Lucene search

K
openvas
Copyright (c) 2012 E-Soft Inc. http://www.securityspace.comOPENVAS:136141256231071377
HistoryMay 31, 2012 - 12:00 a.m.

FreeBSD Ports: php5

2012-05-3100:00:00
Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
plugins.openvas.org
25

0.975 High

EPSS

Percentile

100.0%

The remote host is missing an update to the system
as announced in the referenced advisory.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: freebsd_php516.nasl 11762 2018-10-05 10:54:12Z cfischer $
#
# Auto generated from VID 59b68b1e-9c78-11e1-b5e0-000c299b62e1
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.71377");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_cve_id("CVE-2012-1823", "CVE-2012-2311", "CVE-2012-2329");
  script_version("$Revision: 11762 $");
  script_tag(name:"last_modification", value:"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $");
  script_tag(name:"creation_date", value:"2012-05-31 11:53:51 -0400 (Thu, 31 May 2012)");
  script_name("FreeBSD Ports: php5");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
  script_family("FreeBSD Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/freebsd", "ssh/login/freebsdrel");

  script_tag(name:"insight", value:"The following packages are affected:

  php5
   php53
   php52

CVE-2012-1823
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when
configured as a CGI script (aka php-cgi), does not properly handle
query strings that lack an = (equals sign) character, which allows
remote attackers to execute arbitrary code by placing command-line
options in the query string, related to lack of skipping a certain
php_getopt for the 'd' case.
CVE-2012-2311
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when
configured as a CGI script (aka php-cgi), does not properly handle
query strings that contain a %3D sequence but no = (equals sign)
character, which allows remote attackers to execute arbitrary code by
placing command-line options in the query string, related to lack of
skipping a certain php_getopt for the 'd' case.  NOTE: this
vulnerability exists because of an incomplete fix for CVE-2012-1823.
CVE-2012-2329
Buffer overflow in the apache_request_headers function in
sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers
to cause a denial of service (application crash) via a long string in
the header of an HTTP request.");

  script_tag(name:"solution", value:"Update your system with the appropriate patches or
  software upgrades.");

  script_tag(name:"summary", value:"The remote host is missing an update to the system
  as announced in the referenced advisory.");

  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-bsd.inc");

vuln = FALSE;
txt = "";

bver = portver(pkg:"php5");
if(!isnull(bver) && revcomp(a:bver, b:"5.4")>0 && revcomp(a:bver, b:"5.4.3")<0) {
  txt += "Package php5 version " + bver + " is installed which is known to be vulnerable.\n";
  vuln = TRUE;
}
if(!isnull(bver) && revcomp(a:bver, b:"5.3.13")<0) {
  txt += "Package php5 version " + bver + " is installed which is known to be vulnerable.\n";
  vuln = TRUE;
}
bver = portver(pkg:"php53");
if(!isnull(bver) && revcomp(a:bver, b:"5.3.13")<0) {
  txt += "Package php53 version " + bver + " is installed which is known to be vulnerable.\n";
  vuln = TRUE;
}
bver = portver(pkg:"php52");
if(!isnull(bver) && revcomp(a:bver, b:"5.2.17_9")<0) {
  txt += "Package php52 version " + bver + " is installed which is known to be vulnerable.\n";
  vuln = TRUE;
}

if(vuln) {
  security_message(data:txt);
} else if (__pkg_match) {
  exit(99);
}
How to find holes in your network?

Try incredible fast Vulners Perimeter Scanner and find vulnerabilities and unnecessary ip and ports in network devices inside your network before anyone else.

Try Network Scanner

0.975 High

EPSS

Percentile

100.0%

Related for OPENVAS:136141256231071377