", "RHSA-2015:1219"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14580"]}, {"type": "slackware", "idList": ["SSA-2015-198-02"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1253-1"]}, {"type": "ubuntu", "idList": ["USN-2658-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-4021"]}]}, "exploitation": null, "vulnersScore": 0.5}, "pluginID": "1361412562310120222", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120222\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:20:42 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-536)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in PHP. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update php56 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-536.html\");\n script_cve_id(\"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4025\", \"CVE-2015-4024\", \"CVE-2015-4026\", \"CVE-2015-2325\", \"CVE-2015-2326\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php56-ldap\", rpm:\"php56-ldap~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-bcmath\", rpm:\"php56-bcmath~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-cli\", rpm:\"php56-cli~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-intl\", rpm:\"php56-intl~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-devel\", rpm:\"php56-devel~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-common\", rpm:\"php56-common~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-imap\", rpm:\"php56-imap~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-gd\", rpm:\"php56-gd~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mysqlnd\", rpm:\"php56-mysqlnd~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mssql\", rpm:\"php56-mssql~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-enchant\", rpm:\"php56-enchant~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-debuginfo\", rpm:\"php56-debuginfo~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-process\", rpm:\"php56-process~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-fpm\", rpm:\"php56-fpm~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pdo\", rpm:\"php56-pdo~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-odbc\", rpm:\"php56-odbc~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-xml\", rpm:\"php56-xml~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mcrypt\", rpm:\"php56-mcrypt~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-recode\", rpm:\"php56-recode~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-dba\", rpm:\"php56-dba~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-xmlrpc\", rpm:\"php56-xmlrpc~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pgsql\", rpm:\"php56-pgsql~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mbstring\", rpm:\"php56-mbstring~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pspell\", rpm:\"php56-pspell~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56\", rpm:\"php56~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-embedded\", rpm:\"php56-embedded~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-gmp\", rpm:\"php56-gmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-soap\", rpm:\"php56-soap~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-opcache\", rpm:\"php56-opcache~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-tidy\", rpm:\"php56-tidy~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-snmp\", rpm:\"php56-snmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-dbg\", rpm:\"php56-dbg~5.6.9~1.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "naslFamily": "Amazon Linux Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1659994789, "score": 1659905969}, "_internal": {"score_hash": "f49ca5178b218eb387a45b9602c6a317"}}
{"openvas": [{"lastseen": "2020-03-17T22:59:47", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-534)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120224", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120224", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120224\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:20:48 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-534)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in PHP. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update php54 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-534.html\");\n script_cve_id(\"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4025\", \"CVE-2015-4024\", \"CVE-2015-4026\", \"CVE-2015-2325\", \"CVE-2015-2326\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php54-enchant\", rpm:\"php54-enchant~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mssql\", rpm:\"php54-mssql~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mbstring\", rpm:\"php54-mbstring~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-pdo\", rpm:\"php54-pdo~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-gd\", rpm:\"php54-gd~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-pgsql\", rpm:\"php54-pgsql~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mysql\", rpm:\"php54-mysql~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-odbc\", rpm:\"php54-odbc~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-soap\", rpm:\"php54-soap~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-embedded\", rpm:\"php54-embedded~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-imap\", rpm:\"php54-imap~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-bcmath\", rpm:\"php54-bcmath~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-process\", rpm:\"php54-process~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-recode\", rpm:\"php54-recode~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mysqlnd\", rpm:\"php54-mysqlnd~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-fpm\", rpm:\"php54-fpm~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-xmlrpc\", rpm:\"php54-xmlrpc~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mcrypt\", rpm:\"php54-mcrypt~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-snmp\", rpm:\"php54-snmp~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-tidy\", rpm:\"php54-tidy~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-cli\", rpm:\"php54-cli~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-intl\", rpm:\"php54-intl~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-dba\", rpm:\"php54-dba~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-debuginfo\", rpm:\"php54-debuginfo~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-ldap\", rpm:\"php54-ldap~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-xml\", rpm:\"php54-xml~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-pspell\", rpm:\"php54-pspell~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-devel\", rpm:\"php54-devel~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-common\", rpm:\"php54-common~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54\", rpm:\"php54~5.4.41~1.69.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:05", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2015-06-16T00:00:00", "type": "openvas", "title": "PHP Multiple Vulnerabilities - 02 - Jun15 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310805655", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805655", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln02_june15_win.nasl 2015-06-16 18:45:49 Jun$\n#\n# PHP Multiple Vulnerabilities - 02 - Jun15 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805655\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-4026\", \"CVE-2015-4025\", \"CVE-2015-4024\", \"CVE-2015-4022\",\n \"CVE-2015-4021\");\n script_bugtraq_id(75056, 74904, 74903, 74902, 74700);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-16 18:45:49 +0530 (Tue, 16 Jun 2015)\");\n script_name(\"PHP Multiple Vulnerabilities - 02 - Jun15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Algorithmic complexity vulnerability in the 'multipart_buffer_headers'\n function in main/rfc1867.c script in PHP.\n\n - 'pcntl_exec' implementation in PHP truncates a pathname upon encountering a\n \\x00 character.\n\n - Integer overflow in the 'ftp_genlist' function in ext/ftp/ftp.c script in PHP.\n\n - The 'phar_parse_tarfile' function in ext/phar/tar.c script in PHP does not\n verify that the first character of a filename is different from the\n \\0 character.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to cause a denial of service, bypass intended extension\n restrictions and access and execute files or directories with unexpected\n names via crafted dimensions and remote FTP servers to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.4.41, 5.5.x before\n 5.5.25, and 5.6.x before 5.6.9\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP 5.4.41 or 5.5.25 or 5.6.9\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=69085\");\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2015/06/01/4\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n script_xref(name:\"URL\", value:\"http://www.php.net\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(phpVer =~ \"^5\\.5\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.5.0\", test_version2:\"5.5.24\"))\n {\n fix = \"5.5.25\";\n VULN = TRUE;\n }\n}\n\nif(phpVer =~ \"^5\\.6\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.6.0\", test_version2:\"5.6.8\"))\n {\n fix = \"5.6.9\";\n VULN = TRUE;\n }\n}\n\nif(phpVer =~ \"^5\\.4\")\n{\n if(version_is_less(version:phpVer, test_version:\"5.4.41\"))\n {\n fix = \"5.4.41\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = 'Installed Version: ' + phpVer + '\\n' +\n 'Fixed Version: ' + fix + '\\n';\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:37", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2015-06-16T00:00:00", "type": "openvas", "title": "PHP Multiple Vulnerabilities - 02 - Jun15 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310805660", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805660", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln02_june15_lin.nasl 2015-06-16 18:45:49 Jun$\n#\n# PHP Multiple Vulnerabilities - 02 - Jun15 (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805660\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-4026\", \"CVE-2015-4025\", \"CVE-2015-4024\", \"CVE-2015-4022\",\n \"CVE-2015-4021\");\n script_bugtraq_id(75056, 74904, 74903, 74902, 74700);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-16 18:45:49 +0530 (Tue, 16 Jun 2015)\");\n script_name(\"PHP Multiple Vulnerabilities - 02 - Jun15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Algorithmic complexity vulnerability in the 'multipart_buffer_headers'\n function in main/rfc1867.c script in PHP.\n\n - 'pcntl_exec' implementation in PHP truncates a pathname upon encountering a\n \\x00 character.\n\n - Integer overflow in the 'ftp_genlist' function in ext/ftp/ftp.c script in PHP.\n\n - The 'phar_parse_tarfile' function in ext/phar/tar.c script in PHP does not\n verify that the first character of a filename is different from the\n \\0 character.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to cause a denial of service, bypass intended extension\n restrictions and access and execute files or directories with unexpected\n names via crafted dimensions and remote FTP servers to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.4.41, 5.5.x before\n 5.5.25, and 5.6.x before 5.6.9\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP 5.4.41 or 5.5.25 or 5.6.9\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=69085\");\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2015/06/01/4\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n script_xref(name:\"URL\", value:\"http://www.php.net\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(phpVer =~ \"^5\\.5\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.5.0\", test_version2:\"5.5.24\"))\n {\n fix = \"5.5.25\";\n VULN = TRUE;\n }\n}\n\nif(phpVer =~ \"^5\\.6\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.6.0\", test_version2:\"5.6.8\"))\n {\n fix = \"5.6.9\";\n VULN = TRUE;\n }\n}\n\nif(phpVer =~ \"^5\\.4\")\n{\n if(version_is_less(version:phpVer, test_version:\"5.4.41\"))\n {\n fix = \"5.4.41\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = 'Installed Version: ' + phpVer + '\\n' +\n 'Fixed Version: ' + fix + '\\n';\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:58:27", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-535)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120225", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120225", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120225\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:20:51 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-535)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in PHP. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update php55 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-535.html\");\n script_cve_id(\"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4025\", \"CVE-2015-4024\", \"CVE-2015-4026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php55-xml\", rpm:\"php55-xml~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-soap\", rpm:\"php55-soap~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-dba\", rpm:\"php55-dba~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-imap\", rpm:\"php55-imap~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-pspell\", rpm:\"php55-pspell~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-gd\", rpm:\"php55-gd~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-intl\", rpm:\"php55-intl~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-opcache\", rpm:\"php55-opcache~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-tidy\", rpm:\"php55-tidy~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-fpm\", rpm:\"php55-fpm~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mssql\", rpm:\"php55-mssql~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-enchant\", rpm:\"php55-enchant~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mysqlnd\", rpm:\"php55-mysqlnd~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-cli\", rpm:\"php55-cli~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-pdo\", rpm:\"php55-pdo~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55\", rpm:\"php55~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-devel\", rpm:\"php55-devel~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-snmp\", rpm:\"php55-snmp~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-xmlrpc\", rpm:\"php55-xmlrpc~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mcrypt\", rpm:\"php55-mcrypt~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-recode\", rpm:\"php55-recode~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-common\", rpm:\"php55-common~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-bcmath\", rpm:\"php55-bcmath~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-debuginfo\", rpm:\"php55-debuginfo~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-embedded\", rpm:\"php55-embedded~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-odbc\", rpm:\"php55-odbc~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mbstring\", rpm:\"php55-mbstring~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-ldap\", rpm:\"php55-ldap~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-pgsql\", rpm:\"php55-pgsql~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-gmp\", rpm:\"php55-gmp~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-process\", rpm:\"php55-process~5.5.25~1.101.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-06-09T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2015-8383", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869430", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869430", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2015-8383\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869430\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 10:57:38 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2006-7243\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4022\",\n \"CVE-2015-4026\", \"CVE-2015-4021\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2015-8383\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8383\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.6.9~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-07T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2015-8281", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869623", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869623", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2015-8281\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869623\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:29:29 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2006-7243\", \"CVE-2015-4024\", \"CVE-2015-4022\", \"CVE-2015-4021\",\n \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2015-8281\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8281\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.6.9~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:57", "description": "Multiple vulnerabilities have been discovered in PHP:\n\nCVE-2015-4025 /\nCVE-2015-4026\nMultiple function didn", "cvss3": {}, "published": "2015-06-07T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3280-1 (php5 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2783", "CVE-2015-3329", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703280", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703280", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3280.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3280-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703280\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-2783\", \"CVE-2015-3329\", \"CVE-2015-4021\", \"CVE-2015-4022\",\n \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_name(\"Debian Security Advisory DSA 3280-1 (php5 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-07 00:00:00 +0200 (Sun, 07 Jun 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3280.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|9|8)\");\n script_tag(name:\"affected\", value:\"php5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.41-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.9+dfsg-0+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 5.6.9+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.6.9+dfsg-1.\n\nWe recommend that you upgrade your php5 packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in PHP:\n\nCVE-2015-4025 /\nCVE-2015-4026\nMultiple function didn't check for NULL bytes in path names.\n\nCVE-2015-4024\nDenial of service when processing multipart/form-data requests.\n\nCVE-2015-4022\nInteger overflow in the ftp_genlist() function may result in\ndenial of service or potentially the execution of arbitrary code.\n\nCVE-2015-4021 CVE-2015-3329 CVE-2015-2783\nMultiple vulnerabilities in the phar extension may result in\ndenial of service or potentially the execution of arbitrary code\nwhen processing malformed archives.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.4.41-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n# On the final stretch release this package has version 1.10.1+submodules+notgz-9 which causes a false positive\n#if((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n# report += res;\n#}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.9+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.9+dfsg-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:52:19", "description": "Multiple vulnerabilities have been discovered in PHP:\n\nCVE-2015-4025 /\nCVE-2015-4026 \nMultiple function didn", "cvss3": {}, "published": "2015-06-07T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3280-1 (php5 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2783", "CVE-2015-3329", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703280", "href": "http://plugins.openvas.org/nasl.php?oid=703280", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3280.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3280-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703280);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-2783\", \"CVE-2015-3329\", \"CVE-2015-4021\", \"CVE-2015-4022\",\n \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_name(\"Debian Security Advisory DSA 3280-1 (php5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-06-07 00:00:00 +0200 (Sun, 07 Jun 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3280.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"php5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package is a metapackage that, when installed, guarantees that you\nhave at least one of the four server-side versions of the PHP5 interpreter\ninstalled. Removing this package won't remove PHP5 from your system, however\nit may remove other packages that depend on this one.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.41-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.9+dfsg-0+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 5.6.9+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.6.9+dfsg-1.\n\nWe recommend that you upgrade your php5 packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities have been discovered in PHP:\n\nCVE-2015-4025 /\nCVE-2015-4026 \nMultiple function didn't check for NULL bytes in path names.\n\nCVE-2015-4024 \nDenial of service when processing multipart/form-data requests.\n\nCVE-2015-4022 \nInteger overflow in the ftp_genlist() function may result in\ndenial of service or potentially the execution of arbitrary code.\n\nCVE-2015-4021 CVE-2015-3329 CVE-2015-2783 \nMultiple vulnerabilities in the phar extension may result in\ndenial of service or potentially the execution of arbitrary code\nwhen processing malformed archives.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n# On the final stretch release this package has version 1.10.1+submodules+notgz-9 which causes a false positive\n#if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n# report += res;\n#}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:28", "description": "Oracle Linux Local Security Checks ELSA-2015-1219", "cvss3": {}, "published": "2016-02-05T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1219", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4644", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-4598", "CVE-2015-4643"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310122867", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122867", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1219.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122867\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 14:01:36 +0200 (Fri, 05 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1219\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1219 - php54-php security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1219\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1219.html\");\n script_cve_id(\"CVE-2015-4643\", \"CVE-2015-4644\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\", \"CVE-2015-4598\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"php54-php\", rpm:\"php54-php~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-bcmath\", rpm:\"php54-php-bcmath~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-cli\", rpm:\"php54-php-cli~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-common\", rpm:\"php54-php-common~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-dba\", rpm:\"php54-php-dba~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-devel\", rpm:\"php54-php-devel~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-enchant\", rpm:\"php54-php-enchant~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-fpm\", rpm:\"php54-php-fpm~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-gd\", rpm:\"php54-php-gd~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-intl\", rpm:\"php54-php-intl~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-ldap\", rpm:\"php54-php-ldap~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-mbstring\", rpm:\"php54-php-mbstring~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-mysqlnd\", rpm:\"php54-php-mysqlnd~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-odbc\", rpm:\"php54-php-odbc~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pdo\", rpm:\"php54-php-pdo~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pgsql\", rpm:\"php54-php-pgsql~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-process\", rpm:\"php54-php-process~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pspell\", rpm:\"php54-php-pspell~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-recode\", rpm:\"php54-php-recode~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-snmp\", rpm:\"php54-php-snmp~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-soap\", rpm:\"php54-php-soap~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-xml\", rpm:\"php54-php-xml~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-xmlrpc\", rpm:\"php54-php-xmlrpc~5.4.40~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"php54-php\", rpm:\"php54-php~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-bcmath\", rpm:\"php54-php-bcmath~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-cli\", rpm:\"php54-php-cli~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-common\", rpm:\"php54-php-common~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-dba\", rpm:\"php54-php-dba~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-devel\", rpm:\"php54-php-devel~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-enchant\", rpm:\"php54-php-enchant~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-fpm\", rpm:\"php54-php-fpm~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-gd\", rpm:\"php54-php-gd~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-imap\", rpm:\"php54-php-imap~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-intl\", rpm:\"php54-php-intl~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-ldap\", rpm:\"php54-php-ldap~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-mbstring\", rpm:\"php54-php-mbstring~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-mysqlnd\", rpm:\"php54-php-mysqlnd~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-odbc\", rpm:\"php54-php-odbc~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pdo\", rpm:\"php54-php-pdo~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pgsql\", rpm:\"php54-php-pgsql~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-process\", rpm:\"php54-php-process~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-pspell\", rpm:\"php54-php-pspell~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-recode\", rpm:\"php54-php-recode~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-snmp\", rpm:\"php54-php-snmp~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-soap\", rpm:\"php54-php-soap~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-tidy\", rpm:\"php54-php-tidy~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-xml\", rpm:\"php54-php-xml~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php54-php-xmlrpc\", rpm:\"php54-php-xmlrpc~5.4.40~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-06-09T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2015-8370", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2013-6420", "CVE-2014-0185"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869423", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869423", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2015-8370\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869423\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 10:54:55 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2006-7243\", \"CVE-2014-0185\", \"CVE-2013-6420\", \"CVE-2015-4025\",\n \"CVE-2015-4021\", \"CVE-2015-4026\", \"CVE-2015-4024\", \"CVE-2015-4022\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2015-8370\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8370\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.5.25~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-28T16:47:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for pcre3 USN-2694-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3210", "CVE-2015-2325", "CVE-2014-8964", "CVE-2015-5073", "CVE-2015-2326"], "modified": "2020-01-28T00:00:00", "id": "OPENVAS:1361412562310842393", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842393", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for pcre3 USN-2694-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842393\");\n script_version(\"2020-01-28T08:10:01+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-28 08:10:01 +0000 (Tue, 28 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-07-30 05:15:02 +0200 (Thu, 30 Jul 2015)\");\n script_cve_id(\"CVE-2014-8964\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-3210\",\n \"CVE-2015-5073\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for pcre3 USN-2694-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pcre3'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Michele Spagnuolo discovered that PCRE\nincorrectly handled certain regular expressions. A remote attacker could use this\nissue to cause applications using PCRE to crash, resulting in a denial of service,\nor possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2014-8964)\n\nKai Lu discovered that PCRE incorrectly handled certain regular\nexpressions. A remote attacker could use this issue to cause applications\nusing PCRE to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04.\n(CVE-2015-2325, CVE-2015-2326)\n\nWen Guanxing discovered that PCRE incorrectly handled certain regular\nexpressions. A remote attacker could use this issue to cause applications\nusing PCRE to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 15.04. (CVE-2015-3210)\n\nIt was discovered that PCRE incorrectly handled certain regular\nexpressions. A remote attacker could use this issue to cause applications\nusing PCRE to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 12.04 LTS and 14.04 LTS.\n(CVE-2015-5073)\");\n script_tag(name:\"affected\", value:\"pcre3 on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2694-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2694-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpcre3:amd64\", ver:\"1:8.31-2ubuntu2.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpcre3:i386\", ver:\"1:8.31-2ubuntu2.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpcre3\", ver:\"8.12-4ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:04", "description": "Oracle Linux Local Security Checks ELSA-2015-1186", "cvss3": {}, "published": "2016-02-05T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1186", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-4644", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4598", "CVE-2015-4643"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310122871", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122871", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1186.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122871\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 14:01:40 +0200 (Fri, 05 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1186\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1186 - php55-php security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1186\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1186.html\");\n script_cve_id(\"CVE-2015-4643\", \"CVE-2015-4644\", \"CVE-2015-2783\", \"CVE-2015-3307\", \"CVE-2015-3329\", \"CVE-2015-3330\", \"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\", \"CVE-2015-4598\", \"CVE-2015-4602\", \"CVE-2015-4603\", \"CVE-2015-4604\", \"CVE-2015-4605\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"php55-php\", rpm:\"php55-php~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-bcmath\", rpm:\"php55-php-bcmath~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-cli\", rpm:\"php55-php-cli~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-common\", rpm:\"php55-php-common~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-dba\", rpm:\"php55-php-dba~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-devel\", rpm:\"php55-php-devel~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-enchant\", rpm:\"php55-php-enchant~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-fpm\", rpm:\"php55-php-fpm~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-gd\", rpm:\"php55-php-gd~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-gmp\", rpm:\"php55-php-gmp~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-intl\", rpm:\"php55-php-intl~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-ldap\", rpm:\"php55-php-ldap~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-mbstring\", rpm:\"php55-php-mbstring~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-mysqlnd\", rpm:\"php55-php-mysqlnd~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-odbc\", rpm:\"php55-php-odbc~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-opcache\", rpm:\"php55-php-opcache~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-pdo\", rpm:\"php55-php-pdo~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-pgsql\", rpm:\"php55-php-pgsql~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-process\", rpm:\"php55-php-process~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-pspell\", rpm:\"php55-php-pspell~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-recode\", rpm:\"php55-php-recode~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-snmp\", rpm:\"php55-php-snmp~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-soap\", rpm:\"php55-php-soap~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-xml\", rpm:\"php55-php-xml~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php55-php-xmlrpc\", rpm:\"php55-php-xmlrpc~5.5.21~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-07T00:00:00", "type": "openvas", "title": "Ubuntu Update for php5 USN-2658-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842265", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842265", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for php5 USN-2658-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842265\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:44:17 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4025\", \"CVE-2015-4026\",\n \"CVE-2015-4598\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4643\",\n \"CVE-2015-4024\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4599\",\n \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\",\n \"CVE-2015-4604\", \"CVE-2015-4605\", \"CVE-2015-4644\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for php5 USN-2658-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php5'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Neal Poole and Tomas Hoger discovered that\nPHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly\nuse this issue to bypass intended restrictions and create or obtain access to\nsensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-4598)\n\nEmmanuel Law discovered that the PHP phar extension incorrectly handled\nfilenames starting with a NULL byte. A remote attacker could use this issue\nwith a crafted tar archive to cause a denial of service. (CVE-2015-4021)\n\nMax Spelsberg discovered that PHP incorrectly handled the LIST command\nwhen connecting to remote FTP servers. A malicious FTP server could\npossibly use this issue to execute arbitrary code. (CVE-2015-4022,\nCVE-2015-4643)\n\nShusheng Liu discovered that PHP incorrectly handled certain malformed form\ndata. A remote attacker could use this issue with crafted form data to\ncause CPU consumption, leading to a denial of service. (CVE-2015-4024)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\ndata types. A remote attacker could use this issue with crafted serialized\ndata to possibly execute arbitrary code. (CVE-2015-4147)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\nthat the uri property is a string. A remote attacker could use this issue\nwith crafted serialized data to possibly obtain sensitive information.\n(CVE-2015-4148)\n\nTaoguang Chen discovered that PHP incorrectly validated data types in\nmultiple locations. A remote attacker could possibly use these issues to\nobtain sensitive information or cause a denial of service. (CVE-2015-4599,\nCVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was discovered that the PHP Fileinfo component incorrectly handled\ncertain files. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service. This issue only affected Ubuntu\n15.04. (CVE-2015-4604, CVE-2015-4605)\n\nIt was discovered that PHP incorrectly handled table names in\nphp_pgsql_meta_data. A local attacker could possibly use this issue to\ncause PHP to crash, resulting in a denial of service. (CVE-2015-4644)\");\n script_tag(name:\"affected\", value:\"php5 on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2658-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2658-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.5.12+dfsg-2ubuntu4.6\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.5.12+dfsg-2ubuntu4.6\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.5.12+dfsg-2ubuntu4.6\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.5.12+dfsg-2ubuntu4.6\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.5.9+dfsg-1ubuntu4.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.5.9+dfsg-1ubuntu4.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.5.9+dfsg-1ubuntu4.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.5.9+dfsg-1ubuntu4.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.10-1ubuntu3.19\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.10-1ubuntu3.19\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.10-1ubuntu3.19\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.3.10-1ubuntu3.19\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-07T18:46:30", "description": "The remote host is missing a security patch.", "cvss3": {}, "published": "2015-09-18T00:00:00", "type": "openvas", "title": "F5 BIG-IP - SOL16826 - PHP vulnerability CVE-2015-4024", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4024"], "modified": "2020-04-03T00:00:00", "id": "OPENVAS:1361412562310105367", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105367", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP - SOL16826 - PHP vulnerability CVE-2015-4024\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105367\");\n script_cve_id(\"CVE-2015-4024\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"2020-04-03T06:15:47+0000\");\n\n script_name(\"F5 BIG-IP - SOL16826 - PHP vulnerability CVE-2015-4024\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16826.html?sr=48315819\");\n\n script_tag(name:\"impact\", value:\"This vulnerability may allow attackers to cause a denial-of-service (DoS) using crafted form data that triggers an improper order-of-growth outcome.Note: This vulnerability is exploitable only through the BIG-IP control plane (non-Traffic Management Microkernel (TMM) related tasks).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. (CVE-2015-4024)\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-09-18 15:38:41 +0200 (Fri, 18 Sep 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;' );\n\ncheck_f5['AAM'] = make_array( 'affected', '11.4.0-11.6.0;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;' );\n\ncheck_f5['AFM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;' );\n\ncheck_f5['AVR'] = make_array( 'affected', '11.0.0-11.6.0;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;' );\n\ncheck_f5['APM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;' );\n\ncheck_f5['ASM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;' );\n\ncheck_f5['GTM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '11.6.1;11.5.4;' );\n\ncheck_f5['LC'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;' );\n\ncheck_f5['PEM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;' );\n\nif( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T22:58:40", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-562)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3415", "CVE-2015-2325", "CVE-2015-4644", "CVE-2014-3416", "CVE-2015-4642", "CVE-2015-3416", "CVE-2015-3414", "CVE-2015-4643", "CVE-2015-2326"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120108", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120108", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120108\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:17:40 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-562)\");\n script_tag(name:\"insight\", value:\"Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326 ). All PHP 5.5 users are encouraged to upgrade to this version. Please see the upstream release notes for full details.\");\n script_tag(name:\"solution\", value:\"Run yum update php55 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-562.html\");\n script_cve_id(\"CVE-2015-3415\", \"CVE-2015-3414\", \"CVE-2014-3416\", \"CVE-2015-4644\", \"CVE-2015-4643\", \"CVE-2015-4642\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-3416\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php55-cli\", rpm:\"php55-cli~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-odbc\", rpm:\"php55-odbc~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-dba\", rpm:\"php55-dba~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55\", rpm:\"php55~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-bcmath\", rpm:\"php55-bcmath~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-common\", rpm:\"php55-common~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mysqlnd\", rpm:\"php55-mysqlnd~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-xml\", rpm:\"php55-xml~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-recode\", rpm:\"php55-recode~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-intl\", rpm:\"php55-intl~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-devel\", rpm:\"php55-devel~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-opcache\", rpm:\"php55-opcache~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-gd\", rpm:\"php55-gd~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-gmp\", rpm:\"php55-gmp~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-soap\", rpm:\"php55-soap~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-ldap\", rpm:\"php55-ldap~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-imap\", rpm:\"php55-imap~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-debuginfo\", rpm:\"php55-debuginfo~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mbstring\", rpm:\"php55-mbstring~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-xmlrpc\", rpm:\"php55-xmlrpc~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mcrypt\", rpm:\"php55-mcrypt~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mssql\", rpm:\"php55-mssql~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-embedded\", rpm:\"php55-embedded~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-pdo\", rpm:\"php55-pdo~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-process\", rpm:\"php55-process~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-pspell\", rpm:\"php55-pspell~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-enchant\", rpm:\"php55-enchant~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-fpm\", rpm:\"php55-fpm~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-pgsql\", rpm:\"php55-pgsql~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-tidy\", rpm:\"php55-tidy~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-snmp\", rpm:\"php55-snmp~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:59:59", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-563)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3415", "CVE-2015-2325", "CVE-2015-4644", "CVE-2014-3416", "CVE-2015-4642", "CVE-2015-3416", "CVE-2015-3414", "CVE-2015-4643", "CVE-2015-2326"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120107", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120107", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120107\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:17:36 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-563)\");\n script_tag(name:\"insight\", value:\"Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326 ). All PHP 5.6 users are encouraged to upgrade to this version. Please see the upstream release notes for full details.\");\n script_tag(name:\"solution\", value:\"Run yum update php56 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-563.html\");\n script_cve_id(\"CVE-2015-3415\", \"CVE-2015-3414\", \"CVE-2014-3416\", \"CVE-2015-4644\", \"CVE-2015-4643\", \"CVE-2015-4642\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-3416\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php56-intl\", rpm:\"php56-intl~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-enchant\", rpm:\"php56-enchant~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-snmp\", rpm:\"php56-snmp~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-fpm\", rpm:\"php56-fpm~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pgsql\", rpm:\"php56-pgsql~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mssql\", rpm:\"php56-mssql~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-dba\", rpm:\"php56-dba~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-odbc\", rpm:\"php56-odbc~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mysqlnd\", rpm:\"php56-mysqlnd~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mbstring\", rpm:\"php56-mbstring~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56\", rpm:\"php56~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-tidy\", rpm:\"php56-tidy~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pdo\", rpm:\"php56-pdo~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-gd\", rpm:\"php56-gd~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pspell\", rpm:\"php56-pspell~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-recode\", rpm:\"php56-recode~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-opcache\", rpm:\"php56-opcache~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-embedded\", rpm:\"php56-embedded~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-dbg\", rpm:\"php56-dbg~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-gmp\", rpm:\"php56-gmp~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-debuginfo\", rpm:\"php56-debuginfo~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-common\", rpm:\"php56-common~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-ldap\", rpm:\"php56-ldap~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-bcmath\", rpm:\"php56-bcmath~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-soap\", rpm:\"php56-soap~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-devel\", rpm:\"php56-devel~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mcrypt\", rpm:\"php56-mcrypt~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-imap\", rpm:\"php56-imap~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-xml\", rpm:\"php56-xml~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-cli\", rpm:\"php56-cli~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-process\", rpm:\"php56-process~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-xmlrpc\", rpm:\"php56-xmlrpc~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:07", "description": "Oracle Linux Local Security Checks ELSA-2015-1135", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1135", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-0231"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123097", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123097", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1135.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123097\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:19 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1135\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1135 - php security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1135\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1135.html\");\n script_cve_id(\"CVE-2014-8142\", \"CVE-2014-9652\", \"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2015-0231\", \"CVE-2015-0232\", \"CVE-2015-0273\", \"CVE-2015-2301\", \"CVE-2015-2348\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3307\", \"CVE-2015-3329\", \"CVE-2015-3330\", \"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\", \"CVE-2015-4604\", \"CVE-2015-4605\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mysqlnd\", rpm:\"php-mysqlnd~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~36.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:19", "description": "Check the version of php", "cvss3": {}, "published": "2015-07-10T00:00:00", "type": "openvas", "title": "CentOS Update for php CESA-2015:1218 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882219", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882219", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2015:1218 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882219\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2014-9425\", \"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2015-0232\",\n \"CVE-2015-0273\", \"CVE-2015-2301\", \"CVE-2015-2783\", \"CVE-2015-2787\",\n \"CVE-2015-3307\", \"CVE-2015-3329\", \"CVE-2015-3411\", \"CVE-2015-3412\",\n \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4026\",\n \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\",\n \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-10 06:08:37 +0200 (Fri, 10 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for php CESA-2015:1218 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of php\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language\n commonly used with the Apache HTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\");\n script_tag(name:\"affected\", value:\"php on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1218\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-July/021237.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zts\", rpm:\"php-zts~5.3.3~46.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:16", "description": "Oracle Linux Local Security Checks ELSA-2015-1218", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1218", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123083", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1218.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123083\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:09 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1218\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1218 - php security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1218\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1218.html\");\n script_cve_id(\"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2015-0232\", \"CVE-2015-0273\", \"CVE-2015-2301\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3307\", \"CVE-2015-3329\", \"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4026\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\", \"CVE-2014-9425\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-zts\", rpm:\"php-zts~5.3.3~46.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-10T00:00:00", "type": "openvas", "title": "RedHat Update for php RHSA-2015:1218-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871388", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871388", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for php RHSA-2015:1218-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871388\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2014-9425\", \"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2015-0232\",\n \"CVE-2015-0273\", \"CVE-2015-2301\", \"CVE-2015-2783\", \"CVE-2015-2787\",\n \"CVE-2015-3307\", \"CVE-2015-3329\", \"CVE-2015-3411\", \"CVE-2015-3412\",\n \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4026\",\n \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\",\n \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-10 06:07:32 +0200 (Fri, 10 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for php RHSA-2015:1218-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting\n language commonly used with the Apache HTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\");\n script_tag(name:\"affected\", value:\"php on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1218-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-July/msg00005.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~46.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:59", "description": "Check the version of php", "cvss3": {}, "published": "2015-06-24T00:00:00", "type": "openvas", "title": "CentOS Update for php CESA-2015:1135 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2006-7243", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-0231"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882203", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882203", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2015:1135 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882203\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2014-8142\", \"CVE-2014-9652\", \"CVE-2014-9705\", \"CVE-2014-9709\",\n \"CVE-2015-0231\", \"CVE-2015-0232\", \"CVE-2015-0273\", \"CVE-2015-2301\",\n \"CVE-2015-2348\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3307\",\n \"CVE-2015-3329\", \"CVE-2015-3330\", \"CVE-2015-3411\", \"CVE-2015-3412\",\n \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\",\n \"CVE-2015-4026\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\",\n \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\",\n \"CVE-2015-4603\", \"CVE-2015-4604\", \"CVE-2015-4605\", \"CVE-2006-7243\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-24 06:15:52 +0200 (Wed, 24 Jun 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for php CESA-2015:1135 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of php\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language\n commonly used with the Apache HTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library us ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"php on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1135\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-June/021191.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqlnd\", rpm:\"php-mysqlnd~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~36.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-06-24T00:00:00", "type": "openvas", "title": "RedHat Update for php RHSA-2015:1135-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2006-7243", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-0231"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871379", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871379", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for php RHSA-2015:1135-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871379\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-24 06:13:17 +0200 (Wed, 24 Jun 2015)\");\n script_cve_id(\"CVE-2014-8142\", \"CVE-2014-9652\", \"CVE-2014-9705\", \"CVE-2014-9709\",\n \"CVE-2015-0231\", \"CVE-2015-0232\", \"CVE-2015-0273\", \"CVE-2015-2301\",\n \"CVE-2015-2348\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3307\",\n \"CVE-2015-3329\", \"CVE-2015-3330\", \"CVE-2015-3411\", \"CVE-2015-3412\",\n \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\",\n \"CVE-2015-4026\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\",\n \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\",\n \"CVE-2015-4603\", \"CVE-2015-4604\", \"CVE-2015-4605\", \"CVE-2006-7243\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for php RHSA-2015:1135-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"php on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1135-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-June/msg00023.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~36.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:38:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for mariadb (SUSE-SU-2015:1273-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2325", "CVE-2015-2568", "CVE-2015-0501", "CVE-2015-2571", "CVE-2014-8964", "CVE-2015-3152", "CVE-2015-0499", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-0505", "CVE-2015-2573", "CVE-2015-2326"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850932", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850932", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850932\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 14:39:25 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-8964\", \"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\", \"CVE-2015-3152\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for mariadb (SUSE-SU-2015:1273-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update fixes the following security issues:\n\n * Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789]\n\n * CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663]\n\n * CVE-2014-8964: heap buffer overflow [bnc#906574]\n\n * CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960]\n\n * CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961]\n\n * CVE-2015-0501: unspecified vulnerability related to Server:Compiling\n (CPU April 2015)\n\n * CVE-2015-2571: unspecified vulnerability related to Server:Optimizer\n (CPU April 2015)\n\n * CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU\n April 2015)\n\n * CVE-2015-0499: unspecified vulnerability related to Server:Federated\n (CPU April 2015)\n\n * CVE-2015-2568: unspecified vulnerability related to\n Server:Security:Privileges (CPU April 2015)\n\n * CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU\n April 2015)\n\n * CVE-2015-0433: unspecified vulnerability related to\n Server:InnoDB:DML (CPU April 2015)\n\n * CVE-2015-0441: unspecified vulnerability related to\n Server:Security:Encryption (CPU April 2015)\");\n\n script_tag(name:\"affected\", value:\"mariadb on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:1273-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18\", rpm:\"libmysqlclient18~10.0.20~18.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-32bit\", rpm:\"libmysqlclient18-32bit~10.0.20~18.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo\", rpm:\"libmysqlclient18-debuginfo~10.0.20~18.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo-32bit\", rpm:\"libmysqlclient18-debuginfo-32bit~10.0.20~18.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18\", rpm:\"libmysqlclient_r18~10.0.20~18.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18-32bit\", rpm:\"libmysqlclient_r18-32bit~10.0.20~18.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.0.20~18.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.0.20~18.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.0.20~18.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.0.20~18.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.0.20~18.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.0.20~18.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18\", rpm:\"libmysqlclient18~10.0.20~18.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo\", rpm:\"libmysqlclient18-debuginfo~10.0.20~18.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.0.20~18.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.0.20~18.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.0.20~18.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.0.20~18.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.0.20~18.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.0.20~18.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.0.20~18.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.0.20~18.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-32bit\", rpm:\"libmysqlclient18-32bit~10.0.20~18.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo-32bit\", rpm:\"libmysqlclient18-debuginfo-32bit~10.0.20~18.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:23", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-1543)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2348", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-2783", "CVE-2015-8873", "CVE-2015-3329", "CVE-2015-6834", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4025", "CVE-2014-3669", "CVE-2014-5120", "CVE-2014-3597", "CVE-2015-6836", "CVE-2015-4026", "CVE-2014-4721", "CVE-2015-4022", "CVE-2015-6837", "CVE-2015-6835", "CVE-2015-4643"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191543", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191543", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1543\");\n script_version(\"2020-01-23T12:09:56+0000\");\n script_cve_id(\"CVE-2014-3597\", \"CVE-2014-3669\", \"CVE-2014-4721\", \"CVE-2014-5120\", \"CVE-2014-8142\", \"CVE-2015-0232\", \"CVE-2015-0273\", \"CVE-2015-2348\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3329\", \"CVE-2015-4022\", \"CVE-2015-4025\", \"CVE-2015-4026\", \"CVE-2015-4643\", \"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-8873\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:09:56 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:09:56 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-1543)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1543\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1543\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2019-1543 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2014-8142)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-4026)\n\nA flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6834)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-4025)\n\nAn integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash.(CVE-2014-3669)\n\nIt was found that PHP move_uploaded_file() function did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-2348)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-4022)\n\nA flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6836)\n\nA NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets.(CVE-2015-6837)\n\nIt was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions.(CVE-2014-5120)\n\nA flaw was discovered in the way PHP performed obj ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~45.h9\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~45.h9\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~45.h9\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:38:59", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-1544)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9705", "CVE-2014-9427", "CVE-2013-4248", "CVE-2014-3515", "CVE-2014-3668", "CVE-2018-10546", "CVE-2015-4148", "CVE-2015-4605", "CVE-2009-2408", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2018-10548", "CVE-2015-4604", "CVE-2014-3670", "CVE-2015-3412", "CVE-2014-2497", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-0231"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191544", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191544", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1544\");\n script_version(\"2020-01-23T12:10:18+0000\");\n script_cve_id(\"CVE-2013-4248\", \"CVE-2014-2497\", \"CVE-2014-3515\", \"CVE-2014-3668\", \"CVE-2014-3670\", \"CVE-2014-9427\", \"CVE-2014-9705\", \"CVE-2015-0231\", \"CVE-2015-3412\", \"CVE-2015-4021\", \"CVE-2015-4024\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\", \"CVE-2015-4602\", \"CVE-2015-4603\", \"CVE-2015-4604\", \"CVE-2015-4605\", \"CVE-2018-10546\", \"CVE-2018-10548\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:10:18 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:10:18 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-1544)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1544\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1544\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2019-1544 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.(CVE-2015-4021)\n\nAn out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash.(CVE-2014-3668)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-4598)\n\nA flaw was found in the way PHP handled malformed source files when running in CGI mode. A specially crafted PHP file could cause PHP CGI to crash.(CVE-2014-9427)\n\nAn issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.(CVE-2018-10548)\n\nAn infinite loop vulnerability was found in ext/iconv/iconv.c in PHP due to the iconv stream not rejecting invalid multibyte sequences. A remote attacker could use this vulnerability to hang the php process and consume resources.(CVE-2018-10546)\n\nThe openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\\\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.(CVE-2013-4248)\n\nA use-after-free flaw was found in the way PHP's unserialize() function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize() function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code.(CVE-2015-0231)\n\nA flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-4602)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictio ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~45.h9\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~45.h9\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~45.h9\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:41", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-04-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for pcre3 USN-2943-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8388", "CVE-2015-3210", "CVE-2015-2325", "CVE-2015-8391", "CVE-2015-8395", "CVE-2015-8382", "CVE-2015-8386", "CVE-2015-2327", "CVE-2015-8392", "CVE-2015-8389", "CVE-2015-8380", "CVE-2016-1283", "CVE-2015-8393", "CVE-2015-8394", "CVE-2016-3191", "CVE-2015-8384", "CVE-2015-8383", "CVE-2015-8381", "CVE-2015-5073", "CVE-2015-8385", "CVE-2015-2328", "CVE-2014-9769", "CVE-2015-8387", "CVE-2015-8390", "CVE-2015-2326"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842704", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842704", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for pcre3 USN-2943-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842704\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-11 12:47:23 +0530 (Mon, 11 Apr 2016)\");\n script_cve_id(\"CVE-2014-9769\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-2327\", \"CVE-2015-2328\", \"CVE-2015-3210\", \"CVE-2015-5073\", \"CVE-2015-8380\", \"CVE-2015-8381\", \"CVE-2015-8382\", \"CVE-2015-8383\", \"CVE-2015-8384\", \"CVE-2015-8385\", \"CVE-2015-8386\", \"CVE-2015-8387\", \"CVE-2015-8388\", \"CVE-2015-8389\", \"CVE-2015-8390\", \"CVE-2015-8391\", \"CVE-2015-8392\", \"CVE-2015-8393\", \"CVE-2015-8394\", \"CVE-2015-8395\", \"CVE-2016-1283\", \"CVE-2016-3191\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for pcre3 USN-2943-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pcre3'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that PCRE incorrectly handled certain regular\nexpressions. A remote attacker could use this issue to cause applications\nusing PCRE to crash, resulting in a denial of service, or possibly execute\narbitrary code.\");\n script_tag(name:\"affected\", value:\"pcre3 on Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2943-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2943-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpcre3\", ver:\"1:8.31-2ubuntu2.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpcre3\", ver:\"8.12-4ubuntu0.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpcre3\", ver:\"2:8.35-7.1ubuntu1.3\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-01-31T18:38:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-10T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for MariaDB (openSUSE-SU-2015:1216-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4000", "CVE-2014-6500", "CVE-2015-2325", "CVE-2015-2568", "CVE-2014-6507", "CVE-2014-6469", "CVE-2015-0501", "CVE-2015-0432", "CVE-2014-6496", "CVE-2014-6555", "CVE-2015-2571", "CVE-2014-6559", "CVE-2014-8964", "CVE-2014-6464", "CVE-2015-3152", "CVE-2015-0382", "CVE-2015-0374", "CVE-2014-6491", "CVE-2015-0499", "CVE-2015-0433", "CVE-2015-0441", "CVE-2014-6568", "CVE-2015-0505", "CVE-2015-2573", "CVE-2014-6494", "CVE-2015-2326", "CVE-2015-0411", "CVE-2015-0381"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850663", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850663", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850663\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6491\", \"CVE-2014-6494\",\n \"CVE-2014-6496\", \"CVE-2014-6500\", \"CVE-2014-6507\", \"CVE-2014-6555\",\n \"CVE-2014-6559\", \"CVE-2014-6568\", \"CVE-2014-8964\", \"CVE-2015-0374\",\n \"CVE-2015-0381\", \"CVE-2015-0382\", \"CVE-2015-0411\", \"CVE-2015-0432\",\n \"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\",\n \"CVE-2015-0505\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-2568\",\n \"CVE-2015-2571\", \"CVE-2015-2573\", \"CVE-2015-3152\", \"CVE-2015-4000\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-07-10 06:06:08 +0200 (Fri, 10 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for MariaDB (openSUSE-SU-2015:1216-1)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MariaDB'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MariaDB was updated to its current minor version,\n fixing bugs and security issues.\n\n These updates include a fix for Logjam (CVE-2015-4000), making MariaDB\n work with client software that no longer allows short DH groups over SSL,\n as e.g.\n our current openssl packages.\n\n On openSUSE 13.1, MariaDB was updated to 5.5.44.\n\n On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20.\n\n Please read the referenced release notes of MariaDB for more information.\");\n\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\");\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/\");\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/\");\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/\");\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/\");\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/\");\n script_xref(name:\"URL\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/\");\n\n script_tag(name:\"affected\", value:\"MariaDB on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:1216-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient-devel\", rpm:\"libmysqlclient-devel~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18\", rpm:\"libmysqlclient18~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo\", rpm:\"libmysqlclient18-debuginfo~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18\", rpm:\"libmysqlclient_r18~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld-devel\", rpm:\"libmysqld-devel~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld18\", rpm:\"libmysqld18~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld18-debuginfo\", rpm:\"libmysqld18-debuginfo~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench-debuginfo\", rpm:\"mariadb-bench-debuginfo~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test-debuginfo\", rpm:\"mariadb-test-debuginfo~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-32bit\", rpm:\"libmysqlclient18-32bit~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo-32bit\", rpm:\"libmysqlclient18-debuginfo-32bit~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18-32bit\", rpm:\"libmysqlclient_r18-32bit~5.5.44~4.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2022-11-01T21:23:39", "description": "**Issue Overview:**\n\nAn integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021)\n\nAn integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026)\n\nPCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325)\n\nPCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2326)\n\n \n**Affected Packages:** \n\n\nphp56\n\n \n**Issue Correction:** \nRun _yum update php56_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 php56-ldap-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-bcmath-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-cli-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-intl-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-devel-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-common-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-imap-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-gd-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mysqlnd-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mssql-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-enchant-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-debuginfo-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-process-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-fpm-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pdo-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-odbc-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-xml-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mcrypt-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-recode-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-dba-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-xmlrpc-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pgsql-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mbstring-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pspell-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-embedded-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-gmp-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-soap-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-opcache-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-tidy-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-snmp-5.6.9-1.112.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-dbg-5.6.9-1.112.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 php56-5.6.9-1.112.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 php56-enchant-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-gmp-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mysqlnd-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-imap-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pgsql-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-common-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-soap-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-intl-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-debuginfo-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-opcache-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-embedded-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-dba-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-tidy-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mssql-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-fpm-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-snmp-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-ldap-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-dbg-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-bcmath-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-xmlrpc-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-process-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-gd-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-devel-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mbstring-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-recode-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mcrypt-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pspell-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pdo-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-odbc-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-cli-5.6.9-1.112.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-xml-5.6.9-1.112.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2015-2325](<https://access.redhat.com/security/cve/CVE-2015-2325>), [CVE-2015-2326](<https://access.redhat.com/security/cve/CVE-2015-2326>), [CVE-2015-4021](<https://access.redhat.com/security/cve/CVE-2015-4021>), [CVE-2015-4022](<https://access.redhat.com/security/cve/CVE-2015-4022>), [CVE-2015-4024](<https://access.redhat.com/security/cve/CVE-2015-4024>), [CVE-2015-4025](<https://access.redhat.com/security/cve/CVE-2015-4025>), [CVE-2015-4026](<https://access.redhat.com/security/cve/CVE-2015-4026>)\n\nMitre: [CVE-2015-2325](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325>), [CVE-2015-2326](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326>), [CVE-2015-4021](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021>), [CVE-2015-4022](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022>), [CVE-2015-4024](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024>), [CVE-2015-4025](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025>), [CVE-2015-4026](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2015-06-02T22:22:00", "type": "amazon", "title": "Important: php56", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2015-06-02T22:33:00", "id": "ALAS-2015-536", "href": "https://alas.aws.amazon.com/ALAS-2015-536.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-01T21:23:42", "description": "**Issue Overview:**\n\nAn integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021)\n\nAn integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026)\n\nPCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325)\n\nPCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2326)\n\n \n**Affected Packages:** \n\n\nphp54\n\n \n**Issue Correction:** \nRun _yum update php54_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 php54-enchant-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-mssql-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-mbstring-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-pdo-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-gd-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-pgsql-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-mysql-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-odbc-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-soap-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-embedded-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-imap-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-bcmath-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-process-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-recode-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-mysqlnd-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-fpm-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-xmlrpc-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-mcrypt-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-snmp-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-tidy-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-cli-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-intl-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-dba-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-debuginfo-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-ldap-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-xml-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-pspell-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-devel-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-common-5.4.41-1.69.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-5.4.41-1.69.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 php54-5.4.41-1.69.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 php54-intl-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-mysql-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-common-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-gd-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-tidy-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-ldap-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-mssql-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-imap-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-xml-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-embedded-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-cli-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-enchant-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-pdo-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-odbc-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-soap-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-pgsql-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-pspell-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-recode-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-mysqlnd-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-process-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-debuginfo-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-xmlrpc-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-devel-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-fpm-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-dba-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-bcmath-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-mcrypt-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-snmp-5.4.41-1.69.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-mbstring-5.4.41-1.69.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2015-2325](<https://access.redhat.com/security/cve/CVE-2015-2325>), [CVE-2015-2326](<https://access.redhat.com/security/cve/CVE-2015-2326>), [CVE-2015-4021](<https://access.redhat.com/security/cve/CVE-2015-4021>), [CVE-2015-4022](<https://access.redhat.com/security/cve/CVE-2015-4022>), [CVE-2015-4024](<https://access.redhat.com/security/cve/CVE-2015-4024>), [CVE-2015-4025](<https://access.redhat.com/security/cve/CVE-2015-4025>), [CVE-2015-4026](<https://access.redhat.com/security/cve/CVE-2015-4026>)\n\nMitre: [CVE-2015-2325](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325>), [CVE-2015-2326](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326>), [CVE-2015-4021](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021>), [CVE-2015-4022](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022>), [CVE-2015-4024](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024>), [CVE-2015-4025](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025>), [CVE-2015-4026](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2015-06-02T22:20:00", "type": "amazon", "title": "Important: php54", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2015-06-02T22:33:00", "id": "ALAS-2015-534", "href": "https://alas.aws.amazon.com/ALAS-2015-534.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-01T21:23:41", "description": "**Issue Overview:**\n\nAn integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021)\n\nAn integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026)\n\n \n**Affected Packages:** \n\n\nphp55\n\n \n**Issue Correction:** \nRun _yum update php55_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 php55-xml-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-soap-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-dba-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-imap-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-pspell-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-gd-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-intl-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-opcache-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-tidy-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-fpm-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mssql-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-enchant-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mysqlnd-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-cli-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-pdo-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-devel-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-snmp-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-xmlrpc-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mcrypt-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-recode-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-common-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-bcmath-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-debuginfo-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-embedded-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-odbc-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mbstring-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-ldap-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-pgsql-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-gmp-5.5.25-1.101.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-process-5.5.25-1.101.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 php55-5.5.25-1.101.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 php55-mbstring-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-xmlrpc-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-cli-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-recode-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-devel-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-gmp-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-enchant-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-process-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-pgsql-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-debuginfo-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-gd-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-soap-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-intl-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-ldap-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-odbc-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-xml-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-pspell-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-opcache-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-dba-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-embedded-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-tidy-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mssql-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-snmp-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-common-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-imap-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-fpm-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mysqlnd-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-pdo-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-bcmath-5.5.25-1.101.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mcrypt-5.5.25-1.101.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2015-4021](<https://access.redhat.com/security/cve/CVE-2015-4021>), [CVE-2015-4022](<https://access.redhat.com/security/cve/CVE-2015-4022>), [CVE-2015-4024](<https://access.redhat.com/security/cve/CVE-2015-4024>), [CVE-2015-4025](<https://access.redhat.com/security/cve/CVE-2015-4025>), [CVE-2015-4026](<https://access.redhat.com/security/cve/CVE-2015-4026>)\n\nMitre: [CVE-2015-4021](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021>), [CVE-2015-4022](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022>), [CVE-2015-4024](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024>), [CVE-2015-4025](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025>), [CVE-2015-4026](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026>)\n", "cvss3": {}, "published": "2015-06-02T22:21:00", "type": "amazon", "title": "Medium: php55", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2015-06-02T22:33:00", "id": "ALAS-2015-535", "href": "https://alas.aws.amazon.com/ALAS-2015-535.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-01T21:22:51", "description": "**Issue Overview:**\n\nUpstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326). All PHP 5.6 users are encouraged to upgrade to this version. Please see the <a href=\"http://php.net/ChangeLog-5.php#5.6.10\">upstream release notes</a> for full details.\n\n \n**Affected Packages:** \n\n\nphp56\n\n \n**Issue Correction:** \nRun _yum update php56_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 php56-intl-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-enchant-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-snmp-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-fpm-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pgsql-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mssql-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-dba-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-odbc-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mysqlnd-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mbstring-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-tidy-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pdo-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-gd-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pspell-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-recode-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-opcache-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-embedded-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-dbg-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-gmp-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-debuginfo-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-common-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-ldap-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-bcmath-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-soap-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-devel-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mcrypt-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-imap-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-xml-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-cli-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-process-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-xmlrpc-5.6.10-1.115.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 php56-5.6.10-1.115.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 php56-common-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-dba-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mbstring-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-enchant-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-debuginfo-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-devel-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-process-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-odbc-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-xml-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-bcmath-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-imap-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-embedded-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-dbg-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pgsql-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-ldap-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-xmlrpc-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mysqlnd-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-recode-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-gmp-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-intl-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mcrypt-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mssql-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-snmp-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pspell-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-cli-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-fpm-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-gd-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pdo-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-tidy-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-opcache-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-soap-5.6.10-1.115.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2014-3416](<https://access.redhat.com/security/cve/CVE-2014-3416>), [CVE-2015-2325](<https://access.redhat.com/security/cve/CVE-2015-2325>), [CVE-2015-2326](<https://access.redhat.com/security/cve/CVE-2015-2326>), [CVE-2015-3414](<https://access.redhat.com/security/cve/CVE-2015-3414>), [CVE-2015-3415](<https://access.redhat.com/security/cve/CVE-2015-3415>), [CVE-2015-4642](<https://access.redhat.com/security/cve/CVE-2015-4642>), [CVE-2015-4643](<https://access.redhat.com/security/cve/CVE-2015-4643>), [CVE-2015-4644](<https://access.redhat.com/security/cve/CVE-2015-4644>)\n\nMitre: [CVE-2014-3416](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3416>), [CVE-2015-2325](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325>), [CVE-2015-2326](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326>), [CVE-2015-3414](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414>), [CVE-2015-3415](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415>), [CVE-2015-4642](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642>), [CVE-2015-4643](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643>), [CVE-2015-4644](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-07T12:40:00", "type": "amazon", "title": "Medium: php56", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3416", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2015-07-07T22:39:00", "id": "ALAS-2015-563", "href": "https://alas.aws.amazon.com/ALAS-2015-563.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-01T21:22:53", "description": "**Issue Overview:**\n\nUpstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326). All PHP 5.5 users are encouraged to upgrade to this version. Please see the <a href=\"http://php.net/ChangeLog-5.php#5.5.26\">upstream release notes</a> for full details.\n\n \n**Affected Packages:** \n\n\nphp55\n\n \n**Issue Correction:** \nRun _yum update php55_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 php55-cli-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-odbc-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-dba-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-bcmath-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-common-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mysqlnd-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-xml-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-recode-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-intl-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-devel-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-opcache-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-gd-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-gmp-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-soap-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-ldap-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-imap-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-debuginfo-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mbstring-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-xmlrpc-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mcrypt-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mssql-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-embedded-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-pdo-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-process-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-pspell-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-enchant-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-fpm-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-pgsql-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-tidy-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-snmp-5.5.26-1.103.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 php55-5.5.26-1.103.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 php55-pspell-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-imap-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-embedded-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mcrypt-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-cli-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-tidy-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-gd-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-odbc-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-process-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mbstring-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-gmp-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mssql-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-snmp-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-ldap-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-devel-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mysqlnd-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-common-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-xml-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-recode-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-debuginfo-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-fpm-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-bcmath-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-xmlrpc-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-opcache-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-enchant-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-pgsql-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-pdo-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-intl-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-dba-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-soap-5.5.26-1.103.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2014-3416](<https://access.redhat.com/security/cve/CVE-2014-3416>), [CVE-2015-2325](<https://access.redhat.com/security/cve/CVE-2015-2325>), [CVE-2015-2326](<https://access.redhat.com/security/cve/CVE-2015-2326>), [CVE-2015-3414](<https://access.redhat.com/security/cve/CVE-2015-3414>), [CVE-2015-3415](<https://access.redhat.com/security/cve/CVE-2015-3415>), [CVE-2015-4642](<https://access.redhat.com/security/cve/CVE-2015-4642>), [CVE-2015-4643](<https://access.redhat.com/security/cve/CVE-2015-4643>), [CVE-2015-4644](<https://access.redhat.com/security/cve/CVE-2015-4644>)\n\nMitre: [CVE-2014-3416](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3416>), [CVE-2015-2325](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325>), [CVE-2015-2326](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326>), [CVE-2015-3414](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414>), [CVE-2015-3415](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415>), [CVE-2015-4642](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642>), [CVE-2015-4643](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643>), [CVE-2015-4644](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-07T12:40:00", "type": "amazon", "title": "Medium: php55", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3416", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2015-07-07T22:40:00", "id": "ALAS-2015-562", "href": "https://alas.aws.amazon.com/ALAS-2015-562.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-27T14:16:46", "description": "An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021)\n\nAn integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026)\n\nPCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325)\n\nPCRE library is prone to a vulnerability which leads to Heap overflow.\nWithout enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application.\n(CVE-2015-2326)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2015-06-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php54 (ALAS-2015-534)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2020-01-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php54", "p-cpe:/a:amazon:linux:php54-bcmath", "p-cpe:/a:amazon:linux:php54-cli", "p-cpe:/a:amazon:linux:php54-common", "p-cpe:/a:amazon:linux:php54-dba", "p-cpe:/a:amazon:linux:php54-debuginfo", "p-cpe:/a:amazon:linux:php54-devel", "p-cpe:/a:amazon:linux:php54-embedded", "p-cpe:/a:amazon:linux:php54-enchant", "p-cpe:/a:amazon:linux:php54-fpm", "p-cpe:/a:amazon:linux:php54-gd", "p-cpe:/a:amazon:linux:php54-imap", "p-cpe:/a:amazon:linux:php54-intl", "p-cpe:/a:amazon:linux:php54-ldap", "p-cpe:/a:amazon:linux:php54-mbstring", "p-cpe:/a:amazon:linux:php54-mcrypt", "p-cpe:/a:amazon:linux:php54-mssql", "p-cpe:/a:amazon:linux:php54-mysql", "p-cpe:/a:amazon:linux:php54-mysqlnd", "p-cpe:/a:amazon:linux:php54-odbc", "p-cpe:/a:amazon:linux:php54-pdo", "p-cpe:/a:amazon:linux:php54-pgsql", "p-cpe:/a:amazon:linux:php54-process", "p-cpe:/a:amazon:linux:php54-pspell", "p-cpe:/a:amazon:linux:php54-recode", "p-cpe:/a:amazon:linux:php54-snmp", "p-cpe:/a:amazon:linux:php54-soap", "p-cpe:/a:amazon:linux:php54-tidy", "p-cpe:/a:amazon:linux:php54-xml", "p-cpe:/a:amazon:linux:php54-xmlrpc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-534.NASL", "href": "https://www.tenable.com/plugins/nessus/83973", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-534.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83973);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2020/01/27\");\n\n script_cve_id(\"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_xref(name:\"ALAS\", value:\"2015-534\");\n\n script_name(english:\"Amazon Linux AMI : php54 (ALAS-2015-534)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer underflow flaw leading to out-of-bounds memory access was\nfound in the way PHP's Phar extension parsed Phar archives. A\nspecially crafted archive could cause PHP to crash or, possibly,\nexecute arbitrary code when opened. (CVE-2015-4021)\n\nAn integer overflow flaw leading to a heap based buffer overflow was\nfound in the way PHP's FTP extension parsed file listing FTP server\nresponses. A malicious FTP server could use this flaw to cause a PHP\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount\nof CPU time. (CVE-2015-4024)\n\nIt was found that certain PHP functions did not properly handle file\nnames containing a NULL character. A remote attacker could possibly\nuse this flaw to make a PHP script access unexpected files and bypass\nintended file system access restrictions. (CVE-2015-4025)\n\nIt was found that certain PHP functions did not properly handle file\nnames containing a NULL character. A remote attacker could possibly\nuse this flaw to make a PHP script access unexpected files and bypass\nintended file system access restrictions. (CVE-2015-4026)\n\nPCRE library is prone to a heap overflow vulnerability. Due to\ninsufficient bounds checking inside compile_branch(), the heap memory\ncould be overflowed via a crafted regular expression. Since PCRE\nlibrary is widely used, this vulnerability should affect many\napplications using it. An attacker may exploit this issue to execute\narbitrary code in the context of the user running the affected\napplication. (CVE-2015-2325)\n\nPCRE library is prone to a vulnerability which leads to Heap overflow.\nWithout enough bound checking inside pcre_compile2(), the heap memory\ncould be overflowed via a crafted regular expression. Since PCRE\nlibrary is widely used, this vulnerability should affect many\napplications. An attacker may exploit this issue to execute arbitrary\ncode in the context of the user running the affected application.\n(CVE-2015-2326)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-534.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php54' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php54-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-bcmath-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-cli-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-common-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-dba-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-debuginfo-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-devel-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-embedded-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-enchant-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-fpm-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-gd-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-imap-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-intl-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-ldap-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mbstring-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mcrypt-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mssql-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mysql-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mysqlnd-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-odbc-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pdo-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pgsql-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-process-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pspell-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-recode-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-snmp-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-soap-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-tidy-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-xml-5.4.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-xmlrpc-5.4.41-1.69.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php54 / php54-bcmath / php54-cli / php54-common / php54-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:03", "description": "An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021)\n\nAn integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026)\n\nPCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325)\n\nPCRE library is prone to a vulnerability which leads to Heap overflow.\nWithout enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application.\n(CVE-2015-2326)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2015-06-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php56 (ALAS-2015-536)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2020-01-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php56", "p-cpe:/a:amazon:linux:php56-bcmath", "p-cpe:/a:amazon:linux:php56-cli", "p-cpe:/a:amazon:linux:php56-common", "p-cpe:/a:amazon:linux:php56-dba", "p-cpe:/a:amazon:linux:php56-dbg", "p-cpe:/a:amazon:linux:php56-debuginfo", "p-cpe:/a:amazon:linux:php56-devel", "p-cpe:/a:amazon:linux:php56-embedded", "p-cpe:/a:amazon:linux:php56-enchant", "p-cpe:/a:amazon:linux:php56-fpm", "p-cpe:/a:amazon:linux:php56-gd", "p-cpe:/a:amazon:linux:php56-gmp", "p-cpe:/a:amazon:linux:php56-imap", "p-cpe:/a:amazon:linux:php56-intl", "p-cpe:/a:amazon:linux:php56-ldap", "p-cpe:/a:amazon:linux:php56-mbstring", "p-cpe:/a:amazon:linux:php56-mcrypt", "p-cpe:/a:amazon:linux:php56-mssql", "p-cpe:/a:amazon:linux:php56-mysqlnd", "p-cpe:/a:amazon:linux:php56-odbc", "p-cpe:/a:amazon:linux:php56-opcache", "p-cpe:/a:amazon:linux:php56-pdo", "p-cpe:/a:amazon:linux:php56-pgsql", "p-cpe:/a:amazon:linux:php56-process", "p-cpe:/a:amazon:linux:php56-pspell", "p-cpe:/a:amazon:linux:php56-recode", "p-cpe:/a:amazon:linux:php56-snmp", "p-cpe:/a:amazon:linux:php56-soap", "p-cpe:/a:amazon:linux:php56-tidy", "p-cpe:/a:amazon:linux:php56-xml", "p-cpe:/a:amazon:linux:php56-xmlrpc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-536.NASL", "href": "https://www.tenable.com/plugins/nessus/83975", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-536.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83975);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2020/01/27\");\n\n script_cve_id(\"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_xref(name:\"ALAS\", value:\"2015-536\");\n\n script_name(english:\"Amazon Linux AMI : php56 (ALAS-2015-536)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer underflow flaw leading to out-of-bounds memory access was\nfound in the way PHP's Phar extension parsed Phar archives. A\nspecially crafted archive could cause PHP to crash or, possibly,\nexecute arbitrary code when opened. (CVE-2015-4021)\n\nAn integer overflow flaw leading to a heap based buffer overflow was\nfound in the way PHP's FTP extension parsed file listing FTP server\nresponses. A malicious FTP server could use this flaw to cause a PHP\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount\nof CPU time. (CVE-2015-4024)\n\nIt was found that certain PHP functions did not properly handle file\nnames containing a NULL character. A remote attacker could possibly\nuse this flaw to make a PHP script access unexpected files and bypass\nintended file system access restrictions. (CVE-2015-4025)\n\nIt was found that certain PHP functions did not properly handle file\nnames containing a NULL character. A remote attacker could possibly\nuse this flaw to make a PHP script access unexpected files and bypass\nintended file system access restrictions. (CVE-2015-4026)\n\nPCRE library is prone to a heap overflow vulnerability. Due to\ninsufficient bounds checking inside compile_branch(), the heap memory\ncould be overflowed via a crafted regular expression. Since PCRE\nlibrary is widely used, this vulnerability should affect many\napplications using it. An attacker may exploit this issue to execute\narbitrary code in the context of the user running the affected\napplication. (CVE-2015-2325)\n\nPCRE library is prone to a vulnerability which leads to Heap overflow.\nWithout enough bound checking inside pcre_compile2(), the heap memory\ncould be overflowed via a crafted regular expression. Since PCRE\nlibrary is widely used, this vulnerability should affect many\napplications. An attacker may exploit this issue to execute arbitrary\ncode in the context of the user running the affected application.\n(CVE-2015-2326)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-536.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php56-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-bcmath-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-cli-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-common-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dba-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dbg-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-debuginfo-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-devel-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-embedded-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-enchant-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-fpm-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gd-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gmp-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-imap-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-intl-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-ldap-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mbstring-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mcrypt-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mssql-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mysqlnd-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-odbc-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-opcache-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pdo-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pgsql-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-process-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pspell-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-recode-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-snmp-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-soap-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-tidy-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xml-5.6.9-1.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xmlrpc-5.6.9-1.112.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:56:30", "description": "Versions of PHP 5.6.x earlier than 5.6.9 are exposed to the following issues :\n\n - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the '\\0' character with a safe file extension, to bypass access restrictions. This had been previously fixed but was reintroduced by a regression in versions 5.4+. (CVE-2006-7243, CVE-2015-4025)\n\n - A flaw exists in the phar_parse_tarfile() function in 'ext/phar/tar.c' that is triggered when handling zero-length filenames. This may allow an attacker to corrupt memory, crashing an application or potentially allowing code execution. (CVE-2015-4021)\n\n - An integer overflow condition exists in the ftp_genlist() function in 'ftp.c' due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possible remote code execution. (CVE-2015-4022)\n\n - A flaw exists in the multipart_buffer_headers() function in 'rfc1867.c' due to improper handling of multipart/form-data in HTTP requests. A remote attacker can exploit this flaw to cause a consumption of CPU resources, resulting in a denial of service condition. (CVE-2015-4024)\n\n - A security bypass vulnerability exists due to a flaw in the 'pcntl_exec' implementation that truncates a pathname upon encountering the '\\x00' character. A remote attacker can exploit this, via a crafted first argument, to bypass intended extension restrictions and execute arbitrary files. (CVE-2015-4026)\n\n - The PCRE library contains an overflow condition in the functions 'pcre_compile2()' and 'compile_branch()'. These issues are triggered as user-supplied input is not properly validated when handling regex. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)\n\n - An integer overflow condition exists in the function str_repeat(). The issue is triggered due to a sign mismatch condition. This may allow a context-dependent attacker to create corrupted ZVALs, leading to memory corruption. This may result in a denial of service or potentially the execution of arbitrary code.\n\n - An overflow condition affects the unpack() function in 'ext/standard/pack.c'. The issue is triggered as user-supplied input passed via the 'format' parameter is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.\n\n - An unspecified flaw exists in the zend_std_get_method() function in 'Zend/zend_compile.c' that may allow an attacker to trigger an invalid read. No further details have been provided by the vendor.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2015-06-18T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.9 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7243", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "8786.PRM", "href": "https://www.tenable.com/plugins/nnm/8786", "sourceData": "Binary data 8786.prm", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:16:25", "description": "New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / current : php (SSA:2015-162-02)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7243", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:php", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2015-162-02.NASL", "href": "https://www.tenable.com/plugins/nessus/84127", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-162-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84127);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_bugtraq_id(44951, 74700, 74902, 74903, 74904, 75056);\n script_xref(name:\"SSA\", value:\"2015-162-02\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / current : php (SSA:2015-162-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 14.0, 14.1, and -current\nto fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.414774\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd9704a8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"php\", pkgver:\"5.4.41\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.4.41\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"php\", pkgver:\"5.4.41\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.4.41\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.6.9\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.9\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:15:33", "description": "According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.9. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified flaws in pcrelib.\n (CVE-2015-2325, CVE-2015-2326)\n\n - A flaw in the phar_parse_tarfile function in ext/phar/tar.c could allow a denial of service via a crafted entry in a tar archive.\n (CVE-2015-4021)\n\n - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the '\\0' character with a safe file extension, to bypass access restrictions. This had been previously fixed but was reintroduced by a regression in versions 5.4+. (CVE-2006-7243, CVE-2015-4025)\n\n - An integer overflow condition exists in the ftp_genlist() function in ftp.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possible remote code execution. (CVE-2015-4022)\n\n - A flaw exists in the multipart_buffer_headers() function in rfc1867.c due to improper handling of multipart/form-data in HTTP requests. A remote attacker can exploit this flaw to cause a consumption of CPU resources, resulting in a denial of service condition.\n (CVE-2015-4024)\n\n - A security bypass vulnerability exists due to a flaw in the pcntl_exec implementation that truncates a pathname upon encountering the '\\x00' character. A remote attacker can exploit this, via a crafted first argument, to bypass intended extension restrictions and execute arbitrary files. (CVE-2015-4026)\n\n - A NULL pointer dereference flaw exists in the xsl_ext_function_php() function in xsltprocessor.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2015-05-18T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.9 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7243", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_6_9.NASL", "href": "https://www.tenable.com/plugins/nessus/83519", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83519);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2006-7243\",\n \"CVE-2015-2325\",\n \"CVE-2015-2326\",\n \"CVE-2015-4021\",\n \"CVE-2015-4022\",\n \"CVE-2015-4024\",\n \"CVE-2015-4025\",\n \"CVE-2015-4026\"\n );\n script_bugtraq_id(\n 44951,\n 74700,\n 74902,\n 74903,\n 74904,\n 75056,\n 75174,\n 75175\n );\n\n script_name(english:\"PHP 5.6.x < 5.6.9 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.6.x running on the\nremote web server is prior to 5.6.9. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Multiple unspecified flaws in pcrelib.\n (CVE-2015-2325, CVE-2015-2326)\n\n - A flaw in the phar_parse_tarfile function in\n ext/phar/tar.c could allow a denial of service\n via a crafted entry in a tar archive.\n (CVE-2015-4021)\n\n - Multiple flaws exist related to using pathnames\n containing NULL bytes. A remote attacker can exploit\n these flaws, by combining the '\\0' character with a safe\n file extension, to bypass access restrictions. This had\n been previously fixed but was reintroduced by a\n regression in versions 5.4+. (CVE-2006-7243,\n CVE-2015-4025)\n\n - An integer overflow condition exists in the\n ftp_genlist() function in ftp.c due to improper\n validation of user-supplied input. A remote attacker can\n exploit this to cause a heap-based buffer overflow,\n resulting in a denial of service condition or possible\n remote code execution. (CVE-2015-4022)\n\n - A flaw exists in the multipart_buffer_headers() function\n in rfc1867.c due to improper handling of\n multipart/form-data in HTTP requests. A remote attacker\n can exploit this flaw to cause a consumption of CPU\n resources, resulting in a denial of service condition.\n (CVE-2015-4024)\n\n - A security bypass vulnerability exists due to a flaw in\n the pcntl_exec implementation that truncates a pathname\n upon encountering the '\\x00' character. A remote\n attacker can exploit this, via a crafted first argument,\n to bypass intended extension restrictions and execute\n arbitrary files. (CVE-2015-4026)\n\n - A NULL pointer dereference flaw exists in the\n xsl_ext_function_php() function in xsltprocessor.c due\n to improper validation of user-supplied input. A remote\n attacker can exploit this to cause a denial of service\n condition.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.6.9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.6.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4026\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.6)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.6\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.6.x\", port);\n\nif (version =~ \"^5\\.6\\.[0-8]($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version +\n '\\n Fixed version : 5.6.9' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:36:42", "description": "According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.41. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified flaws in pcrelib.\n (CVE-2015-2325, CVE-2015-2326)\n\n - A flaw in the phar_parse_tarfile function in ext/phar/tar.c could allow a denial of service via a crafted entry in a tar archive.\n (CVE-2015-4021)\n\n - An integer overflow condition exists in the ftp_genlist() function in ftp.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possible remote code execution. (CVE-2015-4022)\n\n - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the '\\0' character with a safe file extension, to bypass access restrictions. This had been previously fixed but was reintroduced by a regression in versions 5.4+. (CVE-2006-7243, CVE-2015-4025)\n\n - A flaw exists in the multipart_buffer_headers() function in rfc1867.c due to improper handling of multipart/form-data in HTTP requests. A remote attacker can exploit this flaw to cause a consumption of CPU resources, resulting in a denial of service condition.\n (CVE-2015-4024)\n\n - A security bypass vulnerability exists due to a flaw in the pcntl_exec implementation that truncates a pathname upon encountering the '\\x00' character. A remote attacker can exploit this, via a crafted first argument, to bypass intended extension restrictions and execute arbitrary files. (CVE-2015-4026)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2015-05-18T00:00:00", "type": "nessus", "title": "PHP 5.4.x < 5.4.41 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7243", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_4_41.NASL", "href": "https://www.tenable.com/plugins/nessus/83517", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83517);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2006-7243\",\n \"CVE-2015-2325\",\n \"CVE-2015-2326\",\n \"CVE-2015-4021\",\n \"CVE-2015-4022\",\n \"CVE-2015-4024\",\n \"CVE-2015-4025\",\n \"CVE-2015-4026\"\n );\n script_bugtraq_id(\n 44951,\n 74700,\n 74902,\n 74903,\n 74904,\n 75056,\n 75174,\n 75175\n );\n\n script_name(english:\"PHP 5.4.x < 5.4.41 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.4.x running on the\nremote web server is prior to 5.4.41. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Multiple unspecified flaws in pcrelib.\n (CVE-2015-2325, CVE-2015-2326)\n\n - A flaw in the phar_parse_tarfile function in\n ext/phar/tar.c could allow a denial of service\n via a crafted entry in a tar archive.\n (CVE-2015-4021)\n\n - An integer overflow condition exists in the\n ftp_genlist() function in ftp.c due to improper\n validation of user-supplied input. A remote attacker can\n exploit this to cause a heap-based buffer overflow,\n resulting in a denial of service condition or possible\n remote code execution. (CVE-2015-4022)\n\n - Multiple flaws exist related to using pathnames\n containing NULL bytes. A remote attacker can exploit\n these flaws, by combining the '\\0' character with a safe\n file extension, to bypass access restrictions. This had\n been previously fixed but was reintroduced by a\n regression in versions 5.4+. (CVE-2006-7243,\n CVE-2015-4025)\n\n - A flaw exists in the multipart_buffer_headers() function\n in rfc1867.c due to improper handling of\n multipart/form-data in HTTP requests. A remote attacker\n can exploit this flaw to cause a consumption of CPU\n resources, resulting in a denial of service condition.\n (CVE-2015-4024)\n\n - A security bypass vulnerability exists due to a flaw in\n the pcntl_exec implementation that truncates a pathname\n upon encountering the '\\x00' character. A remote\n attacker can exploit this, via a crafted first argument,\n to bypass intended extension restrictions and execute\n arbitrary files. (CVE-2015-4026)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.4.41\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.4.41 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4026\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.4)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.4\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.4.x\", port);\n\nif (version =~ \"^5\\.4\\.([0-9]|[1-3][0-9]|4[0])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version +\n '\\n Fixed version : 5.4.41' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:39:07", "description": "The SecurityCenter application installed on the remote host is affected by multiple vulnerabilities in the bundled version of PHP that is prior to version 5.4.41. It is, therefore, affected by the following vulnerabilities :\n\n - A flaw in the phar_parse_tarfile function in ext/phar/tar.c could allow a denial of service via a crafted entry in a tar archive.\n (CVE-2015-4021)\n\n - An integer overflow condition exists in the ftp_genlist() function in ftp.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possible remote code execution. (CVE-2015-4022)\n\n - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the '\\0' character with a safe file extension, to bypass access restrictions. This had been previously fixed but was reintroduced by a regression in versions 5.4+. (CVE-2006-7243, CVE-2015-4025)\n\n - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)\n\n - A security bypass vulnerability exists due to a flaw in the pcntl_exec implementation that truncates a pathname upon encountering the '\\x00' character. A remote attacker can exploit this, via a crafted first argument, to bypass intended extension restrictions and execute arbitrary files. (CVE-2015-4026)\n\n - A flaw exists in the multipart_buffer_headers() function in rfc1867.c due to improper handling of multipart/form-data in HTTP requests. A remote attacker can exploit this flaw to cause a consumption of CPU resources, resulting in a denial of service condition.\n (CVE-2015-4024)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2015-08-20T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter Multiple PHP Vulnerabilities (TNS-2015-06)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7243", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2022-06-29T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_PHP_5_4_41.NASL", "href": "https://www.tenable.com/plugins/nessus/85566", "sourceData": "#TRUSTED 00f3b1fda242644862d3dd8bf4db924d7ebe0f136971c4313c9a0785fee8701c7672972acf06853e2fbbabc62e0e6c4a1dda632e788d67e5b0a8d92b2f40a30541cad5bb49f1d486d0169537629330895d3f51484627d612f52b638ba9aab1eb6f13f8d55c2bff76c60abeab6a8637a44c8d24763806a4391cd5e1698a67102d8a5bb4e1d02fbf80f548fb8da1374593c8760c15db05f20eb8e569ee09f867e1575756d01d36bea64e0790eb1039c7c3d6b8c053af1911af4efe457252b2d1a23cbd82e9054f3bc63176a201614e3707214e78bf282fdfa250fbcae1e73c98efe49b0c06d6c78f5a4494ecb4d5cd1da63c55f1e3790bbddd0840ec1aa211f863e8c1b3a1ef79ebf6aa0ed8fd141c6c61d83394e71792415f943d4a7230a12e6438deeed2950131e1fb6ac29818cb6546428db83a6b72d0b7d705ab33ac1a1e6646722158b1c1f2253d501a350acb889583dfcb91aa1dc335b4f8eafea2e588c881c8025b38e6e4e9ff529ba855d37b4704f65c47a0e8ccb4c8b9c2ae65b10f825667ec45c6d7dfd120374b5b836f64dd8607715021e03d0a040697d11bc3ec4c439ac70434f1bc954bc2fe35e5696806fd3c11b4fb70378b49e82bae6d8c47939321ecb875565db005bb7e9832a1b0a8ff841359bd9d287d86afe2da3268e57ca7bd6051e3133aaf4f2cc5a487c98bcdce146d2cb603eabcf490b05badeccada\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85566);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/29\");\n\n script_cve_id(\n \"CVE-2006-7243\",\n \"CVE-2015-2325\",\n \"CVE-2015-2326\",\n \"CVE-2015-4021\",\n \"CVE-2015-4022\",\n \"CVE-2015-4024\",\n \"CVE-2015-4025\",\n \"CVE-2015-4026\"\n );\n script_bugtraq_id(\n 44951,\n 74700,\n 74902,\n 74903,\n 74904,\n 75056,\n 75174,\n 75175\n );\n\n script_name(english:\"Tenable SecurityCenter Multiple PHP Vulnerabilities (TNS-2015-06)\");\n script_summary(english:\"Checks the version of PHP in SecurityCenter.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote application is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SecurityCenter application installed on the remote host is\naffected by multiple vulnerabilities in the bundled version of PHP\nthat is prior to version 5.4.41. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A flaw in the phar_parse_tarfile function in\n ext/phar/tar.c could allow a denial of service\n via a crafted entry in a tar archive.\n (CVE-2015-4021)\n\n - An integer overflow condition exists in the\n ftp_genlist() function in ftp.c due to improper\n validation of user-supplied input. A remote attacker can\n exploit this to cause a heap-based buffer overflow,\n resulting in a denial of service condition or possible\n remote code execution. (CVE-2015-4022)\n\n - Multiple flaws exist related to using pathnames\n containing NULL bytes. A remote attacker can exploit\n these flaws, by combining the '\\0' character with a safe\n file extension, to bypass access restrictions. This had\n been previously fixed but was reintroduced by a\n regression in versions 5.4+. (CVE-2006-7243,\n CVE-2015-4025)\n\n - Multiple heap buffer overflow conditions exist in the\n bundled Perl-Compatible Regular Expression (PCRE)\n library due to improper validation of user-supplied\n input to the compile_branch() and pcre_compile2()\n functions. A remote attacker can exploit these\n conditions to cause a heap-based buffer overflow,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2015-2325,\n CVE-2015-2326)\n\n - A security bypass vulnerability exists due to a flaw in\n the pcntl_exec implementation that truncates a pathname\n upon encountering the '\\x00' character. A remote\n attacker can exploit this, via a crafted first argument,\n to bypass intended extension restrictions and execute\n arbitrary files. (CVE-2015-4026)\n\n - A flaw exists in the multipart_buffer_headers() function\n in rfc1867.c due to improper handling of\n multipart/form-data in HTTP requests. A remote attacker\n can exploit this flaw to cause a consumption of CPU\n resources, resulting in a denial of service condition.\n (CVE-2015-4024)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2015-06\");\n script_set_attribute(attribute:\"see_also\", value:\"https://secure.php.net/ChangeLog-5.php#5.4.41\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant patch referenced in the vendor advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4026\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\", \"securitycenter_detect.nbin\");\n script_require_keys(\"Host/SecurityCenter/Version\", \"installed_sw/SecurityCenter\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"telnet_func.inc\");\ninclude(\"hostlevel_funcs.inc\");\ninclude(\"install_func.inc\");\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS ||\n get_one_kb_item('HostLevelChecks/proto') == 'local')\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nsc_ver = get_kb_item(\"Host/SecurityCenter/Version\");\nport = 0;\nif(empty_or_null(sc_ver))\n{\n port = 443;\n install = get_single_install(app_name:\"SecurityCenter\", combined:TRUE, exit_if_unknown_ver:TRUE);\n sc_ver = install[\"version\"];\n}\nif (! preg(pattern:\"^(4\\.[6789]|5)\\.\", string:sc_ver)) audit(AUDIT_INST_VER_NOT_VULN, \"SecurityCenter\", sc_ver);\n\n# Establish running of local commands\nif ( islocalhost() )\n{\n if ( ! defined_func(\"pread\") ) audit(AUDIT_NOT_DETECT, \"pread\");\n info_t = INFO_LOCAL;\n}\nelse\n{\n sock_g = ssh_open_connection();\n if (! sock_g) audit(AUDIT_HOST_NOT, \"able to connect via the provided SSH credentials.\");\n info_t = INFO_SSH;\n}\n\nline = info_send_cmd(cmd:\"/opt/sc4/support/bin/php -v\");\nif (!line) line = info_send_cmd(cmd:\"/opt/sc/support/bin/php -v\");\nif (!line)\n{\n if(info_t == INFO_SSH) ssh_close_connection();\n audit(AUDIT_UNKNOWN_APP_VER, \"PHP (within SecurityCenter)\");\n}\n\nif(info_t == INFO_SSH) ssh_close_connection();\n\npattern = \"PHP ([0-9.]+) \";\nmatch =pregmatch(pattern:pattern, string:line);\nif (isnull(match))\n audit(AUDIT_UNKNOWN_APP_VER, \"PHP (within SecurityCenter)\");\n\nversion = match[1];\n\nif (version =~ \"^5\\.4\\.\") fix = \"5.4.41\";\nelse if (version =~ \"^5\\.5\\.\") fix = \"5.5.25\";\nelse if (version =~ \"^5\\.6\\.\") fix = \"5.6.9\";\nelse fix = \"5.4.41\"; # default to known php release branch used in advisory\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n report = '\\n' +\n '\\n SecurityCenter version : ' + sc_ver +\n '\\n SecurityCenter PHP version : ' + version +\n '\\n Fixed PHP version : ' + fix +\n '\\n';\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"PHP (within SecurityCenter)\", version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:16:59", "description": "An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021)\n\nAn integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026)", "cvss3": {}, "published": "2015-06-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php55 (ALAS-2015-535)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php55", "p-cpe:/a:amazon:linux:php55-bcmath", "p-cpe:/a:amazon:linux:php55-cli", "p-cpe:/a:amazon:linux:php55-common", "p-cpe:/a:amazon:linux:php55-dba", "p-cpe:/a:amazon:linux:php55-debuginfo", "p-cpe:/a:amazon:linux:php55-devel", "p-cpe:/a:amazon:linux:php55-embedded", "p-cpe:/a:amazon:linux:php55-enchant", "p-cpe:/a:amazon:linux:php55-fpm", "p-cpe:/a:amazon:linux:php55-gd", "p-cpe:/a:amazon:linux:php55-gmp", "p-cpe:/a:amazon:linux:php55-imap", "p-cpe:/a:amazon:linux:php55-intl", "p-cpe:/a:amazon:linux:php55-ldap", "p-cpe:/a:amazon:linux:php55-mbstring", "p-cpe:/a:amazon:linux:php55-mcrypt", "p-cpe:/a:amazon:linux:php55-mssql", "p-cpe:/a:amazon:linux:php55-mysqlnd", "p-cpe:/a:amazon:linux:php55-odbc", "p-cpe:/a:amazon:linux:php55-opcache", "p-cpe:/a:amazon:linux:php55-pdo", "p-cpe:/a:amazon:linux:php55-pgsql", "p-cpe:/a:amazon:linux:php55-process", "p-cpe:/a:amazon:linux:php55-pspell", "p-cpe:/a:amazon:linux:php55-recode", "p-cpe:/a:amazon:linux:php55-snmp", "p-cpe:/a:amazon:linux:php55-soap", "p-cpe:/a:amazon:linux:php55-tidy", "p-cpe:/a:amazon:linux:php55-xml", "p-cpe:/a:amazon:linux:php55-xmlrpc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-535.NASL", "href": "https://www.tenable.com/plugins/nessus/83974", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-535.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83974);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_xref(name:\"ALAS\", value:\"2015-535\");\n\n script_name(english:\"Amazon Linux AMI : php55 (ALAS-2015-535)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer underflow flaw leading to out-of-bounds memory access was\nfound in the way PHP's Phar extension parsed Phar archives. A\nspecially crafted archive could cause PHP to crash or, possibly,\nexecute arbitrary code when opened. (CVE-2015-4021)\n\nAn integer overflow flaw leading to a heap based buffer overflow was\nfound in the way PHP's FTP extension parsed file listing FTP server\nresponses. A malicious FTP server could use this flaw to cause a PHP\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount\nof CPU time. (CVE-2015-4024)\n\nIt was found that certain PHP functions did not properly handle file\nnames containing a NULL character. A remote attacker could possibly\nuse this flaw to make a PHP script access unexpected files and bypass\nintended file system access restrictions. (CVE-2015-4025)\n\nIt was found that certain PHP functions did not properly handle file\nnames containing a NULL character. A remote attacker could possibly\nuse this flaw to make a PHP script access unexpected files and bypass\nintended file system access restrictions. (CVE-2015-4026)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-535.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php55' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php55-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-bcmath-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-cli-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-common-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-dba-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-debuginfo-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-devel-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-embedded-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-enchant-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-fpm-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-gd-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-gmp-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-imap-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-intl-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-ldap-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mbstring-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mcrypt-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mssql-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mysqlnd-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-odbc-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-opcache-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pdo-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pgsql-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-process-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pspell-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-recode-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-snmp-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-soap-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-tidy-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-xml-5.5.25-1.101.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-xmlrpc-5.5.25-1.101.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php55 / php55-bcmath / php55-cli / php55-common / php55-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:16:48", "description": "php5 was updated to fix four security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-4024: Multipart/form-data remote dos Vulnerability (bnc#931421)\n\n - CVE-2015-4026: pcntl_exec() does not check path validity (bnc#931776)\n\n - CVE-2015-4022: overflow in ftp_genlist() resulting in heap overflow (bnc#931772)\n\n - CVE-2015-4021: memory corruption in phar_parse_tarfile when entry filename starts with NULL (bnc#931769)", "cvss3": {}, "published": "2015-06-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : php5 (openSUSE-2015-396)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4026"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-firebird", "p-cpe:/a:novell:opensuse:php5-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-mssql", "p-cpe:/a:novell:opensuse:php5-mssql-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-opcache", "p-cpe:/a:novell:opensuse:php5-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-396.NASL", "href": "https://www.tenable.com/plugins/nessus/83983", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-396.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83983);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4026\");\n\n script_name(english:\"openSUSE Security Update : php5 (openSUSE-2015-396)\");\n script_summary(english:\"Check for the openSUSE-2015-396 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"php5 was updated to fix four security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-4024: Multipart/form-data remote dos\n Vulnerability (bnc#931421)\n\n - CVE-2015-4026: pcntl_exec() does not check path validity\n (bnc#931776)\n\n - CVE-2015-4022: overflow in ftp_genlist() resulting in\n heap overflow (bnc#931772)\n\n - CVE-2015-4021: memory corruption in phar_parse_tarfile\n when entry filename starts with NULL (bnc#931769)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931776\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_php5-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_php5-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bcmath-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bcmath-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bz2-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bz2-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-calendar-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-calendar-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ctype-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ctype-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-curl-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-curl-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dba-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dba-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-debugsource-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-devel-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dom-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dom-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-enchant-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-enchant-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-exif-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-exif-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fastcgi-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fastcgi-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fileinfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fileinfo-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-firebird-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-firebird-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fpm-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fpm-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ftp-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ftp-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gd-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gd-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gettext-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gettext-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gmp-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gmp-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-iconv-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-iconv-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-imap-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-imap-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-intl-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-intl-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-json-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-json-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ldap-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ldap-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mbstring-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mbstring-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mcrypt-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mcrypt-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mssql-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mssql-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mysql-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mysql-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-odbc-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-odbc-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-openssl-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-openssl-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pcntl-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pcntl-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pdo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pdo-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pear-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pgsql-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pgsql-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-phar-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-phar-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-posix-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-posix-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pspell-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pspell-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-readline-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-readline-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-shmop-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-shmop-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-snmp-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-snmp-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-soap-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-soap-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sockets-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sockets-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sqlite-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sqlite-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-suhosin-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-suhosin-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvmsg-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvmsg-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvsem-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvsem-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvshm-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvshm-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tidy-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tidy-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tokenizer-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tokenizer-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-wddx-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-wddx-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlreader-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlreader-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlrpc-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlrpc-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlwriter-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlwriter-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xsl-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xsl-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zip-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zip-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zlib-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zlib-debuginfo-5.4.20-55.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debugsource-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-devel-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pear-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-debuginfo-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-5.6.1-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-debuginfo-5.6.1-24.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:44:26", "description": "According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.9. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the '\\\\0' character with a safe file extension, to bypass access restrictions. This had been previously fixed but was reintroduced by a regression in versions 5.4+. (CVE-2006-7243, CVE-2015-4025)\n\n - An integer overflow condition exists in the ftp_genlist() function in ftp.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possible remote code execution. (CVE-2015-4022)\n\n - A flaw exists in the multipart_buffer_headers() function in rfc1867.c due to improper handling of multipart/form-data in HTTP requests. A remote attacker can exploit this flaw to cause a consumption of CPU resources, resulting in a denial of service condition. (CVE-2015-4024)\n\n - A security bypass vulnerability exists due to a flaw in the pcntl_exec implementation that truncates a pathname upon encountering the '\\\\x00' character. A remote attacker can exploit this, via a crafted first argument, to bypass intended extension restrictions and execute arbitrary files. (CVE-2015-4026)\n\n - A NULL pointer dereference flaw exists in the xsl_ext_function_php() function in xsltprocessor.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition.\n\nNote that the scanner has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.9 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7243", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2022-10-26T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98832", "href": "https://www.tenable.com/plugins/was/98832", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:37:47", "description": "14 May 2015, **PHP 5.6.9**\n\nCore :\n\n - Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence)\n\n - Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)\n\n - Fixed bug #60022 ('use statement [...] has no effect' depends on leading backslash). (Nikita)\n\n - Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry)\n\n - Fixed bug #68652 (segmentation fault in destructor).\n (Dmitry)\n\n - Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita)\n\n - Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). (Jan Starke)\n\n - Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)\n\n - Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas)\n\n - Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)\n\n - Fixed bug #69522 (heap buffer overflow in unpack()).\n (Stas)\n\nFTP :\n\n - Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Stas)\n\nODBC :\n\n - Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0). (Anatol)\n\n - Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). (Anatol)\n\n - Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall, Anatol Belski)\n\nOpenSSL :\n\n - Fixed bug #69402 (Reading empty SSL stream hangs until timeout). (Daniel Lowrey)\n\nPCNTL :\n\n - Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas)\n\nPCRE :\n\n - Upgraded pcrelib to 8.37.\n\nPhar :\n\n - Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (Stas)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-29T00:00:00", "type": "nessus", "title": "Fedora 21 : php-5.6.9-1.fc21 (2015-8383)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7243", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-8383.NASL", "href": "https://www.tenable.com/plugins/nessus/83896", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8383.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83896);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_xref(name:\"FEDORA\", value:\"2015-8383\");\n\n script_name(english:\"Fedora 21 : php-5.6.9-1.fc21 (2015-8383)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"14 May 2015, **PHP 5.6.9**\n\nCore :\n\n - Fixed bug #69467 (Wrong checked for the interface by\n using Trait). (Laruence)\n\n - Fixed bug #69420 (Invalid read in\n zend_std_get_method). (Laruence)\n\n - Fixed bug #60022 ('use statement [...] has no effect'\n depends on leading backslash). (Nikita)\n\n - Fixed bug #67314 (Segmentation fault in\n gc_remove_zval_from_buffer). (Dmitry)\n\n - Fixed bug #68652 (segmentation fault in destructor).\n (Dmitry)\n\n - Fixed bug #69419 (Returning compatible sub generator\n produces a warning). (Nikita)\n\n - Fixed bug #69472 (php_sys_readlink ignores misc errors\n from GetFinalPathNameByHandleA). (Jan Starke)\n\n - Fixed bug #69364 (PHP Multipart/form-data remote dos\n Vulnerability). (Stas)\n\n - Fixed bug #69403 (str_repeat() sign mismatch based\n memory corruption). (Stas)\n\n - Fixed bug #69418 (CVE-2006-7243 fix regressions in\n 5.4+). (Stas)\n\n - Fixed bug #69522 (heap buffer overflow in unpack()).\n (Stas)\n\nFTP :\n\n - Fixed bug #69545 (Integer overflow in ftp_genlist()\n resulting in heap overflow). (Stas)\n\nODBC :\n\n - Fixed bug #69354 (Incorrect use of SQLColAttributes with\n ODBC 3.0). (Anatol)\n\n - Fixed bug #69474 (ODBC: Query with same field name\n from two tables returns incorrect result). (Anatol)\n\n - Fixed bug #69381 (out of memory with sage odbc\n driver). (Frederic Marchall, Anatol Belski)\n\nOpenSSL :\n\n - Fixed bug #69402 (Reading empty SSL stream hangs until\n timeout). (Daniel Lowrey)\n\nPCNTL :\n\n - Fixed bug #68598 (pcntl_exec() should not allow null\n char). (Stas)\n\nPCRE :\n\n - Upgraded pcrelib to 8.37.\n\nPhar :\n\n - Fixed bug #69453 (Memory Corruption in\n phar_parse_tarfile when entry filename starts with\n null). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1222485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223425\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?615db80b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"php-5.6.9-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:37:22", "description": "PHP development team reports :\n\nFixed bug #69364 (PHP Multipart/form-data remote DoS Vulnerability).\n(CVE-2015-4024)\n\nFixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+).\n(CVE-2015-4025)\n\nFixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4022)\n\nFixed bug #68598 (pcntl_exec() should not allow null char).\n(CVE-2015-4026)\n\nFixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (CVE-2015-4021)", "cvss3": {}, "published": "2015-05-26T00:00:00", "type": "nessus", "title": "FreeBSD : php -- multiple vulnerabilities (31de2e13-00d2-11e5-a072-d050996490d0)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7243", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:php5", "p-cpe:/a:freebsd:freebsd:php55", "p-cpe:/a:freebsd:freebsd:php56", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_31DE2E1300D211E5A072D050996490D0.NASL", "href": "https://www.tenable.com/plugins/nessus/83792", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83792);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n\n script_name(english:\"FreeBSD : php -- multiple vulnerabilities (31de2e13-00d2-11e5-a072-d050996490d0)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP development team reports :\n\nFixed bug #69364 (PHP Multipart/form-data remote DoS Vulnerability).\n(CVE-2015-4024)\n\nFixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+).\n(CVE-2015-4025)\n\nFixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap\noverflow). (CVE-2015-4022)\n\nFixed bug #68598 (pcntl_exec() should not allow null char).\n(CVE-2015-4026)\n\nFixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry\nfilename starts with null). (CVE-2015-4021)\"\n );\n # https://php.net/ChangeLog-5.php#5.6.9\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secure.php.net/ChangeLog-5.php#5.6.9\"\n );\n # https://vuxml.freebsd.org/freebsd/31de2e13-00d2-11e5-a072-d050996490d0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?00a4bbe6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php5<5.4.41\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php55<5.5.25\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php56<5.6.9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:15:03", "description": "According to its banner, the version of PHP 5.5.x running on the remote web server is prior to 5.5.25. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw in the phar_parse_tarfile function in ext/phar/tar.c could allow a denial of service via a crafted entry in a tar archive.\n (CVE-2015-4021)\n\n - An integer overflow condition exists in the ftp_genlist() function in ftp.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possible remote code execution. (CVE-2015-4022)\n\n - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the '\\0' character with a safe file extension, to bypass access restrictions. This had been previously fixed but was reintroduced by a regression in versions 5.4+. (CVE-2006-7243, CVE-2015-4025)\n\n - A flaw exists in the multipart_buffer_headers() function in rfc1867.c due to improper handling of multipart/form-data in HTTP requests. A remote attacker can exploit this flaw to cause a consumption of CPU resources, resulting in a denial of service condition.\n (CVE-2015-4024)\n\n - A security bypass vulnerability exists due to a flaw in the pcntl_exec implementation that truncates a pathname upon encountering the '\\x00' character. A remote attacker can exploit this, via a crafted first argument, to bypass intended extension restrictions and execute arbitrary files. (CVE-2015-4026)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2015-05-18T00:00:00", "type": "nessus", "title": "PHP 5.5.x < 5.5.25 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7243", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_5_25.NASL", "href": "https://www.tenable.com/plugins/nessus/83518", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83518);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2006-7243\",\n \"CVE-2015-4021\",\n \"CVE-2015-4022\",\n \"CVE-2015-4024\",\n \"CVE-2015-4025\",\n \"CVE-2015-4026\"\n );\n script_bugtraq_id(\n 44951,\n 74700,\n 74902,\n 74903,\n 74904,\n 75056\n );\n\n script_name(english:\"PHP 5.5.x < 5.5.25 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.5.x running on the\nremote web server is prior to 5.5.25. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A flaw in the phar_parse_tarfile function in\n ext/phar/tar.c could allow a denial of service\n via a crafted entry in a tar archive.\n (CVE-2015-4021)\n\n - An integer overflow condition exists in the\n ftp_genlist() function in ftp.c due to improper\n validation of user-supplied input. A remote attacker can\n exploit this to cause a heap-based buffer overflow,\n resulting in a denial of service condition or possible\n remote code execution. (CVE-2015-4022)\n\n - Multiple flaws exist related to using pathnames\n containing NULL bytes. A remote attacker can exploit\n these flaws, by combining the '\\0' character with a safe\n file extension, to bypass access restrictions. This had\n been previously fixed but was reintroduced by a\n regression in versions 5.4+. (CVE-2006-7243,\n CVE-2015-4025)\n\n - A flaw exists in the multipart_buffer_headers() function\n in rfc1867.c due to improper handling of\n multipart/form-data in HTTP requests. A remote attacker\n can exploit this flaw to cause a consumption of CPU\n resources, resulting in a denial of service condition.\n (CVE-2015-4024)\n\n - A security bypass vulnerability exists due to a flaw in\n the pcntl_exec implementation that truncates a pathname\n upon encountering the '\\x00' character. A remote\n attacker can exploit this, via a crafted first argument,\n to bypass intended extension restrictions and execute\n arbitrary files. (CVE-2015-4026)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.5.25\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.5.25 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4026\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.5)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.5\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.5.x\", port);\n\nif (version =~ \"^5\\.5\\.([0-9]|1[0-9]|2[0-4])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version +\n '\\n Fixed version : 5.5.25' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:15:04", "description": "14 May 2015, **PHP 5.5.25**\n\n**Core:**\n\n - Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)\n\n - Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas)\n\n - Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)\n\n - Fixed bug #69522 (heap buffer overflow in unpack()).\n (Stas)\n\n - Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence)\n\n - Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)\n\n - Fixed bug #60022 ('use statement [...] has no effect' depends on leading backslash). (Nikita)\n\n - Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry)\n\n - Fixed bug #68652 (segmentation fault in destructor).\n (Dmitry)\n\n - Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita)\n\n - Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). (Jan Starke)\n\n**FTP:**\n\n - Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Stas)\n\n**ODBC:**\n\n - Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). (Anatol)\n\n - Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall, Anatol Belski)\n\n**OpenSSL:**\n\n - Fixed bug #69402 (Reading empty SSL stream hangs until timeout). (Daniel Lowrey)\n\n**PCNTL:**\n\n - Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas)\n\n**Phar:**\n\n - Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (Stas)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-29T00:00:00", "type": "nessus", "title": "Fedora 20 : php-5.5.25-1.fc20 (2015-8370)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7243", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2015-8370.NASL", "href": "https://www.tenable.com/plugins/nessus/83895", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8370.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83895);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_xref(name:\"FEDORA\", value:\"2015-8370\");\n\n script_name(english:\"Fedora 20 : php-5.5.25-1.fc20 (2015-8370)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"14 May 2015, **PHP 5.5.25**\n\n**Core:**\n\n - Fixed bug #69364 (PHP Multipart/form-data remote dos\n Vulnerability). (Stas)\n\n - Fixed bug #69403 (str_repeat() sign mismatch based\n memory corruption). (Stas)\n\n - Fixed bug #69418 (CVE-2006-7243 fix regressions in\n 5.4+). (Stas)\n\n - Fixed bug #69522 (heap buffer overflow in unpack()).\n (Stas)\n\n - Fixed bug #69467 (Wrong checked for the interface by\n using Trait). (Laruence)\n\n - Fixed bug #69420 (Invalid read in\n zend_std_get_method). (Laruence)\n\n - Fixed bug #60022 ('use statement [...] has no effect'\n depends on leading backslash). (Nikita)\n\n - Fixed bug #67314 (Segmentation fault in\n gc_remove_zval_from_buffer). (Dmitry)\n\n - Fixed bug #68652 (segmentation fault in destructor).\n (Dmitry)\n\n - Fixed bug #69419 (Returning compatible sub generator\n produces a warning). (Nikita)\n\n - Fixed bug #69472 (php_sys_readlink ignores misc errors\n from GetFinalPathNameByHandleA). (Jan Starke)\n\n**FTP:**\n\n - Fixed bug #69545 (Integer overflow in ftp_genlist()\n resulting in heap overflow). (Stas)\n\n**ODBC:**\n\n - Fixed bug #69474 (ODBC: Query with same field name from\n two tables returns incorrect result). (Anatol)\n\n - Fixed bug #69381 (out of memory with sage odbc\n driver). (Frederic Marchall, Anatol Belski)\n\n**OpenSSL:**\n\n - Fixed bug #69402 (Reading empty SSL stream hangs until\n timeout). (Daniel Lowrey)\n\n**PCNTL:**\n\n - Fixed bug #68598 (pcntl_exec() should not allow null\n char). (Stas)\n\n**Phar:**\n\n - Fixed bug #69453 (Memory Corruption in\n phar_parse_tarfile when entry filename starts with\n null). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1222485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223425\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bacb1097\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"php-5.5.25-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:15:32", "description": "14 May 2015, **PHP 5.6.9**\n\nCore :\n\n - Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence)\n\n - Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)\n\n - Fixed bug #60022 ('use statement [...] has no effect' depends on leading backslash). (Nikita)\n\n - Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry)\n\n - Fixed bug #68652 (segmentation fault in destructor).\n (Dmitry)\n\n - Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita)\n\n - Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). (Jan Starke)\n\n - Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)\n\n - Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas)\n\n - Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)\n\n - Fixed bug #69522 (heap buffer overflow in unpack()).\n (Stas)\n\nFTP :\n\n - Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Stas)\n\nODBC :\n\n - Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0). (Anatol)\n\n - Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). (Anatol)\n\n - Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall, Anatol Belski)\n\nOpenSSL :\n\n - Fixed bug #69402 (Reading empty SSL stream hangs until timeout). (Daniel Lowrey)\n\nPCNTL :\n\n - Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas)\n\nPCRE :\n\n - Upgraded pcrelib to 8.37.\n\nPhar :\n\n - Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (Stas)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-27T00:00:00", "type": "nessus", "title": "Fedora 22 : php-5.6.9-1.fc22 (2015-8281)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7243", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-8281.NASL", "href": "https://www.tenable.com/plugins/nessus/83835", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8281.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83835);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_xref(name:\"FEDORA\", value:\"2015-8281\");\n\n script_name(english:\"Fedora 22 : php-5.6.9-1.fc22 (2015-8281)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"14 May 2015, **PHP 5.6.9**\n\nCore :\n\n - Fixed bug #69467 (Wrong checked for the interface by\n using Trait). (Laruence)\n\n - Fixed bug #69420 (Invalid read in\n zend_std_get_method). (Laruence)\n\n - Fixed bug #60022 ('use statement [...] has no effect'\n depends on leading backslash). (Nikita)\n\n - Fixed bug #67314 (Segmentation fault in\n gc_remove_zval_from_buffer). (Dmitry)\n\n - Fixed bug #68652 (segmentation fault in destructor).\n (Dmitry)\n\n - Fixed bug #69419 (Returning compatible sub generator\n produces a warning). (Nikita)\n\n - Fixed bug #69472 (php_sys_readlink ignores misc errors\n from GetFinalPathNameByHandleA). (Jan Starke)\n\n - Fixed bug #69364 (PHP Multipart/form-data remote dos\n Vulnerability). (Stas)\n\n - Fixed bug #69403 (str_repeat() sign mismatch based\n memory corruption). (Stas)\n\n - Fixed bug #69418 (CVE-2006-7243 fix regressions in\n 5.4+). (Stas)\n\n - Fixed bug #69522 (heap buffer overflow in unpack()).\n (Stas)\n\nFTP :\n\n - Fixed bug #69545 (Integer overflow in ftp_genlist()\n resulting in heap overflow). (Stas)\n\nODBC :\n\n - Fixed bug #69354 (Incorrect use of SQLColAttributes with\n ODBC 3.0). (Anatol)\n\n - Fixed bug #69474 (ODBC: Query with same field name\n from two tables returns incorrect result). (Anatol)\n\n - Fixed bug #69381 (out of memory with sage odbc\n driver). (Frederic Marchall, Anatol Belski)\n\nOpenSSL :\n\n - Fixed bug #69402 (Reading empty SSL stream hangs until\n timeout). (Daniel Lowrey)\n\nPCNTL :\n\n - Fixed bug #68598 (pcntl_exec() should not allow null\n char). (Stas)\n\nPCRE :\n\n - Upgraded pcrelib to 8.37.\n\nPhar :\n\n - Fixed bug #69453 (Memory Corruption in\n phar_parse_tarfile when entry filename starts with\n null). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1222485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223425\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe99a38e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"php-5.6.9-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:16:15", "description": "Multiple vulnerabilities have been discovered in PHP :\n\n - CVE-2015-4025 / CVE-2015-4026 Multiple function didn't check for NULL bytes in path names.\n\n - CVE-2015-4024 Denial of service when processing multipart/form-data requests.\n\n - CVE-2015-4022 Integer overflow in the ftp_genlist() function may result in denial of service or potentially the execution of arbitrary code.\n\n - CVE-2015-4021 CVE-2015-3329 CVE-2015-2783 Multiple vulnerabilities in the phar extension may result in denial of service or potentially the execution of arbitrary code when processing malformed archives.", "cvss3": {}, "published": "2015-06-09T00:00:00", "type": "nessus", "title": "Debian DSA-3280-1 : php5 - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2783", "CVE-2015-3329", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:php5", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3280.NASL", "href": "https://www.tenable.com/plugins/nessus/84025", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3280. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84025);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-2783\", \"CVE-2015-3329\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_bugtraq_id(74239, 74240, 74700, 74902, 74903, 74904);\n script_xref(name:\"DSA\", value:\"3280\");\n\n script_name(english:\"Debian DSA-3280-1 : php5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in PHP :\n\n - CVE-2015-4025 / CVE-2015-4026\n Multiple function didn't check for NULL bytes in path\n names.\n\n - CVE-2015-4024\n Denial of service when processing multipart/form-data\n requests.\n\n - CVE-2015-4022\n Integer overflow in the ftp_genlist() function may\n result in denial of service or potentially the execution\n of arbitrary code.\n\n - CVE-2015-4021 CVE-2015-3329 CVE-2015-2783\n Multiple vulnerabilities in the phar extension may\n result in denial of service or potentially the execution\n of arbitrary code when processing malformed archives.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-4025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-4026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-4024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-4022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-4021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-3329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-2783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3280\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php5 packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 5.4.41-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 5.6.9+dfsg-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libphp5-embed\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php-pear\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cgi\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cli\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-common\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-curl\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dbg\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dev\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-enchant\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-fpm\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gd\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gmp\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-imap\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-interbase\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-intl\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-ldap\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mcrypt\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysql\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysqlnd\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-odbc\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pgsql\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pspell\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-recode\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-snmp\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sqlite\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sybase\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-tidy\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xmlrpc\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xsl\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-php5\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libphp5-embed\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php-pear\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-cgi\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-cli\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-common\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-curl\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-dbg\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-dev\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-enchant\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-fpm\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-gd\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-gmp\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-imap\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-interbase\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-intl\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-ldap\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mcrypt\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mysql\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mysqlnd\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-odbc\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-pgsql\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-phpdbg\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-pspell\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-readline\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-recode\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-snmp\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-sqlite\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-sybase\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-tidy\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-xmlrpc\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-xsl\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:56:20", "description": "Versions of PHP 5.4.x earlier than 5.4.39, or 5.5.x earlier than 5.5.23 are exposed to the following issues :\n\n - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the '\\0' character with a safe file extension, to bypass access restrictions. This had been previously fixed but was reintroduced by a regression in versions 5.4+. (CVE-2006-7243, CVE-2015-4025)\n\n - A flaw exists in the phar_parse_tarfile() function in 'ext/phar/tar.c' that is triggered when handling zero-length filenames. This may allow an attacker to corrupt memory, crashing an application or potentially allowing code execution. (CVE-2015-4021)\n\n - A flaw exists in the multipart_buffer_headers() function in file 'rfc1867.c' due to improper handling of multipart/form-data in HTTP requests. A remote attacker can exploit this flaw to cause a consumption of CPU resources, resulting in a denial of service condition. (CVE-2015-4024)\n\n - A security bypass vulnerability exists due to a flaw in the 'pcntl_exec' implementation that truncates a pathname upon encountering the '\\x00' character. A remote attacker can exploit this, via a crafted first argument, to bypass intended extension restrictions and execute arbitrary files. (CVE-2015-4026)\n\n - An integer overflow condition exists in the function str_repeat(). The issue is triggered due to a sign mismatch condition. This may allow a context-dependent attacker to create corrupted ZVALs, leading to memory corruption. This may result in a denial of service or potentially the execution of arbitrary code.\n\n - An overflow condition affects the unpack() function in 'ext/standard/pack.c'. The issue is triggered as user-supplied input passed via the 'format' parameter is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.", "cvss3": {}, "published": "2015-06-18T00:00:00", "type": "nessus", "title": "PHP 5.4.x < 5.4.41 / 5.5.x < 5.5.25 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7243", "CVE-2015-4021", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "8785.PRM", "href": "https://www.tenable.com/plugins/nnm/8785", "sourceData": "Binary data 8785.prm", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:15:18", "description": "PCRE development team reports :\n\nA pattern such as '((?2){0,1999}())?', which has a group containing a forward reference repeated a large (but limited) number of times within a repeated outer group that has a zero minimum quantifier, caused incorrect code to be compiled, leading to the error 'internal error: previously-checked referenced subpattern not found' when an incorrect memory address was read. This bug was reported as 'heap overflow', discovered by Kai Lu of Fortinet's FortiGuard Labs and given the CVE number CVE-2015-2325.\n\nA pattern such as '((?+1)(\\1))/' containing a forward reference subroutine call within a group that also contained a recursive back reference caused incorrect code to be compiled. This bug was reported as 'heap overflow', discovered by Kai Lu of Fortinet's FortiGuard Labs, and given the CVE number CVE-2015-2326.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2015-05-26T00:00:00", "type": "nessus", "title": "FreeBSD : pcre -- multiple vulnerabilities (4a88e3ed-00d3-11e5-a072-d050996490d0)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:pcre", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_4A88E3ED00D311E5A072D050996490D0.NASL", "href": "https://www.tenable.com/plugins/nessus/83795", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83795);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-2325\", \"CVE-2015-2326\");\n\n script_name(english:\"FreeBSD : pcre -- multiple vulnerabilities (4a88e3ed-00d3-11e5-a072-d050996490d0)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PCRE development team reports :\n\nA pattern such as '((?2){0,1999}())?', which has a group containing a\nforward reference repeated a large (but limited) number of times\nwithin a repeated outer group that has a zero minimum quantifier,\ncaused incorrect code to be compiled, leading to the error 'internal\nerror: previously-checked referenced subpattern not found' when an\nincorrect memory address was read. This bug was reported as 'heap\noverflow', discovered by Kai Lu of Fortinet's FortiGuard Labs and\ngiven the CVE number CVE-2015-2325.\n\nA pattern such as '((?+1)(\\1))/' containing a forward reference\nsubroutine call within a group that also contained a recursive back\nreference caused incorrect code to be compiled. This bug was reported\nas 'heap overflow', discovered by Kai Lu of Fortinet's FortiGuard\nLabs, and given the CVE number CVE-2015-2326.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.pcre.org/original/changelog.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/4a88e3ed-00d3-11e5-a072-d050996490d0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e9438803\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:pcre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"pcre<8.37\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:16:02", "description": "The regular expression library pcre was updated to 8.37 to fix three security issues and a number of bugs and correctness issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-2325: Specially crafted regular expressions could have caused a heap buffer overlow in compile_branch(), potentially allowing the execution of arbitrary code. (boo#924960)\n\n - CVE-2015-2326: Specially crafted regular expressions could have caused a heap buffer overlow in pcre_compile2(), potentially allowing the execution of arbitrary code. [boo#924961]\n\n - CVE-2014-8964: Specially crafted regular expression could have caused a denial of service (crash) or have other unspecified impact. [boo#906574]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2015-05-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : pcre (openSUSE-2015-353)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8964", "CVE-2015-2325", "CVE-2015-2326"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpcre1", "p-cpe:/a:novell:opensuse:libpcre1-32bit", "p-cpe:/a:novell:opensuse:libpcre1-debuginfo", "p-cpe:/a:novell:opensuse:libpcre1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpcre16-0", "p-cpe:/a:novell:opensuse:libpcre16-0-32bit", "p-cpe:/a:novell:opensuse:libpcre16-0-debuginfo", "p-cpe:/a:novell:opensuse:libpcre16-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpcrecpp0", "p-cpe:/a:novell:opensuse:libpcrecpp0-32bit", "p-cpe:/a:novell:opensuse:libpcrecpp0-debuginfo", "p-cpe:/a:novell:opensuse:libpcrecpp0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpcreposix0", "p-cpe:/a:novell:opensuse:libpcreposix0-32bit", "p-cpe:/a:novell:opensuse:libpcreposix0-debuginfo", "p-cpe:/a:novell:opensuse:libpcreposix0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:pcre-debugsource", "p-cpe:/a:novell:opensuse:pcre-devel", "p-cpe:/a:novell:opensuse:pcre-devel-static", "p-cpe:/a:novell:opensuse:pcre-tools", "p-cpe:/a:novell:opensuse:pcre-tools-debuginfo", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-353.NASL", "href": "https://www.tenable.com/plugins/nessus/83392", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-353.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83392);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8964\", \"CVE-2015-2325\", \"CVE-2015-2326\");\n\n script_name(english:\"openSUSE Security Update : pcre (openSUSE-2015-353)\");\n script_summary(english:\"Check for the openSUSE-2015-353 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The regular expression library pcre was updated to 8.37 to fix three\nsecurity issues and a number of bugs and correctness issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-2325: Specially crafted regular expressions\n could have caused a heap buffer overlow in\n compile_branch(), potentially allowing the execution of\n arbitrary code. (boo#924960)\n\n - CVE-2015-2326: Specially crafted regular expressions\n could have caused a heap buffer overlow in\n pcre_compile2(), potentially allowing the execution of\n arbitrary code. [boo#924961]\n\n - CVE-2014-8964: Specially crafted regular expression\n could have caused a denial of service (crash) or have\n other unspecified impact. [boo#906574]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=924960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=924961\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pcre packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpcre1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpcre1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpcre1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpcre1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpcre16-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpcre16-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpcre16-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpcre16-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpcrecpp0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpcrecpp0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpcrecpp0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpcrecpp0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpcreposix0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpcreposix0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpcreposix0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpcreposix0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcre-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcre-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcre-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcre-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcre-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpcre1-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpcre1-debuginfo-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpcre16-0-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpcre16-0-debuginfo-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpcrecpp0-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpcrecpp0-debuginfo-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpcreposix0-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpcreposix0-debuginfo-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcre-debugsource-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcre-devel-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcre-devel-static-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcre-tools-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcre-tools-debuginfo-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpcre1-32bit-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpcre1-debuginfo-32bit-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpcre16-0-32bit-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpcre16-0-debuginfo-32bit-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpcrecpp0-32bit-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpcrecpp0-debuginfo-32bit-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpcreposix0-32bit-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpcreposix0-debuginfo-32bit-8.37-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpcre1-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpcre1-debuginfo-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpcre16-0-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpcre16-0-debuginfo-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpcrecpp0-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpcrecpp0-debuginfo-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpcreposix0-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpcreposix0-debuginfo-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcre-debugsource-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcre-devel-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcre-devel-static-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcre-tools-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcre-tools-debuginfo-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpcre1-32bit-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpcre1-debuginfo-32bit-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpcre16-0-32bit-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpcre16-0-debuginfo-32bit-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpcrecpp0-32bit-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpcrecpp0-debuginfo-32bit-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpcreposix0-32bit-8.37-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpcreposix0-debuginfo-32bit-8.37-3.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpcre1-32bit / libpcre1 / libpcre1-debuginfo-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:05:17", "description": "PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243 .", "cvss3": {}, "published": "2016-01-22T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : PHP vulnerabilities (SOL16993)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4026"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL16993.NASL", "href": "https://www.tenable.com/plugins/nessus/88065", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL16993.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88065);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2006-7243\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_bugtraq_id(44951, 74904, 75056);\n\n script_name(english:\"F5 Networks BIG-IP : PHP vulnerabilities (SOL16993)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9\ntruncates a pathname upon encountering a \\x00 character in certain\nsituations, which allows remote attackers to bypass intended extension\nrestrictions and access files or directories with unexpected names via\na crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or\n(4) readlink. NOTE: this vulnerability exists because of an incomplete\nfix for CVE-2006-7243 .\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16993\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL16993.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL16993\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.3.0-11.5.3\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.4.0-11.5.3\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.6.0\",\"11.0.0-11.5.3\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.1\",\"11.5.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.3.0-11.5.3\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:25", "description": "PHP 5.3 was updated to fix multiple security issues :\n\nbnc#931776: pcntl_exec() does not check path validity (CVE-2015-4026)\n\nbnc#931772: overflow in ftp_genlist() resulting in heap overflow (CVE-2015-4022)\n\nbnc#931769: memory corruption in phar_parse_tarfile when entry filename starts with NULL (CVE-2015-4021)\n\nbnc#931421: multipart/form-data remote denial-of-service vulnerability (CVE-2015-4024)\n\nbnc#928511: buffer over-read in unserialize when parsing Phar (CVE-2015-2783)\n\nbnc#928506: buffer over flow when parsing tar/zip/phar in phar_set_inode() (CVE-2015-3329)\n\nbnc#925109: SoapClient's __call() type confusion through unserialize()\n\nbnc#924972: use-after-free vulnerability in the process_nested_data function (CVE-2015-2787)\n\nbnc#923946: embedded gd copy: buffer read overflow in gd_gif_in.c (CVE-2014-9709)\n\nbnc#922452: built-in regular expression (regex) library contains a heap overflow vulnerability (CVE-2015-2305)\n\nbnc#922451: heap buffer overflow in enchant_broker_request_dict() (CVE-2014-9705)\n\nbnc#922022: php's built-in regular expression (regex) library contains a heap overflow vulnerability (CVE-2015-2301)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : php53 (SUSE-SU-2015:1018-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9705", "CVE-2014-9709", "CVE-2015-2301", "CVE-2015-2305", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3329", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4026"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:php53", "p-cpe:/a:novell:suse_linux:php53-bcmath", "p-cpe:/a:novell:suse_linux:php53-bz2", "p-cpe:/a:novell:suse_linux:php53-calendar", "p-cpe:/a:novell:suse_linux:php53-ctype", "p-cpe:/a:novell:suse_linux:php53-curl", "p-cpe:/a:novell:suse_linux:php53-dba", "p-cpe:/a:novell:suse_linux:php53-dom", "p-cpe:/a:novell:suse_linux:php53-exif", "p-cpe:/a:novell:suse_linux:php53-fastcgi", "p-cpe:/a:novell:suse_linux:php53-fileinfo", "p-cpe:/a:novell:suse_linux:php53-ftp", "p-cpe:/a:novell:suse_linux:php53-gd", "p-cpe:/a:novell:suse_linux:php53-gettext", "p-cpe:/a:novell:suse_linux:php53-gmp", "p-cpe:/a:novell:suse_linux:php53-iconv", "p-cpe:/a:novell:suse_linux:php53-intl", "p-cpe:/a:novell:suse_linux:php53-json", "p-cpe:/a:novell:suse_linux:php53-ldap", "p-cpe:/a:novell:suse_linux:php53-mbstring", "p-cpe:/a:novell:suse_linux:php53-mcrypt", "p-cpe:/a:novell:suse_linux:php53-mysql", "p-cpe:/a:novell:suse_linux:php53-odbc", "p-cpe:/a:novell:suse_linux:php53-openssl", "p-cpe:/a:novell:suse_linux:php53-pcntl", "p-cpe:/a:novell:suse_linux:php53-pdo", "p-cpe:/a:novell:suse_linux:php53-pear", "p-cpe:/a:novell:suse_linux:php53-pgsql", "p-cpe:/a:novell:suse_linux:php53-pspell", "p-cpe:/a:novell:suse_linux:php53-shmop", "p-cpe:/a:novell:suse_linux:php53-snmp", "p-cpe:/a:novell:suse_linux:php53-soap", "p-cpe:/a:novell:suse_linux:php53-suhosin", "p-cpe:/a:novell:suse_linux:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:php53-sysvsem", "p-cpe:/a:novell:suse_linux:php53-sysvshm", "p-cpe:/a:novell:suse_linux:php53-tokenizer", "p-cpe:/a:novell:suse_linux:php53-wddx", "p-cpe:/a:novell:suse_linux:php53-xmlreader", "p-cpe:/a:novell:suse_linux:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:php53-xsl", "p-cpe:/a:novell:suse_linux:php53-zip", "p-cpe:/a:novell:suse_linux:php53-zlib", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1018-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84082", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1018-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84082);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2015-2301\", \"CVE-2015-2305\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3329\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4026\");\n script_bugtraq_id(72611, 73031, 73037, 73306, 73431, 74239, 74240, 74700, 74902, 74903, 75056);\n\n script_name(english:\"SUSE SLES11 Security Update : php53 (SUSE-SU-2015:1018-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP 5.3 was updated to fix multiple security issues :\n\nbnc#931776: pcntl_exec() does not check path validity (CVE-2015-4026)\n\nbnc#931772: overflow in ftp_genlist() resulting in heap overflow\n(CVE-2015-4022)\n\nbnc#931769: memory corruption in phar_parse_tarfile when entry\nfilename starts with NULL (CVE-2015-4021)\n\nbnc#931421: multipart/form-data remote denial-of-service vulnerability\n(CVE-2015-4024)\n\nbnc#928511: buffer over-read in unserialize when parsing Phar\n(CVE-2015-2783)\n\nbnc#928506: buffer over flow when parsing tar/zip/phar in\nphar_set_inode() (CVE-2015-3329)\n\nbnc#925109: SoapClient's __call() type confusion through unserialize()\n\nbnc#924972: use-after-free vulnerability in the process_nested_data\nfunction (CVE-2015-2787)\n\nbnc#923946: embedded gd copy: buffer read overflow in gd_gif_in.c\n(CVE-2014-9709)\n\nbnc#922452: built-in regular expression (regex) library contains a\nheap overflow vulnerability (CVE-2015-2305)\n\nbnc#922451: heap buffer overflow in enchant_broker_request_dict()\n(CVE-2014-9705)\n\nbnc#922022: php's built-in regular expression (regex) library contains\na heap overflow vulnerability (CVE-2015-2301)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=923946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=925109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=928506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=928511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931776\"\n );\n # https://download.suse.com/patch/finder/?keywords=50901ea397c43cdc72e7b8b864450cd7\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d03cc6d1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9705/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9709/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2301/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2305/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2783/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2787/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3329/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4021/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4022/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4024/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4026/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151018-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48073445\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11 SP3 :\n\nzypper in -t patch sdksp3-apache2-mod_php53=10716\n\nSUSE Linux Enterprise Server 11 SP3 for VMware :\n\nzypper in -t patch slessp3-apache2-mod_php53=10716\n\nSUSE Linux Enterprise Server 11 SP3 :\n\nzypper in -t patch slessp3-apache2-mod_php53=10716\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-mod_php53-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-bcmath-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-bz2-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-calendar-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-ctype-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-curl-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-dba-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-dom-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-exif-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-fastcgi-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-fileinfo-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-ftp-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-gd-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-gettext-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-gmp-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-iconv-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-intl-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-json-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-ldap-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-mbstring-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-mcrypt-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-mysql-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-odbc-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-openssl-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pcntl-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pdo-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pear-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pgsql-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pspell-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-shmop-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-snmp-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-soap-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-suhosin-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-sysvmsg-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-sysvsem-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-sysvshm-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-tokenizer-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-wddx-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xmlreader-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xmlrpc-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xmlwriter-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xsl-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-zip-5.3.17-0.41.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-zlib-5.3.17-0.41.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:18:08", "description": "Michele Spagnuolo discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8964)\n\nKai Lu discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-2325, CVE-2015-2326)\n\nWen Guanxing discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 15.04. (CVE-2015-3210)\n\nIt was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and 14.04 LTS. (CVE-2015-5073).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-30T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : pcre3 vulnerabilities (USN-2694-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8964", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3210", "CVE-2015-5073"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libpcre3", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.04"], "id": "UBUNTU_USN-2694-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85122", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2694-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85122);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8964\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-3210\", \"CVE-2015-5073\");\n script_xref(name:\"USN\", value:\"2694-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : pcre3 vulnerabilities (USN-2694-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michele Spagnuolo discovered that PCRE incorrectly handled certain\nregular expressions. A remote attacker could use this issue to cause\napplications using PCRE to crash, resulting in a denial of service, or\npossibly execute arbitrary code. This issue only affected Ubuntu 14.04\nLTS. (CVE-2014-8964)\n\nKai Lu discovered that PCRE incorrectly handled certain regular\nexpressions. A remote attacker could use this issue to cause\napplications using PCRE to crash, resulting in a denial of service, or\npossibly execute arbitrary code. This issue only affected Ubuntu 14.04\nLTS and Ubuntu 15.04. (CVE-2015-2325, CVE-2015-2326)\n\nWen Guanxing discovered that PCRE incorrectly handled certain regular\nexpressions. A remote attacker could use this issue to cause\napplications using PCRE to crash, resulting in a denial of service, or\npossibly execute arbitrary code. This issue only affected Ubuntu\n15.04. (CVE-2015-3210)\n\nIt was discovered that PCRE incorrectly handled certain regular\nexpressions. A remote attacker could use this issue to cause\napplications using PCRE to crash, resulting in a denial of service, or\npossibly execute arbitrary code. This issue only affected Ubuntu 12.04\nLTS and 14.04 LTS. (CVE-2015-5073).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2694-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpcre3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpcre3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libpcre3\", pkgver:\"8.12-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libpcre3\", pkgver:\"1:8.31-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libpcre3\", pkgver:\"2:8.35-3.3ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpcre3\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:19:44", "description": "PCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-06-14T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : PCRE library vulnerability (K16983)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL16983.NASL", "href": "https://www.tenable.com/plugins/nessus/91579", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K16983.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91579);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2015-2325\");\n script_bugtraq_id(75175);\n\n script_name(english:\"F5 Networks BIG-IP : PCRE library vulnerability (K16983)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"PCRE library is prone to a heap overflow vulnerability. Due to\ninsufficient bounds checking inside compile_branch(), the heap memory\ncould be overflowed via a crafted regular expression. Since PCRE\nlibrary is widely used, this vulnerability should affect many\napplications using it. An attacker may exploit this issue to execute\narbitrary code in the context of the user running the affected\napplication. (CVE-2015-2325)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16983\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K16983.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K16983\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.3.0-11.5.4\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.4.0-11.5.4\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.0.0-11.5.4\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.0.0-11.5.4\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.0.0-11.5.4\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.0.0-11.5.4\",\"10.1.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.0.0-11.5.4\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.0.0-11.5.4\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.3.0-11.5.4\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:39:31", "description": "Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598)\n\nEmmanuel Law discovered that the PHP phar extension incorrectly handled filenames starting with a NULL byte. A remote attacker could use this issue with a crafted tar archive to cause a denial of service. (CVE-2015-4021)\n\nMax Spelsberg discovered that PHP incorrectly handled the LIST command when connecting to remote FTP servers. A malicious FTP server could possibly use this issue to execute arbitrary code. (CVE-2015-4022, CVE-2015-4643)\n\nShusheng Liu discovered that PHP incorrectly handled certain malformed form data. A remote attacker could use this issue with crafted form data to cause CPU consumption, leading to a denial of service.\n(CVE-2015-4024)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue with crafted serialized data to possibly execute arbitrary code.\n(CVE-2015-4147)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated that the uri property is a string. A remote attacker could use this issue with crafted serialized data to possibly obtain sensitive information. (CVE-2015-4148)\n\nTaoguang Chen discovered that PHP incorrectly validated data types in multiple locations. A remote attacker could possibly use these issues to obtain sensitive information or cause a denial of service.\n(CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was discovered that the PHP Fileinfo component incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 15.04. (CVE-2015-4604, CVE-2015-4605)\n\nIt was discovered that PHP incorrectly handled table names in php_pgsql_meta_data. A local attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-4644).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-07T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : php5 vulnerabilities (USN-2658-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-fpm", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:15.04"], "id": "UBUNTU_USN-2658-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84563", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2658-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84563);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\", \"CVE-2015-4604\", \"CVE-2015-4605\", \"CVE-2015-4643\", \"CVE-2015-4644\");\n script_bugtraq_id(73357, 74413, 74700, 74902, 74903, 74904, 75056, 75103, 75233, 75241, 75244, 75246, 75249, 75250, 75251, 75252, 75255, 75291, 75292);\n script_xref(name:\"USN\", value:\"2658-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : php5 vulnerabilities (USN-2658-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Neal Poole and Tomas Hoger discovered that PHP incorrectly handled\nNULL bytes in file paths. A remote attacker could possibly use this\nissue to bypass intended restrictions and create or obtain access to\nsensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025,\nCVE-2015-4026, CVE-2015-4598)\n\nEmmanuel Law discovered that the PHP phar extension incorrectly\nhandled filenames starting with a NULL byte. A remote attacker could\nuse this issue with a crafted tar archive to cause a denial of\nservice. (CVE-2015-4021)\n\nMax Spelsberg discovered that PHP incorrectly handled the LIST command\nwhen connecting to remote FTP servers. A malicious FTP server could\npossibly use this issue to execute arbitrary code. (CVE-2015-4022,\nCVE-2015-4643)\n\nShusheng Liu discovered that PHP incorrectly handled certain malformed\nform data. A remote attacker could use this issue with crafted form\ndata to cause CPU consumption, leading to a denial of service.\n(CVE-2015-4024)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly\nvalidated data types. A remote attacker could use this issue with\ncrafted serialized data to possibly execute arbitrary code.\n(CVE-2015-4147)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly\nvalidated that the uri property is a string. A remote attacker could\nuse this issue with crafted serialized data to possibly obtain\nsensitive information. (CVE-2015-4148)\n\nTaoguang Chen discovered that PHP incorrectly validated data types in\nmultiple locations. A remote attacker could possibly use these issues\nto obtain sensitive information or cause a denial of service.\n(CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was discovered that the PHP Fileinfo component incorrectly handled\ncertain files. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service. This issue only affected\nUbuntu 15.04. (CVE-2015-4604, CVE-2015-4605)\n\nIt was discovered that PHP incorrectly handled table names in\nphp_pgsql_meta_data. A local attacker could possibly use this issue to\ncause PHP to crash, resulting in a denial of service. (CVE-2015-4644).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2658-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|14\\.10|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.10-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.10-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-cli\", pkgver:\"5.3.10-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-fpm\", pkgver:\"5.3.10-1ubuntu3.19\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.5.9+dfsg-1ubuntu4.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-cgi\", pkgver:\"5.5.9+dfsg-1ubuntu4.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-cli\", pkgver:\"5.5.9+dfsg-1ubuntu4.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-fpm\", pkgver:\"5.5.9+dfsg-1ubuntu4.11\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.5.12+dfsg-2ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"php5-cgi\", pkgver:\"5.5.12+dfsg-2ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"php5-cli\", pkgver:\"5.5.12+dfsg-2ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"php5-fpm\", pkgver:\"5.5.12+dfsg-2ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.6.4+dfsg-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"php5-cgi\", pkgver:\"5.6.4+dfsg-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"php5-cli\", pkgver:\"5.6.4+dfsg-4ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"php5-fpm\", pkgver:\"5.6.4+dfsg-4ubuntu6.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / php5-cgi / php5-cli / php5-fpm\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:23:09", "description": "This security update of PHP fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS Vulnerability.\n\n - CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity.\n\n - CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that resulted in a heap overflow.\n\n - CVE-2015-4021 [bnc#931769]: Fixed memory corruption in phar_parse_tarfile when entry filename starts with NULL.\n\n - CVE-2015-4148 [bnc#933227]: Fixed SoapClient's do_soap_call() type confusion after unserialize() information disclosure.\n\n - CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion.\n\n - CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods.\n\n - CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize.\n\n - CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.\n\n - CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow.\n\n - CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions.\n\nBugs fixed :\n\n - configure php-fpm with --localstatedir=/var [bnc#927147]\n\n - fix timezone map [bnc#919080]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1253-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4026", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php5", "p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5", "p-cpe:/a:novell:suse_linux:php5-bcmath", "p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php5-bz2", "p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php5-calendar", "p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ctype", "p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php5-curl", "p-cpe:/a:novell:suse_linux:php5-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-dba", "p-cpe:/a:novell:suse_linux:php5-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5-debugsource", "p-cpe:/a:novell:suse_linux:php5-dom", "p-cpe:/a:novell:suse_linux:php5-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php5-enchant", "p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php5-exif", "p-cpe:/a:novell:suse_linux:php5-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fastcgi", "p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fileinfo", "p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fpm", "p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ftp", "p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gd", "p-cpe:/a:novell:suse_linux:php5-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gettext", "p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gmp", "p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-iconv", "p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php5-intl", "p-cpe:/a:novell:suse_linux:php5-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-json", "p-cpe:/a:novell:suse_linux:php5-json-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ldap", "p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mbstring", "p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mcrypt", "p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mysql", "p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-odbc", "p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-openssl", "p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pcntl", "p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pdo", "p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pgsql", "p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pspell", "p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php5-shmop", "p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php5-snmp", "p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-soap", "p-cpe:/a:novell:suse_linux:php5-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sockets", "p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sqlite", "p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php5-suhosin", "p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvmsg", "p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvsem", "p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvshm", "p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-tokenizer", "p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php5-wddx", "p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlreader", "p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlrpc", "p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlwriter", "p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xsl", "p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-zip", "p-cpe:/a:novell:suse_linux:php5-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php5-zlib", "p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-1253-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119968", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1253-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119968);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4026\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\", \"CVE-2015-4643\", \"CVE-2015-4644\");\n script_bugtraq_id(74413, 74700, 74902, 74903, 75056, 75103, 75244, 75246, 75249, 75250, 75251, 75252, 75255, 75291, 75292);\n\n script_name(english:\"SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1253-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This security update of PHP fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data\n remote DOS Vulnerability.\n\n - CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check\n path validity.\n\n - CVE-2015-4022 [bnc#931772]: Fixed and overflow in\n ftp_genlist() that resulted in a heap overflow.\n\n - CVE-2015-4021 [bnc#931769]: Fixed memory corruption in\n phar_parse_tarfile when entry filename starts with NULL.\n\n - CVE-2015-4148 [bnc#933227]: Fixed SoapClient's\n do_soap_call() type confusion after unserialize()\n information disclosure.\n\n - CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class\n unserialization type confusion.\n\n - CVE-2015-4599, CVE-2015-4600, CVE-2015-4601\n [bnc#935226]: Fixed type confusion issues in\n unserialize() with various SOAP methods.\n\n - CVE-2015-4603 [bnc#935234]: Fixed\n exception::getTraceAsString type confusion issue after\n unserialize.\n\n - CVE-2015-4644 [bnc#935274]: Fixed a crash in\n php_pgsql_meta_data.\n\n - CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in\n ftp_genlist() that could result in a heap overflow.\n\n - CVE-2015-3411, CVE-2015-3412, CVE-2015-4598\n [bnc#935227], [bnc#935232]: Added missing null byte\n checks for paths in various PHP extensions.\n\nBugs fixed :\n\n - configure php-fpm with --localstatedir=/var [bnc#927147]\n\n - fix timezone map [bnc#919080]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=927147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3411/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4021/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4022/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4024/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4026/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4148/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4598/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4600/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4601/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4643/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4644/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151253-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a92dac74\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-322=1\n\nSUSE Linux Enterprise Module for Web Scripting 12 :\n\nzypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-322=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debugsource-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-debuginfo-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-5.5.14-30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-debuginfo-5.5.14-30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:02:03", "description": "Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.", "cvss3": {}, "published": "2015-09-16T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : PHP vulnerability (SOL16826)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4024"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL16826.NASL", "href": "https://www.tenable.com/plugins/nessus/85952", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL16826.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85952);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2015-4024\");\n script_bugtraq_id(74903);\n\n script_name(english:\"F5 Networks BIG-IP : PHP vulnerability (SOL16826)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Algorithmic complexity vulnerability in the multipart_buffer_headers\nfunction in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25,\nand 5.6.x before 5.6.9 allows remote attackers to cause a denial of\nservice (CPU consumption) via crafted form data that triggers an\nimproper order-of-growth outcome.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16826\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL16826.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL16826\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.6.0\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.1\",\"11.5.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:01:26", "description": "- CVE-2015-3307 The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive.\n\n - CVE-2015-3411 + CVE-2015-3412 Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)\n\n - CVE-2015-4021 The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \\0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.\n\n - CVE-2015-4022 Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.\n\n - CVE-2015-4025 PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.\n\n - CVE-2015-4026 The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE:\n this vulnerability exists because of an incomplete fix for CVE-2006-7243.\n\n - CVE-2015-4147 The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that\n __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a 'type confusion' issue.\n\n - CVE-2015-4148 The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a 'type confusion' issue.\n\n - CVE-2015-4598 Incorrect handling of paths with NULs\n\n - CVE-2015-4599 Type confusion vulnerability in exception::getTraceAsString\n\n - CVE-2015-4600 + CVE-2015-4601 Added type checks\n\n - CVE-2015-4602 Type Confusion Infoleak Vulnerability in unserialize() with SoapFault\n\n - CVE-2015-4604 + CVE-2015-4605 denial of service when processing a crafted file with Fileinfo (already fixed in CVE-2015-temp-68819.patch)\n\n - CVE-2015-4643 Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow)\n\n - CVE-2015-4644 Fixed bug #69667 (segfault in php_pgsql_meta_data)\n\n - CVE-2015-5589 Segfault in Phar::convertToData on invalid file\n\n - CVE-2015-5590 Buffer overflow and stack smashing error in phar_fix_filepath\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-09-08T00:00:00", "type": "nessus", "title": "Debian DLA-307-1 : php5 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7243", "CVE-2015-3307", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4604", "CVE-2015-4605", "CVE-2015-4643", "CVE-2015-4644", "CVE-2015-5589", "CVE-2015-5590"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libapache2-mod-php5", "p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter", "p-cpe:/a:debian:debian_linux:php-pear", "p-cpe:/a:debian:debian_linux:php5", "p-cpe:/a:debian:debian_linux:php5-cgi", "p-cpe:/a:debian:debian_linux:php5-cli", "p-cpe:/a:debian:debian_linux:php5-common", "p-cpe:/a:debian:debian_linux:php5-curl", "p-cpe:/a:debian:debian_linux:php5-dbg", "p-cpe:/a:debian:debian_linux:php5-dev", "p-cpe:/a:debian:debian_linux:php5-enchant", "p-cpe:/a:debian:debian_linux:php5-gd", "p-cpe:/a:debian:debian_linux:php5-gmp", "p-cpe:/a:debian:debian_linux:php5-imap", "p-cpe:/a:debian:debian_linux:php5-interbase", "p-cpe:/a:debian:debian_linux:php5-intl", "p-cpe:/a:debian:debian_linux:php5-ldap", "p-cpe:/a:debian:debian_linux:php5-mcrypt", "p-cpe:/a:debian:debian_linux:php5-mysql", "p-cpe:/a:debian:debian_linux:php5-odbc", "p-cpe:/a:debian:debian_linux:php5-pgsql", "p-cpe:/a:debian:debian_linux:php5-pspell", "p-cpe:/a:debian:debian_linux:php5-recode", "p-cpe:/a:debian:debian_linux:php5-snmp", "p-cpe:/a:debian:debian_linux:php5-sqlite", "p-cpe:/a:debian:debian_linux:php5-sybase", "p-cpe:/a:debian:debian_linux:php5-tidy", "p-cpe:/a:debian:debian_linux:php5-xmlrpc", "p-cpe:/a:debian:debian_linux:php5-xsl", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-307.NASL", "href": "https://www.tenable.com/plugins/nessus/85808", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-307-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85808);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3307\", \"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4025\", \"CVE-2015-4026\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4604\", \"CVE-2015-4605\", \"CVE-2015-4643\", \"CVE-2015-4644\", \"CVE-2015-5589\", \"CVE-2015-5590\");\n script_bugtraq_id(73357, 74413, 74700, 74703, 74902, 74904, 75056, 75103, 75233, 75241, 75244, 75246, 75249, 75250, 75251, 75255, 75291, 75292, 75970, 75974);\n\n script_name(english:\"Debian DLA-307-1 : php5 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2015-3307 The phar_parse_metadata function in\n ext/phar/phar.c in PHP before 5.4.40, 5.5.x before\n 5.5.24, and 5.6.x before 5.6.8 allows remote attackers\n to cause a denial of service (heap metadata corruption)\n or possibly have unspecified other impact via a crafted\n tar archive.\n\n - CVE-2015-3411 + CVE-2015-3412 Fixed bug #69353 (Missing\n null byte checks for paths in various PHP extensions)\n\n - CVE-2015-4021 The phar_parse_tarfile function in\n ext/phar/tar.c in PHP before 5.4.41, 5.5.x before\n 5.5.25, and 5.6.x before 5.6.9 does not verify that the\n first character of a filename is different from the \\0\n character, which allows remote attackers to cause a\n denial of service (integer underflow and memory\n corruption) via a crafted entry in a tar archive.\n\n - CVE-2015-4022 Integer overflow in the ftp_genlist\n function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x\n before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP\n servers to execute arbitrary code via a long reply to a\n LIST command, leading to a heap-based buffer overflow.\n\n - CVE-2015-4025 PHP before 5.4.41, 5.5.x before 5.5.25,\n and 5.6.x before 5.6.9 truncates a pathname upon\n encountering a \\x00 character in certain situations,\n which allows remote attackers to bypass intended\n extension restrictions and access files or directories\n with unexpected names via a crafted argument to (1)\n set_include_path, (2) tempnam, (3) rmdir, or (4)\n readlink. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2006-7243.\n\n - CVE-2015-4026 The pcntl_exec implementation in PHP\n before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before\n 5.6.9 truncates a pathname upon encountering a \\x00\n character, which might allow remote attackers to bypass\n intended extension restrictions and execute files with\n unexpected names via a crafted first argument. NOTE:\n this vulnerability exists because of an incomplete fix\n for CVE-2006-7243.\n\n - CVE-2015-4147 The SoapClient::__call method in\n ext/soap/soap.c in PHP before 5.4.39, 5.5.x before\n 5.5.23, and 5.6.x before 5.6.7 does not verify that\n __default_headers is an array, which allows remote\n attackers to execute arbitrary code by providing crafted\n serialized data with an unexpected data type, related to\n a 'type confusion' issue.\n\n - CVE-2015-4148 The do_soap_call function in\n ext/soap/soap.c in PHP before 5.4.39, 5.5.x before\n 5.5.23, and 5.6.x before 5.6.7 does not verify that the\n uri property is a string, which allows remote attackers\n to obtain sensitive information by providing crafted\n serialized data with an int data type, related to a\n 'type confusion' issue.\n\n - CVE-2015-4598 Incorrect handling of paths with NULs\n\n - CVE-2015-4599 Type confusion vulnerability in\n exception::getTraceAsString\n\n - CVE-2015-4600 + CVE-2015-4601 Added type checks\n\n - CVE-2015-4602 Type Confusion Infoleak Vulnerability in\n unserialize() with SoapFault\n\n - CVE-2015-4604 + CVE-2015-4605 denial of service when\n processing a crafted file with Fileinfo (already fixed\n in CVE-2015-temp-68819.patch)\n\n - CVE-2015-4643 Improved fix for bug #69545 (Integer\n overflow in ftp_genlist() resulting in heap overflow)\n\n - CVE-2015-4644 Fixed bug #69667 (segfault in\n php_pgsql_meta_data)\n\n - CVE-2015-5589 Segfault in Phar::convertToData on invalid\n file\n\n - CVE-2015-5590 Buffer overflow and stack smashing error\n in phar_fix_filepath\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/09/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/php5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php-pear\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cgi\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cli\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-common\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-curl\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dbg\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dev\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-enchant\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gd\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gmp\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-imap\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-interbase\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-intl\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-ldap\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mcrypt\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mysql\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-odbc\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pgsql\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pspell\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-recode\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-snmp\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sqlite\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sybase\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-tidy\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xmlrpc\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xsl\", reference:\"5.3.3.1-7+squeeze27\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:56:19", "description": "Versions of PHP 5.5.x prior to 5.5.26, or 5.6.x prior to 5.6.10 are exposed to the following vulnerabilities :\n\n - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the 'compile_branch()' and 'pcre_compile2()' functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition. (CVE-2015-3414)\n - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the 'sqlite3VdbeExec()' function in 'vdbe.c'. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415)\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the 'sqlite3VXPrintf()' function in 'printf.c'. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416)\n - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the '\\0' character with a safe file extension, to bypass access restrictions. (CVE-2015-4598)\n - An arbitrary command injection vulnerability exists due to a flaw in the 'php_escape_shell_arg()' function in 'exec.c'. A remote attacker can exploit this, via the 'escapeshellarg()' PHP method, to inject arbitrary operating system commands. (CVE-2015-4642)\n - A heap buffer overflow condition exists in the 'ftp_genlist()' function in 'ftp.c'. due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4643)\n - A denial of service vulnerability exists due to a NULL pointer dereference flaw in the 'build_tablename()' function in 'pgsql.c'. An authenticated, remote attacker can exploit this to cause an application crash. (CVE-2015-4644)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-06-18T00:00:00", "type": "nessus", "title": "PHP 5.5.x < 5.5.26 / 5.6.x < 5.6.10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4598", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "8787.PRM", "href": "https://www.tenable.com/plugins/nnm/8787", "sourceData": "Binary data 8787.prm", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:44:22", "description": "According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.10. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition. (CVE-2015-3414)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the sqlite3VdbeExec() function in vdbe.c. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the sqlite3VXPrintf() function in printf.c. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416)\n\n - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the '\\\\0' character with a safe file extension, to bypass access restrictions. (CVE-2015-4598)\n\n - An arbitrary command injection vulnerability exists due to a flaw in the php_escape_shell_arg() function in exec.c. A remote attacker can exploit this, via the escapeshellarg() PHP method, to inject arbitrary operating system commands. (CVE-2015-4642)\n\n - A heap buffer overflow condition exists in the ftp_genlist() function in ftp.c. due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4643) - A denial of service vulnerability exists due to a NULL pointer dereference flaw in the build_tablename() function in pgsql.c. An authenticated, remote attacker can exploit this to cause an application crash. (CVE-2015-4644)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4598", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2022-10-26T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98802", "href": "https://www.tenable.com/plugins/was/98802", "sourceData": "No source data", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:38:08", "description": "According to its banner, the version of PHP 5.5.x running on the remote web server is prior to 5.5.26. It is, therefore, affected by multiple vulnerabilities : \n\n - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition.\n (CVE-2015-3414)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the sqlite3VdbeExec() function in vdbe.c. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the sqlite3VXPrintf() function in printf.c. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416)\n\n - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the '\\0' character with a safe file extension, to bypass access restrictions.\n (CVE-2015-4598)\n\n - An arbitrary command injection vulnerability exists due to a flaw in the php_escape_shell_arg() function in exec.c. A remote attacker can exploit this, via the escapeshellarg() PHP method, to inject arbitrary operating system commands. (CVE-2015-4642)\n\n - A heap buffer overflow condition exists in the ftp_genlist() function in ftp.c. due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4643) \n - A denial of service vulnerability exists due to a NULL pointer dereference flaw in the build_tablename() function in pgsql.c. An authenticated, remote attacker can exploit this to cause an application crash.\n (CVE-2015-4644)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-06-24T00:00:00", "type": "nessus", "title": "PHP 5.5.x < 5.5.26 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4598", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_5_26.NASL", "href": "https://www.tenable.com/plugins/nessus/84363", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84363);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2015-2325\",\n \"CVE-2015-2326\",\n \"CVE-2015-3414\",\n \"CVE-2015-3415\",\n \"CVE-2015-3416\",\n \"CVE-2015-4598\",\n \"CVE-2015-4642\",\n \"CVE-2015-4643\",\n \"CVE-2015-4644\"\n );\n script_bugtraq_id(\n 74228,\n 75174,\n 75175,\n 75244,\n 75290,\n 75291,\n 75292\n );\n\n script_name(english:\"PHP 5.5.x < 5.5.26 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.5.x running on the\nremote web server is prior to 5.5.26. It is, therefore, affected by\nmultiple vulnerabilities : \n\n - Multiple heap buffer overflow conditions exist in the\n bundled Perl-Compatible Regular Expression (PCRE)\n library due to improper validation of user-supplied\n input to the compile_branch() and pcre_compile2()\n functions. A remote attacker can exploit these\n conditions to cause a heap-based buffer overflow,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2015-2325,\n CVE-2015-2326)\n\n - A denial of service vulnerability exists in the bundled\n SQLite component due to improper handling of quotes\n in collation sequence names. A remote attacker can\n exploit this to cause uninitialized memory access,\n resulting in denial of service condition.\n (CVE-2015-3414)\n\n - A denial of service vulnerability exists in the bundled\n SQLite component due to an improper implementation of\n comparison operators in the sqlite3VdbeExec() function\n in vdbe.c. A remote attacker can exploit this to cause\n an invalid free operation, resulting in a denial of\n service condition. (CVE-2015-3415)\n\n - A denial of service vulnerability exists in the bundled\n SQLite component due to improper handling of precision\n and width values during floating-point conversions in\n the sqlite3VXPrintf() function in printf.c. A remote\n attacker can exploit this to cause a stack-based buffer\n overflow, resulting in a denial of service condition or\n the execution of arbitrary code. (CVE-2015-3416)\n\n - A security bypass vulnerability exists due to a failure\n in multiple extensions to check for NULL bytes in a path\n when processing or reading a file. A remote attacker can\n exploit this, by combining the '\\0' character with a\n safe file extension, to bypass access restrictions.\n (CVE-2015-4598)\n\n - An arbitrary command injection vulnerability exists due\n to a flaw in the php_escape_shell_arg() function in\n exec.c. A remote attacker can exploit this, via the\n escapeshellarg() PHP method, to inject arbitrary\n operating system commands. (CVE-2015-4642)\n\n - A heap buffer overflow condition exists in the\n ftp_genlist() function in ftp.c. due to improper\n validation of user-supplied input. A remote attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2015-4643)\n \n - A denial of service vulnerability exists due to a NULL\n pointer dereference flaw in the build_tablename()\n function in pgsql.c. An authenticated, remote attacker\n can exploit this to cause an application crash.\n (CVE-2015-4644)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.5.26\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.5.26 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4642\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.5)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.5\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.5.x\", port);\n\nif (version =~ \"^5\\.5\\.([0-9]|1[0-9]|2[0-5])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.5.26' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-27T14:16:48", "description": "According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.10. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition.\n (CVE-2015-3414)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the sqlite3VdbeExec() function in vdbe.c. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the sqlite3VXPrintf() function in printf.c. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416)\n\n - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the '\\0' character with a safe file extension, to bypass access restrictions.\n (CVE-2015-4598)\n\n - An arbitrary command injection vulnerability exists due to a flaw in the php_escape_shell_arg() function in exec.c. A remote attacker can exploit this, via the escapeshellarg() PHP method, to inject arbitrary operating system commands. (CVE-2015-4642)\n\n - A heap buffer overflow condition exists in the ftp_genlist() function in ftp.c. due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4643) \n - A denial of service vulnerability exists due to a NULL pointer dereference flaw in the build_tablename() function in pgsql.c. An authenticated, remote attacker can exploit this to cause an application crash.\n (CVE-2015-4644)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-06-24T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4598", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_6_10.NASL", "href": "https://www.tenable.com/plugins/nessus/84364", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84364);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2015-2325\",\n \"CVE-2015-2326\",\n \"CVE-2015-3414\",\n \"CVE-2015-3415\",\n \"CVE-2015-3416\",\n \"CVE-2015-4598\",\n \"CVE-2015-4642\",\n \"CVE-2015-4643\",\n \"CVE-2015-4644\"\n );\n script_bugtraq_id(\n 74228,\n 75174,\n 75175,\n 75244,\n 75290,\n 75291,\n 75292\n );\n\n script_name(english:\"PHP 5.6.x < 5.6.10 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.6.x running on the\nremote web server is prior to 5.6.10. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Multiple heap buffer overflow conditions exist in the\n bundled Perl-Compatible Regular Expression (PCRE)\n library due to improper validation of user-supplied\n input to the compile_branch() and pcre_compile2()\n functions. A remote attacker can exploit these\n conditions to cause a heap-based buffer overflow,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2015-2325,\n CVE-2015-2326)\n\n - A denial of service vulnerability exists in the bundled\n SQLite component due to improper handling of quotes\n in collation sequence names. A remote attacker can\n exploit this to cause uninitialized memory access,\n resulting in denial of service condition.\n (CVE-2015-3414)\n\n - A denial of service vulnerability exists in the bundled\n SQLite component due to an improper implementation of\n comparison operators in the sqlite3VdbeExec() function\n in vdbe.c. A remote attacker can exploit this to cause\n an invalid free operation, resulting in a denial of\n service condition. (CVE-2015-3415)\n\n - A denial of service vulnerability exists in the bundled\n SQLite component due to improper handling of precision\n and width values during floating-point conversions in\n the sqlite3VXPrintf() function in printf.c. A remote\n attacker can exploit this to cause a stack-based buffer\n overflow, resulting in a denial of service condition or\n the execution of arbitrary code. (CVE-2015-3416)\n\n - A security bypass vulnerability exists due to a failure\n in multiple extensions to check for NULL bytes in a path\n when processing or reading a file. A remote attacker can\n exploit this, by combining the '\\0' character with a\n safe file extension, to bypass access restrictions.\n (CVE-2015-4598)\n\n - An arbitrary command injection vulnerability exists due\n to a flaw in the php_escape_shell_arg() function in\n exec.c. A remote attacker can exploit this, via the\n escapeshellarg() PHP method, to inject arbitrary\n operating system commands. (CVE-2015-4642)\n\n - A heap buffer overflow condition exists in the\n ftp_genlist() function in ftp.c. due to improper\n validation of user-supplied input. A remote attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2015-4643)\n \n - A denial of service vulnerability exists due to a NULL\n pointer dereference flaw in the build_tablename()\n function in pgsql.c. An authenticated, remote attacker\n can exploit this to cause an application crash.\n (CVE-2015-4644)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.6.10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.6.10 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4642\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.6)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.6\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.6.x\", port);\n\nif (version =~ \"^5\\.6\\.[0-9]($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.6.10' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-27T14:16:58", "description": "According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.42. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition.\n (CVE-2015-3414)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the sqlite3VdbeExec() function in vdbe.c. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the sqlite3VXPrintf() function in printf.c. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416)\n\n - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the '\\0' character with a safe file extension, to bypass access restrictions.\n (CVE-2015-4598)\n\n - An arbitrary command injection vulnerability exists due to a flaw in the php_escape_shell_arg() function in exec.c. A remote attacker can exploit this, via the escapeshellarg() PHP method, to inject arbitrary operating system commands. (CVE-2015-4642)\n\n - A heap buffer overflow condition exists in the ftp_genlist() function in ftp.c. due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4643) \n - A denial of service vulnerability exists due to a NULL pointer dereference flaw in the build_tablename() function in pgsql.c. An authenticated, remote attacker can exploit this to cause an application crash.\n (CVE-2015-4644)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-06-24T00:00:00", "type": "nessus", "title": "PHP 5.4.x < 5.4.42 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4598", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_4_42.NASL", "href": "https://www.tenable.com/plugins/nessus/84362", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84362);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2015-2325\",\n \"CVE-2015-2326\",\n \"CVE-2015-3414\",\n \"CVE-2015-3415\",\n \"CVE-2015-3416\",\n \"CVE-2015-4598\",\n \"CVE-2015-4642\",\n \"CVE-2015-4643\",\n \"CVE-2015-4644\"\n );\n script_bugtraq_id(\n 74228,\n 75174,\n 75175,\n 75244,\n 75290,\n 75291,\n 75292\n );\n\n script_name(english:\"PHP 5.4.x < 5.4.42 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.4.x running on the\nremote web server is prior to 5.4.42. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Multiple heap buffer overflow conditions exist in the\n bundled Perl-Compatible Regular Expression (PCRE)\n library due to improper validation of user-supplied\n input to the compile_branch() and pcre_compile2()\n functions. A remote attacker can exploit these\n conditions to cause a heap-based buffer overflow,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2015-2325,\n CVE-2015-2326)\n\n - A denial of service vulnerability exists in the bundled\n SQLite component due to improper handling of quotes\n in collation sequence names. A remote attacker can\n exploit this to cause uninitialized memory access,\n resulting in denial of service condition.\n (CVE-2015-3414)\n\n - A denial of service vulnerability exists in the bundled\n SQLite component due to an improper implementation of\n comparison operators in the sqlite3VdbeExec() function\n in vdbe.c. A remote attacker can exploit this to cause\n an invalid free operation, resulting in a denial of\n service condition. (CVE-2015-3415)\n\n - A denial of service vulnerability exists in the bundled\n SQLite component due to improper handling of precision\n and width values during floating-point conversions in\n the sqlite3VXPrintf() function in printf.c. A remote\n attacker can exploit this to cause a stack-based buffer\n overflow, resulting in a denial of service condition or\n the execution of arbitrary code. (CVE-2015-3416)\n\n - A security bypass vulnerability exists due to a failure\n in multiple extensions to check for NULL bytes in a path\n when processing or reading a file. A remote attacker can\n exploit this, by combining the '\\0' character with a\n safe file extension, to bypass access restrictions.\n (CVE-2015-4598)\n\n - An arbitrary command injection vulnerability exists due\n to a flaw in the php_escape_shell_arg() function in\n exec.c. A remote attacker can exploit this, via the\n escapeshellarg() PHP method, to inject arbitrary\n operating system commands. (CVE-2015-4642)\n\n - A heap buffer overflow condition exists in the\n ftp_genlist() function in ftp.c. due to improper\n validation of user-supplied input. A remote attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2015-4643)\n \n - A denial of service vulnerability exists due to a NULL\n pointer dereference flaw in the build_tablename()\n function in pgsql.c. An authenticated, remote attacker\n can exploit this to cause an application crash.\n (CVE-2015-4644)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.4.42\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.4.42 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4642\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.4)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.4\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.4.x\", port);\n\nif (version =~ \"^5\\.4\\.([0-9]|[1-3][0-9]|4[01])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.4.42' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-27T14:18:24", "description": "Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414 , CVE-2015-3415 , CVE-2015-3416 , CVE-2015-2325 and CVE-2015-2326). All PHP 5.5 users are encouraged to upgrade to this version. Please see the upstream release notes for full details.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-09T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php55 (ALAS-2015-562)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3416", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php55", "p-cpe:/a:amazon:linux:php55-bcmath", "p-cpe:/a:amazon:linux:php55-cli", "p-cpe:/a:amazon:linux:php55-common", "p-cpe:/a:amazon:linux:php55-dba", "p-cpe:/a:amazon:linux:php55-debuginfo", "p-cpe:/a:amazon:linux:php55-devel", "p-cpe:/a:amazon:linux:php55-embedded", "p-cpe:/a:amazon:linux:php55-enchant", "p-cpe:/a:amazon:linux:php55-fpm", "p-cpe:/a:amazon:linux:php55-gd", "p-cpe:/a:amazon:linux:php55-gmp", "p-cpe:/a:amazon:linux:php55-imap", "p-cpe:/a:amazon:linux:php55-intl", "p-cpe:/a:amazon:linux:php55-ldap", "p-cpe:/a:amazon:linux:php55-mbstring", "p-cpe:/a:amazon:linux:php55-mcrypt", "p-cpe:/a:amazon:linux:php55-mssql", "p-cpe:/a:amazon:linux:php55-mysqlnd", "p-cpe:/a:amazon:linux:php55-odbc", "p-cpe:/a:amazon:linux:php55-opcache", "p-cpe:/a:amazon:linux:php55-pdo", "p-cpe:/a:amazon:linux:php55-pgsql", "p-cpe:/a:amazon:linux:php55-process", "p-cpe:/a:amazon:linux:php55-pspell", "p-cpe:/a:amazon:linux:php55-recode", "p-cpe:/a:amazon:linux:php55-snmp", "p-cpe:/a:amazon:linux:php55-soap", "p-cpe:/a:amazon:linux:php55-tidy", "p-cpe:/a:amazon:linux:php55-xml", "p-cpe:/a:amazon:linux:php55-xmlrpc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-562.NASL", "href": "https://www.tenable.com/plugins/nessus/84624", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-562.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84624);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-3416\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-4642\", \"CVE-2015-4643\", \"CVE-2015-4644\");\n script_xref(name:\"ALAS\", value:\"2015-562\");\n\n script_name(english:\"Amazon Linux AMI : php55 (ALAS-2015-562)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream reports that several bugs have been fixed as well as several\nsecurity issues into some bundled libraries (CVE-2015-3414 ,\nCVE-2015-3415 , CVE-2015-3416 , CVE-2015-2325 and CVE-2015-2326). All\nPHP 5.5 users are encouraged to upgrade to this version. Please see\nthe upstream release notes for full details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.26\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-562.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php55' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php55-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-bcmath-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-cli-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-common-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-dba-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-debuginfo-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-devel-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-embedded-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-enchant-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-fpm-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-gd-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-gmp-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-imap-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-intl-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-ldap-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mbstring-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mcrypt-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mssql-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mysqlnd-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-odbc-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-opcache-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pdo-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pgsql-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-process-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pspell-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-recode-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-snmp-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-soap-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-tidy-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-xml-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-xmlrpc-5.5.26-1.103.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php55 / php55-bcmath / php55-cli / php55-common / php55-dba / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-27T14:17:39", "description": "New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-20T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / current : php (SSA:2015-198-02) (BACKRONYM)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3152", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:php", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2015-198-02.NASL", "href": "https://www.tenable.com/plugins/nessus/84830", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-198-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84830);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-3152\", \"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-3416\", \"CVE-2015-4642\", \"CVE-2015-4643\", \"CVE-2015-4644\");\n script_bugtraq_id(74228, 75174, 75175, 75290, 75291, 75292);\n script_xref(name:\"SSA\", value:\"2015-198-02\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / current : php (SSA:2015-198-02) (BACKRONYM)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 14.0, 14.1, and -current\nto fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.420251\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?72457f25\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"php\", pkgver:\"5.4.43\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.4.43\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"php\", pkgver:\"5.4.43\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.4.43\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.6.11\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.11\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-27T18:40:56", "description": "The version of MariaDB installed on the remote host is prior to 10.0.18. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10-0-18-release-notes advisory.\n\n - Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. (CVE-2014-8964)\n\n - Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.\n (CVE-2015-0499)\n\n - Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.\n (CVE-2015-0501)\n\n - Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. (CVE-2015-0505)\n\n - The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. (CVE-2015-2325)\n\n - The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by ((?+1)(\\1))/. (CVE-2015-2326)\n\n - Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.\n (CVE-2015-2571)\n\n - Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.\n (CVE-2015-4757)\n\n - Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. (CVE-2015-4866)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-18T00:00:00", "type": "nessus", "title": "MariaDB 10.0.0 < 10.0.18 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8964", "CVE-2015-0499", "CVE-2015-0501", "CVE-2015-0505", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-2571", "CVE-2015-4757", "CVE-2015-4866"], "modified": "2022-11-18T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_0_18.NASL", "href": "https://www.tenable.com/plugins/nessus/167888", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167888);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/18\");\n\n script_cve_id(\n \"CVE-2014-8964\",\n \"CVE-2015-0499\",\n \"CVE-2015-0501\",\n \"CVE-2015-0505\",\n \"CVE-2015-2325\",\n \"CVE-2015-2326\",\n \"CVE-2015-2571\",\n \"CVE-2015-4757\",\n \"CVE-2015-4866\"\n );\n\n script_name(english:\"MariaDB 10.0.0 < 10.0.18 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.0.18. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mariadb-10-0-18-release-notes advisory.\n\n - Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service\n (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that\n allows zero repeats. (CVE-2014-8964)\n\n - Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote\n authenticated users to affect availability via unknown vectors related to Server : Federated.\n (CVE-2015-0499)\n\n - Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote\n authenticated users to affect availability via unknown vectors related to Server : Compiling.\n (CVE-2015-0501)\n\n - Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote\n authenticated users to affect availability via vectors related to DDL. (CVE-2015-0505)\n\n - The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect\n code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified\n impact via a regular expression with a group containing a forward reference repeated a large number of\n times within a repeated outer group that has a zero minimum quantifier. (CVE-2015-2325)\n\n - The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect\n code and cause a denial of service (out-of-bounds read) via regular expression with a group containing\n both a forward referencing subroutine call and a recursive back reference, as demonstrated by\n ((?+1)(\\1))/. (CVE-2015-2326)\n\n - Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote\n authenticated users to affect availability via unknown vectors related to Server : Optimizer.\n (CVE-2015-2571)\n\n - Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote\n authenticated users to affect availability via unknown vectors related to Server : Optimizer.\n (CVE-2015-4757)\n\n - Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to\n affect availability via unknown vectors related to Server : InnoDB. (CVE-2015-4866)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10-0-18-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.0.18 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-2325\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\", \"mariadb_nix_installed.nbin\", \"mariadb_win_installed.nbin\");\n script_require_keys(\"installed_sw/MariaDB\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MariaDB');\n\nif (!(app_info.local) && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, 'MariaDB');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [\n { 'min_version' : '10.0', 'fixed_version' : '10.0.18' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:18:13", "description": "Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414 , CVE-2015-3415 , CVE-2015-3416 , CVE-2015-2325 and CVE-2015-2326). All PHP 5.6 users are encouraged to upgrade to this version. Please see the upstream release notes for full details.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-09T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php56 (ALAS-2015-563)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3416", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php56", "p-cpe:/a:amazon:linux:php56-bcmath", "p-cpe:/a:amazon:linux:php56-cli", "p-cpe:/a:amazon:linux:php56-common", "p-cpe:/a:amazon:linux:php56-dba", "p-cpe:/a:amazon:linux:php56-dbg", "p-cpe:/a:amazon:linux:php56-debuginfo", "p-cpe:/a:amazon:linux:php56-devel", "p-cpe:/a:amazon:linux:php56-embedded", "p-cpe:/a:amazon:linux:php56-enchant", "p-cpe:/a:amazon:linux:php56-fpm", "p-cpe:/a:amazon:linux:php56-gd", "p-cpe:/a:amazon:linux:php56-gmp", "p-cpe:/a:amazon:linux:php56-imap", "p-cpe:/a:amazon:linux:php56-intl", "p-cpe:/a:amazon:linux:php56-ldap", "p-cpe:/a:amazon:linux:php56-mbstring", "p-cpe:/a:amazon:linux:php56-mcrypt", "p-cpe:/a:amazon:linux:php56-mssql", "p-cpe:/a:amazon:linux:php56-mysqlnd", "p-cpe:/a:amazon:linux:php56-odbc", "p-cpe:/a:amazon:linux:php56-opcache", "p-cpe:/a:amazon:linux:php56-pdo", "p-cpe:/a:amazon:linux:php56-pgsql", "p-cpe:/a:amazon:linux:php56-process", "p-cpe:/a:amazon:linux:php56-pspell", "p-cpe:/a:amazon:linux:php56-recode", "p-cpe:/a:amazon:linux:php56-snmp", "p-cpe:/a:amazon:linux:php56-soap", "p-cpe:/a:amazon:linux:php56-tidy", "p-cpe:/a:amazon:linux:php56-xml", "p-cpe:/a:amazon:linux:php56-xmlrpc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-563.NASL", "href": "https://www.tenable.com/plugins/nessus/84625", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-563.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84625);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-3416\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-4642\", \"CVE-2015-4643\", \"CVE-2015-4644\");\n script_xref(name:\"ALAS\", value:\"2015-563\");\n\n script_name(english:\"Amazon Linux AMI : php56 (ALAS-2015-563)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream reports that several bugs have been fixed as well as several\nsecurity issues into some bundled libraries (CVE-2015-3414 ,\nCVE-2015-3415 , CVE-2015-3416 , CVE-2015-2325 and CVE-2015-2326). All\nPHP 5.6 users are encouraged to upgrade to this version. Please see\nthe upstream release notes for full details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.6.10\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-563.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php56-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-bcmath-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-cli-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-common-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dba-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dbg-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-debuginfo-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-devel-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-embedded-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-enchant-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-fpm-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gd-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gmp-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-imap-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-intl-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-ldap-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mbstring-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mcrypt-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mssql-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mysqlnd-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-odbc-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-opcache-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pdo-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pgsql-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-process-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pspell-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-recode-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-snmp-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-soap-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-tidy-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xml-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xmlrpc-5.6.10-1.115.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:56:35", "description": "A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code.\n(CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.\n(CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension. A remote attacker could cause a PHP application to crash if it used fileinfo to identify type of attacker supplied files.\n(CVE-2014-9652, CVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs :\n\n - The libgmp library in some cases terminated unexpectedly with a segmentation fault when being used with other libraries that use the GMP memory management. With this update, PHP no longer changes libgmp memory allocators, which prevents the described crash from occurring.\n\n - When using the Open Database Connectivity (ODBC) API, the PHP process in some cases terminated unexpectedly with a segmentation fault. The underlying code has been adjusted to prevent this crash.\n\n - Previously, running PHP on a big-endian system sometimes led to memory corruption in the fileinfo module. This update adjusts the behavior of the PHP pointer so that it can be freed without causing memory corruption.\n\nAfter installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-06-25T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : php on SL7.x x86_64 (20150623)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8142", "CVE-2014-9652", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-2301", "CVE-2015-2348", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:php", "p-cpe:/a:fermilab:scientific_linux:php-bcmath", "p-cpe:/a:fermilab:scientific_linux:php-cli", "p-cpe:/a:fermilab:scientific_linux:php-common", "p-cpe:/a:fermilab:scientific_linux:php-dba", "p-cpe:/a:fermilab:scientific_linux:php-debuginfo", "p-cpe:/a:fermilab:scientific_linux:php-devel", "p-cpe:/a:fermilab:scientific_linux:php-embedded", "p-cpe:/a:fermilab:scientific_linux:php-enchant", "p-cpe:/a:fermilab:scientific_linux:php-fpm", "p-cpe:/a:fermilab:scientific_linux:php-gd", "p-cpe:/a:fermilab:scientific_linux:php-intl", "p-cpe:/a:fermilab:scientific_linux:php-ldap", "p-cpe:/a:fermilab:scientific_linux:php-mbstring", "p-cpe:/a:fermilab:scientific_linux:php-mysql", "p-cpe:/a:fermilab:scientific_linux:php-mysqlnd", "p-cpe:/a:fermilab:scientific_linux:php-odbc", "p-cpe:/a:fermilab:scientific_linux:php-pdo", "p-cpe:/a:fermilab:scientific_linux:php-pgsql", "p-cpe:/a:fermilab:scientific_linux:php-process", "p-cpe:/a:fermilab:scientific_linux:php-pspell", "p-cpe:/a:fermilab:scientific_linux:php-recode", "p-cpe:/a:fermilab:scientific_linux:php-snmp", "p-cpe:/a:fermilab:scientific_linux:php-soap", "p-cpe:/a:fermilab:scientific_linux:php-xml", "p-cpe:/a:fermilab:scientific_linux:php-xmlrpc", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150623_PHP_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/84394", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84394);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8142\", \"CVE-2014-9652\", \"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2015-0231\", \"CVE-2015-0232\", \"CVE-2015-0273\", \"CVE-2015-2301\", \"CVE-2015-2348\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3307\", \"CVE-2015-3329\", \"CVE-2015-3330\", \"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\", \"CVE-2015-4604\", \"CVE-2015-4605\");\n\n script_name(english:\"Scientific Linux Security Update : php on SL7.x x86_64 (20150623)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way the PHP module for the Apache httpd web\nserver handled pipelined requests. A remote attacker could use this\nflaw to trigger the execution of a PHP script in a deinitialized\ninterpreter, causing it to crash or, possibly, execute arbitrary code.\n(CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount\nof CPU time. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application\nusing the exif_read_data() function to crash or, possibly, execute\narbitrary code with the privileges of the user running that PHP\napplication. (CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was\nfound in the way PHP's FTP extension parsed file listing FTP server\nresponses. A malicious FTP server could use this flaw to cause a PHP\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the\nunserialize() function could cause a PHP application to crash or,\npossibly, execute arbitrary code. (CVE-2014-8142, CVE-2015-0231,\nCVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148,\nCVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file\nnames containing a NULL character. A remote attacker could possibly\nuse this flaw to make a PHP script access unexpected files and bypass\nintended file system access restrictions. (CVE-2015-2348,\nCVE-2015-4025, CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension\nparsed Phar archives. A specially crafted archive could cause PHP to\ncrash or, possibly, execute arbitrary code when opened.\n(CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329,\nCVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo)\nextension. A remote attacker could cause a PHP application to crash if\nit used fileinfo to identify type of attacker supplied files.\n(CVE-2014-9652, CVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the\nenchant_broker_request_dict() function of PHP's enchant extension. An\nattacker able to make a PHP application enchant dictionaries could\npossibly cause it to crash. (CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application\nusing the imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs :\n\n - The libgmp library in some cases terminated unexpectedly\n with a segmentation fault when being used with other\n libraries that use the GMP memory management. With this\n update, PHP no longer changes libgmp memory allocators,\n which prevents the described crash from occurring.\n\n - When using the Open Database Connectivity (ODBC) API,\n the PHP process in some cases terminated unexpectedly\n with a segmentation fault. The underlying code has been\n adjusted to prevent this crash.\n\n - Previously, running PHP on a big-endian system sometimes\n led to memory corruption in the fileinfo module. This\n update adjusts the behavior of the PHP pointer so that\n it can be freed without causing memory corruption.\n\nAfter installing the updated packages, the httpd daemon must be\nrestarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1506&L=scientific-linux-errata&F=&S=&P=12640\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97d2de81\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-bcmath-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-cli-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-common-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-dba-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-debuginfo-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-devel-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-embedded-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-enchant-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-fpm-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-gd-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-intl-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-ldap-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-mbstring-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-mysql-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-mysqlnd-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-odbc-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-pdo-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-pgsql-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-process-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-pspell-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-recode-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-snmp-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-soap-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-xml-5.4.16-36.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.4.16-36.el7_1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:59:12", "description": "Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.\n(CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in the PHP ZTS module. This flaw could possibly cause a PHP application to crash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-13T00:00:00", "type": "nessus", "title": "RHEL 6 : php (RHSA-2015:1218)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9425", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-2301", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4643"], "modified": "2021-02-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-debuginfo", "p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-embedded", "p-cpe:/a:redhat:enterprise_linux:php-enchant", "p-cpe:/a:redhat:enterprise_linux:php-fpm", "p-cpe:/a:redhat:enterprise_linux:php-gd", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-intl", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "p-cpe:/a:redhat:enterprise_linux:php-process", "p-cpe:/a:redhat:enterprise_linux:php-pspell", "p-cpe:/a:redhat:enterprise_linux:php-recode", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-tidy", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:php-zts", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.6"], "id": "REDHAT-RHSA-2015-1218.NASL", "href": "https://www.tenable.com/plugins/nessus/84660", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1218. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84660);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2014-9425\", \"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2015-0232\", \"CVE-2015-0273\", \"CVE-2015-2301\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3307\", \"CVE-2015-3329\", \"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4026\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\", \"CVE-2015-4643\");\n script_bugtraq_id(71800, 72541, 72701, 73031, 73037, 73306, 73357, 73431, 74239, 74240, 74413, 74700, 74703, 74902, 74903, 75056, 75103, 75244, 75246, 75249, 75250, 75251, 75252, 75255);\n script_xref(name:\"RHSA\", value:\"2015:1218\");\n\n script_name(english:\"RHEL 6 : php (RHSA-2015:1218)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated php packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount\nof CPU time. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application\nusing the exif_read_data() function to crash or, possibly, execute\narbitrary code with the privileges of the user running that PHP\napplication. (CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was\nfound in the way PHP's FTP extension parsed file listing FTP server\nresponses. A malicious FTP server could use this flaw to cause a PHP\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the\nunserialize() function could cause a PHP application to crash or,\npossibly, execute arbitrary code. (CVE-2015-0273, CVE-2015-2787,\nCVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file\nnames containing a NULL character. A remote attacker could possibly\nuse this flaw to make a PHP script access unexpected files and bypass\nintended file system access restrictions. (CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension\nparsed Phar archives. A specially crafted archive could cause PHP to\ncrash or, possibly, execute arbitrary code when opened.\n(CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329,\nCVE-2015-4021)\n\nA heap buffer overflow flaw was found in the\nenchant_broker_request_dict() function of PHP's enchant extension. An\nattacker able to make a PHP application enchant dictionaries could\npossibly cause it to crash. (CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application\nusing the imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy()\nfunction in the PHP ZTS module. This flaw could possibly cause a PHP\napplication to crash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-4024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9425\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1218\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,