{"id": "OPENVAS:1361412562310702816", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 2816-1 (php5 - several vulnerabilities)", "description": "Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development. The Common\nVulnerabilities and Exposures project identifies the following issues:\n\nCVE-2013-6420\nStefan Esser reported possible memory corruption in\nopenssl_x509_parse().\n\nCVE-2013-6712\nCreating DateInterval objects from parsed ISO dates was\nnot properly restricted, which allowed to cause a\ndenial of service.\n\nIn addition, the update for Debian 7 Wheezy\ncontains several bugfixes\noriginally targeted for the upcoming Wheezy point release.", "published": "2013-12-12T00:00:00", "modified": "2019-03-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702816", "reporter": "Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2013/dsa-2816.html"], "cvelist": ["CVE-2013-6420", "CVE-2013-6712"], "lastseen": "2019-05-29T18:37:59", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-6712", "CVE-2013-6420"]}, {"type": "f5", "idList": ["SOL15110"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2816-1:9C993"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2014-014.NASL", "PHP_5_4_24.NASL", "OPENSUSE-2013-1032.NASL", "PHP_5_5_8.NASL", "ALA_ALAS-2013-264.NASL", "SOLARIS11_PHP_20140522.NASL", "DEBIAN_DSA-2816.NASL", "UBUNTU_USN-2055-1.NASL", "SUSE_11_APACHE2-MOD_PHP53-131218.NASL", "SUSE_SU-2014-0064-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:702816", "OPENVAS:1361412562310120461", "OPENVAS:841659", "OPENVAS:1361412562310881830", "OPENVAS:1361412562310804160", "OPENVAS:1361412562310804174", "OPENVAS:881847", "OPENVAS:1361412562310841659", "OPENVAS:1361412562310871099", "OPENVAS:1361412562310120459"]}, {"type": "ubuntu", "idList": ["USN-2055-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13464", "SECURITYVULNS:DOC:31138", "SECURITYVULNS:DOC:30145", "SECURITYVULNS:VULN:13993", "SECURITYVULNS:DOC:30264", "SECURITYVULNS:DOC:30132", "SECURITYVULNS:VULN:13542"]}, {"type": "redhat", "idList": ["RHSA-2013:1824", "RHSA-2013:1826", "RHSA-2013:1813", "RHSA-2013:1825", "RHSA-2013:1814", "RHSA-2013:1815"]}, {"type": "seebug", "idList": ["SSV:83792", "SSV:61173"]}, {"type": "amazon", "idList": ["ALAS-2013-264", "ALAS-2013-262", "ALAS-2013-263"]}, {"type": "exploitdb", "idList": ["EDB-ID:30395"]}, {"type": "slackware", "idList": ["SSA-2014-013-03"]}, {"type": "hackerone", "idList": ["H1:523"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:95E864B082B44E6A881AB3646F7BF0AE"]}, {"type": "centos", "idList": ["CESA-2013:1813"]}, {"type": "freebsd", "idList": ["47B4E713-6513-11E3-868F-0025905A4771"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:124436"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-1813"]}, {"type": "zdt", "idList": ["1337DAY-ID-21682", "1337DAY-ID-21694"]}, {"type": "kaspersky", "idList": ["KLA10458"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0873-2"]}], "modified": "2019-05-29T18:37:59", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2019-05-29T18:37:59", "rev": 2}, "vulnersScore": 7.1}, "pluginID": "1361412562310702816", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2816.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2816-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702816\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2013-6420\", \"CVE-2013-6712\");\n script_name(\"Debian Security Advisory DSA 2816-1 (php5 - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-12 00:00:00 +0100 (Thu, 12 Dec 2013)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2816.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"php5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 5.3.3-7+squeeze18.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 5.4.4-14+deb7u7.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.5.6+dfsg-2.\n\nWe recommend that you upgrade your php5 packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development. The Common\nVulnerabilities and Exposures project identifies the following issues:\n\nCVE-2013-6420\nStefan Esser reported possible memory corruption in\nopenssl_x509_parse().\n\nCVE-2013-6712\nCreating DateInterval objects from parsed ISO dates was\nnot properly restricted, which allowed to cause a\ndenial of service.\n\nIn addition, the update for Debian 7 Wheezy\ncontains several bugfixes\noriginally targeted for the upcoming Wheezy point release.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "naslFamily": "Debian Local Security Checks"}

{"cve": [{"lastseen": "2021-02-02T06:07:00", "description": "The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.", "edition": 6, "cvss3": {}, "published": "2013-11-28T04:37:00", "title": "CVE-2013-6712", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6712"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/o:apple:mac_os_x:10.10.2", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:php:php:5.5.4", "cpe:/a:php:php:5.5.3", "cpe:/o:opensuse:opensuse:11.4", "cpe:/a:php:php:5.5.0", "cpe:/a:php:php:5.5.1", "cpe:/o:opensuse:opensuse:12.2", "cpe:/a:php:php:5.5.5", "cpe:/a:php:php:5.5.2", "cpe:/a:php:php:5.5.6", "cpe:/o:opensuse:opensuse:12.3"], "id": "CVE-2013-6712", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6712", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:59", "description": "The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.", "edition": 6, "cvss3": {}, "published": "2013-12-17T04:46:00", "title": "CVE-2013-6420", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6420"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:php:php:5.4.12", "cpe:/a:php:php:5.3.13", "cpe:/a:php:php:5.4.1", "cpe:/a:php:php:5.4.8", "cpe:/a:php:php:5.3.4", "cpe:/a:php:php:5.3.25", "cpe:/a:php:php:5.4.4", "cpe:/a:php:php:5.3.21", "cpe:/a:php:php:5.3.8", "cpe:/a:php:php:5.3.22", "cpe:/a:php:php:5.3.9", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:php:php:5.4.0", "cpe:/a:php:php:5.5.4", "cpe:/a:php:php:5.4.5", "cpe:/a:php:php:5.4.19", "cpe:/a:php:php:5.4.17", "cpe:/a:php:php:5.3.6", "cpe:/a:php:php:5.3.19", "cpe:/a:php:php:5.3.10", "cpe:/a:php:php:5.3.5", "cpe:/a:php:php:5.4.20", "cpe:/a:php:php:5.3.1", "cpe:/o:apple:mac_os_x:10.9.1", "cpe:/a:php:php:5.3.23", "cpe:/a:php:php:5.3.20", "cpe:/a:php:php:5.3.0", "cpe:/a:php:php:5.3.26", "cpe:/a:php:php:5.5.3", "cpe:/a:php:php:5.3.17", "cpe:/a:php:php:5.4.11", "cpe:/a:php:php:5.3.11", "cpe:/a:php:php:5.4.7", "cpe:/a:php:php:5.4.9", "cpe:/a:php:php:5.3.27", "cpe:/a:php:php:5.4.16", "cpe:/a:php:php:5.3.15", "cpe:/o:opensuse:opensuse:11.4", "cpe:/a:php:php:5.5.0", "cpe:/a:php:php:5.5.1", "cpe:/a:php:php:5.3.12", "cpe:/a:php:php:5.3.7", "cpe:/o:opensuse:opensuse:12.2", "cpe:/a:php:php:5.4.22", "cpe:/a:php:php:5.4.15", "cpe:/a:php:php:5.4.13", "cpe:/a:php:php:5.4.10", "cpe:/a:php:php:5.4.2", "cpe:/a:php:php:5.4.18", "cpe:/a:php:php:5.4.21", "cpe:/a:php:php:5.3.14", "cpe:/a:php:php:5.5.5", "cpe:/a:php:php:5.3.18", "cpe:/a:php:php:5.3.2", "cpe:/a:php:php:5.5.2", "cpe:/a:php:php:5.4.6", "cpe:/a:php:php:5.5.6", "cpe:/a:php:php:5.3.16", "cpe:/a:php:php:5.3.3", "cpe:/o:opensuse:opensuse:12.3", "cpe:/a:php:php:5.4.3", "cpe:/a:php:php:5.3.24", "cpe:/a:php:php:5.4.14"], "id": "CVE-2013-6420", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6420", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.22:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.21:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.27:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.21:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2016-09-26T17:23:03", "bulletinFamily": "software", "cvelist": ["CVE-2013-6420"], "edition": 1, "description": "Recommended action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n", "modified": "2014-05-22T00:00:00", "published": "2014-03-27T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15110.html", "id": "SOL15110", "title": "SOL15110 - PHP Vulnerability CVE-2013-6420", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:51:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6420", "CVE-2013-6712"], "description": "Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development. The Common\nVulnerabilities and Exposures project identifies the following issues:\n\nCVE-2013-6420 \nStefan Esser reported possible memory corruption in\nopenssl_x509_parse().\n\nCVE-2013-6712 \nCreating DateInterval objects from parsed ISO dates was\nnot properly restricted, which allowed to cause a\ndenial of service.\n\nIn addition, the update for Debian 7 Wheezy \ncontains several bugfixes\noriginally targeted for the upcoming Wheezy point release.", "modified": "2017-07-07T00:00:00", "published": "2013-12-12T00:00:00", "id": "OPENVAS:702816", "href": "http://plugins.openvas.org/nasl.php?oid=702816", "type": "openvas", "title": "Debian Security Advisory DSA 2816-1 (php5 - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2816.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2816-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"php5 on Debian Linux\";\ntag_insight = \"This package is a metapackage that, when installed, guarantees that you\nhave at least one of the three server-side versions of the PHP5 interpreter\ninstalled. Removing this package won't remove PHP5 from your system, however\nit may remove other packages that depend on this one.\";\ntag_solution = \"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 5.3.3-7+squeeze18.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 5.4.4-14+deb7u7.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.5.6+dfsg-2.\n\nWe recommend that you upgrade your php5 packages.\";\ntag_summary = \"Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development. The Common\nVulnerabilities and Exposures project identifies the following issues:\n\nCVE-2013-6420 \nStefan Esser reported possible memory corruption in\nopenssl_x509_parse().\n\nCVE-2013-6712 \nCreating DateInterval objects from parsed ISO dates was\nnot properly restricted, which allowed to cause a\ndenial of service.\n\nIn addition, the update for Debian 7 Wheezy \ncontains several bugfixes\noriginally targeted for the upcoming Wheezy point release.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702816);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-6420\", \"CVE-2013-6712\");\n script_name(\"Debian Security Advisory DSA 2816-1 (php5 - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-12-12 00:00:00 +0100 (Thu, 12 Dec 2013)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2816.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.3-7+squeeze18\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.4.4-14+deb7u7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:09:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6420", "CVE-2013-6712"], "description": "Check for the Version of php5", "modified": "2018-01-17T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:841659", "href": "http://plugins.openvas.org/nasl.php?oid=841659", "type": "openvas", "title": "Ubuntu Update for php5 USN-2055-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2055_1.nasl 8448 2018-01-17 16:18:06Z teissa $\n#\n# Ubuntu Update for php5 USN-2055-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841659);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 12:10:04 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-6420\", \"CVE-2013-6712\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for php5 USN-2055-1\");\n\n tag_insight = \"Stefan Esser discovered that PHP incorrectly parsed\ncertificates. An attacker could use a malformed certificate to cause PHP\nto crash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2013-6420)\n\nIt was discovered that PHP incorrectly handled DateInterval objects. An\nattacker could use this issue to cause PHP to crash, resulting in a denial\nof service. (CVE-2013-6712)\";\n\n tag_affected = \"php5 on Ubuntu 13.10 ,\n Ubuntu 13.04 ,\n Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 10.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2055-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2055-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of php5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.6-1ubuntu1.5\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.6-1ubuntu1.5\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.6-1ubuntu1.5\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.10-1ubuntu3.9\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.10-1ubuntu3.9\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.10-1ubuntu3.9\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.2-1ubuntu4.22\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.2-1ubuntu4.22\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.2-1ubuntu4.22\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.5.3+dfsg-1ubuntu2.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.5.3+dfsg-1ubuntu2.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.5.3+dfsg-1ubuntu2.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.9-4ubuntu2.4\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.9-4ubuntu2.4\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.9-4ubuntu2.4\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6420", "CVE-2013-6712"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:1361412562310841659", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841659", "type": "openvas", "title": "Ubuntu Update for php5 USN-2055-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2055_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for php5 USN-2055-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841659\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 12:10:04 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-6420\", \"CVE-2013-6712\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for php5 USN-2055-1\");\n\n script_tag(name:\"affected\", value:\"php5 on Ubuntu 13.10,\n Ubuntu 13.04,\n Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Stefan Esser discovered that PHP incorrectly parsed\ncertificates. An attacker could use a malformed certificate to cause PHP\nto crash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2013-6420)\n\nIt was discovered that PHP incorrectly handled DateInterval objects. An\nattacker could use this issue to cause PHP to crash, resulting in a denial\nof service. (CVE-2013-6712)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2055-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2055-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.10|12\\.04 LTS|10\\.04 LTS|13\\.10|13\\.04)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.6-1ubuntu1.5\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.6-1ubuntu1.5\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.6-1ubuntu1.5\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.10-1ubuntu3.9\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.10-1ubuntu3.9\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.10-1ubuntu3.9\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.2-1ubuntu4.22\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.2-1ubuntu4.22\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.2-1ubuntu4.22\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.5.3+dfsg-1ubuntu2.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.5.3+dfsg-1ubuntu2.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.5.3+dfsg-1ubuntu2.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.9-4ubuntu2.4\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.9-4ubuntu2.4\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.9-4ubuntu2.4\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6712"], "description": "This host is installed with PHP and is prone to remote code execution\n vulnerability.", "modified": "2018-10-12T00:00:00", "published": "2013-12-06T00:00:00", "id": "OPENVAS:1361412562310804160", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804160", "type": "openvas", "title": "PHP Remote Code Execution Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_code_exec_vuln.nasl 11865 2018-10-12 10:03:43Z cfischer $\n#\n# PHP Remote Code Execution Vulnerability\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804160\");\n script_version(\"$Revision: 11865 $\");\n script_cve_id(\"CVE-2013-6712\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-06 13:02:20 +0530 (Fri, 06 Dec 2013)\");\n script_name(\"PHP Remote Code Execution Vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone to remote code execution\n vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.5.8 or later.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to error in 'scan function' in\n 'ext/date/lib/parse_iso_intervals.c' which does not validate user-supplied\n input when handling 'DateInterval' objects.\");\n\n script_tag(name:\"affected\", value:\"PHP versions 5.5.6 and prior.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to allow a remote attacker\n to cause a heap-based buffer overflow, resulting in a denial of service.\");\n\n script_xref(name:\"URL\", value:\"http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_in_range(version:phpVer, test_version:\"5.5.0\", test_version2:\"5.5.6\")){\n report = report_fixed_ver(installed_version:phpVer, fixed_version:\"5.5.8\");\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:48:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6420"], "description": "Check for the Version of php", "modified": "2017-07-10T00:00:00", "published": "2014-02-03T00:00:00", "id": "OPENVAS:867361", "href": "http://plugins.openvas.org/nasl.php?oid=867361", "type": "openvas", "title": "Fedora Update for php FEDORA-2013-23164", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2013-23164\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867361);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-03 20:20:36 +0530 (Mon, 03 Feb 2014)\");\n script_cve_id(\"CVE-2013-6420\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for php FEDORA-2013-23164\");\n\n tag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\neasy for developers to write dynamically generated web pages. PHP also\noffers built-in database integration for several commercial and\nnon-commercial database management systems, so writing a\ndatabase-enabled webpage with PHP is fairly simple. The most common\nuse of PHP coding is probably as a replacement for CGI scripts.\n\nThe php package contains the module (often referred to as mod_php)\nwhich adds support for the PHP language to Apache HTTP Server.\n\";\n\n tag_affected = \"php on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-23164\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124718.html\");\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.5.7~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6420"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:1361412562310881847", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881847", "type": "openvas", "title": "CentOS Update for php53 CESA-2013:1813 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php53 CESA-2013:1813 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881847\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 12:01:17 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-6420\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for php53 CESA-2013:1813 centos5\");\n\n script_tag(name:\"affected\", value:\"php53 on CentOS 5\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA memory corruption flaw was found in the way the openssl_x509_parse()\nfunction of the PHP openssl extension parsed X.509 certificates. A remote\nattacker could use this flaw to provide a malicious self-signed certificate\nor a certificate signed by a trusted authority to a PHP application using\nthe aforementioned function, causing the application to crash or, possibly,\nallow the attacker to execute arbitrary code with the privileges of the\nuser running the PHP interpreter. (CVE-2013-6420)\n\nRed Hat would like to thank the PHP project for reporting this issue.\nUpstream acknowledges Stefan Esser as the original reporter of this issue.\n\nAll php53 and php users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After installing\nthe updated packages, the httpd daemon must be restarted for the update to\ntake effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2013:1813\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-December/020063.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php53'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php53\", rpm:\"php53~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-bcmath\", rpm:\"php53-bcmath~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-cli\", rpm:\"php53-cli~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-common\", rpm:\"php53-common~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-dba\", rpm:\"php53-dba~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-devel\", rpm:\"php53-devel~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-gd\", rpm:\"php53-gd~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-imap\", rpm:\"php53-imap~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-intl\", rpm:\"php53-intl~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-ldap\", rpm:\"php53-ldap~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mbstring\", rpm:\"php53-mbstring~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mysql\", rpm:\"php53-mysql~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-odbc\", rpm:\"php53-odbc~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pdo\", rpm:\"php53-pdo~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pgsql\", rpm:\"php53-pgsql~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-process\", rpm:\"php53-process~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pspell\", rpm:\"php53-pspell~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-snmp\", rpm:\"php53-snmp~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-soap\", rpm:\"php53-soap~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xml\", rpm:\"php53-xml~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xmlrpc\", rpm:\"php53-xmlrpc~5.3.3~22.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6420"], "description": "This host is installed with PHP and is prone to remote code execution\n vulnerability.", "modified": "2018-10-12T00:00:00", "published": "2013-12-19T00:00:00", "id": "OPENVAS:1361412562310804174", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804174", "type": "openvas", "title": "PHP Remote Code Execution and Denial of Service Vulnerabilities - Dec13", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_dos_n_code_exec_vuln_dec13.nasl 11865 2018-10-12 10:03:43Z cfischer $\n#\n# PHP Remote Code Execution and Denial of Service Vulnerabilities - Dec13\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804174\");\n script_version(\"$Revision: 11865 $\");\n script_cve_id(\"CVE-2013-6420\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-19 18:09:47 +0530 (Thu, 19 Dec 2013)\");\n script_name(\"PHP Remote Code Execution and Denial of Service Vulnerabilities - Dec13\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone to remote code execution\n vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Update to PHP version 5.3.28 or 5.4.23 or 5.5.7 or later.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to a boundary error within the 'asn1_time_to_time_t' function\n in 'ext/openssl/openssl.c' when parsing X.509 certificates.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary code\n or cause a denial of service (memory corruption).\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/56055\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/124436/PHP-openssl_x509_parse-Memory-Corruption.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_less(version:phpVer, test_version:\"5.3.28\") ||\n version_in_range(version:phpVer, test_version:\"5.4.0\", test_version2:\"5.4.22\") ||\n version_in_range(version:phpVer, test_version:\"5.5.0\", test_version2:\"5.5.6\")) {\n report = report_fixed_ver(installed_version:phpVer, fixed_version:\"5.3.28/5.4.23/5.5.7\");\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6420"], "description": "Oracle Linux Local Security Checks ELSA-2013-1813", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123500", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123500", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-1813", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-1813.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123500\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:04:42 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-1813\");\n script_tag(name:\"insight\", value:\"ELSA-2013-1813 - php53 and php security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-1813\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-1813.html\");\n script_cve_id(\"CVE-2013-6420\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"php53\", rpm:\"php53~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-bcmath\", rpm:\"php53-bcmath~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-cli\", rpm:\"php53-cli~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-common\", rpm:\"php53-common~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-dba\", rpm:\"php53-dba~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-devel\", rpm:\"php53-devel~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-gd\", rpm:\"php53-gd~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-imap\", rpm:\"php53-imap~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-intl\", rpm:\"php53-intl~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-ldap\", rpm:\"php53-ldap~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-mbstring\", rpm:\"php53-mbstring~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-mysql\", rpm:\"php53-mysql~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-odbc\", rpm:\"php53-odbc~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-pdo\", rpm:\"php53-pdo~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-pgsql\", rpm:\"php53-pgsql~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-process\", rpm:\"php53-process~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-pspell\", rpm:\"php53-pspell~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-snmp\", rpm:\"php53-snmp~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-soap\", rpm:\"php53-soap~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-xml\", rpm:\"php53-xml~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-xmlrpc\", rpm:\"php53-xmlrpc~5.3.3~22.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-zts\", rpm:\"php-zts~5.3.3~27.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:01:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6420"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120459", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120459", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2013-262)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120459\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:52 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2013-262)\");\n script_tag(name:\"insight\", value:\"The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.\");\n script_tag(name:\"solution\", value:\"Run yum update php to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-262.html\");\n script_cve_id(\"CVE-2013-6420\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php-mysqlnd\", rpm:\"php-mysqlnd~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.28~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6420"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:1361412562310881830", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881830", "type": "openvas", "title": "CentOS Update for php CESA-2013:1813 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2013:1813 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881830\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:56:01 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-6420\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for php CESA-2013:1813 centos6\");\n\n script_tag(name:\"affected\", value:\"php on CentOS 6\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA memory corruption flaw was found in the way the openssl_x509_parse()\nfunction of the PHP openssl extension parsed X.509 certificates. A remote\nattacker could use this flaw to provide a malicious self-signed certificate\nor a certificate signed by a trusted authority to a PHP application using\nthe aforementioned function, causing the application to crash or, possibly,\nallow the attacker to execute arbitrary code with the privileges of the\nuser running the PHP interpreter. (CVE-2013-6420)\n\nRed Hat would like to thank the PHP project for reporting this issue.\nUpstream acknowledges Stefan Esser as the original reporter of this issue.\n\nAll php53 and php users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After installing\nthe updated packages, the httpd daemon must be restarted for the update to\ntake effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2013:1813\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-December/020061.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zts\", rpm:\"php-zts~5.3.3~27.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T09:48:16", "description": "Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development. The Common\nVulnerabilities and Exposures project identifies the following issues\n:\n\n - CVE-2013-6420\n Stefan Esser reported possible memory corruption in\n openssl_x509_parse().\n\n - CVE-2013-6712\n Creating DateInterval objects from parsed ISO dates was\n not properly restricted, which allowed to cause a denial\n of service.\n\nIn addition, the update for Debian 7 'Wheezy' contains several\nbugfixes originally targeted for the upcoming Wheezy point release.", "edition": 17, "published": "2013-12-14T00:00:00", "title": "Debian DSA-2816-1 : php5 - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6420", "CVE-2013-6712"], "modified": "2013-12-14T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:php5", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2816.NASL", "href": "https://www.tenable.com/plugins/nessus/71402", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2816. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71402);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-6420\", \"CVE-2013-6712\");\n script_bugtraq_id(64018, 64225);\n script_xref(name:\"DSA\", value:\"2816\");\n\n script_name(english:\"Debian DSA-2816-1 : php5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development. The Common\nVulnerabilities and Exposures project identifies the following issues\n:\n\n - CVE-2013-6420\n Stefan Esser reported possible memory corruption in\n openssl_x509_parse().\n\n - CVE-2013-6712\n Creating DateInterval objects from parsed ISO dates was\n not properly restricted, which allowed to cause a denial\n of service.\n\nIn addition, the update for Debian 7 'Wheezy' contains several\nbugfixes originally targeted for the upcoming Wheezy point release.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2816\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php5 packages.\n\nFor the oldstable distribution (squeeze), these problems have been\nfixed in version 5.3.3-7+squeeze18.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 5.4.4-14+deb7u7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php-pear\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cgi\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cli\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-common\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-curl\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dbg\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dev\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-enchant\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gd\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gmp\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-imap\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-interbase\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-intl\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-ldap\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mcrypt\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mysql\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-odbc\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pgsql\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pspell\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-recode\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-snmp\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sqlite\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sybase\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-tidy\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xmlrpc\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xsl\", reference:\"5.3.3-7+squeeze18\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libphp5-embed\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php-pear\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cgi\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cli\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-common\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-curl\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dbg\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dev\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-enchant\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-fpm\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gd\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gmp\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-imap\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-interbase\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-intl\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-ldap\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mcrypt\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysql\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysqlnd\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-odbc\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pgsql\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pspell\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-recode\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-snmp\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sqlite\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sybase\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-tidy\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xmlrpc\", reference:\"5.4.4-14+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xsl\", reference:\"5.4.4-14+deb7u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T07:27:10", "description": "Stefan Esser discovered that PHP incorrectly parsed certificates. An\nattacker could use a malformed certificate to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2013-6420)\n\nIt was discovered that PHP incorrectly handled DateInterval objects.\nAn attacker could use this issue to cause PHP to crash, resulting in a\ndenial of service. (CVE-2013-6712).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2013-12-13T00:00:00", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : php5 vulnerabilities (USN-2055-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6420", "CVE-2013-6712"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2055-1.NASL", "href": "https://www.tenable.com/plugins/nessus/71394", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2055-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71394);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-6420\", \"CVE-2013-6712\");\n script_bugtraq_id(64018, 64225);\n script_xref(name:\"USN\", value:\"2055-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : php5 vulnerabilities (USN-2055-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stefan Esser discovered that PHP incorrectly parsed certificates. An\nattacker could use a malformed certificate to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2013-6420)\n\nIt was discovered that PHP incorrectly handled DateInterval objects.\nAn attacker could use this issue to cause PHP to crash, resulting in a\ndenial of service. (CVE-2013-6712).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2055-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libapache2-mod-php5, php5-cgi and / or php5-cli\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|12\\.10|13\\.04|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 12.10 / 13.04 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.2-1ubuntu4.22\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.2-1ubuntu4.22\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cli\", pkgver:\"5.3.2-1ubuntu4.22\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.10-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.10-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-cli\", pkgver:\"5.3.10-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.4.6-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"php5-cgi\", pkgver:\"5.4.6-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"php5-cli\", pkgver:\"5.4.6-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.4.9-4ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"php5-cgi\", pkgver:\"5.4.9-4ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"php5-cli\", pkgver:\"5.4.9-4ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.5.3+dfsg-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"php5-cgi\", pkgver:\"5.5.3+dfsg-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"php5-cli\", pkgver:\"5.5.3+dfsg-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / php5-cgi / php5-cli\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:37:36", "description": "This update fixes the following issues :\n\n - memory corruption in openssl_parse_x509. (CVE-2013-6420)\n\n - Heap buffer over-read in DateInterval. (CVE-2013-6712)\n\n - man-in-the-middle attacks by specially crafting\n certificates (CVE-2013-4248)", "edition": 17, "published": "2014-01-15T00:00:00", "title": "SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8683 / 8684)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4248", "CVE-2013-6420", "CVE-2013-6712"], "modified": "2014-01-15T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:php53-fileinfo", "p-cpe:/a:novell:suse_linux:11:php53-ftp", "p-cpe:/a:novell:suse_linux:11:php53-mysql", "p-cpe:/a:novell:suse_linux:11:php53-calendar", "p-cpe:/a:novell:suse_linux:11:php53-curl", "p-cpe:/a:novell:suse_linux:11:php53-zlib", "p-cpe:/a:novell:suse_linux:11:php53-soap", "p-cpe:/a:novell:suse_linux:11:php53-sysvshm", "p-cpe:/a:novell:suse_linux:11:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:11:php53-bz2", "p-cpe:/a:novell:suse_linux:11:php53-wddx", "p-cpe:/a:novell:suse_linux:11:php53-suhosin", "p-cpe:/a:novell:suse_linux:11:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:11:php53-odbc", "p-cpe:/a:novell:suse_linux:11:php53-ldap", "p-cpe:/a:novell:suse_linux:11:php53-gd", "p-cpe:/a:novell:suse_linux:11:php53-xsl", "p-cpe:/a:novell:suse_linux:11:php53-ctype", "p-cpe:/a:novell:suse_linux:11:php53-pear", "p-cpe:/a:novell:suse_linux:11:php53-bcmath", "p-cpe:/a:novell:suse_linux:11:php53-pcntl", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:php53-dom", "p-cpe:/a:novell:suse_linux:11:php53-openssl", "p-cpe:/a:novell:suse_linux:11:php53-mbstring", "p-cpe:/a:novell:suse_linux:11:php53-intl", "p-cpe:/a:novell:suse_linux:11:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:11:php53-sysvsem", "p-cpe:/a:novell:suse_linux:11:php53-iconv", "p-cpe:/a:novell:suse_linux:11:php53-pspell", "p-cpe:/a:novell:suse_linux:11:php53-exif", "p-cpe:/a:novell:suse_linux:11:php53-pdo", "p-cpe:/a:novell:suse_linux:11:php53-tokenizer", "p-cpe:/a:novell:suse_linux:11:php53-zip", "p-cpe:/a:novell:suse_linux:11:php53-dba", "p-cpe:/a:novell:suse_linux:11:php53-fastcgi", "p-cpe:/a:novell:suse_linux:11:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:11:php53-pgsql", "p-cpe:/a:novell:suse_linux:11:php53-xmlreader", "p-cpe:/a:novell:suse_linux:11:php53-gmp", "p-cpe:/a:novell:suse_linux:11:php53-mcrypt", "p-cpe:/a:novell:suse_linux:11:php53", "p-cpe:/a:novell:suse_linux:11:php53-json", "p-cpe:/a:novell:suse_linux:11:php53-shmop", "p-cpe:/a:novell:suse_linux:11:php53-gettext", "p-cpe:/a:novell:suse_linux:11:php53-snmp"], "id": "SUSE_11_APACHE2-MOD_PHP53-131218.NASL", "href": "https://www.tenable.com/plugins/nessus/71965", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71965);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4248\", \"CVE-2013-6420\", \"CVE-2013-6712\");\n\n script_name(english:\"SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8683 / 8684)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following issues :\n\n - memory corruption in openssl_parse_x509. (CVE-2013-6420)\n\n - Heap buffer over-read in DateInterval. (CVE-2013-6712)\n\n - man-in-the-middle attacks by specially crafting\n certificates (CVE-2013-4248)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=837746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=842676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4248.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6420.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6712.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 8683 / 8684 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"apache2-mod_php53-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-bcmath-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-bz2-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-calendar-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-ctype-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-curl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-dba-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-dom-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-exif-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-fastcgi-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-fileinfo-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-ftp-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-gd-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-gettext-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-gmp-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-iconv-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-intl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-json-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-ldap-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-mbstring-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-mcrypt-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-mysql-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-odbc-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-openssl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-pcntl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-pdo-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-pear-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-pgsql-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-pspell-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-shmop-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-snmp-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-soap-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-suhosin-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-sysvmsg-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-sysvsem-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-sysvshm-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-tokenizer-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-wddx-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-xmlreader-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-xmlrpc-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-xmlwriter-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-xsl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-zip-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-zlib-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-mod_php53-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-bcmath-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-bz2-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-calendar-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-ctype-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-curl-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-dba-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-dom-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-exif-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-fastcgi-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-fileinfo-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-ftp-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-gd-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-gettext-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-gmp-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-iconv-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-intl-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-json-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-ldap-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-mbstring-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-mcrypt-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-mysql-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-odbc-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-openssl-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-pcntl-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-pdo-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-pear-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-pgsql-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-pspell-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-shmop-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-snmp-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-soap-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-suhosin-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-sysvmsg-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-sysvsem-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-sysvshm-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-tokenizer-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-wddx-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-xmlreader-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-xmlrpc-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-xmlwriter-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-xsl-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-zip-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-zlib-5.3.17-0.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:43:13", "description": "This update fixes the following issues :\n\n - memory corruption in openssl_parse_x509 (CVE-2013-6420)\n\n - Heap buffer over-read in DateInterval (CVE-2013-6712)\n\n - man-in-the-middle attacks by specially crafting\n certificates (CVE-2013-4248)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "published": "2015-05-20T00:00:00", "title": "SUSE SLES11 Security Update : PHP5 (SUSE-SU-2014:0064-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4248", "CVE-2013-6420", "CVE-2013-6712"], "modified": "2015-05-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:php53-shmop", "p-cpe:/a:novell:suse_linux:php53-snmp", "p-cpe:/a:novell:suse_linux:php53-sysvsem", "p-cpe:/a:novell:suse_linux:php53-dba", "p-cpe:/a:novell:suse_linux:php53-pear", "p-cpe:/a:novell:suse_linux:php53-xsl", "p-cpe:/a:novell:suse_linux:php53-calendar", "p-cpe:/a:novell:suse_linux:php53-openssl", "p-cpe:/a:novell:suse_linux:php53", "p-cpe:/a:novell:suse_linux:php53-dom", "p-cpe:/a:novell:suse_linux:php53-odbc", "p-cpe:/a:novell:suse_linux:php53-ctype", "p-cpe:/a:novell:suse_linux:php53-zip", "p-cpe:/a:novell:suse_linux:php53-pgsql", "p-cpe:/a:novell:suse_linux:php53-pcntl", "p-cpe:/a:novell:suse_linux:php53-pspell", "p-cpe:/a:novell:suse_linux:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:php53-gmp", "p-cpe:/a:novell:suse_linux:php53-gd", "p-cpe:/a:novell:suse_linux:php53-curl", "p-cpe:/a:novell:suse_linux:php53-gettext", "p-cpe:/a:novell:suse_linux:php53-iconv", "p-cpe:/a:novell:suse_linux:php53-bz2", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:php53-zlib", "p-cpe:/a:novell:suse_linux:php53-bcmath", "p-cpe:/a:novell:suse_linux:php53-fastcgi", "p-cpe:/a:novell:suse_linux:php53-json", "p-cpe:/a:novell:suse_linux:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:php53-mbstring", "p-cpe:/a:novell:suse_linux:php53-ldap", "p-cpe:/a:novell:suse_linux:php53-xmlreader", "p-cpe:/a:novell:suse_linux:php53-suhosin", "p-cpe:/a:novell:suse_linux:php53-ftp", "p-cpe:/a:novell:suse_linux:php53-soap", "p-cpe:/a:novell:suse_linux:php53-sysvshm", "p-cpe:/a:novell:suse_linux:php53-fileinfo", "p-cpe:/a:novell:suse_linux:php53-mcrypt", "p-cpe:/a:novell:suse_linux:php53-intl", "p-cpe:/a:novell:suse_linux:php53-wddx", "p-cpe:/a:novell:suse_linux:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:php53-tokenizer", "p-cpe:/a:novell:suse_linux:php53-pdo", "p-cpe:/a:novell:suse_linux:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:php53-mysql", "p-cpe:/a:novell:suse_linux:php53-exif"], "id": "SUSE_SU-2014-0064-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83607", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2014:0064-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83607);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4248\", \"CVE-2013-6420\", \"CVE-2013-6712\");\n script_bugtraq_id(61776, 64018, 64225);\n\n script_name(english:\"SUSE SLES11 Security Update : PHP5 (SUSE-SU-2014:0064-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following issues :\n\n - memory corruption in openssl_parse_x509 (CVE-2013-6420)\n\n - Heap buffer over-read in DateInterval (CVE-2013-6712)\n\n - man-in-the-middle attacks by specially crafting\n certificates (CVE-2013-4248)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://download.suse.com/patch/finder/?keywords=8819817181dd7026cfe3ff43214688c6\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ebe2dd9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4248.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6420.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6712.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/854880\"\n );\n # https://www.suse.com/support/update/announcement/2014/suse-su-20140064-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5f0c918a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11 SP2 :\n\nzypper in -t patch sdksp2-apache2-mod_php53-8683\n\nSUSE Linux Enterprise Server 11 SP2 for VMware :\n\nzypper in -t patch slessp2-apache2-mod_php53-8683\n\nSUSE Linux Enterprise Server 11 SP2 :\n\nzypper in -t patch slessp2-apache2-mod_php53-8683\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^2$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"apache2-mod_php53-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-bcmath-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-bz2-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-calendar-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-ctype-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-curl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-dba-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-dom-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-exif-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-fastcgi-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-fileinfo-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-ftp-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-gd-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-gettext-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-gmp-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-iconv-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-intl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-json-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-ldap-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-mbstring-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-mcrypt-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-mysql-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-odbc-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-openssl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pcntl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pdo-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pear-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pgsql-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pspell-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-shmop-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-snmp-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-soap-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-suhosin-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-sysvmsg-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-sysvsem-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-sysvshm-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-tokenizer-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-wddx-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xmlreader-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xmlrpc-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xmlwriter-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xsl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-zip-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-zlib-5.3.8-0.43.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PHP5\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:26:08", "description": " - security update\n\n - CVE-2013-6420.patch [bnc#854880]\n\n - CVE-2013-6712.patch [bnc#853045]\n\n - CVE-2013-4248.patch [bnc#837746]", "edition": 17, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : php5 (openSUSE-SU-2013:1963-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4248", "CVE-2013-6420", "CVE-2013-6712"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-mssql-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php5-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5-mssql", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-firebird", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-ldap"], "id": "OPENSUSE-2013-1032.NASL", "href": "https://www.tenable.com/plugins/nessus/74876", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-1032.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74876);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4248\", \"CVE-2013-6420\", \"CVE-2013-6712\");\n script_bugtraq_id(61776, 64018, 64225);\n\n script_name(english:\"openSUSE Security Update : php5 (openSUSE-SU-2013:1963-1)\");\n script_summary(english:\"Check for the openSUSE-2013-1032 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - security update\n\n - CVE-2013-6420.patch [bnc#854880]\n\n - CVE-2013-6712.patch [bnc#853045]\n\n - CVE-2013-4248.patch [bnc#837746]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=837746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"apache2-mod_php5-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"apache2-mod_php5-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-bcmath-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-bcmath-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-bz2-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-bz2-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-calendar-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-calendar-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-ctype-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-ctype-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-curl-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-curl-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-dba-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-dba-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-debugsource-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-devel-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-dom-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-dom-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-enchant-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-enchant-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-exif-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-exif-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-fastcgi-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-fastcgi-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-fileinfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-fileinfo-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-fpm-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-fpm-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-ftp-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-ftp-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-gd-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-gd-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-gettext-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-gettext-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-gmp-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-gmp-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-iconv-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-iconv-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-imap-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-imap-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-intl-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-intl-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-json-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-json-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-ldap-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-ldap-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-mbstring-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-mbstring-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-mcrypt-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-mcrypt-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-mssql-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-mssql-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-mysql-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-mysql-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-odbc-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-odbc-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-openssl-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-openssl-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-pcntl-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-pcntl-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-pdo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-pdo-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-pear-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-pgsql-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-pgsql-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-phar-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-phar-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-posix-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-posix-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-pspell-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-pspell-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-readline-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-readline-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-shmop-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-shmop-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-snmp-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-snmp-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-soap-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-soap-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sockets-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sockets-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sqlite-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sqlite-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-suhosin-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-suhosin-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sysvmsg-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sysvmsg-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sysvsem-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sysvsem-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sysvshm-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sysvshm-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-tidy-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-tidy-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-tokenizer-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-tokenizer-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-wddx-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-wddx-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-xmlreader-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-xmlreader-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-xmlrpc-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-xmlrpc-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-xmlwriter-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-xmlwriter-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-xsl-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-xsl-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-zip-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-zip-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-zlib-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-zlib-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-mod_php5-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-mod_php5-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-bcmath-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-bcmath-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-bz2-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-bz2-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-calendar-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-calendar-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-ctype-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-ctype-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-curl-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-curl-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-dba-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-dba-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-debugsource-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-devel-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-dom-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-dom-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-enchant-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-enchant-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-exif-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-exif-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-fastcgi-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-fastcgi-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-fileinfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-fileinfo-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-fpm-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-fpm-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-ftp-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-ftp-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-gd-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-gd-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-gettext-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-gettext-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-gmp-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-gmp-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-iconv-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-iconv-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-imap-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-imap-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-intl-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-intl-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-json-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-json-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-ldap-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-ldap-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-mbstring-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-mbstring-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-mcrypt-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-mcrypt-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-mssql-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-mssql-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-mysql-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-mysql-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-odbc-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-odbc-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-openssl-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-openssl-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pcntl-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pcntl-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pdo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pdo-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pear-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pgsql-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pgsql-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-phar-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-phar-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-posix-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-posix-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pspell-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pspell-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-readline-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-readline-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-shmop-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-shmop-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-snmp-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-snmp-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-soap-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-soap-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sockets-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sockets-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sqlite-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sqlite-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-suhosin-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-suhosin-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sysvmsg-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sysvmsg-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sysvsem-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sysvsem-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sysvshm-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sysvshm-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-tidy-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-tidy-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-tokenizer-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-tokenizer-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-wddx-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-wddx-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-xmlreader-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-xmlreader-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-xmlrpc-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-xmlrpc-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-xmlwriter-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-xmlwriter-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-xsl-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-xsl-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-zip-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-zip-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-zlib-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-zlib-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_php5-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_php5-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bcmath-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bcmath-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bz2-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bz2-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-calendar-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-calendar-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ctype-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ctype-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-curl-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-curl-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dba-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dba-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-debugsource-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-devel-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dom-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dom-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-enchant-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-enchant-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-exif-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-exif-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fastcgi-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fastcgi-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fileinfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fileinfo-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-firebird-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-firebird-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fpm-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fpm-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ftp-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ftp-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gd-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gd-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gettext-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gettext-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gmp-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gmp-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-iconv-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-iconv-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-imap-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-imap-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-intl-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-intl-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-json-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-json-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ldap-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ldap-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mbstring-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mbstring-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mcrypt-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mcrypt-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mssql-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mssql-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mysql-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mysql-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-odbc-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-odbc-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-openssl-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-openssl-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pcntl-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pcntl-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pdo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pdo-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pear-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pgsql-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pgsql-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-phar-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-phar-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-posix-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-posix-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pspell-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pspell-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-readline-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-readline-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-shmop-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-shmop-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-snmp-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-snmp-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-soap-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-soap-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sockets-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sockets-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sqlite-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sqlite-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-suhosin-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-suhosin-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvmsg-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvmsg-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvsem-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvsem-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvshm-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvshm-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tidy-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tidy-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tokenizer-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tokenizer-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-wddx-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-wddx-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlreader-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlreader-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlrpc-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlrpc-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlwriter-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlwriter-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xsl-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xsl-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zip-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zip-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zlib-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zlib-debuginfo-5.4.20-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:54:29", "description": "Multiple vulnerabilities has been discovered and corrected in php :\n\nThe openssl_x509_parse function in openssl.c in the OpenSSL module in\nPHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a\n'\\0' character in a domain name in the Subject Alternative Name field\nof an X.509 certificate, which allows man-in-the-middle attackers to\nspoof arbitrary SSL servers via a crafted certificate issued by a\nlegitimate Certification Authority, a related issue to CVE-2009-2408\n(CVE-2013-4248).\n\nThe asn1_time_to_time_t function in ext/openssl/openssl.c in PHP\nbefore 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not\nproperly parse (1) notBefore and (2) notAfter timestamps in X.509\ncertificates, which allows remote attackers to execute arbitrary code\nor cause a denial of service (memory corruption) via a crafted\ncertificate that is not properly handled by the openssl_x509_parse\nfunction (CVE-2013-6420).\n\nThe scan function in ext/date/lib/parse_iso_intervals.c in PHP through\n5.5.6 does not properly restrict creation of DateInterval objects,\nwhich might allow remote attackers to cause a denial of service\n(heap-based buffer over-read) via a crafted interval specification\n(CVE-2013-6712).\n\nThe updated php packages have been upgraded to the 5.5.8 version which\nis not vulnerable to these issues.\n\nAdditionally, the PECL packages which requires so has been rebuilt for\nphp-5.5.8 and some has been upgraded to their latest versions.", "edition": 25, "published": "2014-01-22T00:00:00", "title": "Mandriva Linux Security Advisory : php (MDVSA-2014:014)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4248", "CVE-2009-2408", "CVE-2013-6420", "CVE-2013-6712"], "modified": "2014-01-22T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-tdb", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-pdo", "cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:php-yp", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-svn", "p-cpe:/a:mandriva:linux:php-filepro", "p-cpe:/a:mandriva:linux:php-sqlite3", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-rrdtool", "p-cpe:/a:mandriva:linux:php-ini", "p-cpe:/a:mandriva:linux:php-posix", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-id3", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-cairo", "p-cpe:/a:mandriva:linux:php-zlib", "p-cpe:/a:mandriva:linux:php-openssl", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-courierauth", "p-cpe:/a:mandriva:linux:php-sybase_ct", "p-cpe:/a:mandriva:linux:php-xslcache", "p-cpe:/a:mandriva:linux:lib64mbfl1", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-geoip", "p-cpe:/a:mandriva:linux:php-oggvorbis", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-apc", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-sasl", "p-cpe:/a:mandriva:linux:php-event", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-opcache", "p-cpe:/a:mandriva:linux:php-ctype", "p-cpe:/a:mandriva:linux:php-fam", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-doublemetaphone", "p-cpe:/a:mandriva:linux:php-dav", "p-cpe:/a:mandriva:linux:php-gtk2", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-dbase", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-htscanner", "p-cpe:/a:mandriva:linux:php-memcached", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-amf", "p-cpe:/a:mandriva:linux:php-bz2", "p-cpe:/a:mandriva:linux:php-tcpwrap", "p-cpe:/a:mandriva:linux:lib64json2", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:php-fileinfo", "p-cpe:/a:mandriva:linux:php-fpm", "p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-ssh2", "p-cpe:/a:mandriva:linux:lib64mbfl-devel", "p-cpe:/a:mandriva:linux:php-syck", "p-cpe:/a:mandriva:linux:php-gnutls", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:php-apm", "p-cpe:/a:mandriva:linux:php-imagick", "p-cpe:/a:mandriva:linux:php-sqlite", "p-cpe:/a:mandriva:linux:apache-mod_php", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-newt", "p-cpe:/a:mandriva:linux:php-bitset", "p-cpe:/a:mandriva:linux:php-readline", "p-cpe:/a:mandriva:linux:php-expect", "p-cpe:/a:mandriva:linux:php-gender", "p-cpe:/a:mandriva:linux:php-phar", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "p-cpe:/a:mandriva:linux:php-bloomy", "p-cpe:/a:mandriva:linux:php-xdiff", "p-cpe:/a:mandriva:linux:php-uuid", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-doc", "p-cpe:/a:mandriva:linux:php-libevent", "p-cpe:/a:mandriva:linux:php-enchant", "p-cpe:/a:mandriva:linux:php-braille", "p-cpe:/a:mandriva:linux:php-archive", "p-cpe:/a:mandriva:linux:php-pgsql", "p-cpe:/a:mandriva:linux:php-inotify", "p-cpe:/a:mandriva:linux:php-yaml", "p-cpe:/a:mandriva:linux:php-memcache", "p-cpe:/a:mandriva:linux:php-bbcode", "p-cpe:/a:mandriva:linux:php-mnogosearch", "p-cpe:/a:mandriva:linux:php-auth_nds", "p-cpe:/a:mandriva:linux:php-mcve", "p-cpe:/a:mandriva:linux:php-wbxml", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:lib64json-devel", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-drizzle", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-apacheaccessor", "p-cpe:/a:mandriva:linux:php-cairo_wrapper", "p-cpe:/a:mandriva:linux:php-mysqlnd", "p-cpe:/a:mandriva:linux:php-haru", "p-cpe:/a:mandriva:linux:php-inclued", "p-cpe:/a:mandriva:linux:php-hidef", "p-cpe:/a:mandriva:linux:php-timezonedb", "p-cpe:/a:mandriva:linux:php-yaz", "p-cpe:/a:mandriva:linux:php-tk", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-gnupg", "p-cpe:/a:mandriva:linux:php-cyrus", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-radius", "p-cpe:/a:mandriva:linux:php-proctitle", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-dbx", "p-cpe:/a:mandriva:linux:php-apc-admin", "p-cpe:/a:mandriva:linux:php-pam", "p-cpe:/a:mandriva:linux:php-txforward", "p-cpe:/a:mandriva:linux:php-uploadprogress", "p-cpe:/a:mandriva:linux:php-bcompiler", "p-cpe:/a:mandriva:linux:php-intl", "p-cpe:/a:mandriva:linux:php-mongo", "p-cpe:/a:mandriva:linux:php-swish", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-dio", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-xattr", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-suhosin", "p-cpe:/a:mandriva:linux:php-mysqli", "p-cpe:/a:mandriva:linux:php-zip"], "id": "MANDRIVA_MDVSA-2014-014.NASL", "href": "https://www.tenable.com/plugins/nessus/72082", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:014. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72082);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-4248\", \"CVE-2013-6420\", \"CVE-2013-6712\");\n script_bugtraq_id(61776, 64018, 64225);\n script_xref(name:\"MDVSA\", value:\"2014:014\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2014:014)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in php :\n\nThe openssl_x509_parse function in openssl.c in the OpenSSL module in\nPHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a\n'\\0' character in a domain name in the Subject Alternative Name field\nof an X.509 certificate, which allows man-in-the-middle attackers to\nspoof arbitrary SSL servers via a crafted certificate issued by a\nlegitimate Certification Authority, a related issue to CVE-2009-2408\n(CVE-2013-4248).\n\nThe asn1_time_to_time_t function in ext/openssl/openssl.c in PHP\nbefore 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not\nproperly parse (1) notBefore and (2) notAfter timestamps in X.509\ncertificates, which allows remote attackers to execute arbitrary code\nor cause a denial of service (memory corruption) via a crafted\ncertificate that is not properly handled by the openssl_x509_parse\nfunction (CVE-2013-6420).\n\nThe scan function in ext/date/lib/parse_iso_intervals.c in PHP through\n5.5.6 does not properly restrict creation of DateInterval objects,\nwhich might allow remote attackers to cause a denial of service\n(heap-based buffer over-read) via a crafted interval specification\n(CVE-2013-6712).\n\nThe updated php packages have been upgraded to the 5.5.8 version which\nis not vulnerable to these issues.\n\nAdditionally, the PECL packages which requires so has been rebuilt for\nphp-5.5.8 and some has been upgraded to their latest versions.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.5.8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64json-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64json2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mbfl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mbfl1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-amf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apacheaccessor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-archive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-auth_nds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bbcode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcompiler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bitset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bloomy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-braille\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cairo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cairo_wrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-courierauth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cyrus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dbx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-doublemetaphone\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-drizzle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-expect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filepro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gender\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-haru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hidef\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-htscanner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-id3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-inclued\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-inotify\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-libevent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-memcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-memcached\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mnogosearch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mongo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-newt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-oggvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-proctitle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-swish\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase_ct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-syck\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tcpwrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-timezonedb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-txforward\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-uploadprogress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-uuid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wbxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xattr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xdiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xslcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-yaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-yaz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-yp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_php-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64json-devel-0.11-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64json2-0.11-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64mbfl-devel-1.2.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64mbfl1-1.2.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-amf-0.9.2-10.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-apacheaccessor-1.0.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-apc-3.1.15-1.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-apc-admin-3.1.15-1.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-apm-1.1.0-1RC2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-archive-0.2-22.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-auth_nds-2.2.6-28.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-bbcode-1.0.3-0.0.b1.5.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-bcmath-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-bcompiler-1.0.2-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-bitset-2.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-bloomy-0.1.0-11.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-braille-0.1.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-bz2-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-cairo-0.3.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-cairo_wrapper-0.2.4-12.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-calendar-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-cgi-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-cli-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-courierauth-0.1.0-26.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-ctype-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-curl-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-cyrus-1.0-30.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-dav-1.2-4.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-dba-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-dbase-5.0.1-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-dbx-1.1.2-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-devel-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-dio-0.0.7-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"php-doc-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-dom-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-doublemetaphone-1.0.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-drizzle-0.4.2-8.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-enchant-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-event-1.8.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-exif-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-expect-0.3.1-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-fam-5.0.1-21.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-fileinfo-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-filepro-5.1.6-31.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-filter-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-fpm-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-ftp-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-gd-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-gender-1.0.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-geoip-1.0.8-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-gettext-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-gmp-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-gnupg-1.3.2-8.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-gnutls-0.3-0.rc1.25.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-gtk2-2.0.3-0.git20130225.1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-haru-1.0.4-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-hash-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-hidef-0.1.13-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-htscanner-1.0.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-iconv-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-id3-0.2-33.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-imagick-3.1.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-imap-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-inclued-0.1.3-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-ini-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-inotify-0.1.6-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-intl-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-json-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-ldap-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-libevent-0.1.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mbstring-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mcrypt-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mcve-7.0.3-11.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-memcache-3.0.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-memcached-2.1.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mnogosearch-1.96-35.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mongo-1.4.5-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mssql-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mysql-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mysqli-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mysqlnd-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-newt-1.2.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-odbc-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-oggvorbis-0.2-33.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-opcache-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-openssl-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pam-1.0.3-10.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pcntl-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pdo-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pdo_dblib-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pdo_mysql-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pdo_odbc-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pdo_pgsql-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pdo_sqlite-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pgsql-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-phar-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-posix-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-proctitle-0.1.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-radius-1.2.7-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-readline-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-recode-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-rrdtool-0-35.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sasl-0.1.0-36.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-session-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-shmop-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-snmp-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-soap-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sockets-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sqlite-1.0.3-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sqlite3-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-ssh2-0.12-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-suhosin-0.9.33-7.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-svn-1.0.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-swish-0.5.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sybase_ct-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-syck-0.9.3-17.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sysvmsg-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sysvsem-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sysvshm-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-tcpwrap-1.1.3-18.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-tdb-1.0.0-18.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-tidy-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-timezonedb-2013.9-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-tk-0.1.1-29.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-tokenizer-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-txforward-1.0.7-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-uploadprogress-1.0.3.1-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-uuid-1.0.3-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-wbxml-1.0.3-14.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-wddx-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xattr-1.2.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xdiff-1.5.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xml-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xmlreader-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xmlwriter-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xsl-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xslcache-0.7.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-yaml-1.1.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-yaz-1.1.6-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-yp-5.2.3-25.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-zip-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-zlib-5.5.8-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T13:25:52", "description": "According to its banner, the version of PHP 5.4.x installed on the\nremote host is a version prior to 5.4.24. It is, therefore, potentially\naffected by the following vulnerabilities :\n\n - A heap-based buffer overflow error exists in the file\n 'ext/date/lib/parse_iso_intervals.c' related to\n handling DateInterval objects that could allow denial\n of service attacks. (CVE-2013-6712)\n\n - An integer overflow error exists in the function\n 'exif_process_IFD_TAG' in the file 'ext/exif/exif.c'\n that could allow denial of service attacks or arbitrary\n memory reads. (Bug #65873)\n\nNote that this plugin does not attempt to exploit the vulnerabilities,\nbut instead relies only on PHP's self-reported version number.", "edition": 26, "published": "2014-01-13T00:00:00", "title": "PHP 5.4.x < 5.4.24 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6712"], "modified": "2014-01-13T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_4_24.NASL", "href": "https://www.tenable.com/plugins/nessus/71927", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71927);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-6712\");\n script_bugtraq_id(64018);\n\n script_name(english:\"PHP 5.4.x < 5.4.24 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of PHP\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.4.x installed on the\nremote host is a version prior to 5.4.24. It is, therefore, potentially\naffected by the following vulnerabilities :\n\n - A heap-based buffer overflow error exists in the file\n 'ext/date/lib/parse_iso_intervals.c' related to\n handling DateInterval objects that could allow denial\n of service attacks. (CVE-2013-6712)\n\n - An integer overflow error exists in the function\n 'exif_process_IFD_TAG' in the file 'ext/exif/exif.c'\n that could allow denial of service attacks or arbitrary\n memory reads. (Bug #65873)\n\nNote that this plugin does not attempt to exploit the vulnerabilities,\nbut instead relies only on PHP's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.4.24\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.4.24 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-6712\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.4)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.4\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.4.x\", port);\n\nif (version =~ \"^5\\.4\\.([0-9]|1[0-9]|2[0-3])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.4.24\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T13:26:02", "description": "According to its banner, the version of PHP 5.5.x installed on the\nremote host is a version prior to 5.5.8. It is, therefore, potentially\naffected by the following vulnerabilities :\n\n - A heap-based buffer overflow error exists in the file\n 'ext/date/lib/parse_iso_intervals.c' related to\n handling DateInterval objects that could allow denial\n of service attacks. (CVE-2013-6712)\n\n - An integer overflow error exists in the function\n 'exif_process_IFD_TAG' in the file 'ext/exif/exif.c'\n that could allow denial of service attacks or arbitrary\n memory reads. (Bug #65873)\n\n - A use-after-free error exists in the function\n 'do_soap_call' in the file 'ext/soap/soap.c' related\n to 'typemap' values and error handling and having\n unspecified impact. (Bug #66112)\n\nNote that this plugin does not attempt to exploit the vulnerabilities,\nbut instead relies only on PHP's self-reported version number.", "edition": 28, "published": "2014-01-13T00:00:00", "title": "PHP 5.5.x < 5.5.8 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6712"], "modified": "2014-01-13T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_5_8.NASL", "href": "https://www.tenable.com/plugins/nessus/71928", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71928);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-6712\");\n script_bugtraq_id(64018);\n\n script_name(english:\"PHP 5.5.x < 5.5.8 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of PHP\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server uses a version of PHP that is potentially\naffected by multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the version of PHP 5.5.x installed on the\nremote host is a version prior to 5.5.8. It is, therefore, potentially\naffected by the following vulnerabilities :\n\n - A heap-based buffer overflow error exists in the file\n 'ext/date/lib/parse_iso_intervals.c' related to\n handling DateInterval objects that could allow denial\n of service attacks. (CVE-2013-6712)\n\n - An integer overflow error exists in the function\n 'exif_process_IFD_TAG' in the file 'ext/exif/exif.c'\n that could allow denial of service attacks or arbitrary\n memory reads. (Bug #65873)\n\n - A use-after-free error exists in the function\n 'do_soap_call' in the file 'ext/soap/soap.c' related\n to 'typemap' values and error handling and having\n unspecified impact. (Bug #66112)\n\nNote that this plugin does not attempt to exploit the vulnerabilities,\nbut instead relies only on PHP's self-reported version number.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.5.8\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to PHP version 5.5.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-6712\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.5)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.5\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.5.x\", port);\n\nif (version =~ \"^5\\.5\\.[0-7]($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.5.8\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:01:08", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The openssl_x509_parse function in openssl.c in the\n OpenSSL module in PHP before 5.4.18 and 5.5.x before\n 5.5.2 does not properly handle a '\\0' character in a\n domain name in the Subject Alternative Name field of an\n X.509 certificate, which allows man-in-the-middle\n attackers to spoof arbitrary SSL servers via a crafted\n certificate issued by a legitimate Certification\n Authority, a related issue to CVE-2009-2408.\n (CVE-2013-4248)\n\n - The asn1_time_to_time_t function in\n ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before\n 5.4.23, and 5.5.x before 5.5.7 does not properly parse\n (1) notBefore and (2) notAfter timestamps in X.509\n certificates, which allows remote attackers to execute\n arbitrary code or cause a denial of service (memory\n corruption) via a crafted certificate that is not\n properly handled by the openssl_x509_parse function.\n (CVE-2013-6420)\n\n - The scan function in ext/date/lib/parse_iso_intervals.c\n in PHP through 5.5.6 does not properly restrict creation\n of DateInterval objects, which might allow remote\n attackers to cause a denial of service (heap-based\n buffer over-read) via a crafted interval specification.\n (CVE-2013-6712)\n\n - Fine Free file before 5.17 allows context-dependent\n attackers to cause a denial of service (infinite\n recursion, CPU consumption, and crash) via a crafted\n indirect offset value in the magic of a file.\n (CVE-2014-1943)\n\n - softmagic.c in file before 5.17 and libmagic allows\n context-dependent attackers to cause a denial of service\n (out-of-bounds memory access and crash) via crafted\n offsets in the softmagic of a PE executable.\n (CVE-2014-2270)", "edition": 25, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : php (cve_2013_4248_input_validation)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4248", "CVE-2014-1943", "CVE-2009-2408", "CVE-2014-2270", "CVE-2013-6420", "CVE-2013-6712"], "modified": "2015-01-19T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:php"], "id": "SOLARIS11_PHP_20140522.NASL", "href": "https://www.tenable.com/plugins/nessus/80737", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80737);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4248\", \"CVE-2013-6420\", \"CVE-2013-6712\", \"CVE-2014-1943\", \"CVE-2014-2270\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : php (cve_2013_4248_input_validation)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The openssl_x509_parse function in openssl.c in the\n OpenSSL module in PHP before 5.4.18 and 5.5.x before\n 5.5.2 does not properly handle a '\\0' character in a\n domain name in the Subject Alternative Name field of an\n X.509 certificate, which allows man-in-the-middle\n attackers to spoof arbitrary SSL servers via a crafted\n certificate issued by a legitimate Certification\n Authority, a related issue to CVE-2009-2408.\n (CVE-2013-4248)\n\n - The asn1_time_to_time_t function in\n ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before\n 5.4.23, and 5.5.x before 5.5.7 does not properly parse\n (1) notBefore and (2) notAfter timestamps in X.509\n certificates, which allows remote attackers to execute\n arbitrary code or cause a denial of service (memory\n corruption) via a crafted certificate that is not\n properly handled by the openssl_x509_parse function.\n (CVE-2013-6420)\n\n - The scan function in ext/date/lib/parse_iso_intervals.c\n in PHP through 5.5.6 does not properly restrict creation\n of DateInterval objects, which might allow remote\n attackers to cause a denial of service (heap-based\n buffer over-read) via a crafted interval specification.\n (CVE-2013-6712)\n\n - Fine Free file before 5.17 allows context-dependent\n attackers to cause a denial of service (infinite\n recursion, CPU consumption, and crash) via a crafted\n indirect offset value in the magic of a file.\n (CVE-2014-1943)\n\n - softmagic.c in file before 5.17 and libmagic allows\n context-dependent attackers to cause a denial of service\n (out-of-bounds memory access and crash) via crafted\n offsets in the softmagic of a PE executable.\n (CVE-2014-2270)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2013-4248-input-validation-vulnerability-in-php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6e0c4fe\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2014-1943-resource-management-errors-vulnerability-in-php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?864416ed\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2014-2270-buffer-errors-vulnerability-in-php\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-buffer-errors-vulnerabilities-in-php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90294d9b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.19.6.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:php\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^php$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.19.0.6.0\", sru:\"SRU 11.1.19.6.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : php\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"php\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T01:21:37", "description": "A memory corruption flaw was found in the way the openssl_x509_parse()\nfunction of the PHP openssl extension parsed X.509 certificates. A\nremote attacker could use this flaw to provide a malicious self-signed\ncertificate or a certificate signed by a trusted authority to a PHP\napplication using the aforementioned function, causing the application\nto crash or, possibly, allow the attacker to execute arbitrary code\nwith the privileges of the user running the PHP interpreter.", "edition": 25, "published": "2013-12-23T00:00:00", "title": "Amazon Linux AMI : php54 (ALAS-2013-263)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6420"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php54-process", "p-cpe:/a:amazon:linux:php54-dba", "p-cpe:/a:amazon:linux:php54-xml", "p-cpe:/a:amazon:linux:php54-cli", "p-cpe:/a:amazon:linux:php54-mysql", "p-cpe:/a:amazon:linux:php54-mssql", "p-cpe:/a:amazon:linux:php54-soap", "p-cpe:/a:amazon:linux:php54", "p-cpe:/a:amazon:linux:php54-fpm", "p-cpe:/a:amazon:linux:php54-intl", "p-cpe:/a:amazon:linux:php54-gd", "p-cpe:/a:amazon:linux:php54-snmp", "p-cpe:/a:amazon:linux:php54-mysqlnd", "p-cpe:/a:amazon:linux:php54-recode", "p-cpe:/a:amazon:linux:php54-mbstring", "p-cpe:/a:amazon:linux:php54-odbc", "p-cpe:/a:amazon:linux:php54-bcmath", "p-cpe:/a:amazon:linux:php54-ldap", "p-cpe:/a:amazon:linux:php54-pspell", "p-cpe:/a:amazon:linux:php54-imap", "p-cpe:/a:amazon:linux:php54-pdo", "p-cpe:/a:amazon:linux:php54-pgsql", "p-cpe:/a:amazon:linux:php54-tidy", "p-cpe:/a:amazon:linux:php54-mcrypt", "p-cpe:/a:amazon:linux:php54-embedded", "p-cpe:/a:amazon:linux:php54-debuginfo", "p-cpe:/a:amazon:linux:php54-xmlrpc", "p-cpe:/a:amazon:linux:php54-devel", "p-cpe:/a:amazon:linux:php54-enchant", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:php54-common"], "id": "ALA_ALAS-2013-263.NASL", "href": "https://www.tenable.com/plugins/nessus/71575", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-263.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71575);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-6420\");\n script_xref(name:\"ALAS\", value:\"2013-263\");\n\n script_name(english:\"Amazon Linux AMI : php54 (ALAS-2013-263)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A memory corruption flaw was found in the way the openssl_x509_parse()\nfunction of the PHP openssl extension parsed X.509 certificates. A\nremote attacker could use this flaw to provide a malicious self-signed\ncertificate or a certificate signed by a trusted authority to a PHP\napplication using the aforementioned function, causing the application\nto crash or, possibly, allow the attacker to execute arbitrary code\nwith the privileges of the user running the PHP interpreter.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-263.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php54' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php54-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-bcmath-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-cli-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-common-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-dba-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-debuginfo-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-devel-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-embedded-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-enchant-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-fpm-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-gd-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-imap-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-intl-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-ldap-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mbstring-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mcrypt-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mssql-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mysql-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mysqlnd-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-odbc-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pdo-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pgsql-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-process-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pspell-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-recode-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-snmp-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-soap-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-tidy-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-xml-5.4.23-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-xmlrpc-5.4.23-1.49.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php54 / php54-bcmath / php54-cli / php54-common / php54-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:17:10", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420", "CVE-2013-6712"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2816-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nDecember 12, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : php5\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-6420 CVE-2013-6712\nDebian Bug : 731112 731895\n\nSeveral vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development. The Common\nVulnerabilities and Exposures project identifies the following issues:\n\nCVE-2013-6420\n\n Stefan Esser reported possible memory corruption in\n openssl_x509_parse().\n\nCVE-2013-6712\n\n Creating DateInterval objects from parsed ISO dates was\n not properly restricted, which allowed to cause a\n denial of service.\n\nIn addition, the update for Debian 7 &quot;Wheezy&quot; contains several bugfixes\noriginally targeted for the upcoming Wheezy point release.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 5.3.3-7+squeeze18.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 5.4.4-14+deb7u7.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.5.6+dfsg-2.\n\nWe recommend that you upgrade your php5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 4, "modified": "2013-12-12T21:18:36", "published": "2013-12-12T21:18:36", "id": "DEBIAN:DSA-2816-1:9C993", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00230.html", "title": "[SECURITY] [DSA 2816-1] php5 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:33:43", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420", "CVE-2013-6712"], "description": "Stefan Esser discovered that PHP incorrectly parsed certificates. An \nattacker could use a malformed certificate to cause PHP to crash, resulting \nin a denial of service, or possibly execute arbitrary code. (CVE-2013-6420)\n\nIt was discovered that PHP incorrectly handled DateInterval objects. An \nattacker could use this issue to cause PHP to crash, resulting in a denial \nof service. (CVE-2013-6712)", "edition": 5, "modified": "2013-12-12T00:00:00", "published": "2013-12-12T00:00:00", "id": "USN-2055-1", "href": "https://ubuntu.com/security/notices/USN-2055-1", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-4248", "CVE-2009-2408", "CVE-2013-6420", "CVE-2013-6712"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:014\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : php\r\n Date : January 21, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been discovered and corrected in php:\r\n \r\n The openssl_x509_parse function in openssl.c in the OpenSSL module in\r\n PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a\r\n &#039;&#92;0&#039; character in a domain name in the Subject Alternative Name field\r\n of an X.509 certificate, which allows man-in-the-middle attackers\r\n to spoof arbitrary SSL servers via a crafted certificate issued by a\r\n legitimate Certification Authority, a related issue to CVE-2009-2408\r\n &#40;CVE-2013-4248&#41;.\r\n \r\n The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP\r\n before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not\r\n properly parse &#40;1&#41; notBefore and &#40;2&#41; notAfter timestamps in X.509\r\n certificates, which allows remote attackers to execute arbitrary\r\n code or cause a denial of service &#40;memory corruption&#41; via a crafted\r\n certificate that is not properly handled by the openssl_x509_parse\r\n function &#40;CVE-2013-6420&#41;.\r\n \r\n The scan function in ext/date/lib/parse_iso_intervals.c in PHP through\r\n 5.5.6 does not properly restrict creation of DateInterval objects,\r\n which might allow remote attackers to cause a denial of service\r\n &#40;heap-based buffer over-read&#41; via a crafted interval specification\r\n &#40;CVE-2013-6712&#41;.\r\n \r\n The updated php packages have been upgraded to the 5.5.8 version\r\n which is not vulnerable to these issues.\r\n \r\n Additionally, the PECL packages which requires so has been rebuilt\r\n for php-5.5.8 and some has been upgraded to their latest versions.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6712\r\n http://www.php.net/ChangeLog-5.php#5.5.8\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 6cbe3c3e54feb911f830a84798cba59b mbs1/x86_64/apache-mod_php-5.5.8-1.mbs1.x86_64.rpm\r\n a10aeb6dd4d85ab4c45b7acb3a080bf1 mbs1/x86_64/lib64json2-0.11-1.mbs1.x86_64.rpm\r\n e661a00b2ea0b360f73c32c633a5665b mbs1/x86_64/lib64json-devel-0.11-1.mbs1.x86_64.rpm\r\n b7938d352e62b7679b55c874e06fbe33 mbs1/x86_64/lib64mbfl1-1.2.0-1.mbs1.x86_64.rpm\r\n 9b84b48d9b2a18e048e1c40c786fc3d5 mbs1/x86_64/lib64mbfl-devel-1.2.0-1.mbs1.x86_64.rpm\r\n 7d4766a2eb0dd7048917eec2e1f9461f mbs1/x86_64/lib64php5_common5-5.5.8-1.mbs1.x86_64.rpm\r\n a6a17628ec5c2528b42d0308b44b8602 mbs1/x86_64/php-amf-0.9.2-10.1.mbs1.x86_64.rpm\r\n f47775a96d510872e93af788c942eb0d mbs1/x86_64/php-apacheaccessor-1.0.1-1.mbs1.x86_64.rpm\r\n 61c55f41ddc362a27b0d622fd72f832b mbs1/x86_64/php-apc-3.1.15-1.2.mbs1.x86_64.rpm\r\n 23e851dddb7a7e036eab0bbe753d22fc mbs1/x86_64/php-apc-admin-3.1.15-1.2.mbs1.x86_64.rpm\r\n 59f6774136e76c82ea13566c73ff5579 mbs1/x86_64/php-apm-1.1.0-1RC2.mbs1.x86_64.rpm\r\n 41f2071c87dc54edd1b35eb3b050523d mbs1/x86_64/php-archive-0.2-22.1.mbs1.x86_64.rpm\r\n 6eea5350fd29e56ab3c6530fd4a8eb2d mbs1/x86_64/php-auth_nds-2.2.6-28.1.mbs1.x86_64.rpm\r\n 09769fd2f27af4498679488463d4f0d0 mbs1/x86_64/php-bbcode-1.0.3-0.0.b1.5.mbs1.x86_64.rpm\r\n 046aade243a8dfbb4ae5235333404450 mbs1/x86_64/php-bcmath-5.5.8-1.mbs1.x86_64.rpm\r\n d41522e2a71180202c9ea965ab8bb87d mbs1/x86_64/php-bcompiler-1.0.2-3.1.mbs1.x86_64.rpm\r\n 22108d55173d81e808601cac8da19528 mbs1/x86_64/php-bitset-2.0-1.mbs1.x86_64.rpm\r\n 60a5774e783dc9410a3abecd25567242 mbs1/x86_64/php-bloomy-0.1.0-11.1.mbs1.x86_64.rpm\r\n bf678b9a204be1b978643122de681fa8 mbs1/x86_64/php-braille-0.1.1-1.mbs1.x86_64.rpm\r\n bb70b7e885f18b80db1ee6738ce3be50 mbs1/x86_64/php-bz2-5.5.8-1.mbs1.x86_64.rpm\r\n 6d44169948606477f69f70f7ad578f53 mbs1/x86_64/php-cairo-0.3.2-1.mbs1.x86_64.rpm\r\n 163f88e5a8527945410c21717dc0c523 mbs1/x86_64/php-cairo_wrapper-0.2.4-12.1.mbs1.x86_64.rpm\r\n bbfb9602746185c2ccee545bda5cea1b mbs1/x86_64/php-calendar-5.5.8-1.mbs1.x86_64.rpm\r\n 6cd3f73d40196e91b3d5b0d115fd2781 mbs1/x86_64/php-cgi-5.5.8-1.mbs1.x86_64.rpm\r\n 303f2b6bd21379576c64e9babe78b5a4 mbs1/x86_64/php-cli-5.5.8-1.mbs1.x86_64.rpm\r\n 1b986fc42ec86b34203557515332cbcb mbs1/x86_64/php-courierauth-0.1.0-26.1.mbs1.x86_64.rpm\r\n a451399cac0d1eb96c02b82c3682bacb mbs1/x86_64/php-ctype-5.5.8-1.mbs1.x86_64.rpm\r\n fff5e8e41e8d91ba8f45dc2c2e09de3e mbs1/x86_64/php-curl-5.5.8-1.mbs1.x86_64.rpm\r\n 9d8d29b7e05ecdb5b209c5f3e9ea11ef mbs1/x86_64/php-cyrus-1.0-30.1.mbs1.x86_64.rpm\r\n be02c96797fe3505035103a28a646650 mbs1/x86_64/php-dav-1.2-4.1.mbs1.x86_64.rpm\r\n b1d13d3740cd6d6c80b4ea9f6deccb1f mbs1/x86_64/php-dba-5.5.8-1.mbs1.x86_64.rpm\r\n 0c1f23ac85aa3da6731cb50877f4933e mbs1/x86_64/php-dbase-5.0.1-3.1.mbs1.x86_64.rpm\r\n 90a56987be11920d4bd5e435e92dd07e mbs1/x86_64/php-dbx-1.1.2-3.1.mbs1.x86_64.rpm\r\n f2924a0354eb16c217b5f7ae073df1e7 mbs1/x86_64/php-devel-5.5.8-1.mbs1.x86_64.rpm\r\n 92a8332882a805d53823f0c950de0d95 mbs1/x86_64/php-dio-0.0.7-1.mbs1.x86_64.rpm\r\n 18e14cc713ce4e782d3378a6b50739d7 mbs1/x86_64/php-doc-5.5.8-1.mbs1.noarch.rpm\r\n 19fe234353968902a9095dac4fd4914b mbs1/x86_64/php-dom-5.5.8-1.mbs1.x86_64.rpm\r\n 3f86006633057b7819cb7ff0109d8bc3 mbs1/x86_64/php-doublemetaphone-1.0.0-1.mbs1.x86_64.rpm\r\n 1c9d18a83bb590cc398de98529619fbe mbs1/x86_64/php-drizzle-0.4.2-8.1.mbs1.x86_64.rpm\r\n 681f9d0f04e86b10bcdab85e8ab46646 mbs1/x86_64/php-enchant-5.5.8-1.mbs1.x86_64.rpm\r\n 86a0fd5715e93fe2ad3af8af9c762f5e mbs1/x86_64/php-event-1.8.1-1.mbs1.x86_64.rpm\r\n e885e3a1aa38a84f3a91a2f3adfdd9ed mbs1/x86_64/php-exif-5.5.8-1.mbs1.x86_64.rpm\r\n 28cbec3693e2ec299ae14f4d3aee2bab mbs1/x86_64/php-expect-0.3.1-3.1.mbs1.x86_64.rpm\r\n 1f6e495022af41702d958c5e4c5a7a0c mbs1/x86_64/php-fam-5.0.1-21.1.mbs1.x86_64.rpm\r\n dcc659581a3370b6152a0be1c3d4330a mbs1/x86_64/php-fileinfo-5.5.8-1.mbs1.x86_64.rpm\r\n 51361ea120255c19051acce2f7c52373 mbs1/x86_64/php-filepro-5.1.6-31.1.mbs1.x86_64.rpm\r\n 57ffefd27baab8189b77ec065f6c25fb mbs1/x86_64/php-filter-5.5.8-1.mbs1.x86_64.rpm\r\n 40ef3b1acf64c3dbbec30ed053faf91d mbs1/x86_64/php-fpm-5.5.8-1.mbs1.x86_64.rpm\r\n 585a27ca37d6e425e33ebffda8d4a3c5 mbs1/x86_64/php-ftp-5.5.8-1.mbs1.x86_64.rpm\r\n f7e17547d06d727435d842566711bd1f mbs1/x86_64/php-gd-5.5.8-1.mbs1.x86_64.rpm\r\n 424413861017a0d960ec25799f7e6d96 mbs1/x86_64/php-gender-1.0.0-1.mbs1.x86_64.rpm\r\n 326ce65eb182fa95338b4950bf2902d8 mbs1/x86_64/php-geoip-1.0.8-3.1.mbs1.x86_64.rpm\r\n e8e5d68ccd220fa1411538c887a9b033 mbs1/x86_64/php-gettext-5.5.8-1.mbs1.x86_64.rpm\r\n e52ebf9fbb468cc480ff89b16746ac32 mbs1/x86_64/php-gmp-5.5.8-1.mbs1.x86_64.rpm\r\n 705599e093ed673401b92dcc55d7f7af mbs1/x86_64/php-gnupg-1.3.2-8.1.mbs1.x86_64.rpm\r\n e3acb8961bcb47b82eae4f2d1f0a5533 mbs1/x86_64/php-gnutls-0.3-0.rc1.25.mbs1.x86_64.rpm\r\n 63cace0435e5165bb99868f0b77fd0fb mbs1/x86_64/php-gtk2-2.0.3-0.git20130225.1.1.mbs1.x86_64.rpm\r\n d24ba27252b2d03b1ac45de414ace8f4 mbs1/x86_64/php-haru-1.0.4-1.mbs1.x86_64.rpm\r\n 69dcad6cd94a553145fc7170eb92b9ab mbs1/x86_64/php-hash-5.5.8-1.mbs1.x86_64.rpm\r\n 011ee7e7c17f420f6fdddb73f07e2689 mbs1/x86_64/php-hidef-0.1.13-1.mbs1.x86_64.rpm\r\n 5be11ca2acde72985150182165690a1e mbs1/x86_64/php-htscanner-1.0.1-1.mbs1.x86_64.rpm\r\n 1ef360e88e9e53f426b6128b352d4498 mbs1/x86_64/php-iconv-5.5.8-1.mbs1.x86_64.rpm\r\n 241adb52708e8152bbd264477d2c6685 mbs1/x86_64/php-id3-0.2-33.1.mbs1.x86_64.rpm\r\n 18a9444caba90afd57ac9d349de79592 mbs1/x86_64/php-imagick-3.1.2-1.mbs1.x86_64.rpm\r\n fb435f0e0c06838e6ba4b8e55edb65da mbs1/x86_64/php-imap-5.5.8-1.mbs1.x86_64.rpm\r\n e3d4b8b1a34ee2fff2514799d39d6c83 mbs1/x86_64/php-inclued-0.1.3-1.mbs1.x86_64.rpm\r\n 9a62365f025a6cd92a5649800f94e392 mbs1/x86_64/php-ini-5.5.8-1.mbs1.x86_64.rpm\r\n cc0fa3dfabc021d0a6f97de624c72451 mbs1/x86_64/php-inotify-0.1.6-1.mbs1.x86_64.rpm\r\n f7c954f5f7a8c3497244dab0ac9cc874 mbs1/x86_64/php-intl-5.5.8-1.mbs1.x86_64.rpm\r\n 72104e0ea01d0b8d7025ae3de961d950 mbs1/x86_64/php-json-5.5.8-1.mbs1.x86_64.rpm\r\n 788d244d7832eca94dc694ec2642c24b mbs1/x86_64/php-ldap-5.5.8-1.mbs1.x86_64.rpm\r\n ef1754adb00601ab1c4c29bb1fd1ef59 mbs1/x86_64/php-libevent-0.1.0-1.mbs1.x86_64.rpm\r\n b300a580ba667f6898875fc41d19116f mbs1/x86_64/php-mbstring-5.5.8-1.mbs1.x86_64.rpm\r\n bb5fecd25651248b7d4731b1aea2b31e mbs1/x86_64/php-mcrypt-5.5.8-1.mbs1.x86_64.rpm\r\n 299d7d44e160c8b4e5b7f30644c65a67 mbs1/x86_64/php-mcve-7.0.3-11.1.mbs1.x86_64.rpm\r\n db5be0ea33960859e4f31dc1d8e6c5af mbs1/x86_64/php-memcache-3.0.8-1.mbs1.x86_64.rpm\r\n bc238ba372583c19c57f658ff4225518 mbs1/x86_64/php-memcached-2.1.0-1.mbs1.x86_64.rpm\r\n fbd5ebb29764a11aa742e77fde63ec03 mbs1/x86_64/php-mnogosearch-1.96-35.1.mbs1.x86_64.rpm\r\n 2c0d85ca48d9b1f22f0f8445364f97e5 mbs1/x86_64/php-mongo-1.4.5-1.mbs1.x86_64.rpm\r\n a87d1de22d52d2e51bb3977a87afb715 mbs1/x86_64/php-mssql-5.5.8-1.mbs1.x86_64.rpm\r\n c2c1b538550758102b8b456a0db9c18f mbs1/x86_64/php-mysql-5.5.8-1.mbs1.x86_64.rpm\r\n c09aef537da221b4eebbaad7a893e195 mbs1/x86_64/php-mysqli-5.5.8-1.mbs1.x86_64.rpm\r\n f50cb148d81ecf786c80661e19714893 mbs1/x86_64/php-mysqlnd-5.5.8-1.mbs1.x86_64.rpm\r\n 25ca5ff7bb6a4bb39e17bef527a4daec mbs1/x86_64/php-newt-1.2.8-1.mbs1.x86_64.rpm\r\n 823b8d9b36c8b34b5f80f3f478d5be7d mbs1/x86_64/php-odbc-5.5.8-1.mbs1.x86_64.rpm\r\n 821f30096996e971be059dcc617beeb4 mbs1/x86_64/php-oggvorbis-0.2-33.1.mbs1.x86_64.rpm\r\n ec2c830033979609b85d19722079ad45 mbs1/x86_64/php-opcache-5.5.8-1.mbs1.x86_64.rpm\r\n 0e66afe941f83d77128a0326fea38368 mbs1/x86_64/php-openssl-5.5.8-1.mbs1.x86_64.rpm\r\n e8b0808df1e75e9eee987d1c38d0de41 mbs1/x86_64/php-pam-1.0.3-10.1.mbs1.x86_64.rpm\r\n c9772947df6039925dc89ed495c5eea0 mbs1/x86_64/php-pcntl-5.5.8-1.mbs1.x86_64.rpm\r\n 2d6f78b753dce6b022f0f495e5894bfe mbs1/x86_64/php-pdo-5.5.8-1.mbs1.x86_64.rpm\r\n 27dd4d459d9c50a3fa5ee81d988e6c4e mbs1/x86_64/php-pdo_dblib-5.5.8-1.mbs1.x86_64.rpm\r\n 060ad327a9a83ef417f9b0bdd60b7529 mbs1/x86_64/php-pdo_mysql-5.5.8-1.mbs1.x86_64.rpm\r\n f42d6c75dcd550e902bdda0672407f17 mbs1/x86_64/php-pdo_odbc-5.5.8-1.mbs1.x86_64.rpm\r\n 0e3764c821f508322e40a779a6694d36 mbs1/x86_64/php-pdo_pgsql-5.5.8-1.mbs1.x86_64.rpm\r\n af7cc29beea4f7a1aa87f81cc0f42e4d mbs1/x86_64/php-pdo_sqlite-5.5.8-1.mbs1.x86_64.rpm\r\n 6dc688c04f4a9617f5d9f179d5bffad3 mbs1/x86_64/php-pgsql-5.5.8-1.mbs1.x86_64.rpm\r\n e9e88947d413f78a0de370b45cd1e581 mbs1/x86_64/php-phar-5.5.8-1.mbs1.x86_64.rpm\r\n c4cbe315a3897b156de8d8b1ebee2454 mbs1/x86_64/php-posix-5.5.8-1.mbs1.x86_64.rpm\r\n a22a1d86311d97a6e74f41d4c5cee58a mbs1/x86_64/php-proctitle-0.1.2-1.mbs1.x86_64.rpm\r\n 1a642e05f7e4acbc0574700d39277f68 mbs1/x86_64/php-radius-1.2.7-1.1.mbs1.x86_64.rpm\r\n 364d5f30ed13942441cc6728af41f3ce mbs1/x86_64/php-readline-5.5.8-1.mbs1.x86_64.rpm\r\n 8e09378518bf4efca20b146d2ad3ae18 mbs1/x86_64/php-recode-5.5.8-1.mbs1.x86_64.rpm\r\n aca1fc497f23bebd1b261a91b4453c83 mbs1/x86_64/php-rrdtool-0-35.1.mbs1.x86_64.rpm\r\n b7ff902ed02d70049b9fdfa86c82c2bd mbs1/x86_64/php-sasl-0.1.0-36.1.mbs1.x86_64.rpm\r\n f28d198a8148aa993accca677f3921ce mbs1/x86_64/php-session-5.5.8-1.mbs1.x86_64.rpm\r\n 9ac8db465023197ca4a3f3358865d6c4 mbs1/x86_64/php-shmop-5.5.8-1.mbs1.x86_64.rpm\r\n 994c1f4ef6fdbb46a1217a0b4679b540 mbs1/x86_64/php-snmp-5.5.8-1.mbs1.x86_64.rpm\r\n 122de98493f51dad25fad1bd6490b14d mbs1/x86_64/php-soap-5.5.8-1.mbs1.x86_64.rpm\r\n 26cb96e64938013375ff2720787dbce3 mbs1/x86_64/php-sockets-5.5.8-1.mbs1.x86_64.rpm\r\n c03f6d3524750a11a26984a5680b6e31 mbs1/x86_64/php-sqlite-1.0.3-1.mbs1.x86_64.rpm\r\n cf9b1e1845c4df39e65c721b5ebe1ecd mbs1/x86_64/php-sqlite3-5.5.8-1.mbs1.x86_64.rpm\r\n 3692df1b43da42070fb2245ba85736d7 mbs1/x86_64/php-ssh2-0.12-1.mbs1.x86_64.rpm\r\n 46b107eaf4753b6f3e5b1d1c01014ac4 mbs1/x86_64/php-suhosin-0.9.33-7.2.mbs1.x86_64.rpm\r\n 648fa01ef7b191c206881bc81fc91cae mbs1/x86_64/php-svn-1.0.2-1.mbs1.x86_64.rpm\r\n 4f76f8fdc2c3b96130b50693f44fb82d mbs1/x86_64/php-swish-0.5.0-1.mbs1.x86_64.rpm\r\n dcda9398908f302d916e16ac23edc864 mbs1/x86_64/php-sybase_ct-5.5.8-1.mbs1.x86_64.rpm\r\n 05c262004a13838b354818605091d375 mbs1/x86_64/php-syck-0.9.3-17.1.mbs1.x86_64.rpm\r\n 911002b84d2ccf6632ab78148eeaa836 mbs1/x86_64/php-sysvmsg-5.5.8-1.mbs1.x86_64.rpm\r\n 64ee1ae53811450f47ced3dfc180cd3b mbs1/x86_64/php-sysvsem-5.5.8-1.mbs1.x86_64.rpm\r\n 8822eff6601523af2aec8a4b40278d5c mbs1/x86_64/php-sysvshm-5.5.8-1.mbs1.x86_64.rpm\r\n cb7122e7b2b81860304578978b20fae4 mbs1/x86_64/php-tcpwrap-1.1.3-18.1.mbs1.x86_64.rpm\r\n dd20d26681b253ca10d226b576cd9da7 mbs1/x86_64/php-tdb-1.0.0-18.1.mbs1.x86_64.rpm\r\n 89ca00e2d6b8a0655161caf3d975a29c mbs1/x86_64/php-tidy-5.5.8-1.mbs1.x86_64.rpm\r\n 63e583090b7d6e86679d9cf4dadd13b8 mbs1/x86_64/php-timezonedb-2013.9-1.1.mbs1.x86_64.rpm\r\n 51abf076f5d22b0393f94d74bf384502 mbs1/x86_64/php-tk-0.1.1-29.1.mbs1.x86_64.rpm\r\n a2a8c303e251afdfd6b6eb84307f95cd mbs1/x86_64/php-tokenizer-5.5.8-1.mbs1.x86_64.rpm\r\n 2d6a9a2ee9034ca19c81914f10dbaaf1 mbs1/x86_64/php-txforward-1.0.7-3.1.mbs1.x86_64.rpm\r\n a91cc0a9f98d6be93242c761722c3363 mbs1/x86_64/php-uploadprogress-1.0.3.1-3.1.mbs1.x86_64.rpm\r\n 4cad056354849adc02de0899481f2c0e mbs1/x86_64/php-uuid-1.0.3-1.mbs1.x86_64.rpm\r\n 269b8bdd1a21e7f7688a60cb6d4e66c9 mbs1/x86_64/php-wbxml-1.0.3-14.1.mbs1.x86_64.rpm\r\n 3c324e3865d37e40e0c44d703e6af971 mbs1/x86_64/php-wddx-5.5.8-1.mbs1.x86_64.rpm\r\n 272928a998127f03fa7b466bdae5625b mbs1/x86_64/php-xattr-1.2.0-1.mbs1.x86_64.rpm\r\n 1a36dc739e5b59e1a7234c20252bb30c mbs1/x86_64/php-xdiff-1.5.2-1.mbs1.x86_64.rpm\r\n e21b93c47fc09d426b1e9873d922c9b6 mbs1/x86_64/php-xml-5.5.8-1.mbs1.x86_64.rpm\r\n 18b1f4b35359ef4803840b6a59023662 mbs1/x86_64/php-xmlreader-5.5.8-1.mbs1.x86_64.rpm\r\n 32cac8722f385bd6c889c7998708f896 mbs1/x86_64/php-xmlrpc-5.5.8-1.mbs1.x86_64.rpm\r\n 17741808a8ab423b918e15d791a470a0 mbs1/x86_64/php-xmlwriter-5.5.8-1.mbs1.x86_64.rpm\r\n c4ca4a667ea3d67c2a5f41be43e275ef mbs1/x86_64/php-xsl-5.5.8-1.mbs1.x86_64.rpm\r\n 26c7a4cb6e3a349f184cb151b3e66bbe mbs1/x86_64/php-xslcache-0.7.2-1.mbs1.x86_64.rpm\r\n 2ec0a54234ba1f9408a1dfc312ce15bb mbs1/x86_64/php-yaml-1.1.1-1.mbs1.x86_64.rpm\r\n d8d867f694f761e0c1fbb42f37671246 mbs1/x86_64/php-yaz-1.1.6-1.mbs1.x86_64.rpm\r\n d3a22538565c0e70823ab006a918b599 mbs1/x86_64/php-yp-5.2.3-25.1.mbs1.x86_64.rpm\r\n e8a6f6b750a57d30cab05f43ed0d2826 mbs1/x86_64/php-zip-5.5.8-1.mbs1.x86_64.rpm\r\n 85fc2115c2d73651c13b7e7d579035c2 mbs1/x86_64/php-zlib-5.5.8-1.mbs1.x86_64.rpm \r\n dffedeb2bc9dbcf09a08c5b8ee085241 mbs1/SRPMS/json-c-0.11-1.mbs1.src.rpm\r\n af6e8a771ad6e82cc4890d017a282a54 mbs1/SRPMS/libmbfl-1.2.0-1.mbs1.src.rpm\r\n 208cadf784cf7e5d87473a66b1ad9dec mbs1/SRPMS/php-5.5.8-1.mbs1.src.rpm\r\n 569fe67ccfe844b44d66cd5801c87029 mbs1/SRPMS/php-amf-0.9.2-10.1.mbs1.src.rpm\r\n 18c40965301ed883fdc24604257cd1e5 mbs1/SRPMS/php-apacheaccessor-1.0.1-1.mbs1.src.rpm\r\n f7450092f00a1271e4c767317739caf9 mbs1/SRPMS/php-apc-3.1.15-1.2.mbs1.src.rpm\r\n 05ac57db5fca564a1056dfbaffb98a5e mbs1/SRPMS/php-apm-1.1.0-1RC2.mbs1.src.rpm\r\n 92d6548693ee63aa19a50bf8662db4b1 mbs1/SRPMS/php-archive-0.2-22.1.mbs1.src.rpm\r\n 937fe1748c3a85337d74d9d25a5f64b2 mbs1/SRPMS/php-auth_nds-2.2.6-28.1.mbs1.src.rpm\r\n 73b13a0ed1ef4c11411c8482d924346a mbs1/SRPMS/php-bbcode-1.0.3-0.0.b1.5.mbs1.src.rpm\r\n 2e6d69003f3b782b4dd304a7fb7838d6 mbs1/SRPMS/php-bcompiler-1.0.2-3.1.mbs1.src.rpm\r\n 0514e5ace4b598d1f2f380eee232d906 mbs1/SRPMS/php-bitset-2.0-1.mbs1.src.rpm\r\n f681295764f84a253a17a6f8f0de66f3 mbs1/SRPMS/php-bloomy-0.1.0-11.1.mbs1.src.rpm\r\n f099bc978799afff5ed4ab35cde70633 mbs1/SRPMS/php-braille-0.1.1-1.mbs1.src.rpm\r\n 522cd2c8a16f78acdc7dc5f80fff34e4 mbs1/SRPMS/php-cairo-0.3.2-1.mbs1.src.rpm\r\n 56436636c2f04d70a96d6cb571abcf03 mbs1/SRPMS/php-cairo_wrapper-0.2.4-12.1.mbs1.src.rpm\r\n 16e205bc0339a90acb9560df409be2f7 mbs1/SRPMS/php-courierauth-0.1.0-26.1.mbs1.src.rpm\r\n fc4f8967c11cc4b2080193ea11439f10 mbs1/SRPMS/php-cyrus-1.0-30.1.mbs1.src.rpm\r\n 028cd11a27d1caf3fa0bfb7ccba72dff mbs1/SRPMS/php-dav-1.2-4.1.mbs1.src.rpm\r\n 6e7fa7b114c2262288d12b16b67f9398 mbs1/SRPMS/php-dbase-5.0.1-3.1.mbs1.src.rpm\r\n f5a32e8c86e6d8a37ea49f6edcc8f2eb mbs1/SRPMS/php-dbx-1.1.2-3.1.mbs1.src.rpm\r\n 28361b8014ef86de714370ed2f9c8523 mbs1/SRPMS/php-dio-0.0.7-1.mbs1.src.rpm\r\n 46cd6b2052a284a5e4b6cd2e9ce0f35b mbs1/SRPMS/php-doublemetaphone-1.0.0-1.mbs1.src.rpm\r\n 216f54099506165d92e2fa5eb5fa895b mbs1/SRPMS/php-drizzle-0.4.2-8.1.mbs1.src.rpm\r\n 8103618186a8263b5aa140ac2604a377 mbs1/SRPMS/php-event-1.8.1-1.mbs1.src.rpm\r\n 117870df2707a9f7f743e0d5e006f01c mbs1/SRPMS/php-expect-0.3.1-3.1.mbs1.src.rpm\r\n 1e9571e84f5c216436346ba4f0ef7e01 mbs1/SRPMS/php-fam-5.0.1-21.1.mbs1.src.rpm\r\n 12ab1fab99d150362d41a2462432616f mbs1/SRPMS/php-filepro-5.1.6-31.1.mbs1.src.rpm\r\n b8f3eeac43f32ffab74d3a6a2e1a95a9 mbs1/SRPMS/php-gender-1.0.0-1.mbs1.src.rpm\r\n f4b01e4ea76567f29b6302a94de0187e mbs1/SRPMS/php-geoip-1.0.8-3.1.mbs1.src.rpm\r\n ad38f3ef3e39a2cc1ff974fb6fee5f27 mbs1/SRPMS/php-gnupg-1.3.2-8.1.mbs1.src.rpm\r\n 7993893485eed60a687dd9072e58ceb7 mbs1/SRPMS/php-gnutls-0.3-0.rc1.25.mbs1.src.rpm\r\n 93667de0345b12d30fd9a90850ccfa64 mbs1/SRPMS/php-gtk2-2.0.3-0.git20130225.1.1.mbs1.src.rpm\r\n 05bf2145f513bfa34f36e60032d752c1 mbs1/SRPMS/php-haru-1.0.4-1.mbs1.src.rpm\r\n efc0bfbf4490ea6bf61464fcc397661e mbs1/SRPMS/php-hidef-0.1.13-1.mbs1.src.rpm\r\n 4c4dcf9335bab8530c2b5a8f5d07fdf5 mbs1/SRPMS/php-htscanner-1.0.1-1.mbs1.src.rpm\r\n 4d39a950797e8df46762c5c73e170179 mbs1/SRPMS/php-id3-0.2-33.1.mbs1.src.rpm\r\n 1a756001cd773cdc7ca5f797e7171660 mbs1/SRPMS/php-imagick-3.1.2-1.mbs1.src.rpm\r\n 7fd6af5d9de5290b131e9624ec67b6bc mbs1/SRPMS/php-inclued-0.1.3-1.mbs1.src.rpm\r\n 57ca03ec85af8be4d4db50843d7adeb4 mbs1/SRPMS/php-inotify-0.1.6-1.mbs1.src.rpm\r\n 58c4db8af664a6790e382575b8b39151 mbs1/SRPMS/php-libevent-0.1.0-1.mbs1.src.rpm\r\n fde733df58d1daf042d0948be090e961 mbs1/SRPMS/php-mcve-7.0.3-11.1.mbs1.src.rpm\r\n 9340b22c4c7b2c5071c197c8fe22aa02 mbs1/SRPMS/php-memcache-3.0.8-1.mbs1.src.rpm\r\n a9c5cbd1eeab91714ec8ce69106e1a20 mbs1/SRPMS/php-memcached-2.1.0-1.mbs1.src.rpm\r\n 6cd241db51c9f1e51bc81e2dfecb485b mbs1/SRPMS/php-mnogosearch-1.96-35.1.mbs1.src.rpm\r\n 98d85dfb93b0a0c269a9a2d3f6f0eede mbs1/SRPMS/php-mongo-1.4.5-1.mbs1.src.rpm\r\n 2524e31d5a61e1352dce360526149544 mbs1/SRPMS/php-newt-1.2.8-1.mbs1.src.rpm\r\n b117d574a2eb07efbeef7e68eb3dbf38 mbs1/SRPMS/php-oggvorbis-0.2-33.1.mbs1.src.rpm\r\n 25eef544c81b44775441da1a9d4a5f8e mbs1/SRPMS/php-pam-1.0.3-10.1.mbs1.src.rpm\r\n e4812e2fb71334c1470855047d33ff92 mbs1/SRPMS/php-proctitle-0.1.2-1.mbs1.src.rpm\r\n b34e461b5688ed89bcde35f46d34615a mbs1/SRPMS/php-radius-1.2.7-1.1.mbs1.src.rpm\r\n 40dbef246efb480f12286479828f0172 mbs1/SRPMS/php-rrdtool-0-35.1.mbs1.src.rpm\r\n 60701f0629317b0bec9f1bdd43354e19 mbs1/SRPMS/php-sasl-0.1.0-36.1.mbs1.src.rpm\r\n 5a75e8c81e606385c707b714b6282e5a mbs1/SRPMS/php-sqlite-1.0.3-1.mbs1.src.rpm\r\n ca0c2cf7daea363b6dbe0b1ef89982c1 mbs1/SRPMS/php-ssh2-0.12-1.mbs1.src.rpm\r\n 2df05fb13a6318aa63d52b58018aaac9 mbs1/SRPMS/php-suhosin-0.9.33-7.2.mbs1.src.rpm\r\n 9a9ab66c2049d3b901a1a29cb41866fc mbs1/SRPMS/php-svn-1.0.2-1.mbs1.src.rpm\r\n 62182c75a65d16872febeb225d345f40 mbs1/SRPMS/php-swish-0.5.0-1.mbs1.src.rpm\r\n fdb525c5d728fb5058edc0bde32f8207 mbs1/SRPMS/php-syck-0.9.3-17.1.mbs1.src.rpm\r\n fdc70578239b8ad71a29d2164346b2e3 mbs1/SRPMS/php-tcpwrap-1.1.3-18.1.mbs1.src.rpm\r\n 7eca5e164fe2c13313d24fa2d9192b2f mbs1/SRPMS/php-tdb-1.0.0-18.1.mbs1.src.rpm\r\n d9b8b9498a693a047250431b387d1a38 mbs1/SRPMS/php-timezonedb-2013.9-1.1.mbs1.src.rpm\r\n 05f98d011308f8e5b93678bc6f8131de mbs1/SRPMS/php-tk-0.1.1-29.1.mbs1.src.rpm\r\n cf608a75bbbaea51c1ce0b04719ce746 mbs1/SRPMS/php-txforward-1.0.7-3.1.mbs1.src.rpm\r\n 4a1bae8e064b076164b81d5e79bd5e4b mbs1/SRPMS/php-uploadprogress-1.0.3.1-3.1.mbs1.src.rpm\r\n 23a9cf1fa7db9dc8843c9262795a1eb1 mbs1/SRPMS/php-uuid-1.0.3-1.mbs1.src.rpm\r\n f1c54907e7c544dfd95764da8175f749 mbs1/SRPMS/php-wbxml-1.0.3-14.1.mbs1.src.rpm\r\n 2c57275de2451e91cbfc271ae14595dc mbs1/SRPMS/php-xattr-1.2.0-1.mbs1.src.rpm\r\n 82d034516dcfe4fbaf68640ccd017a1f mbs1/SRPMS/php-xdiff-1.5.2-1.mbs1.src.rpm\r\n c19da5f5199dbc4d58a2c1d9b7de5bff mbs1/SRPMS/php-xslcache-0.7.2-1.mbs1.src.rpm\r\n b05fbb9a7a6ca882fcb7ed4cab1c3886 mbs1/SRPMS/php-yaml-1.1.1-1.mbs1.src.rpm\r\n b2859baaf205be29a938df103529659d mbs1/SRPMS/php-yaz-1.1.6-1.mbs1.src.rpm\r\n 8544a9059f4099bc17bdd31cb2218aee mbs1/SRPMS/php-yp-5.2.3-25.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFS3pnTmqjQ0CJFipgRAtkRAJ417vt7FzRaoh3u+es+hZpnI/G1kwCfcGWD\r\nxmJGFGNLyeQwnIXiJs7+QxY=\r\n=ro67\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-01-29T00:00:00", "published": "2014-01-29T00:00:00", "id": "SECURITYVULNS:DOC:30264", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30264", "title": "[ MDVSA-2014:014 ] php", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2013-6712"], "description": "Crash on parsing date intervals.", "edition": 1, "modified": "2014-01-29T00:00:00", "published": "2014-01-29T00:00:00", "id": "SECURITYVULNS:VULN:13542", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13542", "title": "PHP DoS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-6420"], "description": "\r\n\r\n\r\n SektionEins GmbH\r\n www.sektioneins.de\r\n\r\n -= Security Advisory =-\r\n\r\n Advisory: PHP openssl_x509_parse&#40;&#41; Memory Corruption Vulnerability\r\n Release Date: 2013/12/13\r\nLast Modified: 2013/12/13\r\n Author: Stefan Esser [stefan.esser[at]sektioneins.de]\r\n\r\n Application: PHP 4.0.6 - PHP 4.4.9\r\n PHP 5.0.x\r\n PHP 5.1.x\r\n PHP 5.2.x\r\n PHP 5.3.0 - PHP 5.3.27\r\n PHP 5.4.0 - PHP 5.4.22\r\n PHP 5.5.0 - PHP 5.5.6\r\n Severity: PHP applications using openssl_x509_parse&#40;&#41; to parse a\r\n malicious x509 certificate might trigger a memory\r\n corruption that might result in arbitrary code execution\r\n Risk: Critical\r\nVendor Status: Vendor has released PHP 5.5.7, PHP 5.4.23 and PHP 5.3.28\r\n that contain a fix for this vulnerability\r\n Reference:\r\nhttp://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html\r\n\r\nOverview:\r\n\r\n Quote from http://www.php.net\r\n &quot;PHP is a widely-used general-purpose scripting language that\r\n is especially suited for Web development and can be embedded\r\n into HTML.&quot;\r\n\r\n The PHP function openssl_x509_parse&#40;&#41; uses a helper function\r\n called asn1_time_to_time_t&#40;&#41; to convert timestamps from ASN1\r\n string format into integer timestamp values. The parser within\r\n this helper function is not binary safe and can therefore be\r\n tricked to write up to five NUL bytes outside of an allocated\r\n buffer.\r\n \r\n This problem can be triggered by x509 certificates that contain\r\n NUL bytes in their notBefore and notAfter timestamp fields and\r\n leads to a memory corruption that might result in arbitrary\r\n code execution.\r\n \r\n Depending on how openssl_x509_parse&#40;&#41; is used within a PHP\r\n application the attack requires either a malicious cert signed\r\n by a compromised/malicious CA or can be carried out with a\r\n self-signed cert.\r\n\r\nDetails:\r\n\r\n The PHP function openssl_x509_parse&#40;&#41; is used by PHP applications\r\n to parse additional information out of x509 certificates, usually\r\n to harden SSL encrypted communication channels against MITM\r\n attacks. In the wild we have seen the following use cases for this\r\n function:\r\n \r\n * output certificate debugging information\r\n &#40;e.g. cacert.org/analyse.php&#41;\r\n * webmail application with SMIME support\r\n * client certificate handling\r\n * certificate pinning\r\n * verification of other certificate properties\r\n &#40;e.g. a default Wordpress install if ext/curl is not loaded&#41;\r\n \r\n When we backported security fixes for some previous security\r\n vulnerabilities in PHP&#39;s openssl to PHP 4.4.9 as part of our\r\n PHP security backport services that we provide to customers,\r\n we performed a quick audit of openssl_x509_parse&#40;&#41; and all the\r\n functions it calls, which led to the discovery of a memory\r\n corruption vulnerability.\r\n \r\n Within the function openssl_x509_parse&#40;&#41; the helper function\r\n asn1_time_to_time_t&#40;&#41; is called two times to parse the\r\n notBefore and notAfter ASN1 string timestamps from the cert\r\n into integer time_t values as you can see below:\r\n \r\n add_assoc_long&#40;return_value, &quot;validFrom_time_t&quot;,\r\nasn1_time_to_time_t&#40;X509_get_notBefore&#40;cert&#41; TSRMLS_CC&#41;&#41;;\r\n add_assoc_long&#40;return_value, &quot;validTo_time_t&quot;,\r\nasn1_time_to_time_t&#40;X509_get_notAfter&#40;cert&#41; TSRMLS_CC&#41;&#41;;\r\n \r\n When you take a look into this helper function you will see\r\n that it only contains a quickly hacked parser that was never\r\n really improved since its introduction in PHP 4.0.6. The author\r\n of this parser was even aware of its hackishness as you can see\r\n from the error message contained in the code:\r\n \r\n static time_t asn1_time_to_time_t&#40;ASN1_UTCTIME * timestr TSRMLS_DC&#41; /*\r\n{{{ */\r\n {\r\n /*\r\n This is how the time string is formatted:\r\n snprintf&#40;p, sizeof&#40;p&#41;, &quot;&#37;02d&#37;02d&#37;02d&#37;02d&#37;02d&#37;02dZ&quot;,ts-&gt;tm_year&#37;100,\r\n ts-&gt;tm_mon+1,ts-&gt;tm_mday,ts-&gt;tm_hour,ts-&gt;tm_min,ts-&gt;tm_sec&#41;;\r\n */\r\n\r\n time_t ret;\r\n struct tm thetime;\r\n char * strbuf;\r\n char * thestr;\r\n long gmadjust = 0;\r\n\r\n if &#40;timestr-&gt;length &lt; 13&#41; {\r\n php_error_docref&#40;NULL TSRMLS_CC, E_WARNING, &quot;extension author\r\ntoo lazy to parse &#37;s correctly&quot;, timestr-&gt;data&#41;;\r\n return &#40;time_t&#41;-1;\r\n }\r\n\r\n However the actual problem of the code should become obvious when\r\n you read the rest of the parsing code that attempts to first\r\n duplicate the timestamp string and then parses the timestamp by\r\n going through the copy in reverse order and writing five NUL bytes\r\n into the duplicated string.\r\n\r\n strbuf = estrdup&#40;&#40;char *&#41;timestr-&gt;data&#41;;\r\n\r\n memset&#40;&amp;thetime, 0, sizeof&#40;thetime&#41;&#41;;\r\n\r\n /* we work backwards so that we can use atoi more easily */\r\n\r\n thestr = strbuf + timestr-&gt;length - 3;\r\n\r\n thetime.tm_sec = atoi&#40;thestr&#41;;\r\n *thestr = &#39;&#92;0&#39;;\r\n thestr -= 2;\r\n thetime.tm_min = atoi&#40;thestr&#41;;\r\n *thestr = &#39;&#92;0&#39;;\r\n thestr -= 2;\r\n thetime.tm_hour = atoi&#40;thestr&#41;;\r\n *thestr = &#39;&#92;0&#39;;\r\n thestr -= 2;\r\n thetime.tm_mday = atoi&#40;thestr&#41;;\r\n *thestr = &#39;&#92;0&#39;;\r\n thestr -= 2;\r\n thetime.tm_mon = atoi&#40;thestr&#41;-1;\r\n *thestr = &#39;&#92;0&#39;;\r\n thestr -= 2;\r\n thetime.tm_year = atoi&#40;thestr&#41;;\r\n\r\n The problem with this code is that ASN1 strings can contain NUL\r\n bytes, while the parser is not binary safe. This means if a\r\n timestamp string inside a x509 certificate contains a NUL byte\r\n at e.g. position 13 the estrdup&#40;&#41; will only allocate 14 bytes\r\n for a copy of the string, but the parser will attempt to write\r\n five NUL bytes to memory addressed by the ASN1 length of the\r\n string. If the real string length is longer than 16 bytes this\r\n will result in writes of NUL bytes outside of the allocated\r\n buffer.\r\n \r\n Because of PHP&#39;s deterministic heap memory layout that can be\r\n controlled a lot by sending e.g. POST variables and using\r\n duplicate variable names to poke memory holes this vulnerability\r\n must be considered exploitable. However the actual exploit will\r\n depend a lot on how the PHP application uses openssl_x509_parse&#40;&#41;\r\n and a lot of other factors.\r\n\r\n Depending on which of the actual use cases the function is used\r\n for by an application, an attacker can trigger the memory\r\n corruption with a self-signed certificate. An example for this\r\n is the public analyse.php x509 cert debugging script provided\r\n by CACert on their webserver.\r\n \r\n Other applications like Wordpress use openssl_x509_parse&#40;&#41; to\r\n further verify SSL certificates whenever Wordpress connects to\r\n a HTTPS URL &#40;in case ext/curl is not loaded which is the default\r\n for several linux distributions&#41;. Because the parsing only\r\n happens after the initial SSL connection is established this\r\n can only be abused by attackers controlling a malicious trusted\r\n cert. However recent disclosures of alleged NSA capabilities,\r\n the French incident and disclosures about fully compromised\r\n trusted CAs in the past years have shown that this capability\r\n might be in the reach of malicious attackers.\r\n\r\n\r\nProof of Concept:\r\n\r\n The following x509 certificate demonstrates the out of bounds write:\r\n \r\n -----BEGIN CERTIFICATE-----\r\n MIIEpDCCA4ygAwIBAgIJAJzu8r6u6eBcMA0GCSqGSIb3DQEBBQUAMIHDMQswCQYD\r\n VQQGEwJERTEcMBoGA1UECAwTTm9yZHJoZWluLVdlc3RmYWxlbjEQMA4GA1UEBwwH\r\n S8ODwrZsbjEUMBIGA1UECgwLU2VrdGlvbkVpbnMxHzAdBgNVBAsMFk1hbGljaW91\r\n cyBDZXJ0IFNlY3Rpb24xITAfBgNVBAMMGG1hbGljaW91cy5zZWt0aW9uZWlucy5k\r\n ZTEqMCgGCSqGSIb3DQEJARYbc3RlZmFuLmVzc2VyQHNla3Rpb25laW5zLmRlMHUY\r\n ZDE5NzAwMTAxMDAwMDAwWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\n AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\n AAAAAAAXDTE0MTEyODExMzkzNVowgcMxCzAJBgNVBAYTAkRFMRwwGgYDVQQIDBNO\r\n b3JkcmhlaW4tV2VzdGZhbGVuMRAwDgYDVQQHDAdLw4PCtmxuMRQwEgYDVQQKDAtT\r\n ZWt0aW9uRWluczEfMB0GA1UECwwWTWFsaWNpb3VzIENlcnQgU2VjdGlvbjEhMB8G\r\n A1UEAwwYbWFsaWNpb3VzLnNla3Rpb25laW5zLmRlMSowKAYJKoZIhvcNAQkBFhtz\r\n dGVmYW4uZXNzZXJAc2VrdGlvbmVpbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB\r\n DwAwggEKAoIBAQDDAf3hl7JY0XcFniyEJpSSDqn0OqBr6QP65usJPRt/8PaDoqBu\r\n wEYT/Na+6fsgPjC0uK9DZgWg2tHWWoanSblAMoz5PH6Z+S4SHRZ7e2dDIjPjdhjh\r\n 0mLg2UMO5yp0V797Ggs9lNt6JRfH81MN2obXWs4NtztLMuD6egqpr8dDbr34aOs8\r\n pkdui5UawTZksy5pLPHq5cMhFGm06v65CLo0V2Pd9+KAokPrPcN5KLKebz7mLpk6\r\n SMeEXOKP4idEqxyQ7O7fBuHMedsQhu+prY3si3BUyKfQtP5CZnX2bp0wKHxX12DX\r\n 1nfFIt9DbGvHTcyOuN+nZLPBm3vWxntyIIvVAgMBAAGjQjBAMAkGA1UdEwQCMAAw\r\n EQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEF\r\n BQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAG0fZYYCTbdj1XYc+1SnoaPR+vI8C8CaD\r\n 8+0UYhdnyU4gga0BAcDrY9e94eEAu6ZqycF6FjLqXXdAboppWocr6T6GD1x33Ckl\r\n VArzG/KxQohGD2JeqkhIMlDomxHO7ka39+Oa8i2vWLVyjU8AZvWMAruHa4EENyG7\r\n lW2AagaFKFCr9TnXTfrdxGVEbv7KVQ6bdhg5p5SjpWH1+Mq03uR3ZXPBYdyV8319\r\n o0lVj1KFI2DCL/liWisJRoof+1cR35Ctd0wYBcpB6TZslMcOPl76dwKwJgeJo2Qg\r\n Zsfmc2vC1/qOlNuNq/0TzzkVGv8ETT3CgaU+UXe4XOVvkccebJn2dg==\r\n -----END CERTIFICATE-----\r\n\r\n\r\nDisclosure Timeline: \r\n\r\n 01. December 2013 - Notified security@php.net\r\n Provided description, POC cert, demo\r\n valgrind output and patch\r\n 02. December 2013 - security@php.net acknowledges and\r\n says thank you for report and patch\r\n 02. December 2013 - security@php.net announces that planned\r\n release date is 12th December\r\n 03. December 2013 - Notification from RedHat Security that\r\n CVE-2013-6420 was assigned to this issue\r\n 09. December 2013 - RedHat Security tells php.net that they\r\n should commit the fix silently and add\r\n info about it only after release\r\n They further tell php.net to tell us to\r\n not discuss the vulnerability in public\r\n prior to patches being available\r\n 10. December 2013 - security@php.net fixes the vulnerability\r\n openly and does not attempt to hide that\r\n the commit is a security fix as RedHat\r\n Security suggested\r\n 11. December 2013 - RedHat Security Announces that they now\r\n consider this vulnerability public and\r\n sends out their own patches with big\r\n announcement one day before php.net is\r\n ready to release their own fixes\r\n 12. December 2013 - security@php.net pushes PHP updates to\r\n the PHP 5.3, PHP 5.3 and PHP 5.5 branches\r\n to the mirros as was previously agreed upon\r\n 13. December 2013 - New PHP releases are announce on php.net\r\n 13. December 2013 - Public Disclosure of this advisory\r\n\r\n\r\nRecommendation:\r\n\r\n It is recommended to upgrade to the latest version of PHP\r\n which also fixes additional non security problems reported\r\n by third parties.\r\n\r\n Grab your copy at:\r\n http://www.php.net/get/php-5.5.7.tar.bz2/from/a/mirror\r\n\r\n\r\nCVE Information:\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41; has\r\n assigned the name CVE-2013-6420 to this vulnerability.\r\n\r\n\r\nGPG-Key:\r\n\r\n pub 4096R/D6A3FE46 2013-11-06 Stefan Esser\r\n Key fingerprint = 0A04 AB88 90D2 E67C 3D3D 86E1 AA39 B97F D6A3 FE46\r\n\r\n\r\nCopyright 2013 SektionEins GmbH. All rights reserved.\r\n", "edition": 1, "modified": "2013-12-30T00:00:00", "published": "2013-12-30T00:00:00", "id": "SECURITYVULNS:DOC:30145", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30145", "title": "Advisory 01/2013: PHP openssl_x509_parse&#40;&#41; Memory Corruption Vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-6420"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2013:298\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : php\r\n Date : December 20, 2013\r\n Affected: Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been discovered and corrected in php:\r\n \r\n The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP\r\n before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not\r\n properly parse &#40;1&#41; notBefore and &#40;2&#41; notAfter timestamps in X.509\r\n certificates, which allows remote attackers to execute arbitrary\r\n code or cause a denial of service &#40;memory corruption&#41; via a crafted\r\n certificate that is not properly handled by the openssl_x509_parse\r\n function &#40;CVE-2013-6420&#41;.\r\n \r\n The updated packages have been upgraded to the 5.3.28 version which\r\n is not vulnerable to this issue.\r\n \r\n Additionally, some packages which requires so has been rebuilt for\r\n php-5.3.28.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420\r\n http://www.php.net/ChangeLog-5.php#5.3.28\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n e82f92ee5921854a4860d2aa6e8e6440 mes5/i586/apache-mod_php-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 6bbc570aebd46f3489c86343158e77ec mes5/i586/libphp5_common5-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 3e4c45f9a4e0a79c53452c17b2028b02 mes5/i586/php-apc-3.1.13-0.6mdvmes5.2.i586.rpm\r\n f6947e6a11ef29a4f4f0a07b81dd6016 mes5/i586/php-apc-admin-3.1.13-0.6mdvmes5.2.i586.rpm\r\n 4dfbe3eea5e46fd715201e4afca24c81 mes5/i586/php-bcmath-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 53bbd1f4c396f167478729bd7577d862 mes5/i586/php-bz2-5.3.28-0.1mdvmes5.2.i586.rpm\r\n b4f6e07cf0cdd95931158afbc9bae331 mes5/i586/php-calendar-5.3.28-0.1mdvmes5.2.i586.rpm\r\n e2a76d50a531a01743c12bc6a9847680 mes5/i586/php-cgi-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 3951910405f6e4236993377a356bb9a4 mes5/i586/php-cli-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 9c18fab42a0463e6b171c89bcb34e59d mes5/i586/php-ctype-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 81106282b9a8b8acbcafb503f703571f mes5/i586/php-curl-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 55b58db133bc4facbc19aa8e66544194 mes5/i586/php-dba-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 3af777218a08294e4db9f0185ec18408 mes5/i586/php-devel-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 9740712e52b1c778865bc94f74a1f7d9 mes5/i586/php-doc-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 50aba136682a5cb8b21036772e8bda91 mes5/i586/php-dom-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 0676c080b0c1a0ab44755b78fa54edd2 mes5/i586/php-eaccelerator-0.9.6.1-0.12mdvmes5.2.i586.rpm\r\n 374e84efb147b96182eafba9e328c041 mes5/i586/php-eaccelerator-admin-0.9.6.1-0.12mdvmes5.2.i586.rpm\r\n 2543f2f5d65dcea79ccb42866f250033 mes5/i586/php-enchant-5.3.28-0.1mdvmes5.2.i586.rpm\r\n af59fcbaf9e89eb51b32e6fce0005c63 mes5/i586/php-exif-5.3.28-0.1mdvmes5.2.i586.rpm\r\n f0a8135c4fd701c63f9d8183d176f7a3 mes5/i586/php-fileinfo-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 978ec9bad6067ee31acdb7d29c02ee6d mes5/i586/php-filter-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 345bbcb9f0ff4a8f2d5b42bf80fc1aca mes5/i586/php-fpm-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 9e53d96a14aaa5b321fee8c5219b179c mes5/i586/php-ftp-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 2fb4464da4feed463b2e0be571b7a8ad mes5/i586/php-gd-5.3.28-0.1mdvmes5.2.i586.rpm\r\n c6fec5c8558c2d70314765a4bca56c4d mes5/i586/php-gettext-5.3.28-0.1mdvmes5.2.i586.rpm\r\n b806fa16d431e0a0bfb4536fcc5a3de0 mes5/i586/php-gmp-5.3.28-0.1mdvmes5.2.i586.rpm\r\n c97d2c1b6ee07309dd196733f115c66b mes5/i586/php-hash-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 218a651d76a3f4eb342d825396970a4c mes5/i586/php-iconv-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 162b43aed967096a40a8d2d8a39798b2 mes5/i586/php-imap-5.3.28-0.1mdvmes5.2.i586.rpm\r\n f74967cf95e9926a9a28493b50e564e2 mes5/i586/php-ini-5.3.28-0.1mdvmes5.2.i586.rpm\r\n bc5973f3e0a1cf0d3563d41227a4780f mes5/i586/php-intl-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 8ba0dabb2dd54d90e8a813c129c5c4e9 mes5/i586/php-json-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 61f0721739ea420d35ae9610cf9bfd6e mes5/i586/php-ldap-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 008e485ea6cc24e40ab68ea6300a8ddf mes5/i586/php-mbstring-5.3.28-0.1mdvmes5.2.i586.rpm\r\n f85a78d805506aab05c816ce7b1cec14 mes5/i586/php-mcrypt-5.3.28-0.1mdvmes5.2.i586.rpm\r\n e9ebee4cca894eb2ce5823a382794abb mes5/i586/php-mssql-5.3.28-0.1mdvmes5.2.i586.rpm\r\n e044f3a34ef946db4063b9dbc37a757a mes5/i586/php-mysql-5.3.28-0.1mdvmes5.2.i586.rpm\r\n fbad0825f5554ec61e08b44508d3e71d mes5/i586/php-mysqli-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 231d82b657e31ad7034aa350b7ed339c mes5/i586/php-mysqlnd-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 25865395e9574487f5ed2a9aaaee6a6c mes5/i586/php-odbc-5.3.28-0.1mdvmes5.2.i586.rpm\r\n ef531bf3c279546d0a05f60b6f7074f5 mes5/i586/php-openssl-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 2777850c69f53f29b433220a26c363eb mes5/i586/php-pcntl-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 5ad1cf80dc1c09d6ca838be5af326e41 mes5/i586/php-pdo-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 9d011169f70484af708b2ea83fec5f81 mes5/i586/php-pdo_dblib-5.3.28-0.1mdvmes5.2.i586.rpm\r\n b20411e1d6edde4ec1cb894f581468e9 mes5/i586/php-pdo_mysql-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 95a1a54160c2a8e14355a425ca6c24f5 mes5/i586/php-pdo_odbc-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 3c4055344793ff39cd5754012f86905b mes5/i586/php-pdo_pgsql-5.3.28-0.1mdvmes5.2.i586.rpm\r\n c8dd7797b310daa6ab64a8a2ddaf28cb mes5/i586/php-pdo_sqlite-5.3.28-0.1mdvmes5.2.i586.rpm\r\n ed2671492d358c8ce8fe4dd7a73b370f mes5/i586/php-pgsql-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 1a7b852956f7711218d44ace320a1c4e mes5/i586/php-phar-5.3.28-0.1mdvmes5.2.i586.rpm\r\n b8795e6ee0a0140efbc84049915371f7 mes5/i586/php-posix-5.3.28-0.1mdvmes5.2.i586.rpm\r\n dc4e71b8a11f6d743264d851f746503d mes5/i586/php-pspell-5.3.28-0.1mdvmes5.2.i586.rpm\r\n bb28ffa32bfe19309dd3b6e3c927b637 mes5/i586/php-readline-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 96b42da785fd3bdcb32af05b9bf7f881 mes5/i586/php-recode-5.3.28-0.1mdvmes5.2.i586.rpm\r\n aadce89571a893cf7a65c7d3b6aeb030 mes5/i586/php-session-5.3.28-0.1mdvmes5.2.i586.rpm\r\n bc926f2d63fa1a37e31a0b4da12a290f mes5/i586/php-shmop-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 5bb90435a015992dffcb6a64bfa78657 mes5/i586/php-snmp-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 8cc53f4f10e4e94faff83a2b3e95ce18 mes5/i586/php-soap-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 2b339f784f710d38a6a0b9ef2da4db28 mes5/i586/php-sockets-5.3.28-0.1mdvmes5.2.i586.rpm\r\n e0020bc82207fec0d6f667b1ddc918c0 mes5/i586/php-sqlite3-5.3.28-0.1mdvmes5.2.i586.rpm\r\n a4b3528aa61d736f43ba84ebf6fb59bb mes5/i586/php-sqlite-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 7844bd3e96f0de8e004e1b84cb8ff765 mes5/i586/php-sybase_ct-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 36a2e13a85c342ce28e6cf512020f955 mes5/i586/php-sysvmsg-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 986afb08768e9838258146f7edccbf81 mes5/i586/php-sysvsem-5.3.28-0.1mdvmes5.2.i586.rpm\r\n dfdf87e55d6a867ae3cf081144f3db07 mes5/i586/php-sysvshm-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 4cb91370d9e1626d95c3df9032bace25 mes5/i586/php-tidy-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 3780602f17a360b66ee4cda77f8d355d mes5/i586/php-tokenizer-5.3.28-0.1mdvmes5.2.i586.rpm\r\n ec82aef9b6a5be871efb8e4b2b5942c3 mes5/i586/php-wddx-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 653e788332f1419d160e42e47e197dc0 mes5/i586/php-xml-5.3.28-0.1mdvmes5.2.i586.rpm\r\n dad5ba3e0553993de9914cd5e951108f mes5/i586/php-xmlreader-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 42067b32a7e797a07d814bf3d5d4a3a9 mes5/i586/php-xmlrpc-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 06b9b1be706c94a25e642d4b175a9dca mes5/i586/php-xmlwriter-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 382dbc63b47d0e6ff22991f33c3c288a mes5/i586/php-xsl-5.3.28-0.1mdvmes5.2.i586.rpm\r\n df43e5745c6b4432541e7ede0349d869 mes5/i586/php-zip-5.3.28-0.1mdvmes5.2.i586.rpm\r\n 18e830dc43ee22811dc9f0521e028abd mes5/i586/php-zlib-5.3.28-0.1mdvmes5.2.i586.rpm \r\n 6eceeb527a6b8b3ed63420a5386b29b5 mes5/SRPMS/apache-mod_php-5.3.28-0.1mdvmes5.2.src.rpm\r\n 179ef6b8dc95980e00b5e3f4ca6eb773 mes5/SRPMS/php-5.3.28-0.1mdvmes5.2.src.rpm\r\n a952feecd22680dae476ca69212ecb33 mes5/SRPMS/php-apc-3.1.13-0.6mdvmes5.2.src.rpm\r\n 06e53dd13e948665e58d88ab0d24c2e6 mes5/SRPMS/php-eaccelerator-0.9.6.1-0.12mdvmes5.2.src.rpm\r\n 98c38db84403968dc0fb3853793f148d mes5/SRPMS/php-ini-5.3.28-0.1mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 48b62a345c93bd65ced2fe22e2f05e0a mes5/x86_64/apache-mod_php-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 27c97ce8fae7f752bf8c0badaaf8315b mes5/x86_64/lib64php5_common5-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n c80e9637f463ee2e335e6df532854d9f mes5/x86_64/php-apc-3.1.13-0.6mdvmes5.2.x86_64.rpm\r\n 9f5ce6ad5d2d709478a1dc59f1fd656a mes5/x86_64/php-apc-admin-3.1.13-0.6mdvmes5.2.x86_64.rpm\r\n 6576d4e51e7de36f8f34b93a2314e8ae mes5/x86_64/php-bcmath-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 62e6c0ab7b20d82ce4d2ce6ca8d1fafc mes5/x86_64/php-bz2-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 2bab01f5924dd11fdf0ed17eb8c80bf1 mes5/x86_64/php-calendar-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n bf6d3e042a08e24d0a7c58a8090c25df mes5/x86_64/php-cgi-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 35933be7d46be453743930e57fea42a0 mes5/x86_64/php-cli-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 7a77915e86620e658e9fa9a5a4c78d4c mes5/x86_64/php-ctype-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 562662dfea4392b25f738c803f65d75e mes5/x86_64/php-curl-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n f19d54151062a60702cd4f46b48134ee mes5/x86_64/php-dba-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 5e55a63bc03e5ce551ebda76e3188c6e mes5/x86_64/php-devel-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n d70dbef4b33f8f41cd50e0ab2505846b mes5/x86_64/php-doc-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 877d549c375b2cf0478c5bd447c8e16d mes5/x86_64/php-dom-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 01aa966c93b0385f4dba818ab305176f mes5/x86_64/php-eaccelerator-0.9.6.1-0.12mdvmes5.2.x86_64.rpm\r\n 5421077f26ecffc5564e85af23d3d8e8 mes5/x86_64/php-eaccelerator-admin-0.9.6.1-0.12mdvmes5.2.x86_64.rpm\r\n f099f09ae646ec97679dca0dae3eccf0 mes5/x86_64/php-enchant-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 6629de6143d81104a9752527337b4539 mes5/x86_64/php-exif-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n c7a8cb5fd6ae8c8f010b25f1afd6a15e mes5/x86_64/php-fileinfo-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 0c08d114f841a0bda783ce181835c1ab mes5/x86_64/php-filter-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n ffed8c09c9fa5dd5f274a94a91a4939c mes5/x86_64/php-fpm-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 65c2b5d3e29717a6dde6dbc457649b51 mes5/x86_64/php-ftp-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 9dd4d76631e9ce4f04d6849e61b79167 mes5/x86_64/php-gd-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n fb99d293a4e2bbdcab767517bbc519e3 mes5/x86_64/php-gettext-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 7f4743baf830062a9dae8cd1b298937b mes5/x86_64/php-gmp-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n e0217a8de24584df7d3af1676a011acc mes5/x86_64/php-hash-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 56f194f6110b69881836fc01be550b0c mes5/x86_64/php-iconv-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 2004ab330413b5ef684cb0ccc20ddcad mes5/x86_64/php-imap-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n f67842f9262997785bcbb1b3f0fc5a6d mes5/x86_64/php-ini-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n d90da58782d90ba3f182feb71b4973fb mes5/x86_64/php-intl-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 23c5df806bbfa4c4d26819d0fe38ad02 mes5/x86_64/php-json-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 94943adbe9c42b4e45df275e83c15c45 mes5/x86_64/php-ldap-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 9257372d9d575afe364ff262f8a7cb0a mes5/x86_64/php-mbstring-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n ebeafa2c1c9ff2b8563d07e936dc6952 mes5/x86_64/php-mcrypt-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n f12f28bb84b264daf9a95203759181e6 mes5/x86_64/php-mssql-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 66929cf641c7794d463875e706c4cf39 mes5/x86_64/php-mysql-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 496af67a3bc91d8acdef1f9879694698 mes5/x86_64/php-mysqli-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n cd5c68c7fa2920b2747aa03924b355cf mes5/x86_64/php-mysqlnd-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n a7c4dcc63b0d66eb1d58bd3ddb072408 mes5/x86_64/php-odbc-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 36480786c7dfad2e757483306c000b72 mes5/x86_64/php-openssl-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n f119e564cea516d9078aca3c2080b994 mes5/x86_64/php-pcntl-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 1c87db930b55e1a8e9c56f5ec3337fec mes5/x86_64/php-pdo-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 845a9933d4e218feba5493716bf2549c mes5/x86_64/php-pdo_dblib-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 35b6b7de34cc68a4fa724e5ef75180cd mes5/x86_64/php-pdo_mysql-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n fb6ba6e5cb11eea82074a641dd8f98ca mes5/x86_64/php-pdo_odbc-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 8951f2d3aaa5040dd178c4a0ca2adce6 mes5/x86_64/php-pdo_pgsql-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 92920477bd9fd02b99adf460a1b6384f mes5/x86_64/php-pdo_sqlite-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n e484f66564b196d1652ce81c2d6625fb mes5/x86_64/php-pgsql-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 467c211bf81bae6ef9685f1cfbdbef92 mes5/x86_64/php-phar-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 7a4cb2a2768af68745536b137ba68342 mes5/x86_64/php-posix-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 78e7f084c0e8da29c210fd612919c926 mes5/x86_64/php-pspell-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 9353dc4869e83063064645e9ab02295a mes5/x86_64/php-readline-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 75be84aaa4698cec4ecd002a246af126 mes5/x86_64/php-recode-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n cb6e7fc3251d647c943a0dfe1bb1ea20 mes5/x86_64/php-session-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 8cdcffd0c94defb37f50a7312edf396a mes5/x86_64/php-shmop-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 392567680450f39ac8b05d4ff31039ab mes5/x86_64/php-snmp-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n a3f55a401323bb78ee15fd82ed57664e mes5/x86_64/php-soap-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 35c28d7e2faecb315b84644561b5b5e0 mes5/x86_64/php-sockets-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 698ebf64e9aa0ad31b98dcb459d6dacb mes5/x86_64/php-sqlite3-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n b9ae3d8148fa2e289e00f327eaf5da34 mes5/x86_64/php-sqlite-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n cbc9d8c65ae1b717202df21d35d43fca mes5/x86_64/php-sybase_ct-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 83dbfae7b93c32949c8595ce5e778d23 mes5/x86_64/php-sysvmsg-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n adbf6e225d6689b4db3ba549b76068f5 mes5/x86_64/php-sysvsem-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n ae86e0246190f9a57eebe90fb98f26e5 mes5/x86_64/php-sysvshm-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 0750b2f7d2ddeea035f973acc2d5850f mes5/x86_64/php-tidy-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 0b45214a9db0dabcb956004d9212cc66 mes5/x86_64/php-tokenizer-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 87c7292b583d10fde383ac0163388645 mes5/x86_64/php-wddx-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 9ca71de610d209e00a78784e067e1038 mes5/x86_64/php-xml-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 216c544e78fd2db5d9186098f7054a1c mes5/x86_64/php-xmlreader-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n a7fac9154d343f6f040cfa5fed40c8cc mes5/x86_64/php-xmlrpc-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 8ebdc080ea795623c9041074fc82ab24 mes5/x86_64/php-xmlwriter-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n 89690a92fff0d3413c460a1a11a2dd30 mes5/x86_64/php-xsl-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n b645d9973a926b7c9e7b9636f84fd6a1 mes5/x86_64/php-zip-5.3.28-0.1mdvmes5.2.x86_64.rpm\r\n e0c4e05a8fced55ea0116e77b61bdb87 mes5/x86_64/php-zlib-5.3.28-0.1mdvmes5.2.x86_64.rpm \r\n 6eceeb527a6b8b3ed63420a5386b29b5 mes5/SRPMS/apache-mod_php-5.3.28-0.1mdvmes5.2.src.rpm\r\n 179ef6b8dc95980e00b5e3f4ca6eb773 mes5/SRPMS/php-5.3.28-0.1mdvmes5.2.src.rpm\r\n a952feecd22680dae476ca69212ecb33 mes5/SRPMS/php-apc-3.1.13-0.6mdvmes5.2.src.rpm\r\n 06e53dd13e948665e58d88ab0d24c2e6 mes5/SRPMS/php-eaccelerator-0.9.6.1-0.12mdvmes5.2.src.rpm\r\n 98c38db84403968dc0fb3853793f148d mes5/SRPMS/php-ini-5.3.28-0.1mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFStD3fmqjQ0CJFipgRAh8xAJ0cVGBvSbuNsraVm2CUbWJ4lFAo1ACeIl4I\r\nrHF73HCt6n3ErwxSG7pRWOc=\r\n=aFB+\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2013-12-24T00:00:00", "published": "2013-12-24T00:00:00", "id": "SECURITYVULNS:DOC:30132", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30132", "title": "[ MDVSA-2013:298 ] php", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "cvelist": ["CVE-2013-6420"], "description": "Memory corruption in asn1_time_to_time_t&#40;&#41;", "edition": 1, "modified": "2013-12-30T00:00:00", "published": "2013-12-30T00:00:00", "id": "SECURITYVULNS:VULN:13464", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13464", "title": "PHP memory corruption", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-2641", "CVE-2013-6422", "CVE-2014-2640", "CVE-2014-2642", "CVE-2013-6420", "CVE-2013-6712", "CVE-2013-4545"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04463322\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04463322\r\nVersion: 1\r\n\r\nHPSBMU03112 rev.1 - HP System Management Homepage &#40;SMH&#41; on Linux and Windows,\r\nMultiple Vulnerabilities\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-09-30\r\nLast Updated: 2014-09-30\r\n\r\nPotential Security Impact: Cross-site scripting &#40;XSS&#41;, Cross-site Request\r\nForgery &#40;CSRF&#41;, unauthorized disclosure of information, Denial of Service\r\n&#40;DoS&#41;, and Clickjacking\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP System\r\nManagement Homepage &#40;SMH&#41; on Linux and Windows. The vulnerabilities could be\r\nexploited remotely resulting in Cross-site Scripting &#40;XSS&#41;, Cross-site\r\nRequest Forgery &#40;CSRF&#41;, unauthorized disclosure of information, Denial of\r\nService &#40;DoS&#41;, and Clickjacking.\r\n\r\nReferences:\r\n\r\nCVE-2013-4545 Unauthorized modification\r\nCVE-2013-6420 &#40;SSRT101447&#41; Unauthorized disclosure of information\r\nCVE-2013-6422 Unauthorized disclosure of information\r\nCVE-2013-6712 &#40;SSRT101447&#41; Denial of Service &#40;DoS&#41;\r\nCVE-2014-2640 &#40;SSRT101633, SSRT101438&#41; Cross-site Scripting &#40;XSS&#41;\r\nCVE-2014-2641 &#40;SSRT101438&#41; Cross-site Request Forgery &#40;CSRF&#41;\r\nCVE-2014-2642 &#40;SSRT101701&#41; Clickjacking\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP System Management Homepage &#40;SMH&#41; for Linux and Windows prior to version\r\n7.4\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2013-4545 &#40;AV:N/AC:M/Au:N/C:N/I:P/A:N&#41; 4.3\r\nCVE-2013-6420 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2013-6422 &#40;AV:N/AC:H/Au:N/C:P/I:P/A:N&#41; 4.0\r\nCVE-2013-6712 &#40;AV:N/AC:L/Au:N/C:N/I:N/A:P&#41; 5.0\r\nCVE-2014-2640 &#40;AV:N/AC:M/Au:N/C:N/I:P/A:N&#41; 4.3\r\nCVE-2014-2641 &#40;AV:N/AC:M/Au:S/C:P/I:P/A:P&#41; 6.0\r\nCVE-2014-2642 &#40;AV:N/AC:M/Au:N/C:N/I:P/A:N&#41; 4.3\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made the following software updates available to resolve the\r\nvulnerabilities for the impacted versions of HP System Management Homepage\r\n&#40;SMH&#41; for Linux and Windows:\r\n\r\nhttp://h18013.www1.hp.com/products/servers/management/agents/\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 30 September 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided &quot;as is&quot;\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlQq3FIACgkQ4B86/C0qfVnTlwCgwWcDOjjkcFklK+74zGBRsqba\r\n3ZYAn2AXFQpMSaHHK8pqKv05UM/d1b7R\r\n=qkt6\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-10-05T00:00:00", "published": "2014-10-05T00:00:00", "id": "SECURITYVULNS:DOC:31138", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31138", "title": "[security bulletin] HPSBMU03112 rev.1 - HP System Management Homepage &#40;SMH&#41; on Linux and Windows, Multiple Vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:57", "bulletinFamily": "software", "cvelist": ["CVE-2014-2641", "CVE-2013-6422", "CVE-2014-2640", "CVE-2014-2642", "CVE-2013-6420", "CVE-2014-7874", "CVE-2013-6712", "CVE-2013-4545"], "description": "DoS, XSS, CSRF, clickjacking, unauthorized access, information leakage.", "edition": 1, "modified": "2014-10-15T00:00:00", "published": "2014-10-15T00:00:00", "id": "SECURITYVULNS:VULN:13993", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13993", "title": "HP System Management Homepage multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2020-11-10T12:36:34", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420"], "description": "**Issue Overview:**\n\nThe asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. \n\n \n**Affected Packages:** \n\n\nphp\n\n \n**Issue Correction:** \nRun _yum update php_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php-mysqlnd-5.3.28-1.2.amzn1.i686 \n php-snmp-5.3.28-1.2.amzn1.i686 \n php-debuginfo-5.3.28-1.2.amzn1.i686 \n php-common-5.3.28-1.2.amzn1.i686 \n php-imap-5.3.28-1.2.amzn1.i686 \n php-fpm-5.3.28-1.2.amzn1.i686 \n php-enchant-5.3.28-1.2.amzn1.i686 \n php-mcrypt-5.3.28-1.2.amzn1.i686 \n php-mbstring-5.3.28-1.2.amzn1.i686 \n php-dba-5.3.28-1.2.amzn1.i686 \n php-odbc-5.3.28-1.2.amzn1.i686 \n php-ldap-5.3.28-1.2.amzn1.i686 \n php-pgsql-5.3.28-1.2.amzn1.i686 \n php-5.3.28-1.2.amzn1.i686 \n php-soap-5.3.28-1.2.amzn1.i686 \n php-recode-5.3.28-1.2.amzn1.i686 \n php-mysql-5.3.28-1.2.amzn1.i686 \n php-xml-5.3.28-1.2.amzn1.i686 \n php-pspell-5.3.28-1.2.amzn1.i686 \n php-mssql-5.3.28-1.2.amzn1.i686 \n php-bcmath-5.3.28-1.2.amzn1.i686 \n php-cli-5.3.28-1.2.amzn1.i686 \n php-process-5.3.28-1.2.amzn1.i686 \n php-embedded-5.3.28-1.2.amzn1.i686 \n php-pdo-5.3.28-1.2.amzn1.i686 \n php-intl-5.3.28-1.2.amzn1.i686 \n php-xmlrpc-5.3.28-1.2.amzn1.i686 \n php-gd-5.3.28-1.2.amzn1.i686 \n php-tidy-5.3.28-1.2.amzn1.i686 \n php-devel-5.3.28-1.2.amzn1.i686 \n \n src: \n php-5.3.28-1.2.amzn1.src \n \n x86_64: \n php-common-5.3.28-1.2.amzn1.x86_64 \n php-mssql-5.3.28-1.2.amzn1.x86_64 \n php-mysql-5.3.28-1.2.amzn1.x86_64 \n php-soap-5.3.28-1.2.amzn1.x86_64 \n php-odbc-5.3.28-1.2.amzn1.x86_64 \n php-recode-5.3.28-1.2.amzn1.x86_64 \n php-mysqlnd-5.3.28-1.2.amzn1.x86_64 \n php-xmlrpc-5.3.28-1.2.amzn1.x86_64 \n php-embedded-5.3.28-1.2.amzn1.x86_64 \n php-enchant-5.3.28-1.2.amzn1.x86_64 \n php-dba-5.3.28-1.2.amzn1.x86_64 \n php-cli-5.3.28-1.2.amzn1.x86_64 \n php-snmp-5.3.28-1.2.amzn1.x86_64 \n php-mcrypt-5.3.28-1.2.amzn1.x86_64 \n php-pgsql-5.3.28-1.2.amzn1.x86_64 \n php-imap-5.3.28-1.2.amzn1.x86_64 \n php-pspell-5.3.28-1.2.amzn1.x86_64 \n php-bcmath-5.3.28-1.2.amzn1.x86_64 \n php-devel-5.3.28-1.2.amzn1.x86_64 \n php-fpm-5.3.28-1.2.amzn1.x86_64 \n php-ldap-5.3.28-1.2.amzn1.x86_64 \n php-mbstring-5.3.28-1.2.amzn1.x86_64 \n php-gd-5.3.28-1.2.amzn1.x86_64 \n php-xml-5.3.28-1.2.amzn1.x86_64 \n php-5.3.28-1.2.amzn1.x86_64 \n php-debuginfo-5.3.28-1.2.amzn1.x86_64 \n php-tidy-5.3.28-1.2.amzn1.x86_64 \n php-pdo-5.3.28-1.2.amzn1.x86_64 \n php-intl-5.3.28-1.2.amzn1.x86_64 \n php-process-5.3.28-1.2.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-12-17T21:29:00", "published": "2013-12-17T21:29:00", "id": "ALAS-2013-262", "href": "https://alas.aws.amazon.com/ALAS-2013-262.html", "title": "Critical: php", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:35:00", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420"], "description": "**Issue Overview:**\n\nA memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.\n\n \n**Affected Packages:** \n\n\nphp55\n\n \n**Issue Correction:** \nRun _yum update php55_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php55-gd-5.5.7-1.61.amzn1.i686 \n php55-pspell-5.5.7-1.61.amzn1.i686 \n php55-ldap-5.5.7-1.61.amzn1.i686 \n php55-cli-5.5.7-1.61.amzn1.i686 \n php55-process-5.5.7-1.61.amzn1.i686 \n php55-tidy-5.5.7-1.61.amzn1.i686 \n php55-recode-5.5.7-1.61.amzn1.i686 \n php55-snmp-5.5.7-1.61.amzn1.i686 \n php55-pgsql-5.5.7-1.61.amzn1.i686 \n php55-mysqlnd-5.5.7-1.61.amzn1.i686 \n php55-imap-5.5.7-1.61.amzn1.i686 \n php55-pdo-5.5.7-1.61.amzn1.i686 \n php55-debuginfo-5.5.7-1.61.amzn1.i686 \n php55-odbc-5.5.7-1.61.amzn1.i686 \n php55-fpm-5.5.7-1.61.amzn1.i686 \n php55-opcache-5.5.7-1.61.amzn1.i686 \n php55-bcmath-5.5.7-1.61.amzn1.i686 \n php55-soap-5.5.7-1.61.amzn1.i686 \n php55-common-5.5.7-1.61.amzn1.i686 \n php55-devel-5.5.7-1.61.amzn1.i686 \n php55-xml-5.5.7-1.61.amzn1.i686 \n php55-intl-5.5.7-1.61.amzn1.i686 \n php55-embedded-5.5.7-1.61.amzn1.i686 \n php55-gmp-5.5.7-1.61.amzn1.i686 \n php55-enchant-5.5.7-1.61.amzn1.i686 \n php55-mbstring-5.5.7-1.61.amzn1.i686 \n php55-mcrypt-5.5.7-1.61.amzn1.i686 \n php55-dba-5.5.7-1.61.amzn1.i686 \n php55-mssql-5.5.7-1.61.amzn1.i686 \n php55-xmlrpc-5.5.7-1.61.amzn1.i686 \n php55-5.5.7-1.61.amzn1.i686 \n \n src: \n php55-5.5.7-1.61.amzn1.src \n \n x86_64: \n php55-cli-5.5.7-1.61.amzn1.x86_64 \n php55-5.5.7-1.61.amzn1.x86_64 \n php55-gd-5.5.7-1.61.amzn1.x86_64 \n php55-recode-5.5.7-1.61.amzn1.x86_64 \n php55-fpm-5.5.7-1.61.amzn1.x86_64 \n php55-mssql-5.5.7-1.61.amzn1.x86_64 \n php55-dba-5.5.7-1.61.amzn1.x86_64 \n php55-soap-5.5.7-1.61.amzn1.x86_64 \n php55-snmp-5.5.7-1.61.amzn1.x86_64 \n php55-embedded-5.5.7-1.61.amzn1.x86_64 \n php55-imap-5.5.7-1.61.amzn1.x86_64 \n php55-opcache-5.5.7-1.61.amzn1.x86_64 \n php55-mcrypt-5.5.7-1.61.amzn1.x86_64 \n php55-pspell-5.5.7-1.61.amzn1.x86_64 \n php55-xml-5.5.7-1.61.amzn1.x86_64 \n php55-pgsql-5.5.7-1.61.amzn1.x86_64 \n php55-intl-5.5.7-1.61.amzn1.x86_64 \n php55-gmp-5.5.7-1.61.amzn1.x86_64 \n php55-process-5.5.7-1.61.amzn1.x86_64 \n php55-odbc-5.5.7-1.61.amzn1.x86_64 \n php55-tidy-5.5.7-1.61.amzn1.x86_64 \n php55-ldap-5.5.7-1.61.amzn1.x86_64 \n php55-mbstring-5.5.7-1.61.amzn1.x86_64 \n php55-common-5.5.7-1.61.amzn1.x86_64 \n php55-bcmath-5.5.7-1.61.amzn1.x86_64 \n php55-devel-5.5.7-1.61.amzn1.x86_64 \n php55-pdo-5.5.7-1.61.amzn1.x86_64 \n php55-xmlrpc-5.5.7-1.61.amzn1.x86_64 \n php55-mysqlnd-5.5.7-1.61.amzn1.x86_64 \n php55-enchant-5.5.7-1.61.amzn1.x86_64 \n php55-debuginfo-5.5.7-1.61.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-12-17T21:29:00", "published": "2013-12-17T21:29:00", "id": "ALAS-2013-264", "href": "https://alas.aws.amazon.com/ALAS-2013-264.html", "title": "Critical: php55", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:35:35", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420"], "description": "**Issue Overview:**\n\nA memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.\n\n \n**Affected Packages:** \n\n\nphp54\n\n \n**Issue Correction:** \nRun _yum update php54_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php54-recode-5.4.23-1.49.amzn1.i686 \n php54-mysqlnd-5.4.23-1.49.amzn1.i686 \n php54-enchant-5.4.23-1.49.amzn1.i686 \n php54-common-5.4.23-1.49.amzn1.i686 \n php54-xml-5.4.23-1.49.amzn1.i686 \n php54-imap-5.4.23-1.49.amzn1.i686 \n php54-tidy-5.4.23-1.49.amzn1.i686 \n php54-process-5.4.23-1.49.amzn1.i686 \n php54-snmp-5.4.23-1.49.amzn1.i686 \n php54-gd-5.4.23-1.49.amzn1.i686 \n php54-soap-5.4.23-1.49.amzn1.i686 \n php54-mssql-5.4.23-1.49.amzn1.i686 \n php54-embedded-5.4.23-1.49.amzn1.i686 \n php54-5.4.23-1.49.amzn1.i686 \n php54-ldap-5.4.23-1.49.amzn1.i686 \n php54-pgsql-5.4.23-1.49.amzn1.i686 \n php54-fpm-5.4.23-1.49.amzn1.i686 \n php54-odbc-5.4.23-1.49.amzn1.i686 \n php54-pspell-5.4.23-1.49.amzn1.i686 \n php54-devel-5.4.23-1.49.amzn1.i686 \n php54-intl-5.4.23-1.49.amzn1.i686 \n php54-pdo-5.4.23-1.49.amzn1.i686 \n php54-cli-5.4.23-1.49.amzn1.i686 \n php54-mbstring-5.4.23-1.49.amzn1.i686 \n php54-mcrypt-5.4.23-1.49.amzn1.i686 \n php54-xmlrpc-5.4.23-1.49.amzn1.i686 \n php54-dba-5.4.23-1.49.amzn1.i686 \n php54-bcmath-5.4.23-1.49.amzn1.i686 \n php54-mysql-5.4.23-1.49.amzn1.i686 \n php54-debuginfo-5.4.23-1.49.amzn1.i686 \n \n src: \n php54-5.4.23-1.49.amzn1.src \n \n x86_64: \n php54-xml-5.4.23-1.49.amzn1.x86_64 \n php54-xmlrpc-5.4.23-1.49.amzn1.x86_64 \n php54-gd-5.4.23-1.49.amzn1.x86_64 \n php54-recode-5.4.23-1.49.amzn1.x86_64 \n php54-pgsql-5.4.23-1.49.amzn1.x86_64 \n php54-mssql-5.4.23-1.49.amzn1.x86_64 \n php54-mcrypt-5.4.23-1.49.amzn1.x86_64 \n php54-odbc-5.4.23-1.49.amzn1.x86_64 \n php54-fpm-5.4.23-1.49.amzn1.x86_64 \n php54-pspell-5.4.23-1.49.amzn1.x86_64 \n php54-soap-5.4.23-1.49.amzn1.x86_64 \n php54-enchant-5.4.23-1.49.amzn1.x86_64 \n php54-common-5.4.23-1.49.amzn1.x86_64 \n php54-bcmath-5.4.23-1.49.amzn1.x86_64 \n php54-cli-5.4.23-1.49.amzn1.x86_64 \n php54-5.4.23-1.49.amzn1.x86_64 \n php54-snmp-5.4.23-1.49.amzn1.x86_64 \n php54-pdo-5.4.23-1.49.amzn1.x86_64 \n php54-mysql-5.4.23-1.49.amzn1.x86_64 \n php54-embedded-5.4.23-1.49.amzn1.x86_64 \n php54-intl-5.4.23-1.49.amzn1.x86_64 \n php54-process-5.4.23-1.49.amzn1.x86_64 \n php54-imap-5.4.23-1.49.amzn1.x86_64 \n php54-ldap-5.4.23-1.49.amzn1.x86_64 \n php54-tidy-5.4.23-1.49.amzn1.x86_64 \n php54-devel-5.4.23-1.49.amzn1.x86_64 \n php54-dba-5.4.23-1.49.amzn1.x86_64 \n php54-debuginfo-5.4.23-1.49.amzn1.x86_64 \n php54-mysqlnd-5.4.23-1.49.amzn1.x86_64 \n php54-mbstring-5.4.23-1.49.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-12-17T21:29:00", "published": "2013-12-17T21:29:00", "id": "ALAS-2013-263", "href": "https://alas.aws.amazon.com/ALAS-2013-263.html", "title": "Critical: php54", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T14:37:29", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "PHP openssl_x509_parse() - Memory Corruption Vulnerability", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-6420"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-83792", "id": "SSV:83792", "sourceData": "\n SektionEins GmbH\r\n www.sektioneins.de\r\n\r\n -= Security Advisory =-\r\n\r\n Advisory: PHP openssl_x509_parse() Memory Corruption Vulnerability\r\n Release Date: 2013/12/13\r\nLast Modified: 2013/12/13\r\n Author: Stefan Esser [stefan.esser[at]sektioneins.de]\r\n\r\n Application: PHP 4.0.6 - PHP 4.4.9\r\n PHP 5.0.x\r\n PHP 5.1.x\r\n PHP 5.2.x\r\n PHP 5.3.0 - PHP 5.3.27\r\n PHP 5.4.0 - PHP 5.4.22\r\n PHP 5.5.0 - PHP 5.5.6\r\n Severity: PHP applications using openssl_x509_parse() to parse a\r\n malicious x509 certificate might trigger a memory\r\n corruption that might result in arbitrary code execution\r\n Risk: Critical\r\nVendor Status: Vendor has released PHP 5.5.7, PHP 5.4.23 and PHP 5.3.28\r\n that contain a fix for this vulnerability\r\n Reference:\r\nhttp://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html\r\n\r\nOverview:\r\n\r\n Quote from http://www.php.net\r\n &#34;PHP is a widely-used general-purpose scripting language that\r\n is especially suited for Web development and can be embedded\r\n into HTML.&#34;\r\n\r\n The PHP function openssl_x509_parse() uses a helper function\r\n called asn1_time_to_time_t() to convert timestamps from ASN1\r\n string format into integer timestamp values. The parser within\r\n this helper function is not binary safe and can therefore be\r\n tricked to write up to five NUL bytes outside of an allocated\r\n buffer.\r\n \r\n This problem can be triggered by x509 certificates that contain\r\n NUL bytes in their notBefore and notAfter timestamp fields and\r\n leads to a memory corruption that might result in arbitrary\r\n code execution.\r\n \r\n Depending on how openssl_x509_parse() is used within a PHP\r\n application the attack requires either a malicious cert signed\r\n by a compromised/malicious CA or can be carried out with a\r\n self-signed cert.\r\n\r\nDetails:\r\n\r\n The PHP function openssl_x509_parse() is used by PHP applications\r\n to parse additional information out of x509 certificates, usually\r\n to harden SSL encrypted communication channels against MITM\r\n attacks. In the wild we have seen the following use cases for this\r\n function:\r\n \r\n * output certificate debugging information\r\n (e.g. cacert.org/analyse.php)\r\n * webmail application with SMIME support\r\n * client certificate handling\r\n * certificate pinning\r\n * verification of other certificate properties\r\n (e.g. a default Wordpress install if ext/curl is not loaded)\r\n \r\n When we backported security fixes for some previous security\r\n vulnerabilities in PHP&#39;s openssl to PHP 4.4.9 as part of our\r\n PHP security backport services that we provide to customers,\r\n we performed a quick audit of openssl_x509_parse() and all the\r\n functions it calls, which led to the discovery of a memory\r\n corruption vulnerability.\r\n \r\n Within the function openssl_x509_parse() the helper function\r\n asn1_time_to_time_t() is called two times to parse the\r\n notBefore and notAfter ASN1 string timestamps from the cert\r\n into integer time_t values as you can see below:\r\n \r\n add_assoc_long(return_value, &#34;validFrom_time_t&#34;,\r\nasn1_time_to_time_t(X509_get_notBefore(cert) TSRMLS_CC));\r\n add_assoc_long(return_value, &#34;validTo_time_t&#34;,\r\nasn1_time_to_time_t(X509_get_notAfter(cert) TSRMLS_CC));\r\n \r\n When you take a look into this helper function you will see\r\n that it only contains a quickly hacked parser that was never\r\n really improved since its introduction in PHP 4.0.6. The author\r\n of this parser was even aware of its hackishness as you can see\r\n from the error message contained in the code:\r\n \r\n static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /*\r\n{{{ */\r\n {\r\n /*\r\n This is how the time string is formatted:\r\n snprintf(p, sizeof(p), &#34;%02d%02d%02d%02d%02d%02dZ&#34;,ts-&#62;tm_year%100,\r\n ts-&#62;tm_mon+1,ts-&#62;tm_mday,ts-&#62;tm_hour,ts-&#62;tm_min,ts-&#62;tm_sec);\r\n */\r\n\r\n time_t ret;\r\n struct tm thetime;\r\n char * strbuf;\r\n char * thestr;\r\n long gmadjust = 0;\r\n\r\n if (timestr-&#62;length &#60; 13) {\r\n php_error_docref(NULL TSRMLS_CC, E_WARNING, &#34;extension author\r\ntoo lazy to parse %s correctly&#34;, timestr-&#62;data);\r\n return (time_t)-1;\r\n }\r\n\r\n However the actual problem of the code should become obvious when\r\n you read the rest of the parsing code that attempts to first\r\n duplicate the timestamp string and then parses the timestamp by\r\n going through the copy in reverse order and writing five NUL bytes\r\n into the duplicated string.\r\n\r\n strbuf = estrdup((char *)timestr-&#62;data);\r\n\r\n memset(&thetime, 0, sizeof(thetime));\r\n\r\n /* we work backwards so that we can use atoi more easily */\r\n\r\n thestr = strbuf + timestr-&#62;length - 3;\r\n\r\n thetime.tm_sec = atoi(thestr);\r\n *thestr = &#39;\\0&#39;;\r\n thestr -= 2;\r\n thetime.tm_min = atoi(thestr);\r\n *thestr = &#39;\\0&#39;;\r\n thestr -= 2;\r\n thetime.tm_hour = atoi(thestr);\r\n *thestr = &#39;\\0&#39;;\r\n thestr -= 2;\r\n thetime.tm_mday = atoi(thestr);\r\n *thestr = &#39;\\0&#39;;\r\n thestr -= 2;\r\n thetime.tm_mon = atoi(thestr)-1;\r\n *thestr = &#39;\\0&#39;;\r\n thestr -= 2;\r\n thetime.tm_year = atoi(thestr);\r\n\r\n The problem with this code is that ASN1 strings can contain NUL\r\n bytes, while the parser is not binary safe. This means if a\r\n timestamp string inside a x509 certificate contains a NUL byte\r\n at e.g. position 13 the estrdup() will only allocate 14 bytes\r\n for a copy of the string, but the parser will attempt to write\r\n five NUL bytes to memory addressed by the ASN1 length of the\r\n string. If the real string length is longer than 16 bytes this\r\n will result in writes of NUL bytes outside of the allocated\r\n buffer.\r\n \r\n Because of PHP&#39;s deterministic heap memory layout that can be\r\n controlled a lot by sending e.g. POST variables and using\r\n duplicate variable names to poke memory holes this vulnerability\r\n must be considered exploitable. However the actual exploit will\r\n depend a lot on how the PHP application uses openssl_x509_parse()\r\n and a lot of other factors.\r\n\r\n Depending on which of the actual use cases the function is used\r\n for by an application, an attacker can trigger the memory\r\n corruption with a self-signed certificate. An example for this\r\n is the public analyse.php x509 cert debugging script provided\r\n by CACert on their webserver.\r\n \r\n Other applications like Wordpress use openssl_x509_parse() to\r\n further verify SSL certificates whenever Wordpress connects to\r\n a HTTPS URL (in case ext/curl is not loaded which is the default\r\n for several linux distributions). Because the parsing only\r\n happens after the initial SSL connection is established this\r\n can only be abused by attackers controlling a malicious trusted\r\n cert. However recent disclosures of alleged NSA capabilities,\r\n the French incident and disclosures about fully compromised\r\n trusted CAs in the past years have shown that this capability\r\n might be in the reach of malicious attackers.\r\n\r\n\r\nProof of Concept:\r\n\r\n The following x509 certificate demonstrates the out of bounds write:\r\n \r\n -----BEGIN CERTIFICATE-----\r\n MIIEpDCCA4ygAwIBAgIJAJzu8r6u6eBcMA0GCSqGSIb3DQEBBQUAMIHDMQswCQYD\r\n VQQGEwJERTEcMBoGA1UECAwTTm9yZHJoZWluLVdlc3RmYWxlbjEQMA4GA1UEBwwH\r\n S8ODwrZsbjEUMBIGA1UECgwLU2VrdGlvbkVpbnMxHzAdBgNVBAsMFk1hbGljaW91\r\n cyBDZXJ0IFNlY3Rpb24xITAfBgNVBAMMGG1hbGljaW91cy5zZWt0aW9uZWlucy5k\r\n ZTEqMCgGCSqGSIb3DQEJARYbc3RlZmFuLmVzc2VyQHNla3Rpb25laW5zLmRlMHUY\r\n ZDE5NzAwMTAxMDAwMDAwWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\n AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\n AAAAAAAXDTE0MTEyODExMzkzNVowgcMxCzAJBgNVBAYTAkRFMRwwGgYDVQQIDBNO\r\n b3JkcmhlaW4tV2VzdGZhbGVuMRAwDgYDVQQHDAdLw4PCtmxuMRQwEgYDVQQKDAtT\r\n ZWt0aW9uRWluczEfMB0GA1UECwwWTWFsaWNpb3VzIENlcnQgU2VjdGlvbjEhMB8G\r\n A1UEAwwYbWFsaWNpb3VzLnNla3Rpb25laW5zLmRlMSowKAYJKoZIhvcNAQkBFhtz\r\n dGVmYW4uZXNzZXJAc2VrdGlvbmVpbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB\r\n DwAwggEKAoIBAQDDAf3hl7JY0XcFniyEJpSSDqn0OqBr6QP65usJPRt/8PaDoqBu\r\n wEYT/Na+6fsgPjC0uK9DZgWg2tHWWoanSblAMoz5PH6Z+S4SHRZ7e2dDIjPjdhjh\r\n 0mLg2UMO5yp0V797Ggs9lNt6JRfH81MN2obXWs4NtztLMuD6egqpr8dDbr34aOs8\r\n pkdui5UawTZksy5pLPHq5cMhFGm06v65CLo0V2Pd9+KAokPrPcN5KLKebz7mLpk6\r\n SMeEXOKP4idEqxyQ7O7fBuHMedsQhu+prY3si3BUyKfQtP5CZnX2bp0wKHxX12DX\r\n 1nfFIt9DbGvHTcyOuN+nZLPBm3vWxntyIIvVAgMBAAGjQjBAMAkGA1UdEwQCMAAw\r\n EQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEF\r\n BQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAG0fZYYCTbdj1XYc+1SnoaPR+vI8C8CaD\r\n 8+0UYhdnyU4gga0BAcDrY9e94eEAu6ZqycF6FjLqXXdAboppWocr6T6GD1x33Ckl\r\n VArzG/KxQohGD2JeqkhIMlDomxHO7ka39+Oa8i2vWLVyjU8AZvWMAruHa4EENyG7\r\n lW2AagaFKFCr9TnXTfrdxGVEbv7KVQ6bdhg5p5SjpWH1+Mq03uR3ZXPBYdyV8319\r\n o0lVj1KFI2DCL/liWisJRoof+1cR35Ctd0wYBcpB6TZslMcOPl76dwKwJgeJo2Qg\r\n Zsfmc2vC1/qOlNuNq/0TzzkVGv8ETT3CgaU+UXe4XOVvkccebJn2dg==\r\n -----END CERTIFICATE-----\r\n\r\n\r\nDisclosure Timeline: \r\n\r\n 01. December 2013 - Notified security@php.net\r\n Provided description, POC cert, demo\r\n valgrind output and patch\r\n 02. December 2013 - security@php.net acknowledges and\r\n says thank you for report and patch\r\n 02. December 2013 - security@php.net announces that planned\r\n release date is 12th December\r\n 03. December 2013 - Notification from RedHat Security that\r\n CVE-2013-6420 was assigned to this issue\r\n 09. December 2013 - RedHat Security tells php.net that they\r\n should commit the fix silently and add\r\n info about it only after release\r\n They further tell php.net to tell us to\r\n not discuss the vulnerability in public\r\n prior to patches being available\r\n 10. December 2013 - security@php.net fixes the vulnerability\r\n openly and does not attempt to hide that\r\n the commit is a security fix as RedHat\r\n Security suggested\r\n 11. December 2013 - RedHat Security Announces that they now\r\n consider this vulnerability public and\r\n sends out their own patches with big\r\n announcement one day before php.net is\r\n ready to release their own fixes\r\n 12. December 2013 - security@php.net pushes PHP updates to\r\n the PHP 5.3, PHP 5.3 and PHP 5.5 branches\r\n to the mirros as was previously agreed upon\r\n 13. December 2013 - New PHP releases are announce on php.net\r\n 13. December 2013 - Public Disclosure of this advisory\r\n\r\n\r\nRecommendation:\r\n\r\n It is recommended to upgrade to the latest version of PHP\r\n which also fixes additional non security problems reported\r\n by third parties.\r\n\r\n Grab your copy at:\r\n http://www.php.net/get/php-5.5.7.tar.bz2/from/a/mirror\r\n\r\n\r\nCVE Information:\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\n assigned the name CVE-2013-6420 to this vulnerability.\r\n\r\n\r\nGPG-Key:\r\n\r\n pub 4096R/D6A3FE46 2013-11-06 Stefan Esser\r\n Key fingerprint = 0A04 AB88 90D2 E67C 3D3D 86E1 AA39 B97F D6A3 FE46\r\n\r\n\r\nCopyright 2013 SektionEins GmbH. All rights reserved.\n ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-83792"}, {"lastseen": "2017-11-19T17:39:28", "description": "BUGTRAQ ID: 64225\r\nCVE(CAN) ID: CVE-2013-6420\r\n\r\nPHP 5.3.27\u4e4b\u524d\u7248\u672c\u30015.4.22\u4e4b\u524d\u7248\u672c\u30015.5.6\u4e4b\u524d\u7248\u672c\u89e3\u6790x.509\u8bc1\u4e66\u65f6\uff0c&quot;asn1_time_to_time_t()&quot;\u51fd\u6570(ext/openssl/openssl.c)\u51fa\u9519\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u7279\u5236\u7684x.509\u8bc1\u4e66\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u7834\u574f\u5185\u5b58\u3002\n0\nPHP PHP 5.5.x\r\nPHP PHP 5.4.x\r\nPHP PHP 5.3.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPHP\r\n---\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.php.net\r\n\r\nhttp://www.php.net/downloads.php\r\nhttp://git.php.net/?p=php-src.git;a=commitdiff;h=c1224573c773b6845e83505f717fbf820fc18415 \r\nhttp://git.php.net/?p=php-src.git;a=blobdiff;f=NEWS;h=8abf65e05b0298a6f2dba9439c9513919234766f;hp=70461d97d85c65e01e739514923303b09257f65f;hb=c1224573c773b6845e83505f717fbf820fc18415;hpb=32873cd0ddea7df8062213bb025beb6fb070e59d", "published": "2013-12-18T00:00:00", "type": "seebug", "title": "PHP OpenSSL Extension 'openssl_x509_parse()'\u5185\u5b58\u7834\u574f\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-6420"], "modified": "2013-12-18T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61173", "id": "SSV:61173", "sourceData": "\n Proof of Concept:\r\n \r\n The following x509 certificate demonstrates the out of bounds write:\r\n \r\n -----BEGIN CERTIFICATE-----\r\n MIIEpDCCA4ygAwIBAgIJAJzu8r6u6eBcMA0GCSqGSIb3DQEBBQUAMIHDMQswCQYD\r\n VQQGEwJERTEcMBoGA1UECAwTTm9yZHJoZWluLVdlc3RmYWxlbjEQMA4GA1UEBwwH\r\n S8ODwrZsbjEUMBIGA1UECgwLU2VrdGlvbkVpbnMxHzAdBgNVBAsMFk1hbGljaW91\r\n cyBDZXJ0IFNlY3Rpb24xITAfBgNVBAMMGG1hbGljaW91cy5zZWt0aW9uZWlucy5k\r\n ZTEqMCgGCSqGSIb3DQEJARYbc3RlZmFuLmVzc2VyQHNla3Rpb25laW5zLmRlMHUY\r\n ZDE5NzAwMTAxMDAwMDAwWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\n AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\n AAAAAAAXDTE0MTEyODExMzkzNVowgcMxCzAJBgNVBAYTAkRFMRwwGgYDVQQIDBNO\r\n b3JkcmhlaW4tV2VzdGZhbGVuMRAwDgYDVQQHDAdLw4PCtmxuMRQwEgYDVQQKDAtT\r\n ZWt0aW9uRWluczEfMB0GA1UECwwWTWFsaWNpb3VzIENlcnQgU2VjdGlvbjEhMB8G\r\n A1UEAwwYbWFsaWNpb3VzLnNla3Rpb25laW5zLmRlMSowKAYJKoZIhvcNAQkBFhtz\r\n dGVmYW4uZXNzZXJAc2VrdGlvbmVpbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB\r\n DwAwggEKAoIBAQDDAf3hl7JY0XcFniyEJpSSDqn0OqBr6QP65usJPRt/8PaDoqBu\r\n wEYT/Na+6fsgPjC0uK9DZgWg2tHWWoanSblAMoz5PH6Z+S4SHRZ7e2dDIjPjdhjh\r\n 0mLg2UMO5yp0V797Ggs9lNt6JRfH81MN2obXWs4NtztLMuD6egqpr8dDbr34aOs8\r\n pkdui5UawTZksy5pLPHq5cMhFGm06v65CLo0V2Pd9+KAokPrPcN5KLKebz7mLpk6\r\n SMeEXOKP4idEqxyQ7O7fBuHMedsQhu+prY3si3BUyKfQtP5CZnX2bp0wKHxX12DX\r\n 1nfFIt9DbGvHTcyOuN+nZLPBm3vWxntyIIvVAgMBAAGjQjBAMAkGA1UdEwQCMAAw\r\n EQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEF\r\n BQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAG0fZYYCTbdj1XYc+1SnoaPR+vI8C8CaD\r\n 8+0UYhdnyU4gga0BAcDrY9e94eEAu6ZqycF6FjLqXXdAboppWocr6T6GD1x33Ckl\r\n VArzG/KxQohGD2JeqkhIMlDomxHO7ka39+Oa8i2vWLVyjU8AZvWMAruHa4EENyG7\r\n lW2AagaFKFCr9TnXTfrdxGVEbv7KVQ6bdhg5p5SjpWH1+Mq03uR3ZXPBYdyV8319\r\n o0lVj1KFI2DCL/liWisJRoof+1cR35Ctd0wYBcpB6TZslMcOPl76dwKwJgeJo2Qg\r\n Zsfmc2vC1/qOlNuNq/0TzzkVGv8ETT3CgaU+UXe4XOVvkccebJn2dg==\r\n -----END CERTIFICATE-----\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-61173", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-12-20T18:27:57", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420"], "description": "**CentOS Errata and Security Advisory** CESA-2013:1813\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA memory corruption flaw was found in the way the openssl_x509_parse()\nfunction of the PHP openssl extension parsed X.509 certificates. A remote\nattacker could use this flaw to provide a malicious self-signed certificate\nor a certificate signed by a trusted authority to a PHP application using\nthe aforementioned function, causing the application to crash or, possibly,\nallow the attacker to execute arbitrary code with the privileges of the\nuser running the PHP interpreter. (CVE-2013-6420)\n\nRed Hat would like to thank the PHP project for reporting this issue.\nUpstream acknowledges Stefan Esser as the original reporter of this issue.\n\nAll php53 and php users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After installing\nthe updated packages, the httpd daemon must be restarted for the update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-December/032099.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-December/032101.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-embedded\nphp-enchant\nphp-fpm\nphp-gd\nphp-imap\nphp-intl\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-process\nphp-pspell\nphp-recode\nphp-snmp\nphp-soap\nphp-tidy\nphp-xml\nphp-xmlrpc\nphp-zts\nphp53\nphp53-bcmath\nphp53-cli\nphp53-common\nphp53-dba\nphp53-devel\nphp53-gd\nphp53-imap\nphp53-intl\nphp53-ldap\nphp53-mbstring\nphp53-mysql\nphp53-odbc\nphp53-pdo\nphp53-pgsql\nphp53-process\nphp53-pspell\nphp53-snmp\nphp53-soap\nphp53-xml\nphp53-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1813.html", "edition": 3, "modified": "2013-12-11T09:54:26", "published": "2013-12-11T09:25:38", "href": "http://lists.centos.org/pipermail/centos-announce/2013-December/032099.html", "id": "CESA-2013:1813", "title": "php, php53 security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:27:24", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1643", "CVE-2012-2688", "CVE-2011-1398", "CVE-2013-6420"], "description": "**CentOS Errata and Security Advisory** CESA-2013:1814\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA memory corruption flaw was found in the way the openssl_x509_parse()\nfunction of the PHP openssl extension parsed X.509 certificates. A remote\nattacker could use this flaw to provide a malicious self-signed certificate\nor a certificate signed by a trusted authority to a PHP application using\nthe aforementioned function, causing the application to crash or, possibly,\nallow the attacker to execute arbitrary code with the privileges of the\nuser running the PHP interpreter. (CVE-2013-6420)\n\nIt was found that PHP did not check for carriage returns in HTTP headers,\nallowing intended HTTP response splitting protections to be bypassed.\nDepending on the web browser the victim is using, a remote attacker could\nuse this flaw to perform HTTP response splitting attacks. (CVE-2011-1398)\n\nAn integer signedness issue, leading to a heap-based buffer underflow, was\nfound in the PHP scandir() function. If a remote attacker could upload an\nexcessively large number of files to a directory the scandir() function\nruns on, it could cause the PHP interpreter to crash or, possibly, execute\narbitrary code. (CVE-2012-2688)\n\nIt was found that the PHP SOAP parser allowed the expansion of external XML\nentities during SOAP message parsing. A remote attacker could possibly use\nthis flaw to read arbitrary files that are accessible to a PHP application\nusing a SOAP extension. (CVE-2013-1643)\n\nRed Hat would like to thank the PHP project for reporting CVE-2013-6420.\nUpstream acknowledges Stefan Esser as the original reporter.\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-December/032100.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-gd\nphp-imap\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-ncurses\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-snmp\nphp-soap\nphp-xml\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1814.html", "edition": 3, "modified": "2013-12-11T09:34:01", "published": "2013-12-11T09:34:01", "href": "http://lists.centos.org/pipermail/centos-announce/2013-December/032100.html", "id": "CESA-2013:1814", "title": "php security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "hackerone": [{"lastseen": "2018-08-31T00:39:12", "bulletinFamily": "bugbounty", "bounty": 4000.0, "cvelist": ["CVE-2013-6420"], "description": "#Overview:\n\nQuote from http://www.php.net\n> \"PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.\"\n\nThe PHP function openssl_x509_parse() uses a helper function called asn1_time_to_time_t() to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes outside of an allocated buffer.\n\nThis problem can be triggered by x509 certificates that contain NUL bytes in their notBefore and notAfter timestamp fields and leads to a memory corruption that might result in arbitrary code execution.\n\nDepending on how openssl_x509_parse() is used within a PHP application the attack requires either a malicious cert signed by a compromised/malicious CA or can be carried out with a self-signed cert.\n\n#Details:\n\nThe PHP function openssl_x509_parse() is used by PHP applications to parse additional information out of x509 certificates, usually to harden SSL encrypted communication channels against MITM attacks. In the wild we have seen the following use cases for this function:\n\n * output certificate debugging information\n (e.g. cacert.org/analyse.php)\n * webmail application with SMIME support\n * client certificate handling\n * certificate pinning\n * verification of other certificate properties\n (e.g. a default Wordpress install if ext/curl is not loaded)\n\nWhen we backported security fixes for some previous security vulnerabilities in PHP's openssl to PHP 4.4.9 as part of our PHP security backport services that we provide to customers, we performed a quick audit of openssl_x509_parse() and all the functions it calls, which led to the discovery of a memory corruption vulnerability.\n\nWithin the function openssl_x509_parse() the helper function asn1_time_to_time_t() is called two times to parse the notBefore and notAfter ASN1 string timestamps from the cert into integer time_t values as you can see below:\n\n```\nadd_assoc_long(return_value, \"validFrom_time_t\", asn1_time_to_time_t(X509_get_notBefore(cert) TSRMLS_CC));\nadd_assoc_long(return_value, \"validTo_time_t\", asn1_time_to_time_t(X509_get_notAfter(cert) TSRMLS_CC));\n```\n\nWhen you take a look into this helper function you will see that it only contains a quickly hacked parser that was never really improved since its introduction in PHP 4.0.6. The author of this parser was even aware of its hackishness as you can see from the error message contained in the code:\n\n```\nstatic time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */ {\n /*\n This is how the time string is formatted:\n snprintf(p, sizeof(p), \"%02d%02d%02d%02d%02d%02dZ\",ts->tm_year%100, ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);\n */\n\n time_t ret;\n struct tm thetime;\n char * strbuf;\n char * thestr;\n long gmadjust = 0;\n\n if (timestr->length < 13) {\n php_error_docref(NULL TSRMLS_CC, E_WARNING, \"extension author too lazy to parse %s correctly\", timestr->data);\n return (time_t)-1;\n }\n```\n\nHowever the actual problem of the code should become obvious when you read the rest of the parsing code that attempts to first duplicate the timestamp string and then parses the timestamp by going through the copy in reverse order and writing five NUL bytes into the duplicated string.\n\n```\nstrbuf = estrdup((char *)timestr->data);\n\nmemset(&thetime, 0, sizeof(thetime));\n\n/* we work backwards so that we can use atoi more easily */\n\nthestr = strbuf + timestr->length - 3;\n\nthetime.tm_sec = atoi(thestr);\n*thestr = '\\0';\nthestr -= 2;\nthetime.tm_min = atoi(thestr);\n*thestr = '\\0';\nthestr -= 2;\nthetime.tm_hour = atoi(thestr);\n*thestr = '\\0';\nthestr -= 2;\nthetime.tm_mday = atoi(thestr);\n*thestr = '\\0';\nthestr -= 2;\nthetime.tm_mon = atoi(thestr)-1;\n*thestr = '\\0';\nthestr -= 2;\nthetime.tm_year = atoi(thestr);\n```\n\nThe problem with this code is that ASN1 strings can contain NUL bytes, while the parser is not binary safe. This means if a timestamp string inside a x509 certificate contains a NUL byte at e.g. position 13 the estrdup() will only allocate 14 bytes for a copy of the string, but the parser will attempt to write five NUL bytes to memory addressed by the ASN1 length of the string. If the real string length is longer than 16 bytes this will result in writes of NUL bytes outside of the allocated buffer.\n\nBecause of PHP's deterministic heap memory layout that can be controlled a lot by sending e.g. POST variables and using duplicate variable names to poke memory holes this vulnerability must be considered exploitable. However the actual exploit will depend a lot on how the PHP application uses openssl_x509_parse() and a lot of other factors.\n\nDepending on which of the actual use cases the function is used for by an application, an attacker can trigger the memory corruption with a self-signed certificate. An example for this is the public analyse.php x509 cert debugging script provided by CACert on their webserver.\n\nOther applications like Wordpress use openssl_x509_parse() to further verify SSL certificates whenever Wordpress connects to a HTTPS URL (in case ext/curl is not loaded which is the default for several linux distributions). Because the parsing only happens after the initial SSL connection is established this can only be abused by attackers controlling a malicious trusted cert. However recent disclosures of alleged NSA capabilities, the French incident and disclosures about fully compromised trusted CAs in the past years have shown that this capability might be in the reach of malicious attackers.\n\n#Proof of Concept:\n\nThe following x509 certificate demonstrates the out of bounds write:\n\n```\n-----BEGIN CERTIFICATE-----\nMIIEpDCCA4ygAwIBAgIJAJzu8r6u6eBcMA0GCSqGSIb3DQEBBQUAMIHDMQswCQYD\nVQQGEwJERTEcMBoGA1UECAwTTm9yZHJoZWluLVdlc3RmYWxlbjEQMA4GA1UEBwwH\nS8ODwrZsbjEUMBIGA1UECgwLU2VrdGlvbkVpbnMxHzAdBgNVBAsMFk1hbGljaW91\ncyBDZXJ0IFNlY3Rpb24xITAfBgNVBAMMGG1hbGljaW91cy5zZWt0aW9uZWlucy5k\nZTEqMCgGCSqGSIb3DQEJARYbc3RlZmFuLmVzc2VyQHNla3Rpb25laW5zLmRlMHUY\nZDE5NzAwMTAxMDAwMDAwWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAXDTE0MTEyODExMzkzNVowgcMxCzAJBgNVBAYTAkRFMRwwGgYDVQQIDBNO\nb3JkcmhlaW4tV2VzdGZhbGVuMRAwDgYDVQQHDAdLw4PCtmxuMRQwEgYDVQQKDAtT\nZWt0aW9uRWluczEfMB0GA1UECwwWTWFsaWNpb3VzIENlcnQgU2VjdGlvbjEhMB8G\nA1UEAwwYbWFsaWNpb3VzLnNla3Rpb25laW5zLmRlMSowKAYJKoZIhvcNAQkBFhtz\ndGVmYW4uZXNzZXJAc2VrdGlvbmVpbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB\nDwAwggEKAoIBAQDDAf3hl7JY0XcFniyEJpSSDqn0OqBr6QP65usJPRt/8PaDoqBu\nwEYT/Na+6fsgPjC0uK9DZgWg2tHWWoanSblAMoz5PH6Z+S4SHRZ7e2dDIjPjdhjh\n0mLg2UMO5yp0V797Ggs9lNt6JRfH81MN2obXWs4NtztLMuD6egqpr8dDbr34aOs8\npkdui5UawTZksy5pLPHq5cMhFGm06v65CLo0V2Pd9+KAokPrPcN5KLKebz7mLpk6\nSMeEXOKP4idEqxyQ7O7fBuHMedsQhu+prY3si3BUyKfQtP5CZnX2bp0wKHxX12DX\n1nfFIt9DbGvHTcyOuN+nZLPBm3vWxntyIIvVAgMBAAGjQjBAMAkGA1UdEwQCMAAw\nEQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEF\nBQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAG0fZYYCTbdj1XYc+1SnoaPR+vI8C8CaD\n8+0UYhdnyU4gga0BAcDrY9e94eEAu6ZqycF6FjLqXXdAboppWocr6T6GD1x33Ckl\nVArzG/KxQohGD2JeqkhIMlDomxHO7ka39+Oa8i2vWLVyjU8AZvWMAruHa4EENyG7\nlW2AagaFKFCr9TnXTfrdxGVEbv7KVQ6bdhg5p5SjpWH1+Mq03uR3ZXPBYdyV8319\no0lVj1KFI2DCL/liWisJRoof+1cR35Ctd0wYBcpB6TZslMcOPl76dwKwJgeJo2Qg\nZsfmc2vC1/qOlNuNq/0TzzkVGv8ETT3CgaU+UXe4XOVvkccebJn2dg==\n-----END CERTIFICATE-----\n```\n\nFull Advisory: [http://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html](http://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html)\n", "modified": "2013-12-13T00:00:00", "published": "2013-11-30T23:00:00", "id": "H1:523", "href": "https://hackerone.com/reports/523", "type": "hackerone", "title": "PHP (IBB): PHP openssl_x509_parse() Memory Corruption Vulnerability", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:44:57", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA memory corruption flaw was found in the way the openssl_x509_parse()\nfunction of the PHP openssl extension parsed X.509 certificates. A remote\nattacker could use this flaw to provide a malicious self-signed certificate\nor a certificate signed by a trusted authority to a PHP application using\nthe aforementioned function, causing the application to crash or, possibly,\nallow the attacker to execute arbitrary code with the privileges of the\nuser running the PHP interpreter. (CVE-2013-6420)\n\nRed Hat would like to thank the PHP project for reporting this issue.\nUpstream acknowledges Stefan Esser as the original reporter of this issue.\n\nAll php users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "modified": "2018-06-13T01:28:20", "published": "2013-12-11T05:00:00", "id": "RHSA-2013:1815", "href": "https://access.redhat.com/errata/RHSA-2013:1815", "type": "redhat", "title": "(RHSA-2013:1815) Critical: php security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:45", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA memory corruption flaw was found in the way the openssl_x509_parse()\nfunction of the PHP openssl extension parsed X.509 certificates. A remote\nattacker could use this flaw to provide a malicious self-signed certificate\nor a certificate signed by a trusted authority to a PHP application using\nthe aforementioned function, causing the application to crash or, possibly,\nallow the attacker to execute arbitrary code with the privileges of the\nuser running the PHP interpreter. (CVE-2013-6420)\n\nRed Hat would like to thank the PHP project for reporting this issue.\nUpstream acknowledges Stefan Esser as the original reporter of this issue.\n\nAll php53 and php users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After installing\nthe updated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "modified": "2018-06-06T20:24:28", "published": "2013-12-11T05:00:00", "id": "RHSA-2013:1813", "href": "https://access.redhat.com/errata/RHSA-2013:1813", "type": "redhat", "title": "(RHSA-2013:1813) Critical: php53 and php security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:10", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA memory corruption flaw was found in the way the openssl_x509_parse()\nfunction of the PHP openssl extension parsed X.509 certificates. A remote\nattacker could use this flaw to provide a malicious self-signed certificate\nor a certificate signed by a trusted authority to a PHP application using\nthe aforementioned function, causing the application to crash or, possibly,\nallow the attacker to execute arbitrary code with the privileges of the\nuser running the PHP interpreter. (CVE-2013-6420)\n\nRed Hat would like to thank the PHP project for reporting this issue.\nUpstream acknowledges Stefan Esser as the original reporter of this issue.\n\nAll php53 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "modified": "2017-09-08T12:06:28", "published": "2013-12-11T05:00:00", "id": "RHSA-2013:1825", "href": "https://access.redhat.com/errata/RHSA-2013:1825", "type": "redhat", "title": "(RHSA-2013:1825) Critical: php53 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:44", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA memory corruption flaw was found in the way the openssl_x509_parse()\nfunction of the PHP openssl extension parsed X.509 certificates. A remote\nattacker could use this flaw to provide a malicious self-signed certificate\nor a certificate signed by a trusted authority to a PHP application using\nthe aforementioned function, causing the application to crash or, possibly,\nallow the attacker to execute arbitrary code with the privileges of the\nuser running the PHP interpreter. (CVE-2013-6420)\n\nRed Hat would like to thank the PHP project for reporting this issue.\nUpstream acknowledges Stefan Esser as the original reporter of this issue.\n\nAll php users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "modified": "2017-09-08T12:17:29", "published": "2013-12-11T05:00:00", "id": "RHSA-2013:1824", "href": "https://access.redhat.com/errata/RHSA-2013:1824", "type": "redhat", "title": "(RHSA-2013:1824) Critical: php security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:54", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA memory corruption flaw was found in the way the openssl_x509_parse()\nfunction of the PHP openssl extension parsed X.509 certificates. A remote\nattacker could use this flaw to provide a malicious self-signed certificate\nor a certificate signed by a trusted authority to a PHP application using\nthe aforementioned function, causing the application to crash or, possibly,\nallow the attacker to execute arbitrary code with the privileges of the\nuser running the PHP interpreter. (CVE-2013-6420)\n\nRed Hat would like to thank the PHP project for reporting this issue.\nUpstream acknowledges Stefan Esser as the original reporter of this issue.\n\nAll php users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "modified": "2017-09-08T12:06:35", "published": "2013-12-12T05:00:00", "id": "RHSA-2013:1826", "href": "https://access.redhat.com/errata/RHSA-2013:1826", "type": "redhat", "title": "(RHSA-2013:1826) Critical: php security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2013-12-20T02:06:02", "published": "2013-12-20T02:06:02", "id": "FEDORA:D448924A6B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: php-5.5.7-1.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420", "CVE-2014-0185"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2014-05-06T03:27:27", "published": "2014-05-06T03:27:27", "id": "FEDORA:92E93228C5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: php-5.5.12-1.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420", "CVE-2013-7345"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2014-04-15T15:57:56", "published": "2014-04-15T15:57:56", "id": "FEDORA:A66B9227B3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: php-5.5.11-1.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420", "CVE-2014-0185", "CVE-2015-2331"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2015-03-31T21:37:50", "published": "2015-03-31T21:37:50", "id": "FEDORA:70291601FBF4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: php-5.5.23-1.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420", "CVE-2014-0185", "CVE-2014-8142"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2014-12-29T10:03:10", "published": "2014-12-29T10:03:10", "id": "FEDORA:3097D60CD874", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: php-5.5.20-2.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420", "CVE-2014-1943", "CVE-2014-2270"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2014-03-09T04:40:51", "published": "2014-03-09T04:40:51", "id": "FEDORA:4D69320F06", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: php-5.5.10-1.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420", "CVE-2014-0185", "CVE-2014-3670"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2014-10-23T06:23:25", "published": "2014-10-23T06:23:25", "id": "FEDORA:EE5BE60DC923", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: php-5.5.18-1.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2019-05-30T07:36:53", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420"], "description": "New php packages are available for Slackware 14.0, 14.1, and -current to\nfix a security issue.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/php-5.4.24-i486-1_slack14.1.txz: Upgraded.\n The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before\n 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly\n parse (1) notBefore and (2) notAfter timestamps in X.509 certificates,\n which allows remote attackers to execute arbitrary code or cause a denial\n of service (memory corruption) via a crafted certificate that is not\n properly handled by the openssl_x509_parse function.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.24-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.24-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.24-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.24-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.4.24-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.4.24-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n1c864df50286602ccb2d3efbabb9d7ec php-5.4.24-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ncc0f365855b83708c82a84ea44a4ad21 php-5.4.24-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n1091912280ef2fbe271da2aa304dba36 php-5.4.24-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n22b91ef0428a15b3124c5b4fb911b1bc php-5.4.24-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nf306c21609d14c7380295d63054d8f46 n/php-5.4.24-i486-1.txz\n\nSlackware x86_64 -current package:\n3cb4ff4fdaba44aa5ed3a946adbe9c9f n/php-5.4.24-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.4.24-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "modified": "2014-01-13T22:30:32", "published": "2014-01-13T22:30:32", "id": "SSA-2014-013-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.409445", "type": "slackware", "title": "php", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2018-02-06T09:14:07", "description": "The PHP function openssl_x509_parse() uses a helper function called asn1_time_to_time_t() to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes outside of an allocated buffer. This problem can be triggered by x509 certificates that contain NUL bytes in their notBefore and notAfter timestamp fields and leads to a memory corruption that might result in arbitrary code execution.", "edition": 2, "published": "2013-12-16T00:00:00", "type": "zdt", "title": "PHP openssl_x509_parse() Memory Corruption Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-6420"], "modified": "2013-12-16T00:00:00", "id": "1337DAY-ID-21682", "href": "https://0day.today/exploit/description/21682", "sourceData": "Advisory: PHP openssl_x509_parse() Memory Corruption Vulnerability\r\n Release Date: 2013/12/13\r\nLast Modified: 2013/12/13\r\n Author: Stefan Esser [stefan.esser[at]sektioneins.de]\r\n\r\n Application: PHP 4.0.6 - PHP 4.4.9\r\n PHP 5.0.x\r\n PHP 5.1.x\r\n PHP 5.2.x\r\n PHP 5.3.0 - PHP 5.3.27\r\n PHP 5.4.0 - PHP 5.4.22\r\n PHP 5.5.0 - PHP 5.5.6\r\n Severity: PHP applications using openssl_x509_parse() to parse a\r\n malicious x509 certificate might trigger a memory\r\n corruption that might result in arbitrary code execution\r\n Risk: Critical\r\nVendor Status: Vendor has released PHP 5.5.7, PHP 5.4.23 and PHP 5.3.28\r\n that contain a fix for this vulnerability\r\n Reference:\r\nhttp://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html\r\n\r\nOverview:\r\n\r\n Quote from http://www.php.net\r\n \"PHP is a widely-used general-purpose scripting language that\r\n is especially suited for Web development and can be embedded\r\n into HTML.\"\r\n\r\n The PHP function openssl_x509_parse() uses a helper function\r\n called asn1_time_to_time_t() to convert timestamps from ASN1\r\n string format into integer timestamp values. The parser within\r\n this helper function is not binary safe and can therefore be\r\n tricked to write up to five NUL bytes outside of an allocated\r\n buffer.\r\n \r\n This problem can be triggered by x509 certificates that contain\r\n NUL bytes in their notBefore and notAfter timestamp fields and\r\n leads to a memory corruption that might result in arbitrary\r\n code execution.\r\n \r\n Depending on how openssl_x509_parse() is used within a PHP\r\n application the attack requires either a malicious cert signed\r\n by a compromised/malicious CA or can be carried out with a\r\n self-signed cert.\r\n\r\nDetails:\r\n\r\n The PHP function openssl_x509_parse() is used by PHP applications\r\n to parse additional information out of x509 certificates, usually\r\n to harden SSL encrypted communication channels against MITM\r\n attacks. In the wild we have seen the following use cases for this\r\n function:\r\n \r\n * output certificate debugging information\r\n (e.g. cacert.org/analyse.php)\r\n * webmail application with SMIME support\r\n * client certificate handling\r\n * certificate pinning\r\n * verification of other certificate properties\r\n (e.g. a default Wordpress install if ext/curl is not loaded)\r\n \r\n When we backported security fixes for some previous security\r\n vulnerabilities in PHP's openssl to PHP 4.4.9 as part of our\r\n PHP security backport services that we provide to customers,\r\n we performed a quick audit of openssl_x509_parse() and all the\r\n functions it calls, which led to the discovery of a memory\r\n corruption vulnerability.\r\n \r\n Within the function openssl_x509_parse() the helper function\r\n asn1_time_to_time_t() is called two times to parse the\r\n notBefore and notAfter ASN1 string timestamps from the cert\r\n into integer time_t values as you can see below:\r\n \r\n add_assoc_long(return_value, \"validFrom_time_t\",\r\nasn1_time_to_time_t(X509_get_notBefore(cert) TSRMLS_CC));\r\n add_assoc_long(return_value, \"validTo_time_t\",\r\nasn1_time_to_time_t(X509_get_notAfter(cert) TSRMLS_CC));\r\n \r\n When you take a look into this helper function you will see\r\n that it only contains a quickly hacked parser that was never\r\n really improved since its introduction in PHP 4.0.6. The author\r\n of this parser was even aware of its hackishness as you can see\r\n from the error message contained in the code:\r\n \r\n static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /*\r\n{{{ */\r\n {\r\n /*\r\n This is how the time string is formatted:\r\n snprintf(p, sizeof(p), \"%02d%02d%02d%02d%02d%02dZ\",ts->tm_year%100,\r\n ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);\r\n */\r\n\r\n time_t ret;\r\n struct tm thetime;\r\n char * strbuf;\r\n char * thestr;\r\n long gmadjust = 0;\r\n\r\n if (timestr->length < 13) {\r\n php_error_docref(NULL TSRMLS_CC, E_WARNING, \"extension author\r\ntoo lazy to parse %s correctly\", timestr->data);\r\n return (time_t)-1;\r\n }\r\n\r\n However the actual problem of the code should become obvious when\r\n you read the rest of the parsing code that attempts to first\r\n duplicate the timestamp string and then parses the timestamp by\r\n going through the copy in reverse order and writing five NUL bytes\r\n into the duplicated string.\r\n\r\n strbuf = estrdup((char *)timestr->data);\r\n\r\n memset(&thetime, 0, sizeof(thetime));\r\n\r\n /* we work backwards so that we can use atoi more easily */\r\n\r\n thestr = strbuf + timestr->length - 3;\r\n\r\n thetime.tm_sec = atoi(thestr);\r\n *thestr = '\\0';\r\n thestr -= 2;\r\n thetime.tm_min = atoi(thestr);\r\n *thestr = '\\0';\r\n thestr -= 2;\r\n thetime.tm_hour = atoi(thestr);\r\n *thestr = '\\0';\r\n thestr -= 2;\r\n thetime.tm_mday = atoi(thestr);\r\n *thestr = '\\0';\r\n thestr -= 2;\r\n thetime.tm_mon = atoi(thestr)-1;\r\n *thestr = '\\0';\r\n thestr -= 2;\r\n thetime.tm_year = atoi(thestr);\r\n\r\n The problem with this code is that ASN1 strings can contain NUL\r\n bytes, while the parser is not binary safe. This means if a\r\n timestamp string inside a x509 certificate contains a NUL byte\r\n at e.g. position 13 the estrdup() will only allocate 14 bytes\r\n for a copy of the string, but the parser will attempt to write\r\n five NUL bytes to memory addressed by the ASN1 length of the\r\n string. If the real string length is longer than 16 bytes this\r\n will result in writes of NUL bytes outside of the allocated\r\n buffer.\r\n \r\n Because of PHP's deterministic heap memory layout that can be\r\n controlled a lot by sending e.g. POST variables and using\r\n duplicate variable names to poke memory holes this vulnerability\r\n must be considered exploitable. However the actual exploit will\r\n depend a lot on how the PHP application uses openssl_x509_parse()\r\n and a lot of other factors.\r\n\r\n Depending on which of the actual use cases the function is used\r\n for by an application, an attacker can trigger the memory\r\n corruption with a self-signed certificate. An example for this\r\n is the public analyse.php x509 cert debugging script provided\r\n by CACert on their webserver.\r\n \r\n Other applications like Wordpress use openssl_x509_parse() to\r\n further verify SSL certificates whenever Wordpress connects to\r\n a HTTPS URL (in case ext/curl is not loaded which is the default\r\n for several linux distributions). Because the parsing only\r\n happens after the initial SSL connection is established this\r\n can only be abused by attackers controlling a malicious trusted\r\n cert. However recent disclosures of alleged NSA capabilities,\r\n the French incident and disclosures about fully compromised\r\n trusted CAs in the past years have shown that this capability\r\n might be in the reach of malicious attackers.\n\n# 0day.today [2018-02-06] #", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/21682"}, {"lastseen": "2018-04-14T23:49:37", "edition": 2, "description": "Exploit for php platform in category dos / poc", "published": "2013-12-17T00:00:00", "type": "zdt", "title": "PHP openssl_x509_parse() Memory Corruption Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-6420"], "modified": "2013-12-17T00:00:00", "id": "1337DAY-ID-21694", "href": "https://0day.today/exploit/description/21694", "sourceData": "Overview:\r\n \r\n Quote from http://www.php.net\r\n \"PHP is a widely-used general-purpose scripting language that\r\n is especially suited for Web development and can be embedded\r\n into HTML.\"\r\n \r\n The PHP function openssl_x509_parse() uses a helper function\r\n called asn1_time_to_time_t() to convert timestamps from ASN1\r\n string format into integer timestamp values. The parser within\r\n this helper function is not binary safe and can therefore be\r\n tricked to write up to five NUL bytes outside of an allocated\r\n buffer.\r\n \r\n This problem can be triggered by x509 certificates that contain\r\n NUL bytes in their notBefore and notAfter timestamp fields and\r\n leads to a memory corruption that might result in arbitrary\r\n code execution.\r\n \r\n Depending on how openssl_x509_parse() is used within a PHP\r\n application the attack requires either a malicious cert signed\r\n by a compromised/malicious CA or can be carried out with a\r\n self-signed cert.\r\n \r\nDetails:\r\n \r\n The PHP function openssl_x509_parse() is used by PHP applications\r\n to parse additional information out of x509 certificates, usually\r\n to harden SSL encrypted communication channels against MITM\r\n attacks. In the wild we have seen the following use cases for this\r\n function:\r\n \r\n * output certificate debugging information\r\n (e.g. cacert.org/analyse.php)\r\n * webmail application with SMIME support\r\n * client certificate handling\r\n * certificate pinning\r\n * verification of other certificate properties\r\n (e.g. a default Wordpress install if ext/curl is not loaded)\r\n \r\n When we backported security fixes for some previous security\r\n vulnerabilities in PHP's openssl to PHP 4.4.9 as part of our\r\n PHP security backport services that we provide to customers,\r\n we performed a quick audit of openssl_x509_parse() and all the\r\n functions it calls, which led to the discovery of a memory\r\n corruption vulnerability.\r\n \r\n Within the function openssl_x509_parse() the helper function\r\n asn1_time_to_time_t() is called two times to parse the\r\n notBefore and notAfter ASN1 string timestamps from the cert\r\n into integer time_t values as you can see below:\r\n \r\n add_assoc_long(return_value, \"validFrom_time_t\",\r\nasn1_time_to_time_t(X509_get_notBefore(cert) TSRMLS_CC));\r\n add_assoc_long(return_value, \"validTo_time_t\",\r\nasn1_time_to_time_t(X509_get_notAfter(cert) TSRMLS_CC));\r\n \r\n When you take a look into this helper function you will see\r\n that it only contains a quickly hacked parser that was never\r\n really improved since its introduction in PHP 4.0.6. The author\r\n of this parser was even aware of its hackishness as you can see\r\n from the error message contained in the code:\r\n \r\n static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /*\r\n{{{ */\r\n {\r\n /*\r\n This is how the time string is formatted:\r\n snprintf(p, sizeof(p), \"%02d%02d%02d%02d%02d%02dZ\",ts->tm_year%100,\r\n ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);\r\n */\r\n \r\n time_t ret;\r\n struct tm thetime;\r\n char * strbuf;\r\n char * thestr;\r\n long gmadjust = 0;\r\n \r\n if (timestr->length < 13) {\r\n php_error_docref(NULL TSRMLS_CC, E_WARNING, \"extension author\r\ntoo lazy to parse %s correctly\", timestr->data);\r\n return (time_t)-1;\r\n }\r\n \r\n However the actual problem of the code should become obvious when\r\n you read the rest of the parsing code that attempts to first\r\n duplicate the timestamp string and then parses the timestamp by\r\n going through the copy in reverse order and writing five NUL bytes\r\n into the duplicated string.\r\n \r\n strbuf = estrdup((char *)timestr->data);\r\n \r\n memset(&thetime, 0, sizeof(thetime));\r\n \r\n /* we work backwards so that we can use atoi more easily */\r\n \r\n thestr = strbuf + timestr->length - 3;\r\n \r\n thetime.tm_sec = atoi(thestr);\r\n *thestr = '\\0';\r\n thestr -= 2;\r\n thetime.tm_min = atoi(thestr);\r\n *thestr = '\\0';\r\n thestr -= 2;\r\n thetime.tm_hour = atoi(thestr);\r\n *thestr = '\\0';\r\n thestr -= 2;\r\n thetime.tm_mday = atoi(thestr);\r\n *thestr = '\\0';\r\n thestr -= 2;\r\n thetime.tm_mon = atoi(thestr)-1;\r\n *thestr = '\\0';\r\n thestr -= 2;\r\n thetime.tm_year = atoi(thestr);\r\n \r\n The problem with this code is that ASN1 strings can contain NUL\r\n bytes, while the parser is not binary safe. This means if a\r\n timestamp string inside a x509 certificate contains a NUL byte\r\n at e.g. position 13 the estrdup() will only allocate 14 bytes\r\n for a copy of the string, but the parser will attempt to write\r\n five NUL bytes to memory addressed by the ASN1 length of the\r\n string. If the real string length is longer than 16 bytes this\r\n will result in writes of NUL bytes outside of the allocated\r\n buffer.\r\n \r\n Because of PHP's deterministic heap memory layout that can be\r\n controlled a lot by sending e.g. POST variables and using\r\n duplicate variable names to poke memory holes this vulnerability\r\n must be considered exploitable. However the actual exploit will\r\n depend a lot on how the PHP application uses openssl_x509_parse()\r\n and a lot of other factors.\r\n \r\n Depending on which of the actual use cases the function is used\r\n for by an application, an attacker can trigger the memory\r\n corruption with a self-signed certificate. An example for this\r\n is the public analyse.php x509 cert debugging script provided\r\n by CACert on their webserver.\r\n \r\n Other applications like Wordpress use openssl_x509_parse() to\r\n further verify SSL certificates whenever Wordpress connects to\r\n a HTTPS URL (in case ext/curl is not loaded which is the default\r\n for several linux distributions). Because the parsing only\r\n happens after the initial SSL connection is established this\r\n can only be abused by attackers controlling a malicious trusted\r\n cert. However recent disclosures of alleged NSA capabilities,\r\n the French incident and disclosures about fully compromised\r\n trusted CAs in the past years have shown that this capability\r\n might be in the reach of malicious attackers.\r\n \r\n \r\nProof of Concept:\r\n \r\n The following x509 certificate demonstrates the out of bounds write:\r\n \r\n -----BEGIN CERTIFICATE-----\r\n MIIEpDCCA4ygAwIBAgIJAJzu8r6u6eBcMA0GCSqGSIb3DQEBBQUAMIHDMQswCQYD\r\n VQQGEwJERTEcMBoGA1UECAwTTm9yZHJoZWluLVdlc3RmYWxlbjEQMA4GA1UEBwwH\r\n S8ODwrZsbjEUMBIGA1UECgwLU2VrdGlvbkVpbnMxHzAdBgNVBAsMFk1hbGljaW91\r\n cyBDZXJ0IFNlY3Rpb24xITAfBgNVBAMMGG1hbGljaW91cy5zZWt0aW9uZWlucy5k\r\n ZTEqMCgGCSqGSIb3DQEJARYbc3RlZmFuLmVzc2VyQHNla3Rpb25laW5zLmRlMHUY\r\n ZDE5NzAwMTAxMDAwMDAwWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\n AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\n AAAAAAAXDTE0MTEyODExMzkzNVowgcMxCzAJBgNVBAYTAkRFMRwwGgYDVQQIDBNO\r\n b3JkcmhlaW4tV2VzdGZhbGVuMRAwDgYDVQQHDAdLw4PCtmxuMRQwEgYDVQQKDAtT\r\n ZWt0aW9uRWluczEfMB0GA1UECwwWTWFsaWNpb3VzIENlcnQgU2VjdGlvbjEhMB8G\r\n A1UEAwwYbWFsaWNpb3VzLnNla3Rpb25laW5zLmRlMSowKAYJKoZIhvcNAQkBFhtz\r\n dGVmYW4uZXNzZXJAc2VrdGlvbmVpbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB\r\n DwAwggEKAoIBAQDDAf3hl7JY0XcFniyEJpSSDqn0OqBr6QP65usJPRt/8PaDoqBu\r\n wEYT/Na+6fsgPjC0uK9DZgWg2tHWWoanSblAMoz5PH6Z+S4SHRZ7e2dDIjPjdhjh\r\n 0mLg2UMO5yp0V797Ggs9lNt6JRfH81MN2obXWs4NtztLMuD6egqpr8dDbr34aOs8\r\n pkdui5UawTZksy5pLPHq5cMhFGm06v65CLo0V2Pd9+KAokPrPcN5KLKebz7mLpk6\r\n SMeEXOKP4idEqxyQ7O7fBuHMedsQhu+prY3si3BUyKfQtP5CZnX2bp0wKHxX12DX\r\n 1nfFIt9DbGvHTcyOuN+nZLPBm3vWxntyIIvVAgMBAAGjQjBAMAkGA1UdEwQCMAAw\r\n EQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEF\r\n BQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAG0fZYYCTbdj1XYc+1SnoaPR+vI8C8CaD\r\n 8+0UYhdnyU4gga0BAcDrY9e94eEAu6ZqycF6FjLqXXdAboppWocr6T6GD1x33Ckl\r\n VArzG/KxQohGD2JeqkhIMlDomxHO7ka39+Oa8i2vWLVyjU8AZvWMAruHa4EENyG7\r\n lW2AagaFKFCr9TnXTfrdxGVEbv7KVQ6bdhg5p5SjpWH1+Mq03uR3ZXPBYdyV8319\r\n o0lVj1KFI2DCL/liWisJRoof+1cR35Ctd0wYBcpB6TZslMcOPl76dwKwJgeJo2Qg\r\n Zsfmc2vC1/qOlNuNq/0TzzkVGv8ETT3CgaU+UXe4XOVvkccebJn2dg==\r\n -----END CERTIFICATE-----\r\n \r\n \r\nDisclosure Timeline: \r\n \r\n 01. December 2013 - Notified [email\u00a0protected]\r\n Provided description, POC cert, demo\r\n valgrind output and patch\r\n 02. December 2013 - [email\u00a0protected] acknowledges and\r\n says thank you for report and patch\r\n 02. December 2013 - [email\u00a0protected] announces that planned\r\n release date is 12th December\r\n 03. December 2013 - Notification from RedHat Security that\r\n CVE-2013-6420 was assigned to this issue\r\n 09. December 2013 - RedHat Security tells php.net that they\r\n should commit the fix silently and add\r\n info about it only after release\r\n They further tell php.net to tell us to\r\n not discuss the vulnerability in public\r\n prior to patches being available\r\n 10. December 2013 - [email\u00a0protected] fixes the vulnerability\r\n openly and does not attempt to hide that\r\n the commit is a security fix as RedHat\r\n Security suggested\r\n 11. December 2013 - RedHat Security Announces that they now\r\n consider this vulnerability public and\r\n sends out their own patches with big\r\n announcement one day before php.net is\r\n ready to release their own fixes\r\n 12. December 2013 - [email\u00a0protected] pushes PHP updates to\r\n the PHP 5.3, PHP 5.3 and PHP 5.5 branches\r\n to the mirros as was previously agreed upon\r\n 13. December 2013 - New PHP releases are announce on php.net\r\n 13. December 2013 - Public Disclosure of this advisory\r\n \r\n \r\nRecommendation:\r\n \r\n It is recommended to upgrade to the latest version of PHP\r\n which also fixes additional non security problems reported\r\n by third parties.\r\n \r\n Grab your copy at:\r\n http://www.php.net/get/php-5.5.7.tar.bz2/from/a/mirror\r\n \r\n \r\nCVE Information:\r\n \r\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\n assigned the name CVE-2013-6420 to this vulnerability.\r\n \r\n \r\nGPG-Key:\r\n \r\n pub 4096R/D6A3FE46 2013-11-06 Stefan Esser\r\n Key fingerprint = 0A04 AB88 90D2 E67C 3D3D 86E1 AA39 B97F D6A3 FE46\n\n# 0day.today [2018-04-14] #", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/21694"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:40", "description": "\nPHP - openssl_x509_parse() Memory Corruption", "edition": 1, "published": "2013-12-17T00:00:00", "title": "PHP - openssl_x509_parse() Memory Corruption", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-6420"], "modified": "2013-12-17T00:00:00", "id": "EXPLOITPACK:95E864B082B44E6A881AB3646F7BF0AE", "href": "", "sourceData": " SektionEins GmbH\n www.sektioneins.de\n\n -= Security Advisory =-\n\n Advisory: PHP openssl_x509_parse() Memory Corruption Vulnerability\n Release Date: 2013/12/13\nLast Modified: 2013/12/13\n Author: Stefan Esser [stefan.esser[at]sektioneins.de]\n\n Application: PHP 4.0.6 - PHP 4.4.9\n PHP 5.0.x\n PHP 5.1.x\n PHP 5.2.x\n PHP 5.3.0 - PHP 5.3.27\n PHP 5.4.0 - PHP 5.4.22\n PHP 5.5.0 - PHP 5.5.6\n Severity: PHP applications using openssl_x509_parse() to parse a\n malicious x509 certificate might trigger a memory\n corruption that might result in arbitrary code execution\n Risk: Critical\nVendor Status: Vendor has released PHP 5.5.7, PHP 5.4.23 and PHP 5.3.28\n that contain a fix for this vulnerability\n Reference:\nhttp://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html\n\nOverview:\n\n Quote from http://www.php.net\n \"PHP is a widely-used general-purpose scripting language that\n is especially suited for Web development and can be embedded\n into HTML.\"\n\n The PHP function openssl_x509_parse() uses a helper function\n called asn1_time_to_time_t() to convert timestamps from ASN1\n string format into integer timestamp values. The parser within\n this helper function is not binary safe and can therefore be\n tricked to write up to five NUL bytes outside of an allocated\n buffer.\n \n This problem can be triggered by x509 certificates that contain\n NUL bytes in their notBefore and notAfter timestamp fields and\n leads to a memory corruption that might result in arbitrary\n code execution.\n \n Depending on how openssl_x509_parse() is used within a PHP\n application the attack requires either a malicious cert signed\n by a compromised/malicious CA or can be carried out with a\n self-signed cert.\n\nDetails:\n\n The PHP function openssl_x509_parse() is used by PHP applications\n to parse additional information out of x509 certificates, usually\n to harden SSL encrypted communication channels against MITM\n attacks. In the wild we have seen the following use cases for this\n function:\n \n * output certificate debugging information\n (e.g. cacert.org/analyse.php)\n * webmail application with SMIME support\n * client certificate handling\n * certificate pinning\n * verification of other certificate properties\n (e.g. a default Wordpress install if ext/curl is not loaded)\n \n When we backported security fixes for some previous security\n vulnerabilities in PHP's openssl to PHP 4.4.9 as part of our\n PHP security backport services that we provide to customers,\n we performed a quick audit of openssl_x509_parse() and all the\n functions it calls, which led to the discovery of a memory\n corruption vulnerability.\n \n Within the function openssl_x509_parse() the helper function\n asn1_time_to_time_t() is called two times to parse the\n notBefore and notAfter ASN1 string timestamps from the cert\n into integer time_t values as you can see below:\n \n add_assoc_long(return_value, \"validFrom_time_t\",\nasn1_time_to_time_t(X509_get_notBefore(cert) TSRMLS_CC));\n add_assoc_long(return_value, \"validTo_time_t\",\nasn1_time_to_time_t(X509_get_notAfter(cert) TSRMLS_CC));\n \n When you take a look into this helper function you will see\n that it only contains a quickly hacked parser that was never\n really improved since its introduction in PHP 4.0.6. The author\n of this parser was even aware of its hackishness as you can see\n from the error message contained in the code:\n \n static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /*\n{{{ */\n {\n /*\n This is how the time string is formatted:\n snprintf(p, sizeof(p), \"%02d%02d%02d%02d%02d%02dZ\",ts->tm_year%100,\n ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);\n */\n\n time_t ret;\n struct tm thetime;\n char * strbuf;\n char * thestr;\n long gmadjust = 0;\n\n if (timestr->length < 13) {\n php_error_docref(NULL TSRMLS_CC, E_WARNING, \"extension author\ntoo lazy to parse %s correctly\", timestr->data);\n return (time_t)-1;\n }\n\n However the actual problem of the code should become obvious when\n you read the rest of the parsing code that attempts to first\n duplicate the timestamp string and then parses the timestamp by\n going through the copy in reverse order and writing five NUL bytes\n into the duplicated string.\n\n strbuf = estrdup((char *)timestr->data);\n\n memset(&thetime, 0, sizeof(thetime));\n\n /* we work backwards so that we can use atoi more easily */\n\n thestr = strbuf + timestr->length - 3;\n\n thetime.tm_sec = atoi(thestr);\n *thestr = '\\0';\n thestr -= 2;\n thetime.tm_min = atoi(thestr);\n *thestr = '\\0';\n thestr -= 2;\n thetime.tm_hour = atoi(thestr);\n *thestr = '\\0';\n thestr -= 2;\n thetime.tm_mday = atoi(thestr);\n *thestr = '\\0';\n thestr -= 2;\n thetime.tm_mon = atoi(thestr)-1;\n *thestr = '\\0';\n thestr -= 2;\n thetime.tm_year = atoi(thestr);\n\n The problem with this code is that ASN1 strings can contain NUL\n bytes, while the parser is not binary safe. This means if a\n timestamp string inside a x509 certificate contains a NUL byte\n at e.g. position 13 the estrdup() will only allocate 14 bytes\n for a copy of the string, but the parser will attempt to write\n five NUL bytes to memory addressed by the ASN1 length of the\n string. If the real string length is longer than 16 bytes this\n will result in writes of NUL bytes outside of the allocated\n buffer.\n \n Because of PHP's deterministic heap memory layout that can be\n controlled a lot by sending e.g. POST variables and using\n duplicate variable names to poke memory holes this vulnerability\n must be considered exploitable. However the actual exploit will\n depend a lot on how the PHP application uses openssl_x509_parse()\n and a lot of other factors.\n\n Depending on which of the actual use cases the function is used\n for by an application, an attacker can trigger the memory\n corruption with a self-signed certificate. An example for this\n is the public analyse.php x509 cert debugging script provided\n by CACert on their webserver.\n \n Other applications like Wordpress use openssl_x509_parse() to\n further verify SSL certificates whenever Wordpress connects to\n a HTTPS URL (in case ext/curl is not loaded which is the default\n for several linux distributions). Because the parsing only\n happens after the initial SSL connection is established this\n can only be abused by attackers controlling a malicious trusted\n cert. However recent disclosures of alleged NSA capabilities,\n the French incident and disclosures about fully compromised\n trusted CAs in the past years have shown that this capability\n might be in the reach of malicious attackers.\n\n\nProof of Concept:\n\n The following x509 certificate demonstrates the out of bounds write:\n \n -----BEGIN CERTIFICATE-----\n MIIEpDCCA4ygAwIBAgIJAJzu8r6u6eBcMA0GCSqGSIb3DQEBBQUAMIHDMQswCQYD\n VQQGEwJERTEcMBoGA1UECAwTTm9yZHJoZWluLVdlc3RmYWxlbjEQMA4GA1UEBwwH\n S8ODwrZsbjEUMBIGA1UECgwLU2VrdGlvbkVpbnMxHzAdBgNVBAsMFk1hbGljaW91\n cyBDZXJ0IFNlY3Rpb24xITAfBgNVBAMMGG1hbGljaW91cy5zZWt0aW9uZWlucy5k\n ZTEqMCgGCSqGSIb3DQEJARYbc3RlZmFuLmVzc2VyQHNla3Rpb25laW5zLmRlMHUY\n ZDE5NzAwMTAxMDAwMDAwWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n AAAAAAAXDTE0MTEyODExMzkzNVowgcMxCzAJBgNVBAYTAkRFMRwwGgYDVQQIDBNO\n b3JkcmhlaW4tV2VzdGZhbGVuMRAwDgYDVQQHDAdLw4PCtmxuMRQwEgYDVQQKDAtT\n ZWt0aW9uRWluczEfMB0GA1UECwwWTWFsaWNpb3VzIENlcnQgU2VjdGlvbjEhMB8G\n A1UEAwwYbWFsaWNpb3VzLnNla3Rpb25laW5zLmRlMSowKAYJKoZIhvcNAQkBFhtz\n dGVmYW4uZXNzZXJAc2VrdGlvbmVpbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB\n DwAwggEKAoIBAQDDAf3hl7JY0XcFniyEJpSSDqn0OqBr6QP65usJPRt/8PaDoqBu\n wEYT/Na+6fsgPjC0uK9DZgWg2tHWWoanSblAMoz5PH6Z+S4SHRZ7e2dDIjPjdhjh\n 0mLg2UMO5yp0V797Ggs9lNt6JRfH81MN2obXWs4NtztLMuD6egqpr8dDbr34aOs8\n pkdui5UawTZksy5pLPHq5cMhFGm06v65CLo0V2Pd9+KAokPrPcN5KLKebz7mLpk6\n SMeEXOKP4idEqxyQ7O7fBuHMedsQhu+prY3si3BUyKfQtP5CZnX2bp0wKHxX12DX\n 1nfFIt9DbGvHTcyOuN+nZLPBm3vWxntyIIvVAgMBAAGjQjBAMAkGA1UdEwQCMAAw\n EQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEF\n BQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAG0fZYYCTbdj1XYc+1SnoaPR+vI8C8CaD\n 8+0UYhdnyU4gga0BAcDrY9e94eEAu6ZqycF6FjLqXXdAboppWocr6T6GD1x33Ckl\n VArzG/KxQohGD2JeqkhIMlDomxHO7ka39+Oa8i2vWLVyjU8AZvWMAruHa4EENyG7\n lW2AagaFKFCr9TnXTfrdxGVEbv7KVQ6bdhg5p5SjpWH1+Mq03uR3ZXPBYdyV8319\n o0lVj1KFI2DCL/liWisJRoof+1cR35Ctd0wYBcpB6TZslMcOPl76dwKwJgeJo2Qg\n Zsfmc2vC1/qOlNuNq/0TzzkVGv8ETT3CgaU+UXe4XOVvkccebJn2dg==\n -----END CERTIFICATE-----\n\n\nDisclosure Timeline: \n\n 01. December 2013 - Notified security@php.net\n Provided description, POC cert, demo\n valgrind output and patch\n 02. December 2013 - security@php.net acknowledges and\n says thank you for report and patch\n 02. December 2013 - security@php.net announces that planned\n release date is 12th December\n 03. December 2013 - Notification from RedHat Security that\n CVE-2013-6420 was assigned to this issue\n 09. December 2013 - RedHat Security tells php.net that they\n should commit the fix silently and add\n info about it only after release\n They further tell php.net to tell us to\n not discuss the vulnerability in public\n prior to patches being available\n 10. December 2013 - security@php.net fixes the vulnerability\n openly and does not attempt to hide that\n the commit is a security fix as RedHat\n Security suggested\n 11. December 2013 - RedHat Security Announces that they now\n consider this vulnerability public and\n sends out their own patches with big\n announcement one day before php.net is\n ready to release their own fixes\n 12. December 2013 - security@php.net pushes PHP updates to\n the PHP 5.3, PHP 5.3 and PHP 5.5 branches\n to the mirros as was previously agreed upon\n 13. December 2013 - New PHP releases are announce on php.net\n 13. December 2013 - Public Disclosure of this advisory\n\n\nRecommendation:\n\n It is recommended to upgrade to the latest version of PHP\n which also fixes additional non security problems reported\n by third parties.\n\n Grab your copy at:\n http://www.php.net/get/php-5.5.7.tar.bz2/from/a/mirror\n\n\nCVE Information:\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the name CVE-2013-6420 to this vulnerability.\n\n\nGPG-Key:\n\n pub 4096R/D6A3FE46 2013-11-06 Stefan Esser\n Key fingerprint = 0A04 AB88 90D2 E67C 3D3D 86E1 AA39 B97F D6A3 FE46\n\n\nCopyright 2013 SektionEins GmbH. All rights reserved.", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T12:18:00", "description": "PHP openssl_x509_parse() - Memory Corruption Vulnerability. CVE-2013-6420. Dos exploit for php platform", "published": "2013-12-17T00:00:00", "type": "exploitdb", "title": "PHP openssl_x509_parse - Memory Corruption Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-6420"], "modified": "2013-12-17T00:00:00", "id": "EDB-ID:30395", "href": "https://www.exploit-db.com/exploits/30395/", "sourceData": " SektionEins GmbH\r\n www.sektioneins.de\r\n\r\n -= Security Advisory =-\r\n\r\n Advisory: PHP openssl_x509_parse() Memory Corruption Vulnerability\r\n Release Date: 2013/12/13\r\nLast Modified: 2013/12/13\r\n Author: Stefan Esser [stefan.esser[at]sektioneins.de]\r\n\r\n Application: PHP 4.0.6 - PHP 4.4.9\r\n PHP 5.0.x\r\n PHP 5.1.x\r\n PHP 5.2.x\r\n PHP 5.3.0 - PHP 5.3.27\r\n PHP 5.4.0 - PHP 5.4.22\r\n PHP 5.5.0 - PHP 5.5.6\r\n Severity: PHP applications using openssl_x509_parse() to parse a\r\n malicious x509 certificate might trigger a memory\r\n corruption that might result in arbitrary code execution\r\n Risk: Critical\r\nVendor Status: Vendor has released PHP 5.5.7, PHP 5.4.23 and PHP 5.3.28\r\n that contain a fix for this vulnerability\r\n Reference:\r\nhttp://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html\r\n\r\nOverview:\r\n\r\n Quote from http://www.php.net\r\n \"PHP is a widely-used general-purpose scripting language that\r\n is especially suited for Web development and can be embedded\r\n into HTML.\"\r\n\r\n The PHP function openssl_x509_parse() uses a helper function\r\n called asn1_time_to_time_t() to convert timestamps from ASN1\r\n string format into integer timestamp values. The parser within\r\n this helper function is not binary safe and can therefore be\r\n tricked to write up to five NUL bytes outside of an allocated\r\n buffer.\r\n \r\n This problem can be triggered by x509 certificates that contain\r\n NUL bytes in their notBefore and notAfter timestamp fields and\r\n leads to a memory corruption that might result in arbitrary\r\n code execution.\r\n \r\n Depending on how openssl_x509_parse() is used within a PHP\r\n application the attack requires either a malicious cert signed\r\n by a compromised/malicious CA or can be carried out with a\r\n self-signed cert.\r\n\r\nDetails:\r\n\r\n The PHP function openssl_x509_parse() is used by PHP applications\r\n to parse additional information out of x509 certificates, usually\r\n to harden SSL encrypted communication channels against MITM\r\n attacks. In the wild we have seen the following use cases for this\r\n function:\r\n \r\n * output certificate debugging information\r\n (e.g. cacert.org/analyse.php)\r\n * webmail application with SMIME support\r\n * client certificate handling\r\n * certificate pinning\r\n * verification of other certificate properties\r\n (e.g. a default Wordpress install if ext/curl is not loaded)\r\n \r\n When we backported security fixes for some previous security\r\n vulnerabilities in PHP's openssl to PHP 4.4.9 as part of our\r\n PHP security backport services that we provide to customers,\r\n we performed a quick audit of openssl_x509_parse() and all the\r\n functions it calls, which led to the discovery of a memory\r\n corruption vulnerability.\r\n \r\n Within the function openssl_x509_parse() the helper function\r\n asn1_time_to_time_t() is called two times to parse the\r\n notBefore and notAfter ASN1 string timestamps from the cert\r\n into integer time_t values as you can see below:\r\n \r\n add_assoc_long(return_value, \"validFrom_time_t\",\r\nasn1_time_to_time_t(X509_get_notBefore(cert) TSRMLS_CC));\r\n add_assoc_long(return_value, \"validTo_time_t\",\r\nasn1_time_to_time_t(X509_get_notAfter(cert) TSRMLS_CC));\r\n \r\n When you take a look into this helper function you will see\r\n that it only contains a quickly hacked parser that was never\r\n really improved since its introduction in PHP 4.0.6. The author\r\n of this parser was even aware of its hackishness as you can see\r\n from the error message contained in the code:\r\n \r\n static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /*\r\n{{{ */\r\n {\r\n /*\r\n This is how the time string is formatted:\r\n snprintf(p, sizeof(p), \"%02d%02d%02d%02d%02d%02dZ\",ts->tm_year%100,\r\n ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);\r\n */\r\n\r\n time_t ret;\r\n struct tm thetime;\r\n char * strbuf;\r\n char * thestr;\r\n long gmadjust = 0;\r\n\r\n if (timestr->length < 13) {\r\n php_error_docref(NULL TSRMLS_CC, E_WARNING, \"extension author\r\ntoo lazy to parse %s correctly\", timestr->data);\r\n return (time_t)-1;\r\n }\r\n\r\n However the actual problem of the code should become obvious when\r\n you read the rest of the parsing code that attempts to first\r\n duplicate the timestamp string and then parses the timestamp by\r\n going through the copy in reverse order and writing five NUL bytes\r\n into the duplicated string.\r\n\r\n strbuf = estrdup((char *)timestr->data);\r\n\r\n memset(&thetime, 0, sizeof(thetime));\r\n\r\n /* we work backwards so that we can use atoi more easily */\r\n\r\n thestr = strbuf + timestr->length - 3;\r\n\r\n thetime.tm_sec = atoi(thestr);\r\n *thestr = '\\0';\r\n thestr -= 2;\r\n thetime.tm_min = atoi(thestr);\r\n *thestr = '\\0';\r\n thestr -= 2;\r\n thetime.tm_hour = atoi(thestr);\r\n *thestr = '\\0';\r\n thestr -= 2;\r\n thetime.tm_mday = atoi(thestr);\r\n *thestr = '\\0';\r\n thestr -= 2;\r\n thetime.tm_mon = atoi(thestr)-1;\r\n *thestr = '\\0';\r\n thestr -= 2;\r\n thetime.tm_year = atoi(thestr);\r\n\r\n The problem with this code is that ASN1 strings can contain NUL\r\n bytes, while the parser is not binary safe. This means if a\r\n timestamp string inside a x509 certificate contains a NUL byte\r\n at e.g. position 13 the estrdup() will only allocate 14 bytes\r\n for a copy of the string, but the parser will attempt to write\r\n five NUL bytes to memory addressed by the ASN1 length of the\r\n string. If the real string length is longer than 16 bytes this\r\n will result in writes of NUL bytes outside of the allocated\r\n buffer.\r\n \r\n Because of PHP's deterministic heap memory layout that can be\r\n controlled a lot by sending e.g. POST variables and using\r\n duplicate variable names to poke memory holes this vulnerability\r\n must be considered exploitable. However the actual exploit will\r\n depend a lot on how the PHP application uses openssl_x509_parse()\r\n and a lot of other factors.\r\n\r\n Depending on which of the actual use cases the function is used\r\n for by an application, an attacker can trigger the memory\r\n corruption with a self-signed certificate. An example for this\r\n is the public analyse.php x509 cert debugging script provided\r\n by CACert on their webserver.\r\n \r\n Other applications like Wordpress use openssl_x509_parse() to\r\n further verify SSL certificates whenever Wordpress connects to\r\n a HTTPS URL (in case ext/curl is not loaded which is the default\r\n for several linux distributions). Because the parsing only\r\n happens after the initial SSL connection is established this\r\n can only be abused by attackers controlling a malicious trusted\r\n cert. However recent disclosures of alleged NSA capabilities,\r\n the French incident and disclosures about fully compromised\r\n trusted CAs in the past years have shown that this capability\r\n might be in the reach of malicious attackers.\r\n\r\n\r\nProof of Concept:\r\n\r\n The following x509 certificate demonstrates the out of bounds write:\r\n \r\n -----BEGIN CERTIFICATE-----\r\n MIIEpDCCA4ygAwIBAgIJAJzu8r6u6eBcMA0GCSqGSIb3DQEBBQUAMIHDMQswCQYD\r\n VQQGEwJERTEcMBoGA1UECAwTTm9yZHJoZWluLVdlc3RmYWxlbjEQMA4GA1UEBwwH\r\n S8ODwrZsbjEUMBIGA1UECgwLU2VrdGlvbkVpbnMxHzAdBgNVBAsMFk1hbGljaW91\r\n cyBDZXJ0IFNlY3Rpb24xITAfBgNVBAMMGG1hbGljaW91cy5zZWt0aW9uZWlucy5k\r\n ZTEqMCgGCSqGSIb3DQEJARYbc3RlZmFuLmVzc2VyQHNla3Rpb25laW5zLmRlMHUY\r\n ZDE5NzAwMTAxMDAwMDAwWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\n AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\n AAAAAAAXDTE0MTEyODExMzkzNVowgcMxCzAJBgNVBAYTAkRFMRwwGgYDVQQIDBNO\r\n b3JkcmhlaW4tV2VzdGZhbGVuMRAwDgYDVQQHDAdLw4PCtmxuMRQwEgYDVQQKDAtT\r\n ZWt0aW9uRWluczEfMB0GA1UECwwWTWFsaWNpb3VzIENlcnQgU2VjdGlvbjEhMB8G\r\n A1UEAwwYbWFsaWNpb3VzLnNla3Rpb25laW5zLmRlMSowKAYJKoZIhvcNAQkBFhtz\r\n dGVmYW4uZXNzZXJAc2VrdGlvbmVpbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB\r\n DwAwggEKAoIBAQDDAf3hl7JY0XcFniyEJpSSDqn0OqBr6QP65usJPRt/8PaDoqBu\r\n wEYT/Na+6fsgPjC0uK9DZgWg2tHWWoanSblAMoz5PH6Z+S4SHRZ7e2dDIjPjdhjh\r\n 0mLg2UMO5yp0V797Ggs9lNt6JRfH81MN2obXWs4NtztLMuD6egqpr8dDbr34aOs8\r\n pkdui5UawTZksy5pLPHq5cMhFGm06v65CLo0V2Pd9+KAokPrPcN5KLKebz7mLpk6\r\n SMeEXOKP4idEqxyQ7O7fBuHMedsQhu+prY3si3BUyKfQtP5CZnX2bp0wKHxX12DX\r\n 1nfFIt9DbGvHTcyOuN+nZLPBm3vWxntyIIvVAgMBAAGjQjBAMAkGA1UdEwQCMAAw\r\n EQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEF\r\n BQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAG0fZYYCTbdj1XYc+1SnoaPR+vI8C8CaD\r\n 8+0UYhdnyU4gga0BAcDrY9e94eEAu6ZqycF6FjLqXXdAboppWocr6T6GD1x33Ckl\r\n VArzG/KxQohGD2JeqkhIMlDomxHO7ka39+Oa8i2vWLVyjU8AZvWMAruHa4EENyG7\r\n lW2AagaFKFCr9TnXTfrdxGVEbv7KVQ6bdhg5p5SjpWH1+Mq03uR3ZXPBYdyV8319\r\n o0lVj1KFI2DCL/liWisJRoof+1cR35Ctd0wYBcpB6TZslMcOPl76dwKwJgeJo2Qg\r\n Zsfmc2vC1/qOlNuNq/0TzzkVGv8ETT3CgaU+UXe4XOVvkccebJn2dg==\r\n -----END CERTIFICATE-----\r\n\r\n\r\nDisclosure Timeline: \r\n\r\n 01. December 2013 - Notified security@php.net\r\n Provided description, POC cert, demo\r\n valgrind output and patch\r\n 02. December 2013 - security@php.net acknowledges and\r\n says thank you for report and patch\r\n 02. December 2013 - security@php.net announces that planned\r\n release date is 12th December\r\n 03. December 2013 - Notification from RedHat Security that\r\n CVE-2013-6420 was assigned to this issue\r\n 09. December 2013 - RedHat Security tells php.net that they\r\n should commit the fix silently and add\r\n info about it only after release\r\n They further tell php.net to tell us to\r\n not discuss the vulnerability in public\r\n prior to patches being available\r\n 10. December 2013 - security@php.net fixes the vulnerability\r\n openly and does not attempt to hide that\r\n the commit is a security fix as RedHat\r\n Security suggested\r\n 11. December 2013 - RedHat Security Announces that they now\r\n consider this vulnerability public and\r\n sends out their own patches with big\r\n announcement one day before php.net is\r\n ready to release their own fixes\r\n 12. December 2013 - security@php.net pushes PHP updates to\r\n the PHP 5.3, PHP 5.3 and PHP 5.5 branches\r\n to the mirros as was previously agreed upon\r\n 13. December 2013 - New PHP releases are announce on php.net\r\n 13. December 2013 - Public Disclosure of this advisory\r\n\r\n\r\nRecommendation:\r\n\r\n It is recommended to upgrade to the latest version of PHP\r\n which also fixes additional non security problems reported\r\n by third parties.\r\n\r\n Grab your copy at:\r\n http://www.php.net/get/php-5.5.7.tar.bz2/from/a/mirror\r\n\r\n\r\nCVE Information:\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\n assigned the name CVE-2013-6420 to this vulnerability.\r\n\r\n\r\nGPG-Key:\r\n\r\n pub 4096R/D6A3FE46 2013-11-06 Stefan Esser\r\n Key fingerprint = 0A04 AB88 90D2 E67C 3D3D 86E1 AA39 B97F D6A3 FE46\r\n\r\n\r\nCopyright 2013 SektionEins GmbH. All rights reserved.", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/30395/"}], "freebsd": [{"lastseen": "2019-05-29T18:33:31", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420"], "description": "\nStefan Esser reports:\n\nThe PHP function openssl_x509_parse() uses a helper function\n\t called asn1_time_to_time_t() to convert timestamps from ASN1\n\t string format into integer timestamp values. The parser within\n\t this helper function is not binary safe and can therefore be\n\t tricked to write up to five NUL bytes outside of an allocated\n\t buffer.\nThis problem can be triggered by x509 certificates that contain\n\t NUL bytes in their notBefore and notAfter timestamp fields and\n\t leads to a memory corruption that might result in arbitrary\n\t code execution.\nDepending on how openssl_x509_parse() is used within a PHP\n\t application the attack requires either a malicious cert signed\n\t by a compromised/malicious CA or can be carried out with a\n\t self-signed cert.\n\n", "edition": 4, "modified": "2013-12-13T00:00:00", "published": "2013-12-13T00:00:00", "id": "47B4E713-6513-11E3-868F-0025905A4771", "href": "https://vuxml.freebsd.org/freebsd/47b4e713-6513-11e3-868f-0025905a4771.html", "title": "PHP5 -- memory corruption in openssl_x509_parse()", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2016-12-05T22:23:25", "description": "", "published": "2013-12-15T00:00:00", "type": "packetstorm", "title": "PHP openssl_x509_parse() Memory Corruption", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-6420"], "modified": "2013-12-15T00:00:00", "id": "PACKETSTORM:124436", "href": "https://packetstormsecurity.com/files/124436/PHP-openssl_x509_parse-Memory-Corruption.html", "sourceData": "` \nSektionEins GmbH \nwww.sektioneins.de \n \n-= Security Advisory =- \n \nAdvisory: PHP openssl_x509_parse() Memory Corruption Vulnerability \nRelease Date: 2013/12/13 \nLast Modified: 2013/12/13 \nAuthor: Stefan Esser [stefan.esser[at]sektioneins.de] \n \nApplication: PHP 4.0.6 - PHP 4.4.9 \nPHP 5.0.x \nPHP 5.1.x \nPHP 5.2.x \nPHP 5.3.0 - PHP 5.3.27 \nPHP 5.4.0 - PHP 5.4.22 \nPHP 5.5.0 - PHP 5.5.6 \nSeverity: PHP applications using openssl_x509_parse() to parse a \nmalicious x509 certificate might trigger a memory \ncorruption that might result in arbitrary code execution \nRisk: Critical \nVendor Status: Vendor has released PHP 5.5.7, PHP 5.4.23 and PHP 5.3.28 \nthat contain a fix for this vulnerability \nReference: \nhttp://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html \n \nOverview: \n \nQuote from http://www.php.net \n\"PHP is a widely-used general-purpose scripting language that \nis especially suited for Web development and can be embedded \ninto HTML.\" \n \nThe PHP function openssl_x509_parse() uses a helper function \ncalled asn1_time_to_time_t() to convert timestamps from ASN1 \nstring format into integer timestamp values. The parser within \nthis helper function is not binary safe and can therefore be \ntricked to write up to five NUL bytes outside of an allocated \nbuffer. \n \nThis problem can be triggered by x509 certificates that contain \nNUL bytes in their notBefore and notAfter timestamp fields and \nleads to a memory corruption that might result in arbitrary \ncode execution. \n \nDepending on how openssl_x509_parse() is used within a PHP \napplication the attack requires either a malicious cert signed \nby a compromised/malicious CA or can be carried out with a \nself-signed cert. \n \nDetails: \n \nThe PHP function openssl_x509_parse() is used by PHP applications \nto parse additional information out of x509 certificates, usually \nto harden SSL encrypted communication channels against MITM \nattacks. In the wild we have seen the following use cases for this \nfunction: \n \n* output certificate debugging information \n(e.g. cacert.org/analyse.php) \n* webmail application with SMIME support \n* client certificate handling \n* certificate pinning \n* verification of other certificate properties \n(e.g. a default Wordpress install if ext/curl is not loaded) \n \nWhen we backported security fixes for some previous security \nvulnerabilities in PHP's openssl to PHP 4.4.9 as part of our \nPHP security backport services that we provide to customers, \nwe performed a quick audit of openssl_x509_parse() and all the \nfunctions it calls, which led to the discovery of a memory \ncorruption vulnerability. \n \nWithin the function openssl_x509_parse() the helper function \nasn1_time_to_time_t() is called two times to parse the \nnotBefore and notAfter ASN1 string timestamps from the cert \ninto integer time_t values as you can see below: \n \nadd_assoc_long(return_value, \"validFrom_time_t\", \nasn1_time_to_time_t(X509_get_notBefore(cert) TSRMLS_CC)); \nadd_assoc_long(return_value, \"validTo_time_t\", \nasn1_time_to_time_t(X509_get_notAfter(cert) TSRMLS_CC)); \n \nWhen you take a look into this helper function you will see \nthat it only contains a quickly hacked parser that was never \nreally improved since its introduction in PHP 4.0.6. The author \nof this parser was even aware of its hackishness as you can see \nfrom the error message contained in the code: \n \nstatic time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* \n{{{ */ \n{ \n/* \nThis is how the time string is formatted: \nsnprintf(p, sizeof(p), \"%02d%02d%02d%02d%02d%02dZ\",ts->tm_year%100, \nts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); \n*/ \n \ntime_t ret; \nstruct tm thetime; \nchar * strbuf; \nchar * thestr; \nlong gmadjust = 0; \n \nif (timestr->length < 13) { \nphp_error_docref(NULL TSRMLS_CC, E_WARNING, \"extension author \ntoo lazy to parse %s correctly\", timestr->data); \nreturn (time_t)-1; \n} \n \nHowever the actual problem of the code should become obvious when \nyou read the rest of the parsing code that attempts to first \nduplicate the timestamp string and then parses the timestamp by \ngoing through the copy in reverse order and writing five NUL bytes \ninto the duplicated string. \n \nstrbuf = estrdup((char *)timestr->data); \n \nmemset(&thetime, 0, sizeof(thetime)); \n \n/* we work backwards so that we can use atoi more easily */ \n \nthestr = strbuf + timestr->length - 3; \n \nthetime.tm_sec = atoi(thestr); \n*thestr = '\\0'; \nthestr -= 2; \nthetime.tm_min = atoi(thestr); \n*thestr = '\\0'; \nthestr -= 2; \nthetime.tm_hour = atoi(thestr); \n*thestr = '\\0'; \nthestr -= 2; \nthetime.tm_mday = atoi(thestr); \n*thestr = '\\0'; \nthestr -= 2; \nthetime.tm_mon = atoi(thestr)-1; \n*thestr = '\\0'; \nthestr -= 2; \nthetime.tm_year = atoi(thestr); \n \nThe problem with this code is that ASN1 strings can contain NUL \nbytes, while the parser is not binary safe. This means if a \ntimestamp string inside a x509 certificate contains a NUL byte \nat e.g. position 13 the estrdup() will only allocate 14 bytes \nfor a copy of the string, but the parser will attempt to write \nfive NUL bytes to memory addressed by the ASN1 length of the \nstring. If the real string length is longer than 16 bytes this \nwill result in writes of NUL bytes outside of the allocated \nbuffer. \n \nBecause of PHP's deterministic heap memory layout that can be \ncontrolled a lot by sending e.g. POST variables and using \nduplicate variable names to poke memory holes this vulnerability \nmust be considered exploitable. However the actual exploit will \ndepend a lot on how the PHP application uses openssl_x509_parse() \nand a lot of other factors. \n \nDepending on which of the actual use cases the function is used \nfor by an application, an attacker can trigger the memory \ncorruption with a self-signed certificate. An example for this \nis the public analyse.php x509 cert debugging script provided \nby CACert on their webserver. \n \nOther applications like Wordpress use openssl_x509_parse() to \nfurther verify SSL certificates whenever Wordpress connects to \na HTTPS URL (in case ext/curl is not loaded which is the default \nfor several linux distributions). Because the parsing only \nhappens after the initial SSL connection is established this \ncan only be abused by attackers controlling a malicious trusted \ncert. However recent disclosures of alleged NSA capabilities, \nthe French incident and disclosures about fully compromised \ntrusted CAs in the past years have shown that this capability \nmight be in the reach of malicious attackers. \n \n \nProof of Concept: \n \nThe following x509 certificate demonstrates the out of bounds write: \n \n-----BEGIN CERTIFICATE----- \nMIIEpDCCA4ygAwIBAgIJAJzu8r6u6eBcMA0GCSqGSIb3DQEBBQUAMIHDMQswCQYD \nVQQGEwJERTEcMBoGA1UECAwTTm9yZHJoZWluLVdlc3RmYWxlbjEQMA4GA1UEBwwH \nS8ODwrZsbjEUMBIGA1UECgwLU2VrdGlvbkVpbnMxHzAdBgNVBAsMFk1hbGljaW91 \ncyBDZXJ0IFNlY3Rpb24xITAfBgNVBAMMGG1hbGljaW91cy5zZWt0aW9uZWlucy5k \nZTEqMCgGCSqGSIb3DQEJARYbc3RlZmFuLmVzc2VyQHNla3Rpb25laW5zLmRlMHUY \nZDE5NzAwMTAxMDAwMDAwWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nAAAAAAAXDTE0MTEyODExMzkzNVowgcMxCzAJBgNVBAYTAkRFMRwwGgYDVQQIDBNO \nb3JkcmhlaW4tV2VzdGZhbGVuMRAwDgYDVQQHDAdLw4PCtmxuMRQwEgYDVQQKDAtT \nZWt0aW9uRWluczEfMB0GA1UECwwWTWFsaWNpb3VzIENlcnQgU2VjdGlvbjEhMB8G \nA1UEAwwYbWFsaWNpb3VzLnNla3Rpb25laW5zLmRlMSowKAYJKoZIhvcNAQkBFhtz \ndGVmYW4uZXNzZXJAc2VrdGlvbmVpbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB \nDwAwggEKAoIBAQDDAf3hl7JY0XcFniyEJpSSDqn0OqBr6QP65usJPRt/8PaDoqBu \nwEYT/Na+6fsgPjC0uK9DZgWg2tHWWoanSblAMoz5PH6Z+S4SHRZ7e2dDIjPjdhjh \n0mLg2UMO5yp0V797Ggs9lNt6JRfH81MN2obXWs4NtztLMuD6egqpr8dDbr34aOs8 \npkdui5UawTZksy5pLPHq5cMhFGm06v65CLo0V2Pd9+KAokPrPcN5KLKebz7mLpk6 \nSMeEXOKP4idEqxyQ7O7fBuHMedsQhu+prY3si3BUyKfQtP5CZnX2bp0wKHxX12DX \n1nfFIt9DbGvHTcyOuN+nZLPBm3vWxntyIIvVAgMBAAGjQjBAMAkGA1UdEwQCMAAw \nEQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEF \nBQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAG0fZYYCTbdj1XYc+1SnoaPR+vI8C8CaD \n8+0UYhdnyU4gga0BAcDrY9e94eEAu6ZqycF6FjLqXXdAboppWocr6T6GD1x33Ckl \nVArzG/KxQohGD2JeqkhIMlDomxHO7ka39+Oa8i2vWLVyjU8AZvWMAruHa4EENyG7 \nlW2AagaFKFCr9TnXTfrdxGVEbv7KVQ6bdhg5p5SjpWH1+Mq03uR3ZXPBYdyV8319 \no0lVj1KFI2DCL/liWisJRoof+1cR35Ctd0wYBcpB6TZslMcOPl76dwKwJgeJo2Qg \nZsfmc2vC1/qOlNuNq/0TzzkVGv8ETT3CgaU+UXe4XOVvkccebJn2dg== \n-----END CERTIFICATE----- \n \n \nDisclosure Timeline: \n \n01. December 2013 - Notified security@php.net \nProvided description, POC cert, demo \nvalgrind output and patch \n02. December 2013 - security@php.net acknowledges and \nsays thank you for report and patch \n02. December 2013 - security@php.net announces that planned \nrelease date is 12th December \n03. December 2013 - Notification from RedHat Security that \nCVE-2013-6420 was assigned to this issue \n09. December 2013 - RedHat Security tells php.net that they \nshould commit the fix silently and add \ninfo about it only after release \nThey further tell php.net to tell us to \nnot discuss the vulnerability in public \nprior to patches being available \n10. December 2013 - security@php.net fixes the vulnerability \nopenly and does not attempt to hide that \nthe commit is a security fix as RedHat \nSecurity suggested \n11. December 2013 - RedHat Security Announces that they now \nconsider this vulnerability public and \nsends out their own patches with big \nannouncement one day before php.net is \nready to release their own fixes \n12. December 2013 - security@php.net pushes PHP updates to \nthe PHP 5.3, PHP 5.3 and PHP 5.5 branches \nto the mirros as was previously agreed upon \n13. December 2013 - New PHP releases are announce on php.net \n13. December 2013 - Public Disclosure of this advisory \n \n \nRecommendation: \n \nIt is recommended to upgrade to the latest version of PHP \nwhich also fixes additional non security problems reported \nby third parties. \n \nGrab your copy at: \nhttp://www.php.net/get/php-5.5.7.tar.bz2/from/a/mirror \n \n \nCVE Information: \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the name CVE-2013-6420 to this vulnerability. \n \n \nGPG-Key: \n \npub 4096R/D6A3FE46 2013-11-06 Stefan Esser \nKey fingerprint = 0A04 AB88 90D2 E67C 3D3D 86E1 AA39 B97F D6A3 FE46 \n \n \nCopyright 2013 SektionEins GmbH. All rights reserved. \n \n`\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/124436/phpx509parse-corrupt.txt"}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:45", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420"], "description": "[5.3.3-27]\n- add security fix for CVE-2013-6420", "edition": 4, "modified": "2013-12-10T00:00:00", "published": "2013-12-10T00:00:00", "id": "ELSA-2013-1813", "href": "http://linux.oracle.com/errata/ELSA-2013-1813.html", "title": "php53 and php security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:49:07", "bulletinFamily": "info", "cvelist": ["CVE-2014-2641", "CVE-2013-6422", "CVE-2014-2640", "CVE-2014-2642", "CVE-2013-6420", "CVE-2013-6712", "CVE-2013-4545"], "description": "### *Detect date*:\n01/10/2014\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities was found in HP SMH. By exploiting these vulnerabilities malicious users can conduct XSS, CSRF and clicjacking attacks via unspecified vectors. These vulnerabilities can be exploited remotely.\n\n### *Affected products*:\nHP System Management Homepage (SMH) versions earlier than 7.4\n\n### *Solution*:\nUpdate to latest version \n[Get HP SMH](<http://www8.hp.com/us/en/products/server-software/product-detail.html?oid=344313>)\n\n### *Original advisories*:\n[HP bulletin](<https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322>) \n\n\n### *Impacts*:\nXSS/CSS \n\n### *Related products*:\n[HP System Management Homepage](<https://threats.kaspersky.com/en/product/HP-System-Management-Homepage/>)\n\n### *CVE-IDS*:\n[CVE-2013-6712](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6712>)5.0Critical \n[CVE-2013-6422](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6422>)4.0Warning \n[CVE-2014-2641](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2641>)6.0High \n[CVE-2014-2640](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2640>)4.3Warning \n[CVE-2014-2642](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2642>)4.3Warning \n[CVE-2013-6420](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420>)7.5Critical \n[CVE-2013-4545](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4545>)4.3Warning", "edition": 41, "modified": "2020-05-22T00:00:00", "published": "2014-01-10T00:00:00", "id": "KLA10458", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10458", "title": "\r KLA10458Multiple vulnerabilities in HP SMH ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}