Lucene search
Copyright (C) 2014 Greenbone AGOPENVAS:1361412562310702868HistoryMar 01, 2014 - 12:00 a.m.
Debian: Security Advisory (DSA-2868-1)
2014-03-0100:00:00
Copyright (C) 2014 Greenbone AG
plugins.openvas.org
16
6.8 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.058 Low
EPSS
Percentile
93.3%
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.702868");
script_cve_id("CVE-2014-1943", "CVE-2014-8117");
script_tag(name:"creation_date", value:"2014-03-01 23:00:00 +0000 (Sat, 01 Mar 2014)");
script_version("2024-02-02T05:06:04+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:04 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_name("Debian: Security Advisory (DSA-2868-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2014 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB(6|7)");
script_xref(name:"Advisory-ID", value:"DSA-2868-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2014/DSA-2868-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-2868");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'php5' package(s) announced via the DSA-2868-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"It was discovered that file, a file type classification tool, contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID CVE-2014-1943 has been assigned to identify this flaw. Additionally, other well-crafted files might result in long computation times (while using 100% CPU) and overlong results.
This update corrects this flaw in the copy that is embedded in the php5 package.
For the oldstable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze19.
For the stable distribution (wheezy), this problem has been fixed in version 5.4.4-14+deb7u8.
For the testing distribution (jessie) and the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your php5 packages.");
script_tag(name:"affected", value:"'php5' package(s) on Debian 6, Debian 7.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB6") {
if(!isnull(res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libapache2-mod-php5filter", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php-pear", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-cgi", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-cli", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-common", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-curl", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-dbg", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-dev", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-enchant", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-gd", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-gmp", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-imap", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-interbase", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-intl", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-ldap", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-mcrypt", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-mysql", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-odbc", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-pgsql", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-pspell", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-recode", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-snmp", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-sqlite", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-sybase", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-tidy", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-xsl", ver:"5.3.3-7+squeeze19", rls:"DEB6"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "DEB7") {
if(!isnull(res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libapache2-mod-php5filter", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libphp5-embed", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php-pear", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-cgi", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-cli", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-common", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-curl", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-dbg", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-dev", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-enchant", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-fpm", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-gd", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-gmp", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-imap", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-interbase", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-intl", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-ldap", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-mcrypt", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-mysql", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-mysqlnd", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-odbc", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-pgsql", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-pspell", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-recode", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-snmp", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-sqlite", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-sybase", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-tidy", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php5-xsl", ver:"5.4.4-14+deb7u8", rls:"DEB7"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
debiancve
debiancve
CVE-2014-8117
2014-12-17 19:59:00
CVE-2014-1943
2014-02-18 19:55:00
openvas
openvas
Gentoo Security Advisory GLSA 201412-48
2015-09-29 00:00:00
Debian Security Advisory DSA 2861-1 (file - denial of service)
2014-02-16 00:00:00
Fedora Update for file FEDORA-2014-2876
2014-03-12 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:29:34
Denial Of Service (DoS)
2019-05-02 05:04:17
Denial Of Service (DoS)
2019-05-02 05:04:17
prion
prion
Design/Logic Flaw
2014-12-17 19:59:00
Double free
2014-02-18 19:55:00
ubuntucve
ubuntucve
CVE-2014-8117
2014-12-17 00:00:00
CVE-2014-1943
2014-02-18 00:00:00
nessus
nessus
GLSA-201412-48 : file: Denial of Service
2014-12-29 00:00:00
Fedora 19 : file-5.11-12.fc19 (2014-2876)
2014-03-04 00:00:00
Fedora 20 : file-5.14-15.fc20 (2014-2739)
2014-02-24 00:00:00
gentoo
gentoo
file: Denial of service
2014-12-27 00:00:00
file: Denial of service
2014-03-13 00:00:00
cve
cve
CVE-2014-8117
2014-12-17 19:59:00
CVE-2014-1943
2014-02-18 19:55:00
checkpoint_advisories
checkpoint_advisories
PHP Fileinfo Call Stack Exhaustion Denial of Service (CVE-2014-1943)
2014-05-18 00:00:00
debian
debian
[SECURITY] [DSA 2861-1] file security update
2014-02-16 14:10:06
[SECURITY] [DSA 2868-1] php5 security update
2014-03-02 19:18:49
[SECURITY] [DSA 2868-1] php5 security update
2014-03-02 19:19:10
osv
osv
file - denial of service
2014-02-16 00:00:00
php5 - denial of service
2014-03-02 00:00:00
file - security update
2015-01-09 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: file-5.14-15.fc20
2014-02-23 08:38:00
[SECURITY] Fedora 19 Update: file-5.11-12.fc19
2014-03-04 06:44:00
[SECURITY] Fedora 20 Update: file-5.14-17.fc20
2014-03-12 12:31:06
mageia
mageia
Updated file package fixes security vulnerability
2014-02-22 23:10:59
Updated file packages fix security vulnerabilities
2014-12-19 18:06:35
Updated php packages fix security vulnerabilities
2014-04-04 21:33:24
securityvulns
securityvulns
[SECURITY] [DSA 2861-1] file security update
2014-02-18 00:00:00
libmagic / file / fileinfo / PHP security vulnerabilities
2015-03-18 00:00:00
FreeBSD Security Advisory FreeBSD-SA-14:28.file
2014-12-10 00:00:00
amazon
amazon
freebsd
freebsd
file -- denial of service
2014-02-16 00:00:00
file -- multiple vulnerabilities
2014-12-16 00:00:00
FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3)
2014-06-24 00:00:00
slackware
slackware
[slackware-security] php
2014-03-16 03:31:21
f5
f5
K16347 : Linux file utility vulnerabilities CVE-2014-8116 and CVE-2014-8117
2015-07-22 00:00:00
K15689 : Fine Free file vulnerabilites CVE-2014-1943 and CVE-2014-2270
2014-10-09 00:00:00
ubuntu
ubuntu
file vulnerabilities
2014-02-26 00:00:00
file vulnerabilities
2015-02-04 00:00:00
PHP vulnerabilities
2015-03-18 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:28.file
2014-12-10 00:00:00
FreeBSD-SA-14:16.file
2014-06-24 00:00:00
ibm
ibm
Security Bulletin: File vulnerabilities affect IBM SmartClound Entry
2020-07-19 00:49:12
Security Bulletin: Multiple vulnerabilities in file affect IBM Security Network Protection
2018-06-16 21:43:49
Security Bulletin: Multiple vulnerabilities in file affect PowerKVM
2018-06-18 01:30:43
redhat
redhat
(RHSA-2016:0760) Moderate: file security, bug fix, and enhancement update
2016-05-10 06:42:18
(RHSA-2014:1606) Moderate: file security and bug fix update
2014-10-14 00:00:00
(RHSA-2014:1012) Moderate: php53 and php security update
2014-08-06 00:00:00
centos
centos
file, python security update
2016-05-16 10:13:44
file, python security update
2014-10-20 18:08:44
php, php53 security update
2014-08-06 14:53:37
oraclelinux
oraclelinux
file security, bug fix, and enhancement update
2016-05-12 00:00:00
file security and bug fix update
2014-10-15 00:00:00
php53 and php security update
2014-08-06 00:00:00
6.8 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.058 Low
EPSS
Percentile
93.3%
Related for OPENVAS:1361412562310702868