DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:1361412562310831484", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "Mandriva Update for php MDVSA-2011:165 (php)", "description": "The remote host is missing an update for the ", "published": "2011-11-08T00:00:00", "modified": "2018-11-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831484", "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "references": ["2011:165", "http://lists.mandriva.com/security-announce/2011-11/msg00003.php"], "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-1657", "CVE-2011-3268", "CVE-2011-3182", "CVE-2011-3267", "CVE-2011-2202"], "immutableFields": [], "lastseen": "2019-05-29T18:39:36", "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2011-007", "ALAS-2011-012"]}, {"type": "centos", "idList": ["CESA-2011:1377", "CESA-2011:1378", "CESA-2011:1423", "CESA-2012:0033", "CESA-2012:0071"]}, {"type": "cve", "idList": ["CVE-2011-1148", "CVE-2011-1657", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3189", "CVE-2011-3267", "CVE-2011-3268"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2262-2:2E683", "DEBIAN:DSA-2266-1:4FAC3", "DEBIAN:DSA-2340-1:1241F", "DEBIAN:DSA-2399-1:367BF", "DEBIAN:DSA-2399-2:BC1FA", "DEBIAN:DSA-2408-1:B808D"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-2483"]}, {"type": "exploitdb", "idList": ["EDB-ID:17318", "EDB-ID:17486"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:DCB6D1527114BF4939903A3FD787537D", "EXPLOITPACK:E01EEEA67E34582F2A422D4CD1795D05"]}, {"type": "f5", "idList": ["F5:K13518", "F5:K13519", "SOL13518", "SOL13519", "SOL15441", "SOL15903"]}, {"type": "fedora", "idList": ["FEDORA:25045C0AD1", "FEDORA:2AA70C0AD2", "FEDORA:420B0E7205", "FEDORA:510BA87E81", "FEDORA:6126137D07", "FEDORA:7869DC0ACF", "FEDORA:7F9E2C0AD1", "FEDORA:805B3C0ACF", "FEDORA:836B9C0AD2"]}, {"type": "freebsd", "idList": ["057BF770-CAC4-11E0-AEA3-00215C6A37BB"]}, {"type": "gentoo", "idList": ["GLSA-201110-06", "GLSA-201110-22"]}, {"type": "nessus", "idList": ["6015.PRM", "6303.PRM", "801087.PRM", "ALA_ALAS-2011-07.NASL", "ALA_ALAS-2011-12.NASL", "ALA_ALAS-2011-7.NASL", "CENTOS_RHSA-2011-1377.NASL", "CENTOS_RHSA-2011-1378.NASL", "CENTOS_RHSA-2011-1423.NASL", "CENTOS_RHSA-2012-0033.NASL", "CENTOS_RHSA-2012-0071.NASL", "DEBIAN_DSA-2266.NASL", "DEBIAN_DSA-2340.NASL", "DEBIAN_DSA-2399.NASL", "DEBIAN_DSA-2408.NASL", "F5_BIGIP_SOL13519.NASL", "FEDORA_2011-11464.NASL", "FEDORA_2011-11528.NASL", "FEDORA_2011-11537.NASL", "FREEBSD_PKG_057BF770CAC411E0AEA300215C6A37BB.NASL", "GENTOO_GLSA-201110-06.NASL", "GENTOO_GLSA-201110-22.NASL", "HPSMH_7_0_0_24.NASL", "MACOSX_10_7_3.NASL", "MACOSX_SECUPD2012-001.NASL", "MANDRIVA_MDVSA-2011-161.NASL", "MANDRIVA_MDVSA-2011-165.NASL", "MANDRIVA_MDVSA-2011-178.NASL", "MANDRIVA_MDVSA-2011-179.NASL", "MANDRIVA_MDVSA-2011-180.NASL", "OPENSUSE-2012-214.NASL", "OPENSUSE-2013-849.NASL", "ORACLELINUX_ELSA-2011-1377.NASL", "ORACLELINUX_ELSA-2011-1378.NASL", "ORACLELINUX_ELSA-2011-1423.NASL", "ORACLELINUX_ELSA-2012-0033.NASL", "ORACLELINUX_ELSA-2012-0071.NASL", "PHP_5_3_7.NASL", "PHP_5_4_0.NASL", "REDHAT-RHSA-2011-1377.NASL", "REDHAT-RHSA-2011-1378.NASL", "REDHAT-RHSA-2011-1423.NASL", "REDHAT-RHSA-2012-0033.NASL", "REDHAT-RHSA-2012-0071.NASL", "SLACKWARE_SSA_2011-237-01.NASL", "SL_20111017_POSTGRESQL84_ON_SL5_X.NASL", "SL_20111017_POSTGRESQL_ON_SL4_X.NASL", "SL_20111102_PHP53_AND_PHP_ON_SL5_X.NASL", "SL_20120118_PHP_ON_SL5_X.NASL", "SL_20120130_PHP_ON_SL4_X.NASL", "SUSE9_12813.NASL", "SUSE_11_3_APACHE2-MOD_PHP5-110601.NASL", "SUSE_11_3_APACHE2-MOD_PHP5-110907.NASL", "SUSE_11_3_GLIBC-110729.NASL", "SUSE_11_3_LIBXCRYPT-110824.NASL", "SUSE_11_3_MAN-PAGES-110823.NASL", "SUSE_11_3_YAST2-CORE-110822.NASL", "SUSE_11_4_APACHE2-MOD_PHP5-110601.NASL", "SUSE_11_4_APACHE2-MOD_PHP5-110907.NASL", "SUSE_11_4_GLIBC-110729.NASL", "SUSE_11_4_LIBXCRYPT-110824.NASL", "SUSE_11_4_MAN-PAGES-110823.NASL", "SUSE_11_4_YAST2-CORE-110822.NASL", "SUSE_11_APACHE2-MOD_PHP5-110601.NASL", "SUSE_11_APACHE2-MOD_PHP5-120309.NASL", "SUSE_11_GLIBC-110729.NASL", "SUSE_11_GLIBC-BLOWFISH-110729.NASL", "SUSE_11_LIBXCRYPT-110824.NASL", "SUSE_11_MAN-PAGES-110825.NASL", "SUSE_11_YAST2-CORE-110830.NASL", "SUSE_APACHE2-MOD_PHP5-7553.NASL", "SUSE_APACHE2-MOD_PHP5-7554.NASL", "SUSE_GLIBC-7659.NASL", "SUSE_GLIBC-7663.NASL", "SUSE_GLIBC-BLOWFISH-7663.NASL", "SUSE_POSTGRESQL-8311.NASL", "SUSE_SU-2012-1336-1.NASL", "SUSE_YAST2-CORE-7725.NASL", "SUSE_YAST2-CORE-7726.NASL", "UBUNTU_USN-1126-1.NASL", "UBUNTU_USN-1126-2.NASL", "UBUNTU_USN-1229-1.NASL", "UBUNTU_USN-1231-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310103229", "OPENVAS:1361412562310120517", "OPENVAS:1361412562310120570", "OPENVAS:1361412562310122011", "OPENVAS:1361412562310122061", "OPENVAS:1361412562310122072", "OPENVAS:1361412562310122073", "OPENVAS:136141256231069973", "OPENVAS:136141256231069976", "OPENVAS:136141256231070257", "OPENVAS:136141256231070716", "OPENVAS:136141256231070717", "OPENVAS:136141256231070769", "OPENVAS:136141256231070785", "OPENVAS:136141256231071135", "OPENVAS:136141256231071962", "OPENVAS:1361412562310802330", "OPENVAS:1361412562310802392", "OPENVAS:1361412562310831478", "OPENVAS:1361412562310831500", "OPENVAS:1361412562310831514", "OPENVAS:1361412562310840636", "OPENVAS:1361412562310840646", "OPENVAS:1361412562310840772", "OPENVAS:1361412562310840782", "OPENVAS:1361412562310850170", "OPENVAS:1361412562310863518", "OPENVAS:1361412562310863520", "OPENVAS:1361412562310863523", "OPENVAS:1361412562310863524", "OPENVAS:1361412562310863527", "OPENVAS:1361412562310863531", "OPENVAS:1361412562310863788", "OPENVAS:1361412562310863794", "OPENVAS:1361412562310863875", "OPENVAS:1361412562310870503", "OPENVAS:1361412562310870506", "OPENVAS:1361412562310870510", "OPENVAS:1361412562310870531", "OPENVAS:1361412562310870533", "OPENVAS:1361412562310881024", "OPENVAS:1361412562310881025", "OPENVAS:1361412562310881028", "OPENVAS:1361412562310881042", "OPENVAS:1361412562310881094", "OPENVAS:1361412562310881147", "OPENVAS:1361412562310881310", "OPENVAS:1361412562310881333", "OPENVAS:1361412562310881408", "OPENVAS:1361412562310881449", "OPENVAS:1361412562310902356", "OPENVAS:1361412562310902436", "OPENVAS:1361412562310902606", "OPENVAS:69973", "OPENVAS:69976", "OPENVAS:70257", "OPENVAS:70716", "OPENVAS:70717", "OPENVAS:70769", "OPENVAS:70785", "OPENVAS:71135", "OPENVAS:71962", "OPENVAS:802392", "OPENVAS:831478", "OPENVAS:831484", "OPENVAS:831500", "OPENVAS:831514", "OPENVAS:840636", "OPENVAS:840646", "OPENVAS:840772", "OPENVAS:840782", "OPENVAS:850170", "OPENVAS:863518", "OPENVAS:863520", "OPENVAS:863523", "OPENVAS:863524", "OPENVAS:863527", "OPENVAS:863531", "OPENVAS:863788", "OPENVAS:863794", "OPENVAS:863875", "OPENVAS:870503", "OPENVAS:870506", "OPENVAS:870510", "OPENVAS:870531", "OPENVAS:870533", "OPENVAS:881024", "OPENVAS:881025", "OPENVAS:881028", "OPENVAS:881042", "OPENVAS:881094", "OPENVAS:881147", "OPENVAS:881310", "OPENVAS:881333", "OPENVAS:881408", "OPENVAS:881449"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1377", "ELSA-2011-1378", "ELSA-2011-1423", "ELSA-2012-0033", "ELSA-2012-0071", "ELSA-2012-0677", "ELSA-2012-1046"]}, {"type": "osv", "idList": ["OSV:DSA-2266-1", "OSV:DSA-2340-1", "OSV:DSA-2399-1", "OSV:DSA-2408-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:101665", "PACKETSTORM:102751"]}, {"type": "redhat", "idList": ["RHSA-2011:1377", "RHSA-2011:1378", "RHSA-2011:1423", "RHSA-2012:0033", "RHSA-2012:0071"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26262", "SECURITYVULNS:DOC:26931", "SECURITYVULNS:DOC:27147", "SECURITYVULNS:DOC:27395", "SECURITYVULNS:DOC:27600", "SECURITYVULNS:DOC:28070", "SECURITYVULNS:VULN:11634", "SECURITYVULNS:VULN:11763", "SECURITYVULNS:VULN:11879", "SECURITYVULNS:VULN:11967", "SECURITYVULNS:VULN:12065", "SECURITYVULNS:VULN:12164"]}, {"type": "seebug", "idList": ["SSV:20381", "SSV:20582", "SSV:20694", "SSV:71717", "SSV:71847"]}, {"type": "slackware", "idList": ["SSA-2011-237-01"]}, {"type": "suse", "idList": ["SUSE-SA:2011:035", "SUSE-SU-2012:0496-1", "SUSE-SU-2013:1351-1"]}, {"type": "ubuntu", "idList": ["USN-1126-1", "USN-1126-2", "USN-1229-1", "USN-1231-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-1148", "UB:CVE-2011-1657", "UB:CVE-2011-1938", "UB:CVE-2011-2202", "UB:CVE-2011-2483", "UB:CVE-2011-3182", "UB:CVE-2011-3189", "UB:CVE-2011-3267", "UB:CVE-2011-3268"]}, {"type": "veracode", "idList": ["VERACODE:24727", "VERACODE:24744", "VERACODE:24749", "VERACODE:24750"]}]}, "score": {"value": 6.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2011-012"]}, {"type": "centos", "idList": ["CESA-2011:1377", "CESA-2011:1378", "CESA-2011:1423", "CESA-2012:0033", "CESA-2012:0071"]}, {"type": "cve", "idList": ["CVE-2011-1148", "CVE-2011-1657"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2262-2:2E683"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-2483"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:E01EEEA67E34582F2A422D4CD1795D05"]}, {"type": "f5", "idList": ["SOL13518", "SOL13519", "SOL15441", "SOL15903"]}, {"type": "fedora", "idList": ["FEDORA:2AA70C0AD2"]}, {"type": "freebsd", "idList": ["057BF770-CAC4-11E0-AEA3-00215C6A37BB"]}, {"type": "gentoo", "idList": ["GLSA-201110-06"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2012-0033/"]}, {"type": "nessus", "idList": ["6303.PRM", "DEBIAN_DSA-2266.NASL", "FEDORA_2011-11464.NASL", "MACOSX_SECUPD2012-001.NASL", "MANDRIVA_MDVSA-2011-180.NASL", "SUSE_11_3_MAN-PAGES-110823.NASL", "SUSE_YAST2-CORE-7726.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310831500", "OPENVAS:1361412562310881028", "OPENVAS:70717", "OPENVAS:840782", "OPENVAS:863523", "OPENVAS:863875", "OPENVAS:870510"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0033"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:101665"]}, {"type": "redhat", "idList": ["RHSA-2012:0071"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27395"]}, {"type": "seebug", "idList": ["SSV:71717"]}, {"type": "ubuntu", "idList": ["USN-1231-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-1148", "UB:CVE-2011-1657"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2011-1148", "epss": "0.015790000", "percentile": "0.852740000", "modified": "2023-03-15"}, {"cve": "CVE-2011-1938", "epss": "0.019890000", "percentile": "0.869990000", "modified": "2023-03-15"}, {"cve": "CVE-2011-2483", "epss": "0.004370000", "percentile": "0.707410000", "modified": "2023-03-15"}, {"cve": "CVE-2011-1657", "epss": "0.018190000", "percentile": "0.863320000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3268", "epss": "0.011820000", "percentile": "0.828780000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3182", "epss": "0.022540000", "percentile": "0.878330000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3267", "epss": "0.009580000", "percentile": "0.808950000", "modified": "2023-03-15"}, {"cve": "CVE-2011-2202", "epss": "0.064840000", "percentile": "0.925750000", "modified": "2023-03-15"}], "vulnersScore": 6.8}, "_state": {"dependencies": 1678916735, "score": 1683994424, "epss": 1678936357}, "_internal": {"score_hash": "c61dc59f865248651f6fc49e324f56ec"}, "pluginID": "1361412562310831484", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDVSA-2011:165 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-11/msg00003.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831484\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-08 19:08:19 +0530 (Tue, 08 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:165\");\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1657\", \"CVE-2011-1938\", \"CVE-2011-2202\",\n \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3267\", \"CVE-2011-3268\");\n script_name(\"Mandriva Update for php MDVSA-2011:165 (php)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_2010\\.1\");\n script_tag(name:\"affected\", value:\"php on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been identified and fixed in php:\n\n Use-after-free vulnerability in the substr_replace function in PHP\n 5.3.6 and earlier allows context-dependent attackers to cause a\n denial of service (memory corruption) or possibly have unspecified\n other impact by using the same variable for multiple arguments\n (CVE-2011-1148).\n\n The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions\n in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers\n to cause a denial of service (application crash) via certain flags\n arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND\n (CVE-2011-1657).\n\n Stack-based buffer overflow in the socket_connect function in\n ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\n context-dependent attackers to execute arbitrary code via a long\n pathname for a UNIX socket (CVE-2011-1938).\n\n The rfc1867_post_handler function in main/rfc1867.c in PHP before\n 5.3.7 does not properly restrict filenames in multipart/form-data\n POST requests, which allows remote attackers to conduct absolute\n path traversal attacks, and possibly create or overwrite arbitrary\n files, via a crafted upload request, related to a file path injection\n vulnerability. (CVE-2011-2202).\n\n crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\n platforms, does not properly handle 8-bit characters, which makes\n it easier for context-dependent attackers to determine a cleartext\n password by leveraging knowledge of a password hash (CVE-2011-2483).\n\n PHP before 5.3.7 does not properly check the return values of\n the malloc, calloc, and realloc library functions, which allows\n context-dependent attackers to cause a denial of service (NULL\n pointer dereference and application crash) or trigger a buffer\n overflow by leveraging the ability to provide an arbitrary value\n for a function argument, related to (1) ext/curl/interface.c, (2)\n ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c,\n (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\n ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c,\n (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10)\n TSRM/tsrm_win32.c, and (11) the strtotime function (CVE-2011-3182).\n\n PHP before 5.3.7 does not properly implement the error_log function,\n which allows context-dependent attackers to cause a denial of service\n (application crash) via unspecified vectors (CVE-2011-3267).\n\n Buffer overflow in the crypt function in PHP before 5.3.7 allows\n context-dependent attackers to ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.9~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.9~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-doc\", rpm:\"php-doc~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gearman\", rpm:\"php-gearman~0.7.0~0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mailparse\", rpm:\"php-mailparse~2.1.5~8.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~35.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha2.8.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-phar\", rpm:\"php-phar~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pinba\", rpm:\"php-pinba~0.0.5~2.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~33.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sphinx\", rpm:\"php-sphinx~1.0.4~2.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite3\", rpm:\"php-sqlite3~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.2~0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.32.1~0.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase_ct\", rpm:\"php-sybase_ct~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.5~7.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-timezonedb\", rpm:\"php-timezonedb~2011.14~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.1~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.10.1~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~13.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.1.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Mandrake Local Security Checks"}

{"nessus": [{"lastseen": "2023-05-18T14:24:11", "description": "Multiple vulnerabilities has been identified and fixed in php :\n\nUse-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments (CVE-2011-1148).\n\nThe (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND (CVE-2011-1657).\n\nStack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket (CVE-2011-1938).\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a file path injection vulnerability. (CVE-2011-2202).\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483).\n\nPHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function (CVE-2011-3182).\n\nPHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors (CVE-2011-3267).\n\nBuffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483 (CVE-2011-3268).\n\nThe updated php packages have been upgraded to 5.3.8 which is not vulnerable to these issues.\n\nAdditionally some of the PECL extensions has been upgraded and/or rebuilt for the new php version.", "cvss3": {}, "published": "2011-11-04T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : php (MDVSA-2011:165)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1657", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3267", "CVE-2011-3268"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache-mod_php", "p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:libphp5_common5", "p-cpe:/a:mandriva:linux:php-apc", "p-cpe:/a:mandriva:linux:php-apc-admin", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-bz2", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-ctype", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-doc", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-eaccelerator", "p-cpe:/a:mandriva:linux:php-eaccelerator-admin", "p-cpe:/a:mandriva:linux:php-enchant", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-fileinfo", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-fpm", "p-cpe:/a:mandriva:linux:php-pdo", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-gearman", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "p-cpe:/a:mandriva:linux:php-intl", "p-cpe:/a:mandriva:linux:php-pgsql", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-phar", "p-cpe:/a:mandriva:linux:php-mailparse", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-mcal", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-pinba", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-mysqli", "p-cpe:/a:mandriva:linux:php-posix", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-openssl", "p-cpe:/a:mandriva:linux:php-pspell", "p-cpe:/a:mandriva:linux:php-optimizer", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-readline", "p-cpe:/a:mandriva:linux:php-ssh2", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:php-suhosin", "p-cpe:/a:mandriva:linux:php-sybase_ct", "p-cpe:/a:mandriva:linux:php-sasl", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-tclink", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-timezonedb", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-translit", "p-cpe:/a:mandriva:linux:php-vld", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-xattr", "p-cpe:/a:mandriva:linux:php-xdebug", "p-cpe:/a:mandriva:linux:php-sphinx", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-sqlite", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-sqlite3", "p-cpe:/a:mandriva:linux:php-zip", "p-cpe:/a:mandriva:linux:php-zlib", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2011-165.NASL", "href": "https://www.tenable.com/plugins/nessus/56707", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:165. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56707);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1657\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3267\", \"CVE-2011-3268\");\n script_bugtraq_id(46843, 47950, 48259, 49241, 49249, 49252);\n script_xref(name:\"MDVSA\", value:\"2011:165\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2011:165)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been identified and fixed in php :\n\nUse-after-free vulnerability in the substr_replace function in PHP\n5.3.6 and earlier allows context-dependent attackers to cause a denial\nof service (memory corruption) or possibly have unspecified other\nimpact by using the same variable for multiple arguments\n(CVE-2011-1148).\n\nThe (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions\nin ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to\ncause a denial of service (application crash) via certain flags\narguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND\n(CVE-2011-1657).\n\nStack-based buffer overflow in the socket_connect function in\next/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\ncontext-dependent attackers to execute arbitrary code via a long\npathname for a UNIX socket (CVE-2011-1938).\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a file path injection\nvulnerability. (CVE-2011-2202).\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\nplatforms, does not properly handle 8-bit characters, which makes it\neasier for context-dependent attackers to determine a cleartext\npassword by leveraging knowledge of a password hash (CVE-2011-2483).\n\nPHP before 5.3.7 does not properly check the return values of the\nmalloc, calloc, and realloc library functions, which allows\ncontext-dependent attackers to cause a denial of service (NULL pointer\ndereference and application crash) or trigger a buffer overflow by\nleveraging the ability to provide an arbitrary value for a function\nargument, related to (1) ext/curl/interface.c, (2)\next/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4)\next/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\next/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8)\next/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10)\nTSRM/tsrm_win32.c, and (11) the strtotime function (CVE-2011-3182).\n\nPHP before 5.3.7 does not properly implement the error_log function,\nwhich allows context-dependent attackers to cause a denial of service\n(application crash) via unspecified vectors (CVE-2011-3267).\n\nBuffer overflow in the crypt function in PHP before 5.3.7 allows\ncontext-dependent attackers to have an unspecified impact via a long\nsalt argument, a different vulnerability than CVE-2011-2483\n(CVE-2011-3268).\n\nThe updated php packages have been upgraded to 5.3.8 which is not\nvulnerable to these issues.\n\nAdditionally some of the PECL extensions has been upgraded and/or\nrebuilt for the new php version.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-eaccelerator-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gearman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mailparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-optimizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pinba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sphinx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase_ct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tclink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-timezonedb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-translit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-vld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xattr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_php-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libphp5_common5-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-apc-3.1.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-apc-admin-3.1.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-bcmath-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-bz2-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-calendar-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-cgi-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-cli-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ctype-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-curl-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-dba-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-devel-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-doc-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-dom-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-eaccelerator-0.9.6.1-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-eaccelerator-admin-0.9.6.1-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-enchant-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-exif-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-fileinfo-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-filter-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-fpm-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ftp-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gd-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gearman-0.7.0-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gettext-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-gmp-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-hash-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-iconv-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-imap-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-intl-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-json-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ldap-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mailparse-2.1.5-8.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mbstring-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mcal-0.6-35.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mcrypt-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mssql-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mysql-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-mysqli-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-odbc-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-openssl-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-optimizer-0.1-0.alpha2.8.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pcntl-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_dblib-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_mysql-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_odbc-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_pgsql-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pdo_sqlite-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pgsql-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-phar-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pinba-0.0.5-2.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-posix-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pspell-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-readline-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-recode-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sasl-0.1.0-33.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-session-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-shmop-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-snmp-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-soap-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sockets-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sphinx-1.0.4-2.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sqlite-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sqlite3-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-ssh2-0.11.2-0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-suhosin-0.9.32.1-0.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sybase_ct-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvmsg-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvsem-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-sysvshm-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tclink-3.4.5-7.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tidy-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-timezonedb-2011.14-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-tokenizer-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-translit-0.6.1-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-vld-0.10.1-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-wddx-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xattr-1.1.0-13.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xdebug-2.1.2-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xml-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlreader-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlrpc-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xmlwriter-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-xsl-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-zip-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-zlib-5.3.8-0.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:43", "description": "According to its banner, the version of PHP 5.3.x running on the remote host is prior to 5.3.7. It is, therefore, affected by the following vulnerabilities :\n\n - A use-after-free vulnerability in substr_replace().\n (CVE-2011-1148)\n\n - A stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - A code execution vulnerability in ZipArchive::addGlob().\n (CVE-2011-1657)\n\n - crypt_blowfish was updated to 1.2. (CVE-2011-2483)\n\n - Multiple NULL pointer dereferences. (CVE-2011-3182)\n\n - An unspecified crash in error_log(). (CVE-2011-3267)\n\n - A buffer overflow in crypt(). (CVE-2011-3268)\n\n - A flaw exists in the php_win32_get_random_bytes() function when passing MCRYPT_DEV_URANDOM as source to mcrypt_create_iv(). A remote attacker can exploit this to cause a denial of service condition.", "cvss3": {}, "published": "2011-08-22T00:00:00", "type": "nessus", "title": "PHP 5.3 < 5.3.7 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1657", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3267", "CVE-2011-3268"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_3_7.NASL", "href": "https://www.tenable.com/plugins/nessus/55925", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55925);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2011-1148\",\n \"CVE-2011-1657\",\n \"CVE-2011-1938\",\n \"CVE-2011-2202\",\n \"CVE-2011-2483\",\n \"CVE-2011-3182\",\n \"CVE-2011-3267\",\n \"CVE-2011-3268\"\n );\n script_bugtraq_id(\n 46843,\n 47950,\n 48259,\n 49241,\n 49249,\n 49252\n );\n script_xref(name:\"EDB-ID\", value:\"17318\");\n script_xref(name:\"EDB-ID\", value:\"17486\");\n\n script_name(english:\"PHP 5.3 < 5.3.7 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.3.x running on the\nremote host is prior to 5.3.7. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A use-after-free vulnerability in substr_replace().\n (CVE-2011-1148)\n\n - A stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - A code execution vulnerability in ZipArchive::addGlob().\n (CVE-2011-1657)\n\n - crypt_blowfish was updated to 1.2. (CVE-2011-2483)\n\n - Multiple NULL pointer dereferences. (CVE-2011-3182)\n\n - An unspecified crash in error_log(). (CVE-2011-3267)\n\n - A buffer overflow in crypt(). (CVE-2011-3268)\n\n - A flaw exists in the php_win32_get_random_bytes()\n function when passing MCRYPT_DEV_URANDOM as source to\n mcrypt_create_iv(). A remote attacker can exploit this\n to cause a denial of service condition.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://securityreason.com/achievement_securityalert/101\");\n script_set_attribute(attribute:\"see_also\", value:\"http://securityreason.com/exploitalert/10738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=54238\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=54681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=54939\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/releases/5_3_7.php\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP 5.3.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3268\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ '^5(\\\\.3)?$') exit(1, \"The banner for PHP on port \"+port+\" - \"+source+\" - is not granular enough to make a determination.\");\n\nif (version =~ \"^5\\.3\\.[0-6]($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.3.7\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:04", "description": "Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce for 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-09-19T00:00:00", "type": "nessus", "title": "Fedora 15 : maniadrive-1.2-32.fc15 / php-5.3.8-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15 (2011-11528)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:maniadrive", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-11528.NASL", "href": "https://www.tenable.com/plugins/nessus/56218", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11528.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56218);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\");\n script_bugtraq_id(46843, 47950, 48259, 49241, 49249);\n script_xref(name:\"FEDORA\", value:\"2011-11528\");\n\n script_name(english:\"Fedora 15 : maniadrive-1.2-32.fc15 / php-5.3.8-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15 (2011-11528)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz\n Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in\n RFC1867 File upload filename). Reported by Krzysztof\n Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce\nfor 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-18-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-23-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=709067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=713194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732516\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066105.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?665afecc\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066106.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?06722286\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066107.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b071447c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"maniadrive-1.2-32.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"php-5.3.8-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"php-eaccelerator-0.9.6.1-9.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:04", "description": "Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce for 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-09-19T00:00:00", "type": "nessus", "title": "Fedora 14 : maniadrive-1.2-32.fc14 / php-5.3.8-1.fc14 / php-eaccelerator-0.9.6.1-9.fc14 (2011-11537)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:maniadrive", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-11537.NASL", "href": "https://www.tenable.com/plugins/nessus/56219", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11537.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56219);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\");\n script_bugtraq_id(46843, 47950, 48259, 49241, 49249);\n script_xref(name:\"FEDORA\", value:\"2011-11537\");\n\n script_name(english:\"Fedora 14 : maniadrive-1.2-32.fc14 / php-5.3.8-1.fc14 / php-eaccelerator-0.9.6.1-9.fc14 (2011-11537)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz\n Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in\n RFC1867 File upload filename). Reported by Krzysztof\n Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce\nfor 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-18-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-23-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=709067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=713194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732516\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066102.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4634af29\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066103.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d7ceb4d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066104.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8d9735d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"maniadrive-1.2-32.fc14\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"php-5.3.8-1.fc14\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"php-eaccelerator-0.9.6.1-9.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:08", "description": "Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1\n\nUpstream announce for 5.3.7:\nhttp://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nphp package now provides both apache modules (for prefork and worker MPM).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-09-12T00:00:00", "type": "nessus", "title": "Fedora 16 : maniadrive-1.2-32.fc16 / php-5.3.8-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16 (2011-11464)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:maniadrive", "p-cpe:/a:fedoraproject:fedora:php", "p-cpe:/a:fedoraproject:fedora:php-eaccelerator", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2011-11464.NASL", "href": "https://www.tenable.com/plugins/nessus/56150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11464.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56150);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\");\n script_bugtraq_id(46843, 47950, 48259, 49241, 49249);\n script_xref(name:\"FEDORA\", value:\"2011-11464\");\n\n script_name(english:\"Fedora 16 : maniadrive-1.2-32.fc16 / php-5.3.8-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16 (2011-11464)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Enhancements and Fixes :\n\n - Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n - Fixed crash in error_log(). Reported by Mateusz\n Kocielski\n\n - Fixed buffer overflow on overlog salt in crypt().\n\n - Fixed bug #54939 (File path injection vulnerability in\n RFC1867 File upload filename). Reported by Krzysztof\n Kotowicz. (CVE-2011-2202)\n\n - Fixed stack-based buffer overflow in socket_connect().\n (CVE-2011-1938)\n\n - Fixed bug #54238 (use-after-free in substr_replace()).\n (CVE-2011-1148)\n\nUpstream announce for 5.3.8:\nhttp://www.php.net/archive/2011.php#id2011-08-23-1\n\nUpstream announce for 5.3.7:\nhttp://www.php.net/archive/2011.php#id2011-08-18-1\n\nFull Changelog: http://www.php.net/ChangeLog-5.php#5.3.8\n\nphp package now provides both apache modules (for prefork and worker\nMPM).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.3.8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-18-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/archive/2011.php#id2011-08-23-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=709067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=713194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=732516\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065673.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1686eb9b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065674.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a64ae93c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065675.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d04815a3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected maniadrive, php and / or php-eaccelerator\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:maniadrive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-eaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"maniadrive-1.2-32.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"php-5.3.8-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"php-eaccelerator-0.9.6.1-9.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"maniadrive / php / php-eaccelerator\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:21", "description": "The blowfish password hashing implementation did not properly handle 8-characters in passwords, which made it easier for attackers to crack the hash (CVE-2011-2483). After this update existing hashes with id '$2a$' for passwords that contain 8-bit characters will no longer be compatible with newly generated hashes. Affected users will either have to change their password to store a new hash or the id of the existing hash has to be manually changed to '$2x$' in order to activate a compat mode. Please see the description of the CVE-2011-2483 glibc update for details.\n\nFile uploads could potentially overwrite files owned by the user running php (CVE-2011-2202).\n\nA long salt argument to the crypt function could cause a buffer overflow (CVE-2011-3268)\n\nIncorrect implementation of the error_log function could crash php (CVE-2011-3267)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1138-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3267", "CVE-2011-3268"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-hash", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-hash-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo"], "id": "SUSE_11_4_APACHE2-MOD_PHP5-110907.NASL", "href": "https://www.tenable.com/plugins/nessus/75791", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-mod_php5-5113.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75791);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3267\", \"CVE-2011-3268\");\n\n script_name(english:\"openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1138-1)\");\n script_summary(english:\"Check for the apache2-mod_php5-5113 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The blowfish password hashing implementation did not properly handle\n8-characters in passwords, which made it easier for attackers to crack\nthe hash (CVE-2011-2483). After this update existing hashes with id\n'$2a$' for passwords that contain 8-bit characters will no longer be\ncompatible with newly generated hashes. Affected users will either\nhave to change their password to store a new hash or the id of the\nexisting hash has to be manually changed to '$2x$' in order to\nactivate a compat mode. Please see the description of the\nCVE-2011-2483 glibc update for details.\n\nFile uploads could potentially overwrite files owned by the user\nrunning php (CVE-2011-2202).\n\nA long salt argument to the crypt function could cause a buffer\noverflow (CVE-2011-3268)\n\nIncorrect implementation of the error_log function could crash php\n(CVE-2011-3267)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=701491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=709549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=715640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=715646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-10/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_php5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-hash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-mod_php5-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-mod_php5-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-bcmath-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-bcmath-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-bz2-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-bz2-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-calendar-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-calendar-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-ctype-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-ctype-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-curl-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-curl-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-dba-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-dba-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-debugsource-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-devel-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-dom-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-dom-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-enchant-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-enchant-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-exif-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-exif-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-fastcgi-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-fastcgi-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-fileinfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-fileinfo-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-fpm-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-fpm-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-ftp-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-ftp-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-gd-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-gd-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-gettext-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-gettext-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-gmp-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-gmp-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-hash-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-hash-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-iconv-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-iconv-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-imap-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-imap-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-intl-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-intl-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-json-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-json-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-ldap-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-ldap-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-mbstring-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-mbstring-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-mcrypt-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-mcrypt-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-mysql-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-mysql-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-odbc-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-odbc-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-openssl-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-openssl-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-pcntl-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-pcntl-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-pdo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-pdo-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-pear-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-pgsql-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-pgsql-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-phar-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-phar-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-posix-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-posix-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-pspell-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-pspell-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-readline-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-readline-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-shmop-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-shmop-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-snmp-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-snmp-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-soap-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-soap-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sockets-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sockets-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sqlite-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sqlite-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-suhosin-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-suhosin-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sysvmsg-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sysvmsg-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sysvsem-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sysvsem-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sysvshm-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-sysvshm-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-tidy-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-tidy-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-tokenizer-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-tokenizer-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-wddx-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-wddx-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-xmlreader-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-xmlreader-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-xmlrpc-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-xmlrpc-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-xmlwriter-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-xmlwriter-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-xsl-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-xsl-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-zip-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-zip-debuginfo-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-zlib-5.3.5-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"php5-zlib-debuginfo-5.3.5-5.16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / php5 / php5-bcmath / php5-bz2 / php5-calendar / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:37", "description": "Versions of PHP 5.3 earlier than 5.3.7 are potentially affected by multiple vulnerabilities : \n\n - A stack buffer overflow exists in socket_connect(). (CVE-2011-1938)\n\n - A use-after-free vulnerability exists in substr_replace(). (CVE-2011-1148)\n\n - A code execution vulnerability exists in ZipArchive: : addGlob(). (CVE-2011-1657)\n\n - crypt_blowfish was updated to 1.2. (CVE-2011-2483)\n\n - Multiple null pointer dereferences exist.\n\n - An unspecified crash exists in error_log().\n\n - A buffer overflow vulnerability exists in crypt().", "cvss3": {}, "published": "2011-08-23T00:00:00", "type": "nessus", "title": "PHP 5.3 < 5.3.7 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1657", "CVE-2011-1938", "CVE-2011-2483"], "modified": "2011-08-23T00:00:00", "cpe": [], "id": "801087.PRM", "href": "https://www.tenable.com/plugins/lce/801087", "sourceData": "Binary data 801087.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:38", "description": "Versions of PHP 5.3 earlier than 5.3.7 are potentially affected by multiple vulnerabilities : \n\n - A stack buffer overflow exists in socket_connect(). (CVE-2011-1938)\n\n - A use-after-free vulnerability exists in substr_replace(). (CVE-2011-1148)\n\n - A code execution vulnerability exists in ZipArchive: : addGlob(). (CVE-2011-1657)\n\n - crypt_blowfish was updated to 1.2. (CVE-2011-2483)\n\n - Multiple null pointer dereferences exist.\n\n - An unspecified crash exists in error_log().\n\n - A buffer overflow vulnerability exists in crypt().\n - A flaw exists in the php_win32_get_random_bytes() function when passing MCRYPT_DEV_URANDOM as source to mcrypt_create_iv(). A remote attacker can exploit this to cause a denial of service condition.", "cvss3": {}, "published": "2011-08-23T00:00:00", "type": "nessus", "title": "PHP 5.3.x < 5.3.7 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1657", "CVE-2011-1938", "CVE-2011-2483"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "6015.PRM", "href": "https://www.tenable.com/plugins/nnm/6015", "sourceData": "Binary data 6015.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:51", "description": "PHP development team reports :\n\nSecurity Enhancements and Fixes in PHP 5.3.7 :\n\n- Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n- Fixed crash in error_log(). Reported by Mateusz Kocielski\n\n- Fixed buffer overflow on overlog salt in crypt().\n\n- Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)\n\n- Fixed stack-based buffer overflow in socket_connect(). (CVE-2011-1938)\n\n- Fixed bug #54238 (use-after-free in substr_replace()).\n(CVE-2011-1148)", "cvss3": {}, "published": "2011-08-20T00:00:00", "type": "nessus", "title": "FreeBSD : php -- multiple vulnerabilities (057bf770-cac4-11e0-aea3-00215c6a37bb)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:php5", "p-cpe:/a:freebsd:freebsd:php5-sockets", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_057BF770CAC411E0AEA300215C6A37BB.NASL", "href": "https://www.tenable.com/plugins/nessus/55912", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55912);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\");\n script_bugtraq_id(49241);\n\n script_name(english:\"FreeBSD : php -- multiple vulnerabilities (057bf770-cac4-11e0-aea3-00215c6a37bb)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP development team reports :\n\nSecurity Enhancements and Fixes in PHP 5.3.7 :\n\n- Updated crypt_blowfish to 1.2. (CVE-2011-2483)\n\n- Fixed crash in error_log(). Reported by Mateusz Kocielski\n\n- Fixed buffer overflow on overlog salt in crypt().\n\n- Fixed bug #54939 (File path injection vulnerability in RFC1867 File\nupload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)\n\n- Fixed stack-based buffer overflow in socket_connect(). (CVE-2011-1938)\n\n- Fixed bug #54238 (use-after-free in substr_replace()).\n(CVE-2011-1148)\"\n );\n # https://vuxml.freebsd.org/freebsd/057bf770-cac4-11e0-aea3-00215c6a37bb.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?236b579e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php5<5.3.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-sockets<5.3.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:37", "description": "Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socket_connect function's handling of long pathnames for AF_UNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code; however, the default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1938)\n\nKrzysztof Kotowicz discovered that the PHP post handler function does not properly restrict filenames in multipart/form-data POST requests.\nThis may allow remote attackers to conduct absolute path traversal attacks and possibly create or overwrite arbitrary files. This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-2202)\n\nIt was discovered that the crypt function for blowfish does not properly handle 8-bit characters. This could make it easier for an attacker to discover a cleartext password containing an 8-bit character that has a matching blowfish crypt value. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.\n(CVE-2011-2483)\n\nIt was discovered that PHP did not properly check the return values of the malloc(3), calloc(3) and realloc(3) library functions in multiple locations. This could allow an attacker to cause a denial of service via a NULL pointer dereference or possibly execute arbitrary code.\nThis issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-3182)\n\nMaksymilian Arciemowicz discovered that PHP did not properly implement the error_log function. This could allow an attacker to cause a denial of service via an application crash. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3267)\n\nMaksymilian Arciemowicz discovered that the ZipArchive functions addGlob() and addPattern() did not properly check their flag arguments. This could allow a malicious script author to cause a denial of service via application crash. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10.\n(CVE-2011-1657)\n\nIt was discovered that the Xend opcode parser in PHP could be interrupted while handling the shift-left, shift-right, and bitwise-xor opcodes. This could allow a malicious script author to expose memory contents. This issue affected Ubuntu 10.04 LTS.\n(CVE-2010-1914)\n\nIt was discovered that the strrchr function in PHP could be interrupted by a malicious script, allowing the exposure of memory contents. This issue affected Ubuntu 8.04 LTS. (CVE-2010-2484).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-10-19T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerabilities (USN-1231-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1914", "CVE-2010-2484", "CVE-2011-1657", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3267"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-common", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1231-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56554", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1231-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56554);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2010-1914\", \"CVE-2010-2484\", \"CVE-2011-1657\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3267\");\n script_bugtraq_id(41991, 47950, 48259, 49241, 49249, 49252);\n script_xref(name:\"USN\", value:\"1231-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerabilities (USN-1231-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a\nstack-based buffer overflow existed in the socket_connect function's\nhandling of long pathnames for AF_UNIX sockets. A remote attacker\nmight be able to exploit this to execute arbitrary code; however, the\ndefault compiler options for affected releases should reduce the\nvulnerability to a denial of service. This issue affected Ubuntu 10.04\nLTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1938)\n\nKrzysztof Kotowicz discovered that the PHP post handler function does\nnot properly restrict filenames in multipart/form-data POST requests.\nThis may allow remote attackers to conduct absolute path traversal\nattacks and possibly create or overwrite arbitrary files. This issue\naffected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu\n11.04. (CVE-2011-2202)\n\nIt was discovered that the crypt function for blowfish does not\nproperly handle 8-bit characters. This could make it easier for an\nattacker to discover a cleartext password containing an 8-bit\ncharacter that has a matching blowfish crypt value. This issue\naffected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.\n(CVE-2011-2483)\n\nIt was discovered that PHP did not properly check the return values of\nthe malloc(3), calloc(3) and realloc(3) library functions in multiple\nlocations. This could allow an attacker to cause a denial of service\nvia a NULL pointer dereference or possibly execute arbitrary code.\nThis issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\nand Ubuntu 11.04. (CVE-2011-3182)\n\nMaksymilian Arciemowicz discovered that PHP did not properly implement\nthe error_log function. This could allow an attacker to cause a denial\nof service via an application crash. This issue affected Ubuntu 10.04\nLTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3267)\n\nMaksymilian Arciemowicz discovered that the ZipArchive functions\naddGlob() and addPattern() did not properly check their flag\narguments. This could allow a malicious script author to cause a\ndenial of service via application crash. This issue affected Ubuntu\n10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10.\n(CVE-2011-1657)\n\nIt was discovered that the Xend opcode parser in PHP could be\ninterrupted while handling the shift-left, shift-right, and\nbitwise-xor opcodes. This could allow a malicious script author to\nexpose memory contents. This issue affected Ubuntu 10.04 LTS.\n(CVE-2010-1914)\n\nIt was discovered that the strrchr function in PHP could be\ninterrupted by a malicious script, allowing the exposure of memory\ncontents. This issue affected Ubuntu 8.04 LTS. (CVE-2010-2484).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1231-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.4-2ubuntu5.18\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cgi\", pkgver:\"5.2.4-2ubuntu5.18\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-cli\", pkgver:\"5.2.4-2ubuntu5.18\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"php5-common\", pkgver:\"5.2.4-2ubuntu5.18\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.2-1ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.2-1ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cli\", pkgver:\"5.3.2-1ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-common\", pkgver:\"5.3.2-1ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.3-1ubuntu9.6\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-cgi\", pkgver:\"5.3.3-1ubuntu9.6\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-cli\", pkgver:\"5.3.3-1ubuntu9.6\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"php5-common\", pkgver:\"5.3.3-1ubuntu9.6\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.5-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.5-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-cli\", pkgver:\"5.3.5-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"php5-common\", pkgver:\"5.3.5-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.6-13ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"php5-cgi\", pkgver:\"5.3.6-13ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"php5-cli\", pkgver:\"5.3.6-13ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"php5-common\", pkgver:\"5.3.6-13ubuntu3.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / php5-cgi / php5-cli / php5-common\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:49", "description": "New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.", "cvss3": {}, "published": "2011-08-26T00:00:00", "type": "nessus", "title": "Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : php (SSA:2011-237-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:php", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37"], "id": "SLACKWARE_SSA_2011-237-01.NASL", "href": "https://www.tenable.com/plugins/nessus/55980", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2011-237-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55980);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\");\n script_bugtraq_id(46843, 47950, 48259, 49241);\n script_xref(name:\"SSA\", value:\"2011-237-01\");\n\n script_name(english:\"Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : php (SSA:2011-237-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2,\n13.0, 13.1, 13.37, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.575575\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0c1f1ac5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"11.0\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.3.8\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:23:45", "description": "The MITRE CVE database describes these CVEs as :\n\nRevert is_a() behavior to php <= 5.3.6 and add a new new option (allow_string) for the new behavior (accept string and raise autoload if needed)\n\nUse-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.\n\nStack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a 'file path injection vulnerability.'\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.\n\nPHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function.", "cvss3": {}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php (ALAS-2011-07)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3379"], "modified": "2016-01-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php", "p-cpe:/a:amazon:linux:php-bcmath", "p-cpe:/a:amazon:linux:php-cli", "p-cpe:/a:amazon:linux:php-common", "p-cpe:/a:amazon:linux:php-dba", "p-cpe:/a:amazon:linux:php-debuginfo", "p-cpe:/a:amazon:linux:php-devel", "p-cpe:/a:amazon:linux:php-embedded", "p-cpe:/a:amazon:linux:php-fpm", "p-cpe:/a:amazon:linux:php-gd", "p-cpe:/a:amazon:linux:php-imap", "p-cpe:/a:amazon:linux:php-intl", "p-cpe:/a:amazon:linux:php-ldap", "p-cpe:/a:amazon:linux:php-mbstring", "p-cpe:/a:amazon:linux:php-mcrypt", "p-cpe:/a:amazon:linux:php-mssql", "p-cpe:/a:amazon:linux:php-mysql", "p-cpe:/a:amazon:linux:php-odbc", "p-cpe:/a:amazon:linux:php-pdo", "p-cpe:/a:amazon:linux:php-pgsql", "p-cpe:/a:amazon:linux:php-process", "p-cpe:/a:amazon:linux:php-pspell", "p-cpe:/a:amazon:linux:php-snmp", "p-cpe:/a:amazon:linux:php-soap", "p-cpe:/a:amazon:linux:php-tidy", "p-cpe:/a:amazon:linux:php-xml", "p-cpe:/a:amazon:linux:php-xmlrpc", "p-cpe:/a:amazon:linux:php-zts", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2011-07.NASL", "href": "https://www.tenable.com/plugins/nessus/69566", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2011-07.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69566);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2016/01/27 16:45:01 $\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3379\");\n script_xref(name:\"ALAS\", value:\"2011-07\");\n\n script_name(english:\"Amazon Linux AMI : php (ALAS-2011-07)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The MITRE CVE database describes these CVEs as :\n\nRevert is_a() behavior to php <= 5.3.6 and add a new new option\n(allow_string) for the new behavior (accept string and raise autoload\nif needed)\n\nUse-after-free vulnerability in the substr_replace function in PHP\n5.3.6 and earlier allows context-dependent attackers to cause a denial\nof service (memory corruption) or possibly have unspecified other\nimpact by using the same variable for multiple arguments.\n\nStack-based buffer overflow in the socket_connect function in\next/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\ncontext-dependent attackers to execute arbitrary code via a long\npathname for a UNIX socket.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a 'file path injection\nvulnerability.'\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\nplatforms, does not properly handle 8-bit characters, which makes it\neasier for context-dependent attackers to determine a cleartext\npassword by leveraging knowledge of a password hash.\n\nPHP before 5.3.7 does not properly check the return values of the\nmalloc, calloc, and realloc library functions, which allows\ncontext-dependent attackers to cause a denial of service (NULL pointer\ndereference and application crash) or trigger a buffer overflow by\nleveraging the ability to provide an arbitrary value for a function\nargument, related to (1) ext/curl/interface.c, (2)\next/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4)\next/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\next/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8)\next/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10)\nTSRM/tsrm_win32.c, and (11) the strtotime function.\"\n );\n # https://admin.fedoraproject.org/updates/php-5.3.8-1.fc15,php-eaccelerator-0.9.6.1-9.fc15,maniadrive-1.2-32.fc15\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f94687c5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://admin.fedoraproject.org/updates/php-5.3.8-3.fc15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2011-7.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum upgrade php*' to upgrade your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/AmazonLinux/release\")) audit(AUDIT_OS_NOT, \"Amazon Linux AMI\");\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-bcmath-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-cli-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-common-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-dba-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-debuginfo-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-devel-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-embedded-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-fpm-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-gd-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-imap-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-intl-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ldap-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mbstring-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mcrypt-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mssql-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mysql-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-odbc-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pdo-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pgsql-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-process-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pspell-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-snmp-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-soap-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-tidy-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-xml-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-xmlrpc-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-zts-5.3.8-3.19.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:55", "description": "PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function.\n\nThe is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the\n__autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.\n\nphp: changes to is_a() in 5.3.7 may allow arbitrary code execution with certain code\n\nA signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.\n\nA signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.\n\nA stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter.\n\nStack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a 'file path injection vulnerability.'\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the 'apache' user, preventing it from writing to the root directory.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a 'file path injection vulnerability.'\n\nUse-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code.", "cvss3": {}, "published": "2014-10-12T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php (ALAS-2011-7)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3379"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php", "p-cpe:/a:amazon:linux:php-bcmath", "p-cpe:/a:amazon:linux:php-cli", "p-cpe:/a:amazon:linux:php-common", "p-cpe:/a:amazon:linux:php-dba", "p-cpe:/a:amazon:linux:php-debuginfo", "p-cpe:/a:amazon:linux:php-devel", "p-cpe:/a:amazon:linux:php-embedded", "p-cpe:/a:amazon:linux:php-fpm", "p-cpe:/a:amazon:linux:php-gd", "p-cpe:/a:amazon:linux:php-imap", "p-cpe:/a:amazon:linux:php-intl", "p-cpe:/a:amazon:linux:php-ldap", "p-cpe:/a:amazon:linux:php-mbstring", "p-cpe:/a:amazon:linux:php-mcrypt", "p-cpe:/a:amazon:linux:php-mssql", "p-cpe:/a:amazon:linux:php-mysql", "p-cpe:/a:amazon:linux:php-odbc", "p-cpe:/a:amazon:linux:php-pdo", "p-cpe:/a:amazon:linux:php-pgsql", "p-cpe:/a:amazon:linux:php-process", "p-cpe:/a:amazon:linux:php-pspell", "p-cpe:/a:amazon:linux:php-snmp", "p-cpe:/a:amazon:linux:php-soap", "p-cpe:/a:amazon:linux:php-tidy", "p-cpe:/a:amazon:linux:php-xml", "p-cpe:/a:amazon:linux:php-xmlrpc", "p-cpe:/a:amazon:linux:php-zts", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2011-7.NASL", "href": "https://www.tenable.com/plugins/nessus/78268", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2011-7.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78268);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3379\");\n script_xref(name:\"ALAS\", value:\"2011-7\");\n\n script_name(english:\"Amazon Linux AMI : php (ALAS-2011-7)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP before 5.3.7 does not properly check the return values of the\nmalloc, calloc, and realloc library functions, which allows\ncontext-dependent attackers to cause a denial of service (NULL pointer\ndereference and application crash) or trigger a buffer overflow by\nleveraging the ability to provide an arbitrary value for a function\nargument, related to (1) ext/curl/interface.c, (2)\next/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4)\next/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\next/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8)\next/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10)\nTSRM/tsrm_win32.c, and (11) the strtotime function.\n\nThe is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the\n__autoload function, which makes it easier for remote attackers to\nexecute arbitrary code by providing a crafted URL and leveraging\npotentially unsafe behavior in certain PEAR packages and custom\nautoloaders.\n\nphp: changes to is_a() in 5.3.7 may allow arbitrary code execution\nwith certain code\n\nA signedness issue was found in the way the PHP crypt() function\nhandled 8-bit characters in passwords when using Blowfish hashing. Up\nto three characters immediately preceding a non-ASCII character (one\nwith the high bit set) had no effect on the hash result, thus\nshortening the effective password length. This made brute-force\nguessing more efficient as several different passwords were hashed to\nthe same value.\n\nA signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value.\n\ncrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\nplatforms, PostgreSQL before 8.4.9, and other products, does not\nproperly handle 8-bit characters, which makes it easier for\ncontext-dependent attackers to determine a cleartext password by\nleveraging knowledge of a password hash.\n\nA stack-based buffer overflow flaw was found in the way the PHP socket\nextension handled long AF_UNIX socket addresses. An attacker able to\nmake a PHP script connect to a long AF_UNIX socket address could use\nthis flaw to crash the PHP interpreter.\n\nStack-based buffer overflow in the socket_connect function in\next/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\ncontext-dependent attackers to execute arbitrary code via a long\npathname for a UNIX socket.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a 'file path injection\nvulnerability.'\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file\nwith a specially crafted file name it could cause a PHP script to\nattempt to write a file to the root (/) directory. By default, PHP\nruns as the 'apache' user, preventing it from writing to the root\ndirectory.\n\nThe rfc1867_post_handler function in main/rfc1867.c in PHP before\n5.3.7 does not properly restrict filenames in multipart/form-data POST\nrequests, which allows remote attackers to conduct absolute path\ntraversal attacks, and possibly create or overwrite arbitrary files,\nvia a crafted upload request, related to a 'file path injection\nvulnerability.'\n\nUse-after-free vulnerability in the substr_replace function in PHP\n5.3.6 and earlier allows context-dependent attackers to cause a denial\nof service (memory corruption) or possibly have unspecified other\nimpact by using the same variable for multiple arguments.\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments,\na remote attacker could possibly use this to crash the PHP interpreter\nor, possibly, execute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2011-7.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-bcmath-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-cli-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-common-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-dba-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-debuginfo-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-devel-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-embedded-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-fpm-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-gd-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-imap-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-intl-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ldap-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mbstring-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mcrypt-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mssql-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mysql-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-odbc-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pdo-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pgsql-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-process-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pspell-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-snmp-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-soap-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-tidy-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-xml-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-xmlrpc-5.3.8-3.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-zts-5.3.8-3.19.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:45", "description": "The blowfish password hashing implementation did not properly handle 8-characters in passwords, which made it easier for attackers to crack the hash (CVE-2011-2483). After this update existing hashes with id '$2a$' for passwords that contain 8-bit characters will no longer be compatible with newly generated hashes. Affected users will either have to change their password to store a new hash or the id of the existing hash has to be manually changed to '$2x$' in order to activate a compat mode. Please see the description of the CVE-2011-2483 glibc update for details.\n\nFile uploads could potentially overwrite files owned by the user running php (CVE-2011-2202).\n\nA long salt argument to the crypt function could cause a buffer overflow (CVE-2011-3268)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1137-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3268"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-hash", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-zlib", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_APACHE2-MOD_PHP5-110907.NASL", "href": "https://www.tenable.com/plugins/nessus/75433", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-mod_php5-5112.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75433);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3268\");\n\n script_name(english:\"openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1137-1)\");\n script_summary(english:\"Check for the apache2-mod_php5-5112 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The blowfish password hashing implementation did not properly handle\n8-characters in passwords, which made it easier for attackers to crack\nthe hash (CVE-2011-2483). After this update existing hashes with id\n'$2a$' for passwords that contain 8-bit characters will no longer be\ncompatible with newly generated hashes. Affected users will either\nhave to change their password to store a new hash or the id of the\nexisting hash has to be manually changed to '$2x$' in order to\nactivate a compat mode. Please see the description of the\nCVE-2011-2483 glibc update for details.\n\nFile uploads could potentially overwrite files owned by the user\nrunning php (CVE-2011-2202).\n\nA long salt argument to the crypt function could cause a buffer\noverflow (CVE-2011-3268)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=701491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=709549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=715646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-10/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_php5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-mod_php5-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-bcmath-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-bz2-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-calendar-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-ctype-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-curl-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-dba-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-devel-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-dom-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-enchant-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-exif-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-fastcgi-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-fileinfo-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-ftp-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-gd-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-gettext-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-gmp-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-hash-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-iconv-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-imap-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-intl-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-json-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-ldap-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-mbstring-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-mcrypt-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-mysql-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-odbc-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-openssl-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-pcntl-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-pdo-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-pear-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-pgsql-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-phar-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-posix-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-pspell-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-readline-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-shmop-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-snmp-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-soap-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-sockets-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-sqlite-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-suhosin-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-sysvmsg-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-sysvsem-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-sysvshm-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-tidy-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-tokenizer-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-wddx-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-xmlreader-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-xmlrpc-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-xmlwriter-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-xsl-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-zip-5.3.3-0.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"php5-zlib-5.3.3-0.21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / php5 / php5-bcmath / php5-bz2 / php5-calendar / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:37:55", "description": "From Red Hat Security Advisory 2011:1423 :\n\nUpdated php53 and php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nA signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to PHP applications that hash passwords with Blowfish using the PHP crypt() function. Refer to the upstream 'CRYPT_BLOWFISH security fix details' document, linked to in the References, for details.\n\nAn insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nMultiple memory leak flaws were found in the PHP OpenSSL extension. A remote attacker able to make a PHP script use openssl_encrypt() or openssl_decrypt() repeatedly could cause the PHP interpreter to use an excessive amount of memory. (CVE-2011-1468)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469)\n\nAn integer signedness issue was found in the PHP zip extension. An attacker could use a specially crafted ZIP archive to cause the PHP interpreter to use an excessive amount of CPU time until the script execution time limit is reached. (CVE-2011-1471)\n\nA stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter. (CVE-2011-1938)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the 'apache' user, preventing it from writing to the root directory. (CVE-2011-2202)\n\nAll php53 and php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : php / php53 (ELSA-2011-1423)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0708", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1471", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:php", "p-cpe:/a:oracle:linux:php-bcmath", "p-cpe:/a:oracle:linux:php-cli", "p-cpe:/a:oracle:linux:php-common", "p-cpe:/a:oracle:linux:php-dba", "p-cpe:/a:oracle:linux:php-devel", "p-cpe:/a:oracle:linux:php-embedded", "p-cpe:/a:oracle:linux:php-enchant", "p-cpe:/a:oracle:linux:php-gd", "p-cpe:/a:oracle:linux:php-imap", "p-cpe:/a:oracle:linux:php-intl", "p-cpe:/a:oracle:linux:php-ldap", "p-cpe:/a:oracle:linux:php-mbstring", "p-cpe:/a:oracle:linux:php-mysql", "p-cpe:/a:oracle:linux:php-odbc", "p-cpe:/a:oracle:linux:php-pdo", "p-cpe:/a:oracle:linux:php-pgsql", "p-cpe:/a:oracle:linux:php-process", "p-cpe:/a:oracle:linux:php-pspell", "p-cpe:/a:oracle:linux:php-recode", "p-cpe:/a:oracle:linux:php-snmp", "p-cpe:/a:oracle:linux:php-soap", "p-cpe:/a:oracle:linux:php-tidy", "p-cpe:/a:oracle:linux:php-xml", "p-cpe:/a:oracle:linux:php-xmlrpc", "p-cpe:/a:oracle:linux:php-zts", "p-cpe:/a:oracle:linux:php53", "p-cpe:/a:oracle:linux:php53-bcmath", "p-cpe:/a:oracle:linux:php53-cli", "p-cpe:/a:oracle:linux:php53-common", "p-cpe:/a:oracle:linux:php53-dba", "p-cpe:/a:oracle:linux:php53-devel", "p-cpe:/a:oracle:linux:php53-gd", "p-cpe:/a:oracle:linux:php53-imap", "p-cpe:/a:oracle:linux:php53-intl", "p-cpe:/a:oracle:linux:php53-ldap", "p-cpe:/a:oracle:linux:php53-mbstring", "p-cpe:/a:oracle:linux:php53-mysql", "p-cpe:/a:oracle:linux:php53-odbc", "p-cpe:/a:oracle:linux:php53-pdo", "p-cpe:/a:oracle:linux:php53-pgsql", "p-cpe:/a:oracle:linux:php53-process", "p-cpe:/a:oracle:linux:php53-pspell", "p-cpe:/a:oracle:linux:php53-snmp", "p-cpe:/a:oracle:linux:php53-soap", "p-cpe:/a:oracle:linux:php53-xml", "p-cpe:/a:oracle:linux:php53-xmlrpc", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2011-1423.NASL", "href": "https://www.tenable.com/plugins/nessus/68382", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1423 and \n# Oracle Linux Security Advisory ELSA-2011-1423 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68382);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\");\n script_bugtraq_id(46365, 46843, 46967, 46969, 46970, 46975, 46977, 47950, 48259, 49241);\n script_xref(name:\"RHSA\", value:\"2011:1423\");\n\n script_name(english:\"Oracle Linux 5 / 6 : php / php53 (ELSA-2011-1423)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1423 :\n\nUpdated php53 and php packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nA signedness issue was found in the way the PHP crypt() function\nhandled 8-bit characters in passwords when using Blowfish hashing. Up\nto three characters immediately preceding a non-ASCII character (one\nwith the high bit set) had no effect on the hash result, thus\nshortening the effective password length. This made brute-force\nguessing more efficient as several different passwords were hashed to\nthe same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to PHP applications that hash\npasswords with Blowfish using the PHP crypt() function. Refer to the\nupstream 'CRYPT_BLOWFISH security fix details' document, linked to in\nthe References, for details.\n\nAn insufficient input validation flaw, leading to a buffer over-read,\nwas found in the PHP exif extension. A specially crafted image file\ncould cause the PHP interpreter to crash when a PHP script tries to\nextract Exchangeable image file format (Exif) metadata from the image\nfile. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A\nremote attacker able to make a PHP script call SdnToJulian() with a\nlarge value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nMultiple memory leak flaws were found in the PHP OpenSSL extension. A\nremote attacker able to make a PHP script use openssl_encrypt() or\nopenssl_decrypt() repeatedly could cause the PHP interpreter to use an\nexcessive amount of memory. (CVE-2011-1468)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments,\na remote attacker could possibly use this to crash the PHP interpreter\nor, possibly, execute arbitrary code. (CVE-2011-1148)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash\nif an FTP wrapper connection was made through an HTTP proxy. A remote\nattacker could possibly trigger this issue if a PHP script accepted an\nuntrusted URL to connect to. (CVE-2011-1469)\n\nAn integer signedness issue was found in the PHP zip extension. An\nattacker could use a specially crafted ZIP archive to cause the PHP\ninterpreter to use an excessive amount of CPU time until the script\nexecution time limit is reached. (CVE-2011-1471)\n\nA stack-based buffer overflow flaw was found in the way the PHP socket\nextension handled long AF_UNIX socket addresses. An attacker able to\nmake a PHP script connect to a long AF_UNIX socket address could use\nthis flaw to crash the PHP interpreter. (CVE-2011-1938)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file\nwith a specially crafted file name it could cause a PHP script to\nattempt to write a file to the root (/) directory. By default, PHP\nruns as the 'apache' user, preventing it from writing to the root\ndirectory. (CVE-2011-2202)\n\nAll php53 and php users should upgrade to these updated packages,\nwhich contain backported patches to resolve these issues. After\ninstalling the updated packages, the httpd daemon must be restarted\nfor the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-November/002444.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-November/002446.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php and / or php53 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"php53-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-bcmath-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-cli-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-common-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-dba-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-devel-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-gd-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-imap-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-intl-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-ldap-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-mbstring-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-mysql-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-odbc-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-pdo-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-pgsql-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-process-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-pspell-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-snmp-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-soap-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-xml-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-xmlrpc-5.3.3-1.el5_7.3\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"php-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-bcmath-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-cli-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-common-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-dba-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-devel-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-embedded-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-enchant-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-gd-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-imap-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-intl-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-ldap-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-mbstring-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-mysql-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-odbc-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-pdo-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-pgsql-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-process-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-pspell-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-recode-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-snmp-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-soap-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-tidy-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-xml-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-xmlrpc-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"php-zts-5.3.3-3.el6_1.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:06", "description": "Updated php53 and php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nA signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to PHP applications that hash passwords with Blowfish using the PHP crypt() function. Refer to the upstream 'CRYPT_BLOWFISH security fix details' document, linked to in the References, for details.\n\nAn insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nMultiple memory leak flaws were found in the PHP OpenSSL extension. A remote attacker able to make a PHP script use openssl_encrypt() or openssl_decrypt() repeatedly could cause the PHP interpreter to use an excessive amount of memory. (CVE-2011-1468)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469)\n\nAn integer signedness issue was found in the PHP zip extension. An attacker could use a specially crafted ZIP archive to cause the PHP interpreter to use an excessive amount of CPU time until the script execution time limit is reached. (CVE-2011-1471)\n\nA stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter. (CVE-2011-1938)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the 'apache' user, preventing it from writing to the root directory. (CVE-2011-2202)\n\nAll php53 and php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2011-11-03T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : php53 and php (RHSA-2011:1423)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0708", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1471", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-debuginfo", "p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-embedded", "p-cpe:/a:redhat:enterprise_linux:php-enchant", "p-cpe:/a:redhat:enterprise_linux:php-gd", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-intl", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "p-cpe:/a:redhat:enterprise_linux:php-process", "p-cpe:/a:redhat:enterprise_linux:php53-common", "p-cpe:/a:redhat:enterprise_linux:php-pspell", "p-cpe:/a:redhat:enterprise_linux:php-recode", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-tidy", "p-cpe:/a:redhat:enterprise_linux:php53-dba", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php53-devel", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:php53-gd", "p-cpe:/a:redhat:enterprise_linux:php-zts", "p-cpe:/a:redhat:enterprise_linux:php53-imap", "p-cpe:/a:redhat:enterprise_linux:php53", "p-cpe:/a:redhat:enterprise_linux:php53-bcmath", "p-cpe:/a:redhat:enterprise_linux:php53-intl", "p-cpe:/a:redhat:enterprise_linux:php53-cli", "p-cpe:/a:redhat:enterprise_linux:php53-ldap", "p-cpe:/a:redhat:enterprise_linux:php53-mbstring", "p-cpe:/a:redhat:enterprise_linux:php53-mysql", "p-cpe:/a:redhat:enterprise_linux:php53-odbc", "p-cpe:/a:redhat:enterprise_linux:php53-pdo", "p-cpe:/a:redhat:enterprise_linux:php53-pspell", "p-cpe:/a:redhat:enterprise_linux:php53-pgsql", "p-cpe:/a:redhat:enterprise_linux:php53-snmp", "p-cpe:/a:redhat:enterprise_linux:php53-soap", "p-cpe:/a:redhat:enterprise_linux:php53-xml", "p-cpe:/a:redhat:enterprise_linux:php53-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:php53-process", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-1423.NASL", "href": "https://www.tenable.com/plugins/nessus/56699", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1423. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56699);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\");\n script_bugtraq_id(46365, 46843, 46967, 46970, 46975, 46977, 47950, 48259, 49241);\n script_xref(name:\"RHSA\", value:\"2011:1423\");\n\n script_name(english:\"RHEL 5 / 6 : php53 and php (RHSA-2011:1423)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php53 and php packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nA signedness issue was found in the way the PHP crypt() function\nhandled 8-bit characters in passwords when using Blowfish hashing. Up\nto three characters immediately preceding a non-ASCII character (one\nwith the high bit set) had no effect on the hash result, thus\nshortening the effective password length. This made brute-force\nguessing more efficient as several different passwords were hashed to\nthe same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to PHP applications that hash\npasswords with Blowfish using the PHP crypt() function. Refer to the\nupstream 'CRYPT_BLOWFISH security fix details' document, linked to in\nthe References, for details.\n\nAn insufficient input validation flaw, leading to a buffer over-read,\nwas found in the PHP exif extension. A specially crafted image file\ncould cause the PHP interpreter to crash when a PHP script tries to\nextract Exchangeable image file format (Exif) metadata from the image\nfile. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A\nremote attacker able to make a PHP script call SdnToJulian() with a\nlarge value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nMultiple memory leak flaws were found in the PHP OpenSSL extension. A\nremote attacker able to make a PHP script use openssl_encrypt() or\nopenssl_decrypt() repeatedly could cause the PHP interpreter to use an\nexcessive amount of memory. (CVE-2011-1468)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments,\na remote attacker could possibly use this to crash the PHP interpreter\nor, possibly, execute arbitrary code. (CVE-2011-1148)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash\nif an FTP wrapper connection was made through an HTTP proxy. A remote\nattacker could possibly trigger this issue if a PHP script accepted an\nuntrusted URL to connect to. (CVE-2011-1469)\n\nAn integer signedness issue was found in the PHP zip extension. An\nattacker could use a specially crafted ZIP archive to cause the PHP\ninterpreter to use an excessive amount of CPU time until the script\nexecution time limit is reached. (CVE-2011-1471)\n\nA stack-based buffer overflow flaw was found in the way the PHP socket\nextension handled long AF_UNIX socket addresses. An attacker able to\nmake a PHP script connect to a long AF_UNIX socket address could use\nthis flaw to crash the PHP interpreter. (CVE-2011-1938)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file\nwith a specially crafted file name it could cause a PHP script to\nattempt to write a file to the root (/) directory. By default, PHP\nruns as the 'apache' user, preventing it from writing to the root\ndirectory. (CVE-2011-2202)\n\nAll php53 and php users should upgrade to these updated packages,\nwhich contain backported patches to resolve these issues. After\ninstalling the updated packages, the httpd daemon must be restarted\nfor the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/security/crypt_blowfish.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1423\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1423\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-bcmath-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-bcmath-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-bcmath-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-cli-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-cli-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-cli-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-common-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-common-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-common-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-dba-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-dba-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-dba-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-devel-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-devel-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-devel-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-gd-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-gd-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-gd-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-imap-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-imap-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-imap-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-intl-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-intl-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-intl-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-ldap-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-ldap-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-ldap-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-mbstring-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-mbstring-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-mbstring-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-mysql-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-mysql-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-mysql-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-odbc-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-odbc-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-odbc-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-pdo-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-pdo-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-pdo-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-pgsql-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-pgsql-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-pgsql-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-process-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-process-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-process-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-pspell-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-pspell-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-pspell-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-snmp-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-snmp-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-snmp-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-soap-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-soap-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-soap-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-xml-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-xml-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-xml-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-xmlrpc-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-xmlrpc-5.3.3-1.el5_7.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-xmlrpc-5.3.3-1.el5_7.3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-bcmath-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-bcmath-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-bcmath-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-cli-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-cli-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-cli-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-common-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-common-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-common-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-dba-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-dba-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-dba-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-debuginfo-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-debuginfo-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-debuginfo-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-devel-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-devel-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-devel-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-embedded-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-embedded-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-embedded-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-enchant-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-enchant-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-enchant-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-gd-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-gd-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-gd-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-imap-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-imap-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-imap-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-intl-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-intl-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-intl-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-ldap-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-ldap-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-ldap-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-mbstring-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-mbstring-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-mbstring-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-mysql-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-mysql-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-mysql-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-odbc-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-odbc-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-odbc-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-pdo-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-pdo-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-pdo-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-pgsql-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-pgsql-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-pgsql-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-process-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-process-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-process-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-pspell-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-pspell-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-pspell-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-recode-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-recode-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-recode-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-snmp-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-snmp-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-snmp-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-soap-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-soap-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-soap-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-tidy-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-tidy-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-tidy-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-xml-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-xml-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-xml-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-xmlrpc-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-xmlrpc-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-zts-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-zts-5.3.3-3.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-zts-5.3.3-3.el6_1.3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:18", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nA signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to PHP applications that hash passwords with Blowfish using the PHP crypt() function. Refer to the upstream 'CRYPT_BLOWFISH security fix details' document, linked to in the References, for details.\n\nAn insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nMultiple memory leak flaws were found in the PHP OpenSSL extension. A remote attacker able to make a PHP script use openssl_encrypt() or openssl_decrypt() repeatedly could cause the PHP interpreter to use an excessive amount of memory. (CVE-2011-1468)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469)\n\nAn integer signedness issue was found in the PHP zip extension. An attacker could use a specially crafted ZIP archive to cause the PHP interpreter to use an excessive amount of CPU time until the script execution time limit is reached. (CVE-2011-1471)\n\nA stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter. (CVE-2011-1938)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the 'apache' user, preventing it from writing to the root directory. (CVE-2011-2202)\n\nAll php53 and php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0708", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1471", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111102_PHP53_AND_PHP_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61168", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61168);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\");\n\n script_name(english:\"Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nA signedness issue was found in the way the PHP crypt() function\nhandled 8-bit characters in passwords when using Blowfish hashing. Up\nto three characters immediately preceding a non-ASCII character (one\nwith the high bit set) had no effect on the hash result, thus\nshortening the effective password length. This made brute-force\nguessing more efficient as several different passwords were hashed to\nthe same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to PHP applications that hash\npasswords with Blowfish using the PHP crypt() function. Refer to the\nupstream 'CRYPT_BLOWFISH security fix details' document, linked to in\nthe References, for details.\n\nAn insufficient input validation flaw, leading to a buffer over-read,\nwas found in the PHP exif extension. A specially crafted image file\ncould cause the PHP interpreter to crash when a PHP script tries to\nextract Exchangeable image file format (Exif) metadata from the image\nfile. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A\nremote attacker able to make a PHP script call SdnToJulian() with a\nlarge value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nMultiple memory leak flaws were found in the PHP OpenSSL extension. A\nremote attacker able to make a PHP script use openssl_encrypt() or\nopenssl_decrypt() repeatedly could cause the PHP interpreter to use an\nexcessive amount of memory. (CVE-2011-1468)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments,\na remote attacker could possibly use this to crash the PHP interpreter\nor, possibly, execute arbitrary code. (CVE-2011-1148)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash\nif an FTP wrapper connection was made through an HTTP proxy. A remote\nattacker could possibly trigger this issue if a PHP script accepted an\nuntrusted URL to connect to. (CVE-2011-1469)\n\nAn integer signedness issue was found in the PHP zip extension. An\nattacker could use a specially crafted ZIP archive to cause the PHP\ninterpreter to use an excessive amount of CPU time until the script\nexecution time limit is reached. (CVE-2011-1471)\n\nA stack-based buffer overflow flaw was found in the way the PHP socket\nextension handled long AF_UNIX socket addresses. An attacker able to\nmake a PHP script connect to a long AF_UNIX socket address could use\nthis flaw to crash the PHP interpreter. (CVE-2011-1938)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file\nwith a specially crafted file name it could cause a PHP script to\nattempt to write a file to the root (/) directory. By default, PHP\nruns as the 'apache' user, preventing it from writing to the root\ndirectory. (CVE-2011-2202)\n\nAll php53 and php users should upgrade to these updated packages,\nwhich contain backported patches to resolve these issues. After\ninstalling the updated packages, the httpd daemon must be restarted\nfor the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1111&L=scientific-linux-errata&T=0&P=210\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2cfb58fc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"php53-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-bcmath-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-cli-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-common-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-dba-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-debuginfo-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-devel-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-gd-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-imap-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-intl-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-ldap-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-mbstring-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-mysql-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-odbc-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-pdo-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-pgsql-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-process-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-pspell-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-snmp-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-soap-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-xml-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php53-xmlrpc-5.3.3-1.el5_7.3\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"php-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-bcmath-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-cli-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-common-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-dba-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-debuginfo-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-devel-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-embedded-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-enchant-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-gd-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-imap-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-intl-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-ldap-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-mbstring-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-mysql-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-odbc-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-pdo-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-pgsql-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-process-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-pspell-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-recode-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-snmp-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-soap-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-tidy-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-xml-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-xmlrpc-5.3.3-3.el6_1.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-zts-5.3.3-3.el6_1.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:09", "description": "Updated php53 and php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nA signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to PHP applications that hash passwords with Blowfish using the PHP crypt() function. Refer to the upstream 'CRYPT_BLOWFISH security fix details' document, linked to in the References, for details.\n\nAn insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nMultiple memory leak flaws were found in the PHP OpenSSL extension. A remote attacker able to make a PHP script use openssl_encrypt() or openssl_decrypt() repeatedly could cause the PHP interpreter to use an excessive amount of memory. (CVE-2011-1468)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469)\n\nAn integer signedness issue was found in the PHP zip extension. An attacker could use a specially crafted ZIP archive to cause the PHP interpreter to use an excessive amount of CPU time until the script execution time limit is reached. (CVE-2011-1471)\n\nA stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter. (CVE-2011-1938)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the 'apache' user, preventing it from writing to the root directory. (CVE-2011-2202)\n\nAll php53 and php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2011-11-03T00:00:00", "type": "nessus", "title": "CentOS 5 : php53 (CESA-2011:1423)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0708", "CVE-2011-1148", "CVE-2011-1466", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1471", "CVE-2011-1938", "CVE-2011-2202", "CVE-2011-2483"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:php53", "p-cpe:/a:centos:centos:php53-bcmath", "p-cpe:/a:centos:centos:php53-cli", "p-cpe:/a:centos:centos:php53-common", "p-cpe:/a:centos:centos:php53-dba", "p-cpe:/a:centos:centos:php53-devel", "p-cpe:/a:centos:centos:php53-gd", "p-cpe:/a:centos:centos:php53-imap", "p-cpe:/a:centos:centos:php53-intl", "p-cpe:/a:centos:centos:php53-ldap", "p-cpe:/a:centos:centos:php53-mbstring", "p-cpe:/a:centos:centos:php53-mysql", "p-cpe:/a:centos:centos:php53-odbc", "p-cpe:/a:centos:centos:php53-pdo", "p-cpe:/a:centos:centos:php53-pgsql", "p-cpe:/a:centos:centos:php53-process", "p-cpe:/a:centos:centos:php53-pspell", "p-cpe:/a:centos:centos:php53-snmp", "p-cpe:/a:centos:centos:php53-soap", "p-cpe:/a:centos:centos:php53-xml", "p-cpe:/a:centos:centos:php53-xmlrpc", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1423.NASL", "href": "https://www.tenable.com/plugins/nessus/56695", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1423 and \n# CentOS Errata and Security Advisory 2011:1423 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56695);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0708\", \"CVE-2011-1148\", \"CVE-2011-1466\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1471\", \"CVE-2011-1938\", \"CVE-2011-2202\", \"CVE-2011-2483\");\n script_bugtraq_id(46365, 46843, 46967, 46970, 46975, 46977, 47950, 48259, 49241);\n script_xref(name:\"RHSA\", value:\"2011:1423\");\n\n script_name(english:\"CentOS 5 : php53 (CESA-2011:1423)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php53 and php packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nA signedness issue was found in the way the PHP crypt() function\nhandled 8-bit characters in passwords when using Blowfish hashing. Up\nto three characters immediately preceding a non-ASCII character (one\nwith the high bit set) had no effect on the hash result, thus\nshortening the effective password length. This made brute-force\nguessing more efficient as several different passwords were hashed to\nthe same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to PHP applications that hash\npasswords with Blowfish using the PHP crypt() function. Refer to the\nupstream 'CRYPT_BLOWFISH security fix details' document, linked to in\nthe References, for details.\n\nAn insufficient input validation flaw, leading to a buffer over-read,\nwas found in the PHP exif extension. A specially crafted image file\ncould cause the PHP interpreter to crash when a PHP script tries to\nextract Exchangeable image file format (Exif) metadata from the image\nfile. (CVE-2011-0708)\n\nAn integer overflow flaw was found in the PHP calendar extension. A\nremote attacker able to make a PHP script call SdnToJulian() with a\nlarge value could cause the PHP interpreter to crash. (CVE-2011-1466)\n\nMultiple memory leak flaws were found in the PHP OpenSSL extension. A\nremote attacker able to make a PHP script use openssl_encrypt() or\nopenssl_decrypt() repeatedly could cause the PHP interpreter to use an\nexcessive amount of memory. (CVE-2011-1468)\n\nA use-after-free flaw was found in the PHP substr_replace() function.\nIf a PHP script used the same variable as multiple function arguments,\na remote attacker could possibly use this to crash the PHP interpreter\nor, possibly, execute arbitrary code. (CVE-2011-1148)\n\nA bug in the PHP Streams component caused the PHP interpreter to crash\nif an FTP wrapper connection was made through an HTTP proxy. A remote\nattacker could possibly trigger this issue if a PHP script accepted an\nuntrusted URL to connect to. (CVE-2011-1469)\n\nAn integer signedness issue was found in the PHP zip extension. An\nattacker could use a specially crafted ZIP archive to cause the PHP\ninterpreter to use an excessive amount of CPU time until the script\nexecution time limit is reached. (CVE-2011-1471)\n\nA stack-based buffer overflow flaw was found in the way the PHP socket\nextension handled long AF_UNIX socket addresses. An attacker able to\nmake a PHP script connect to a long AF_UNIX socket address could use\nthis flaw to crash the PHP interpreter. (CVE-2011-1938)\n\nAn off-by-one flaw was found in PHP. If an attacker uploaded a file\nwith a specially crafted file name it could cause a PHP script to\nattempt to write a file to the root (/) directory. By default, PHP\nruns as the 'apache' user, preventing it from writing to the root\ndirectory. (CVE-2011-2202)\n\nAll php53 and php users should upgrade to these updated packages,\nwhich contain backported patches to resolve these issues. After\ninstalling the updated packages, the httpd daemon must be restarted\nfor the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018145.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8d8e6f39\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018146.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ef98eb6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php53 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-bcmath-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-cli-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-common-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-dba-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-devel-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-gd-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-imap-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-intl-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-ldap-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-mbstring-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-mysql-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-odbc-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-pdo-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-pgsql-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-process-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-pspell-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-snmp-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-soap-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-xml-5.3.3-1.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php53-xmlrpc-5.3.3-1.el5_7.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53 / php53-bcmath / php53-cli / php53-common / php53-dba / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:46", "description": "Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues :\n\n - CVE-2011-1938 The UNIX socket handling allowed attackers to trigger a buffer overflow via a long path name.\n\n - CVE-2011-2483 The crypt_blowfish function did not properly handle 8-bit characters, which made it easier for attackers to determine a cleartext password by using knowledge of a password hash.\n\n - CVE-2011-4566 When used on 32 bit platforms, the exif extension could be used to trigger an integer overflow in the exif_process_IFD_TAG function when processing a JPEG file.\n\n - CVE-2011-4885 It was possible to trigger hash collisions predictably when parsing form parameters, which allows remote attackers to cause a denial of service by sending many crafted parameters.\n\n - CVE-2012-0057 When applying a crafted XSLT transform, an attacker could write files to arbitrary places in the filesystem.\n\nNOTE: the fix for CVE-2011-2483 required changing the behaviour of this function: it is now incompatible with some old (wrongly) generated hashes for passwords containing 8-bit characters. See the package NEWS entry for details. This change has not been applied to the Lenny version of PHP.", "cvss3": {}, "published": "2012-02-01T00:00:00", "type": "nessus", "title": "Debian DSA-2399-2 : php5 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1938", "CVE-2011-2483", "CVE-2011-4566", "CVE-2011-4885", "CVE-2012-0057"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:php5", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2399.NASL", "href": "https://www.tenable.com/plugins/nessus/57753", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2399. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57753);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1938\", \"CVE-2011-2483\", \"CVE-2011-4566\", \"CVE-2011-4885\", \"CVE-2012-0057\");\n script_bugtraq_id(47950, 49241, 50907, 51193);\n script_xref(name:\"DSA\", value:\"2399\");\n\n script_name(english:\"Debian DSA-2399-2 : php5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues :\n\n - CVE-2011-1938\n The UNIX socket handling allowed attackers to trigger a\n buffer overflow via a long path name.\n\n - CVE-2011-2483\n The crypt_blowfish function did not properly handle\n 8-bit characters, which made it easier for attackers to\n determine a cleartext password by using knowledge of a\n password hash.\n\n - CVE-2011-4566\n When used on 32 bit platforms, the exif extension could\n be used to trigger an integer overflow in the\n exif_process_IFD_TAG function when processing a JPEG\n file.\n\n - CVE-2011-4885\n It was possible to trigger hash collisions predictably\n when parsing form parameters, which allows remote\n attackers to cause a denial of service by sending many\n crafted parameters.\n\n - CVE-2012-0057\n When applying a crafted XSLT transform, an attacker\n could write files to arbitrary places in the filesystem.\n\nNOTE: the fix for CVE-2011-2483 required changing the behaviour of\nthis function: it is now incompatible with some old (wrongly)\ngenerated hashes for passwords containing 8-bit characters. See the\npackage NEWS entry for details. This change has not been applied to\nthe Lenny version of PHP.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2399\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php5 packages.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 5.2.6.dfsg.1-1+lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 5.3.3-7+squeeze6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"php5\", reference:\"5.2.6.dfsg.1-1+lenny15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php-pear\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cgi\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cli\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-common\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-curl\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dbg\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dev\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-enchant\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gd\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gmp\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-imap\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-interbase\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-intl\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-ldap\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mcrypt\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mysql\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-odbc\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pgsql\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pspell\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-recode\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-snmp\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sqlite\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sybase\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-tidy\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xmlrpc\", reference:\"5.3.3-7+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xsl\", reference:\"5.3.3-7+squeeze6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:52", "description": "This update contains yast2 core changes to change the hash generation of new passwords to the new secure style.\n\nPlease read the general notes below :\n\nThe implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force methods (CVE-2011-2483).\n\nSUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any way? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y\n\n-> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0 <username>\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : yast2-core (openSUSE-SU-2011:0921-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:yast2-core", "p-cpe:/a:novell:opensuse:yast2-core-devel", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_YAST2-CORE-110822.NASL", "href": "https://www.tenable.com/plugins/nessus/75781", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update yast2-core-5028.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75781);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"openSUSE Security Update : yast2-core (openSUSE-SU-2011:0921-2)\");\n script_summary(english:\"Check for the yast2-core-5028 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains yast2 core changes to change the hash generation\nof new passwords to the new secure style.\n\nPlease read the general notes below :\n\nThe implementation of the blowfish based password hashing method had a\nbug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force\nmethods (CVE-2011-2483).\n\nSUSE's crypt() implementation supports the blowfish password hashing\nfunction (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After\ninstalling the update existing $2a hashes therefore no longer match\nhashes generated with the new, correct implementation if the password\ncontains 8bit characters. For system logins via PAM the pam_unix2\nmodule activates a compat mode and keeps processing existing $2a\nhashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously\nidentify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are\nadvised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords\nusing the blowfish hash do not have such a compat mode. That means\nusers with 8bit passwords that use such services will not be able to\nlog in anymore after the update. As workaround administrators may edit\nthe service's password database and change stored hashes from $2a to\n$2x. This will result in crypt() using the old algorithm. Users should\nbe required to change their passwords to make sure they are migrated\nto the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any\nway? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by\ndefault: $2x -> buggy algorithm $2a -> buggy algorithm $2y\n\n-> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0 <username>\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the\npassword database and change the '$2a' prefix of the affected users'\nhashes to '$2x'. They will be able to log in again but should change\ntheir password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set\nBLOWFISH_2a2x=no in /etc/default/passwd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=700876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00038.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected yast2-core packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:yast2-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:yast2-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"yast2-core-2.19.4-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"yast2-core-devel-2.19.4-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"yast2-core\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:55", "description": "This update contains yast2 core changes to change the hash generation of new passwords to the new secure style.\n\nPlease read the general notes below :\n\nThe implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force methods (CVE-2011-2483).\n\nSUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any way? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y\n\n-> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0 <username>\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : yast2-core (openSUSE-SU-2011:0921-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:yast2-core", "p-cpe:/a:novell:opensuse:yast2-core-debuginfo", "p-cpe:/a:novell:opensuse:yast2-core-debugsource", "p-cpe:/a:novell:opensuse:yast2-core-devel", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_YAST2-CORE-110822.NASL", "href": "https://www.tenable.com/plugins/nessus/76052", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update yast2-core-5028.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76052);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"openSUSE Security Update : yast2-core (openSUSE-SU-2011:0921-2)\");\n script_summary(english:\"Check for the yast2-core-5028 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains yast2 core changes to change the hash generation\nof new passwords to the new secure style.\n\nPlease read the general notes below :\n\nThe implementation of the blowfish based password hashing method had a\nbug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force\nmethods (CVE-2011-2483).\n\nSUSE's crypt() implementation supports the blowfish password hashing\nfunction (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After\ninstalling the update existing $2a hashes therefore no longer match\nhashes generated with the new, correct implementation if the password\ncontains 8bit characters. For system logins via PAM the pam_unix2\nmodule activates a compat mode and keeps processing existing $2a\nhashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously\nidentify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are\nadvised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords\nusing the blowfish hash do not have such a compat mode. That means\nusers with 8bit passwords that use such services will not be able to\nlog in anymore after the update. As workaround administrators may edit\nthe service's password database and change stored hashes from $2a to\n$2x. This will result in crypt() using the old algorithm. Users should\nbe required to change their passwords to make sure they are migrated\nto the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any\nway? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x ->\nbuggy algorithm $2a -> buggy algorithm $2y\n\n-> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0 <username>\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the\npassword database and change the '$2a' prefix of the affected users'\nhashes to '$2x'. They will be able to log in again but should change\ntheir password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set\nBLOWFISH_2a2x=no in /etc/default/passwd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=700876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00038.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected yast2-core packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:yast2-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:yast2-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:yast2-core-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:yast2-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"yast2-core-2.20.1-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"yast2-core-debuginfo-2.20.1-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"yast2-core-debugsource-2.20.1-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"yast2-core-devel-2.20.1-0.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"yast2-core\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:50", "description": "The security update for CVE-2011-2483 broke changing blowfish passwords if compat mode was turned on (default). This update fixes the regression.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libxcrypt (openSUSE-SU-2011:0972-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libxcrypt", "p-cpe:/a:novell:opensuse:libxcrypt-32bit", "p-cpe:/a:novell:opensuse:libxcrypt-devel", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_LIBXCRYPT-110824.NASL", "href": "https://www.tenable.com/plugins/nessus/75631", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libxcrypt-5049.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75631);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"openSUSE Security Update : libxcrypt (openSUSE-SU-2011:0972-1)\");\n script_summary(english:\"Check for the libxcrypt-5049 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The security update for CVE-2011-2483 broke changing blowfish\npasswords if compat mode was turned on (default). This update fixes\nthe regression.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00045.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxcrypt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libxcrypt-3.0.3-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libxcrypt-devel-3.0.3-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libxcrypt-32bit-3.0.3-5.11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxcrypt / libxcrypt-32bit / libxcrypt-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:02", "description": "magnum discovered that the blowfish password hashing used amongst others in PostgreSQL contained a weakness that would give passwords with 8 bit characters the same hash as weaker equivalents.", "cvss3": {}, "published": "2011-11-08T00:00:00", "type": "nessus", "title": "Debian DSA-2340-1 : postgresql-8.3, postgresql-8.4, postgresql-9.0 - weak password hashing", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:postgresql-8.3", "p-cpe:/a:debian:debian_linux:postgresql-8.4", "p-cpe:/a:debian:debian_linux:postgresql-9.0", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2340.NASL", "href": "https://www.tenable.com/plugins/nessus/56730", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2340. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56730);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_bugtraq_id(49241);\n script_xref(name:\"DSA\", value:\"2340\");\n\n script_name(english:\"Debian DSA-2340-1 : postgresql-8.3, postgresql-8.4, postgresql-9.0 - weak password hashing\");\n script_summary(english:\"Checks dpkg output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"magnum discovered that the blowfish password hashing used amongst\nothers in PostgreSQL contained a weakness that would give passwords\nwith 8 bit characters the same hash as weaker equivalents.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/postgresql-8.4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2340\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the postgresql packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\npostgresql-8.3 version 8.3.16-0lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\npostgresql-8.4 version 8.4.9-0squeeze1.\n\nThe updates also include reliability improvements, originally\nscheduled for inclusion into the next point release; for details see\nthe respective changelogs.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-8.3\", reference:\"8.3.16-0lenny1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libecpg-compat3\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libecpg-dev\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libecpg6\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpgtypes3\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpq-dev\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpq5\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-8.4\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-client\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-client-8.4\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-contrib\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-contrib-8.4\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-doc\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-doc-8.4\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-plperl-8.4\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-plpython-8.4\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-pltcl-8.4\", reference:\"8.4.9-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-server-dev-8.4\", reference:\"8.4.9-0squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:45", "description": "Manual pages for several kernel and library functions were added. The crypt(3) manual page was updated to also list the 2y prefix.", "cvss3": {}, "published": "2011-08-31T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : man-pages (SAT Patch Number 5064)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:man-pages", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_MAN-PAGES-110825.NASL", "href": "https://www.tenable.com/plugins/nessus/56019", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56019);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"SuSE 11.1 Security Update : man-pages (SAT Patch Number 5064)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Manual pages for several kernel and library functions were added. The\ncrypt(3) manual page was updated to also list the 2y prefix.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=707484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=707487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5064.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:man-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"man-pages-3.15-2.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"man-pages-3.15-2.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"man-pages-3.15-2.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:22", "description": "The crypt(3) manpage was updated to also list the 2y prefix.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:man-pages", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_MAN-PAGES-110823.NASL", "href": "https://www.tenable.com/plugins/nessus/75943", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update man-pages-5032.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75943);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1)\");\n script_summary(english:\"Check for the man-pages-5032 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"The crypt(3) manpage was updated to also list the 2y prefix.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00044.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected man-pages package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:man-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"man-pages-3.32-4.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"man-pages\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:15:51", "description": "It was discovered that the blowfish algorithm in the pgcrypto module incorrectly handled certain 8-bit characters, resulting in the password hashes being easier to crack than expected. An attacker who could obtain the password hashes would be able to recover the plaintext with less effort.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-10-14T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : postgresql-8.3, postgresql-8.4 vulnerability (USN-1229-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:postgresql-8.3", "p-cpe:/a:canonical:ubuntu_linux:postgresql-8.4", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1229-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56506", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1229-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56506);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_bugtraq_id(49241);\n script_xref(name:\"USN\", value:\"1229-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : postgresql-8.3, postgresql-8.4 vulnerability (USN-1229-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the blowfish algorithm in the pgcrypto module\nincorrectly handled certain 8-bit characters, resulting in the\npassword hashes being easier to crack than expected. An attacker who\ncould obtain the password hashes would be able to recover the\nplaintext with less effort.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1229-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql-8.3 and / or postgresql-8.4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-8.3\", pkgver:\"8.3.16-0ubuntu0.8.04\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"postgresql-8.4\", pkgver:\"8.4.9-0ubuntu0.10.04\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"postgresql-8.4\", pkgver:\"8.4.9-0ubuntu0.10.10\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"postgresql-8.4\", pkgver:\"8.4.9-0ubuntu0.11.04\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql-8.3 / postgresql-8.4\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:42", "description": "The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any way? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd", "cvss3": {}, "published": "2011-08-20T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : glibc (ZYPP Patch Number 7659)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GLIBC-7659.NASL", "href": "https://www.tenable.com/plugins/nessus/55920", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55920);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"SuSE 10 Security Update : glibc (ZYPP Patch Number 7659)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The implementation of the blowfish based password hashing method had a\nbug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force\nmethods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing\nfunction (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After\ninstalling the update existing $2a hashes therefore no longer match\nhashes generated with the new, correct implementation if the password\ncontains 8bit characters. For system logins via PAM the pam_unix2\nmodule activates a compat mode and keeps processing existing $2a\nhashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously\nidentify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are\nadvised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords\nusing the blowfish hash do not have such a compat mode. That means\nusers with 8bit passwords that use such services will not be able to\nlog in anymore after the update. As workaround administrators may edit\nthe service's password database and change stored hashes from $2a to\n$2x. This will result in crypt() using the old algorithm. Users should\nbe required to change their passwords to make sure they are migrated\nto the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any\nway? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x ->\nbuggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the\npassword database and change the '$2a' prefix of the affected users'\nhashes to '$2x'. They will be able to log in again but should change\ntheir password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set\nBLOWFISH_2a2x=no in /etc/default/passwd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7659.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-devel-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-html-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-i18ndata-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-info-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-locale-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"glibc-profile-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"libxcrypt-2.4-12.9.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"libxcrypt-devel-2.4-12.9.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"nscd-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"pam-modules-10-2.17.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"pwdutils-3.0.7.1-17.34.36.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"pwdutils-plugin-audit-3.0.7.1-17.34.36.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.4-31.77.86.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"libxcrypt-32bit-2.4-12.9.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"pam-modules-32bit-10-2.17.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:50", "description": "A vulnerability was discovered and corrected in postgresql :\n\ncontrib/pg_crypto's blowfish encryption code could give wrong results on platforms where char is signed (which is most), leading to encrypted passwords being weaker than they should be (CVE-2011-2483).\n\nAdditionally corrected ossp-uuid packages as well as corrected support in postgresql 9.0.x are being provided for Mandriva Linux 2011.\n\nThis update provides a solution to this vulnerability.", "cvss3": {}, "published": "2011-10-25T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : postgresql (MDVSA-2011:161)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64ecpg8.4_6", "p-cpe:/a:mandriva:linux:lib64ecpg9.0_6", "p-cpe:/a:mandriva:linux:lib64ossp-uuid%2b%2b16", "p-cpe:/a:mandriva:linux:lib64ossp-uuid-devel", "p-cpe:/a:mandriva:linux:lib64ossp-uuid16", "p-cpe:/a:mandriva:linux:lib64ossp-uuid_dce16", "p-cpe:/a:mandriva:linux:lib64pq8.4_5", "p-cpe:/a:mandriva:linux:lib64pq9.0_5", "p-cpe:/a:mandriva:linux:libecpg8.4_6", "p-cpe:/a:mandriva:linux:libecpg9.0_6", "p-cpe:/a:mandriva:linux:libossp-uuid%2b%2b16", "p-cpe:/a:mandriva:linux:libossp-uuid-devel", "p-cpe:/a:mandriva:linux:libossp-uuid16", "p-cpe:/a:mandriva:linux:libossp-uuid_dce16", "p-cpe:/a:mandriva:linux:libpq8.4_5", "p-cpe:/a:mandriva:linux:libpq9.0_5", "p-cpe:/a:mandriva:linux:ossp-uuid", "p-cpe:/a:mandriva:linux:perl-ossp-uuid", "p-cpe:/a:mandriva:linux:php-ossp-uuid", "p-cpe:/a:mandriva:linux:postgresql-ossp-uuid", "p-cpe:/a:mandriva:linux:postgresql8.4", "p-cpe:/a:mandriva:linux:postgresql8.4-contrib", "p-cpe:/a:mandriva:linux:postgresql8.4-devel", "p-cpe:/a:mandriva:linux:postgresql8.4-docs", "p-cpe:/a:mandriva:linux:postgresql8.4-pl", "p-cpe:/a:mandriva:linux:postgresql8.4-plperl", "p-cpe:/a:mandriva:linux:postgresql8.4-plpgsql", "p-cpe:/a:mandriva:linux:postgresql8.4-plpython", "p-cpe:/a:mandriva:linux:postgresql8.4-pltcl", "p-cpe:/a:mandriva:linux:postgresql8.4-server", "p-cpe:/a:mandriva:linux:postgresql9.0", "p-cpe:/a:mandriva:linux:postgresql9.0-contrib", "p-cpe:/a:mandriva:linux:postgresql9.0-devel", "p-cpe:/a:mandriva:linux:postgresql9.0-docs", "p-cpe:/a:mandriva:linux:postgresql9.0-pl", "p-cpe:/a:mandriva:linux:postgresql9.0-plperl", "p-cpe:/a:mandriva:linux:postgresql9.0-plpgsql", "p-cpe:/a:mandriva:linux:postgresql9.0-plpython", "p-cpe:/a:mandriva:linux:postgresql9.0-pltcl", "p-cpe:/a:mandriva:linux:postgresql9.0-server", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2011-161.NASL", "href": "https://www.tenable.com/plugins/nessus/56627", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:161. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56627);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_bugtraq_id(49241);\n script_xref(name:\"MDVSA\", value:\"2011:161\");\n\n script_name(english:\"Mandriva Linux Security Advisory : postgresql (MDVSA-2011:161)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and corrected in postgresql :\n\ncontrib/pg_crypto's blowfish encryption code could give wrong results\non platforms where char is signed (which is most), leading to\nencrypted passwords being weaker than they should be (CVE-2011-2483).\n\nAdditionally corrected ossp-uuid packages as well as corrected support\nin postgresql 9.0.x are being provided for Mandriva Linux 2011.\n\nThis update provides a solution to this vulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/8.3/release-8-3-15.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/8.3/release-8-3-16.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/8.4/release-8-4-8.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/8.4/release-8-4-9.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/9.0/release-9-0-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/support/security/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ecpg8.4_6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ecpg9.0_6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ossp-uuid++16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ossp-uuid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ossp-uuid16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ossp-uuid_dce16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pq8.4_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pq9.0_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libecpg8.4_6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libecpg9.0_6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libossp-uuid++16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libossp-uuid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libossp-uuid16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libossp-uuid_dce16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpq8.4_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpq9.0_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ossp-uuid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-OSSP-uuid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-OSSP-uuid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-OSSP-uuid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4-plpgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0-plpgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64ecpg8.4_6-8.4.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64pq8.4_5-8.4.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libecpg8.4_6-8.4.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libpq8.4_5-8.4.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"postgresql8.4-8.4.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"postgresql8.4-contrib-8.4.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"postgresql8.4-devel-8.4.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"postgresql8.4-docs-8.4.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"postgresql8.4-pl-8.4.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"postgresql8.4-plperl-8.4.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"postgresql8.4-plpgsql-8.4.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"postgresql8.4-plpython-8.4.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"postgresql8.4-pltcl-8.4.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"postgresql8.4-server-8.4.9-0.1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64ecpg9.0_6-9.0.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64ossp-uuid++16-1.6.2-8.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64ossp-uuid-devel-1.6.2-8.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64ossp-uuid16-1.6.2-8.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64ossp-uuid_dce16-1.6.2-8.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64pq9.0_5-9.0.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libecpg9.0_6-9.0.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libossp-uuid++16-1.6.2-8.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libossp-uuid-devel-1.6.2-8.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libossp-uuid16-1.6.2-8.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libossp-uuid_dce16-1.6.2-8.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libpq9.0_5-9.0.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"ossp-uuid-1.6.2-8.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"perl-OSSP-uuid-1.6.2-8.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-OSSP-uuid-1.6.2-8.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql-OSSP-uuid-1.6.2-5.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-9.0.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-contrib-9.0.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-devel-9.0.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-docs-9.0.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-pl-9.0.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-plperl-9.0.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-plpgsql-9.0.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-plpython-9.0.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-pltcl-9.0.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-server-9.0.5-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:45", "description": "Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system (DBMS).\n\nA signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'.\n\nFor Red Hat Enterprise Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nFor Red Hat Enterprise Linux 4 and 5, the updated postgresql packages contain a backported patch.\n\nAll PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.", "cvss3": {}, "published": "2011-10-19T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : postgresql (CESA-2011:1377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:postgresql", "p-cpe:/a:centos:centos:postgresql-contrib", "p-cpe:/a:centos:centos:postgresql-devel", "p-cpe:/a:centos:centos:postgresql-docs", "p-cpe:/a:centos:centos:postgresql-jdbc", "p-cpe:/a:centos:centos:postgresql-libs", "p-cpe:/a:centos:centos:postgresql-pl", "p-cpe:/a:centos:centos:postgresql-python", "p-cpe:/a:centos:centos:postgresql-server", "p-cpe:/a:centos:centos:postgresql-tcl", "p-cpe:/a:centos:centos:postgresql-test", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1377.NASL", "href": "https://www.tenable.com/plugins/nessus/56535", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1377 and \n# CentOS Errata and Security Advisory 2011:1377 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56535);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_bugtraq_id(49241);\n script_xref(name:\"RHSA\", value:\"2011:1377\");\n\n script_name(english:\"CentOS 4 / 5 : postgresql (CESA-2011:1377)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated postgresql packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nA signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to applications that store user\npasswords, hashed with Blowfish using the PostgreSQL crypt() function,\nin a back-end PostgreSQL database. Unsafe processing can be re-enabled\nfor specific passwords (allowing affected users to log in) by changing\ntheir hash prefix to '$2x$'.\n\nFor Red Hat Enterprise Linux 6, the updated postgresql packages\nupgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release\nNotes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nFor Red Hat Enterprise Linux 4 and 5, the updated postgresql packages\ncontain a backported patch.\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct this issue. If the postgresql service is running, it\nwill be automatically restarted after installing this update.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018165.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6786291\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018166.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c47b658f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018115.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cd9d35e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018116.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cedd88ec\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-contrib-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-contrib-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-devel-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-devel-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-docs-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-docs-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-jdbc-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-jdbc-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-libs-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-libs-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-pl-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-pl-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-python-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-python-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-server-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-server-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-tcl-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-tcl-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-test-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-test-7.4.30-3.el4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-contrib-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-devel-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-docs-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-libs-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-pl-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-python-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-server-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-tcl-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-test-8.1.23-1.el5_7.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:49", "description": "The security update for CVE-2011-2483 broke changing blowfish passwords if compat mode was turned on (default). This update fixes the regression.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libxcrypt (openSUSE-SU-2011:0972-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libxcrypt", "p-cpe:/a:novell:opensuse:libxcrypt-32bit", "p-cpe:/a:novell:opensuse:libxcrypt-debuginfo", "p-cpe:/a:novell:opensuse:libxcrypt-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libxcrypt-debugsource", "p-cpe:/a:novell:opensuse:libxcrypt-devel", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_LIBXCRYPT-110824.NASL", "href": "https://www.tenable.com/plugins/nessus/75934", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libxcrypt-5049.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75934);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"openSUSE Security Update : libxcrypt (openSUSE-SU-2011:0972-1)\");\n script_summary(english:\"Check for the libxcrypt-5049 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The security update for CVE-2011-2483 broke changing blowfish\npasswords if compat mode was turned on (default). This update fixes\nthe regression.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00045.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxcrypt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libxcrypt-3.0.3-9.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libxcrypt-debuginfo-3.0.3-9.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libxcrypt-debugsource-3.0.3-9.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libxcrypt-devel-3.0.3-9.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libxcrypt-32bit-3.0.3-9.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libxcrypt-debuginfo-32bit-3.0.3-9.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxcrypt / libxcrypt-32bit / libxcrypt-devel / libxcrypt-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:58", "description": "The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any way? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd", "cvss3": {}, "published": "2011-08-20T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : glibc suite (YOU Patch Number 12813)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12813.NASL", "href": "https://www.tenable.com/plugins/nessus/55918", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55918);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"SuSE9 Security Update : glibc suite (YOU Patch Number 12813)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The implementation of the blowfish based password hashing method had a\nbug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force\nmethods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing\nfunction (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After\ninstalling the update existing $2a hashes therefore no longer match\nhashes generated with the new, correct implementation if the password\ncontains 8bit characters. For system logins via PAM the pam_unix2\nmodule activates a compat mode and keeps processing existing $2a\nhashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously\nidentify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are\nadvised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords\nusing the blowfish hash do not have such a compat mode. That means\nusers with 8bit passwords that use such services will not be able to\nlog in anymore after the update. As workaround administrators may edit\nthe service's password database and change stored hashes from $2a to\n$2x. This will result in crypt() using the old algorithm. Users should\nbe required to change their passwords to make sure they are migrated\nto the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any\nway? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x ->\nbuggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the\npassword database and change the '$2a' prefix of the affected users'\nhashes to '$2x'. They will be able to log in again but should change\ntheir password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set\nBLOWFISH_2a2x=no in /etc/default/passwd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12813.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-2.3.3-98.123\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-devel-2.3.3-98.123\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-html-2.3.3-98.123\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-i18ndata-2.3.3-98.123\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-info-2.3.3-98.123\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-locale-2.3.3-98.123\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"glibc-profile-2.3.3-98.123\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"libxcrypt-2.1.90-61.6\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"libxcrypt-devel-2.1.90-61.6\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"nscd-2.3.3-98.123\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"pam-modules-9-18.21\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"pwdutils-2.6.4-2.34\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"timezone-2.3.3-98.123\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"glibc-32bit-9-201108011005\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-9-201107291651\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-9-201107291651\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"libxcrypt-32bit-9-201107291733\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"pam-modules-32bit-9-201107291830\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:53", "description": "The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force methods (CVE-2011-2483).\n\nSUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any way? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y\n\n-> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0 <username>\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : glibc (openSUSE-SU-2011:0921-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:glibc", "p-cpe:/a:novell:opensuse:glibc-32bit", "p-cpe:/a:novell:opensuse:glibc-debuginfo", "p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-debugsource", "p-cpe:/a:novell:opensuse:glibc-devel", "p-cpe:/a:novell:opensuse:glibc-devel-32bit", "p-cpe:/a:novell:opensuse:glibc-devel-debuginfo", "p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-html", "p-cpe:/a:novell:opensuse:glibc-i18ndata", "p-cpe:/a:novell:opensuse:glibc-info", "p-cpe:/a:novell:opensuse:glibc-locale", "p-cpe:/a:novell:opensuse:glibc-locale-32bit", "p-cpe:/a:novell:opensuse:glibc-locale-debuginfo", "p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-obsolete", "p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo", "p-cpe:/a:novell:opensuse:glibc-profile", "p-cpe:/a:novell:opensuse:glibc-profile-32bit", "p-cpe:/a:novell:opensuse:libxcrypt", "p-cpe:/a:novell:opensuse:libxcrypt-32bit", "p-cpe:/a:novell:opensuse:libxcrypt-debuginfo", "p-cpe:/a:novell:opensuse:libxcrypt-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libxcrypt-debugsource", "p-cpe:/a:novell:opensuse:libxcrypt-devel", "p-cpe:/a:novell:opensuse:nscd", "p-cpe:/a:novell:opensuse:nscd-debuginfo", "p-cpe:/a:novell:opensuse:pam-modules", "p-cpe:/a:novell:opensuse:pam-modules-32bit", "p-cpe:/a:novell:opensuse:pam-modules-debuginfo", "p-cpe:/a:novell:opensuse:pam-modules-debuginfo-32bit", "p-cpe:/a:novell:opensuse:pam-modules-debugsource", "p-cpe:/a:novell:opensuse:pwdutils", "p-cpe:/a:novell:opensuse:pwdutils-debuginfo", "p-cpe:/a:novell:opensuse:pwdutils-debugsource", "p-cpe:/a:novell:opensuse:pwdutils-plugin-audit", "p-cpe:/a:novell:opensuse:pwdutils-plugin-audit-debuginfo", "p-cpe:/a:novell:opensuse:pwdutils-rpasswd", "p-cpe:/a:novell:opensuse:pwdutils-rpasswd-32bit", "p-cpe:/a:novell:opensuse:pwdutils-rpasswd-debuginfo", "p-cpe:/a:novell:opensuse:pwdutils-rpasswd-debuginfo-32bit", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_GLIBC-110729.NASL", "href": "https://www.tenable.com/plugins/nessus/75852", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update glibc-4943.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75852);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"openSUSE Security Update : glibc (openSUSE-SU-2011:0921-1)\");\n script_summary(english:\"Check for the glibc-4943 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The implementation of the blowfish based password hashing method had a\nbug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force\nmethods (CVE-2011-2483).\n\nSUSE's crypt() implementation supports the blowfish password hashing\nfunction (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After\ninstalling the update existing $2a hashes therefore no longer match\nhashes generated with the new, correct implementation if the password\ncontains 8bit characters. For system logins via PAM the pam_unix2\nmodule activates a compat mode and keeps processing existing $2a\nhashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously\nidentify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are\nadvised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords\nusing the blowfish hash do not have such a compat mode. That means\nusers with 8bit passwords that use such services will not be able to\nlog in anymore after the update. As workaround administrators may edit\nthe service's password database and change stored hashes from $2a to\n$2x. This will result in crypt() using the old algorithm. Users should\nbe required to change their passwords to make sure they are migrated\nto the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any\nway? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x ->\nbuggy algorithm $2a -> buggy algorithm $2y\n\n-> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0 <username>\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the\npassword database and change the '$2a' prefix of the affected users'\nhashes to '$2x'. They will be able to log in again but should change\ntheir password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set\nBLOWFISH_2a2x=no in /etc/default/passwd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=700876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-modules-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-modules-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-modules-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-plugin-audit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-plugin-audit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-rpasswd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-rpasswd-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-rpasswd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-rpasswd-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-debuginfo-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-debugsource-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-devel-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-devel-debuginfo-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-html-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-i18ndata-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-info-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-locale-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-locale-debuginfo-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-obsolete-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-obsolete-debuginfo-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glibc-profile-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libxcrypt-3.0.3-9.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libxcrypt-debuginfo-3.0.3-9.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libxcrypt-debugsource-3.0.3-9.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libxcrypt-devel-3.0.3-9.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"nscd-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"nscd-debuginfo-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pam-modules-11.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pam-modules-debuginfo-11.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pam-modules-debugsource-11.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pwdutils-3.2.14-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pwdutils-debuginfo-3.2.14-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pwdutils-debugsource-3.2.14-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pwdutils-plugin-audit-3.2.14-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pwdutils-plugin-audit-debuginfo-3.2.14-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pwdutils-rpasswd-3.2.14-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pwdutils-rpasswd-debuginfo-3.2.14-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"glibc-debuginfo-32bit-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"glibc-devel-debuginfo-32bit-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"glibc-locale-debuginfo-32bit-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.3-12.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libxcrypt-32bit-3.0.3-9.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libxcrypt-debuginfo-32bit-3.0.3-9.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"pam-modules-32bit-11.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"pam-modules-debuginfo-32bit-11.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"pwdutils-rpasswd-32bit-3.2.14-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"pwdutils-rpasswd-debuginfo-32bit-3.2.14-4.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-32bit / glibc-devel / glibc-devel-32bit / glibc-html / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:48", "description": "Updated postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system (DBMS).\n\nA signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'.\n\nThese updated postgresql84 packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.", "cvss3": {}, "published": "2011-10-18T00:00:00", "type": "nessus", "title": "RHEL 5 : postgresql84 (RHSA-2011:1378)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:postgresql84", "p-cpe:/a:redhat:enterprise_linux:postgresql84-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql84-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql84-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql84-libs", "p-cpe:/a:redhat:enterprise_linux:postgresql84-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql84-plpython", "p-cpe:/a:redhat:enterprise_linux:postgresql84-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql84-python", "p-cpe:/a:redhat:enterprise_linux:postgresql84-server", "p-cpe:/a:redhat:enterprise_linux:postgresql84-tcl", "p-cpe:/a:redhat:enterprise_linux:postgresql84-test", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1378.NASL", "href": "https://www.tenable.com/plugins/nessus/56534", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1378. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56534);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_bugtraq_id(49241);\n script_xref(name:\"RHSA\", value:\"2011:1378\");\n\n script_name(english:\"RHEL 5 : postgresql84 (RHSA-2011:1378)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated postgresql84 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nA signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to applications that store user\npasswords, hashed with Blowfish using the PostgreSQL crypt() function,\nin a back-end PostgreSQL database. Unsafe processing can be re-enabled\nfor specific passwords (allowing affected users to log in) by changing\ntheir hash prefix to '$2x$'.\n\nThese updated postgresql84 packages upgrade PostgreSQL to version\n8.4.9. Refer to the PostgreSQL Release Notes for a full list of\nchanges :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct this issue. If the postgresql service is running, it\nwill be automatically restarted after installing this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2483\"\n );\n # http://www.postgresql.org/docs/8.4/static/release.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/8.4/release.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1378\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1378\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-contrib-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-contrib-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-contrib-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"postgresql84-devel-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-docs-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-docs-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-docs-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"postgresql84-libs-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-plperl-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-plperl-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-plperl-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-plpython-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-plpython-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-plpython-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-pltcl-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-pltcl-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-pltcl-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-python-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-python-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-python-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-server-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-server-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-server-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-tcl-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-tcl-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-tcl-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-test-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-test-8.4.9-1.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-test-8.4.9-1.el5_7.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql84 / postgresql84-contrib / postgresql84-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:24", "description": "The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any way? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd", "cvss3": {}, "published": "2012-04-03T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : glibc (ZYPP Patch Number 7663)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GLIBC-BLOWFISH-7663.NASL", "href": "https://www.tenable.com/plugins/nessus/58576", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58576);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"SuSE 10 Security Update : glibc (ZYPP Patch Number 7663)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The implementation of the blowfish based password hashing method had a\nbug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force\nmethods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing\nfunction (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After\ninstalling the update existing $2a hashes therefore no longer match\nhashes generated with the new, correct implementation if the password\ncontains 8bit characters. For system logins via PAM the pam_unix2\nmodule activates a compat mode and keeps processing existing $2a\nhashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously\nidentify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are\nadvised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords\nusing the blowfish hash do not have such a compat mode. That means\nusers with 8bit passwords that use such services will not be able to\nlog in anymore after the update. As workaround administrators may edit\nthe service's password database and change stored hashes from $2a to\n$2x. This will result in crypt() using the old algorithm. Users should\nbe required to change their passwords to make sure they are migrated\nto the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any\nway? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x ->\nbuggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the\npassword database and change the '$2a' prefix of the affected users'\nhashes to '$2x'. They will be able to log in again but should change\ntheir password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set\nBLOWFISH_2a2x=no in /etc/default/passwd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7663.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-devel-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-html-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-i18ndata-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-info-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"glibc-locale-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libxcrypt-2.4-12.9.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"nscd-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"pam-modules-10-2.17.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"pwdutils-3.0.7.1-17.36.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"libxcrypt-32bit-2.4-12.9.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"pam-modules-32bit-10-2.17.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-devel-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-html-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-i18ndata-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-info-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-locale-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"glibc-profile-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libxcrypt-2.4-12.9.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libxcrypt-devel-2.4-12.9.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"nscd-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"pam-modules-10-2.17.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"pwdutils-3.0.7.1-17.36.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"pwdutils-plugin-audit-3.0.7.1-17.36.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-32bit-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.4-31.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"libxcrypt-32bit-2.4-12.9.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"pam-modules-32bit-10-2.17.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:31", "description": "Updated postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system (DBMS).\n\nA signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'.\n\nThese updated postgresql84 packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.", "cvss3": {}, "published": "2011-10-19T00:00:00", "type": "nessus", "title": "CentOS 5 : postgresql84 (CESA-2011:1378)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:postgresql84", "p-cpe:/a:centos:centos:postgresql84-contrib", "p-cpe:/a:centos:centos:postgresql84-devel", "p-cpe:/a:centos:centos:postgresql84-docs", "p-cpe:/a:centos:centos:postgresql84-libs", "p-cpe:/a:centos:centos:postgresql84-plperl", "p-cpe:/a:centos:centos:postgresql84-plpython", "p-cpe:/a:centos:centos:postgresql84-pltcl", "p-cpe:/a:centos:centos:postgresql84-python", "p-cpe:/a:centos:centos:postgresql84-server", "p-cpe:/a:centos:centos:postgresql84-tcl", "p-cpe:/a:centos:centos:postgresql84-test", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1378.NASL", "href": "https://www.tenable.com/plugins/nessus/56536", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1378 and \n# CentOS Errata and Security Advisory 2011:1378 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56536);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_bugtraq_id(49241);\n script_xref(name:\"RHSA\", value:\"2011:1378\");\n\n script_name(english:\"CentOS 5 : postgresql84 (CESA-2011:1378)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated postgresql84 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nA signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to applications that store user\npasswords, hashed with Blowfish using the PostgreSQL crypt() function,\nin a back-end PostgreSQL database. Unsafe processing can be re-enabled\nfor specific passwords (allowing affected users to log in) by changing\ntheir hash prefix to '$2x$'.\n\nThese updated postgresql84 packages upgrade PostgreSQL to version\n8.4.9. Refer to the PostgreSQL Release Notes for a full list of\nchanges :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct this issue. If the postgresql service is running, it\nwill be automatically restarted after installing this update.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018117.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2b316f37\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018118.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fdea9f51\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql84 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-contrib-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-devel-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-docs-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-libs-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-plperl-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-plpython-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-pltcl-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-python-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-server-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-tcl-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-test-8.4.9-1.el5_7.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql84 / postgresql84-contrib / postgresql84-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:10", "description": "The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any way? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd", "cvss3": {}, "published": "2012-02-06T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : glibc (SAT Patch Number 4944)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:glibc", "p-cpe:/a:novell:suse_linux:11:glibc-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-devel", "p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-html", "p-cpe:/a:novell:suse_linux:11:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:11:glibc-info", "p-cpe:/a:novell:suse_linux:11:glibc-locale", "p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-profile", "p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit", "p-cpe:/a:novell:suse_linux:11:libxcrypt", "p-cpe:/a:novell:suse_linux:11:libxcrypt-32bit", "p-cpe:/a:novell:suse_linux:11:nscd", "p-cpe:/a:novell:suse_linux:11:pam-modules", "p-cpe:/a:novell:suse_linux:11:pam-modules-32bit", "p-cpe:/a:novell:suse_linux:11:pwdutils", "p-cpe:/a:novell:suse_linux:11:pwdutils-plugin-audit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_GLIBC-BLOWFISH-110729.NASL", "href": "https://www.tenable.com/plugins/nessus/57839", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57839);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"SuSE 11.1 Security Update : glibc (SAT Patch Number 4944)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The implementation of the blowfish based password hashing method had a\nbug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force\nmethods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing\nfunction (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After\ninstalling the update existing $2a hashes therefore no longer match\nhashes generated with the new, correct implementation if the password\ncontains 8bit characters. For system logins via PAM the pam_unix2\nmodule activates a compat mode and keeps processing existing $2a\nhashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously\nidentify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are\nadvised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords\nusing the blowfish hash do not have such a compat mode. That means\nusers with 8bit passwords that use such services will not be able to\nlog in anymore after the update. As workaround administrators may edit\nthe service's password database and change stored hashes from $2a to\n$2x. This will result in crypt() using the old algorithm. Users should\nbe required to change their passwords to make sure they are migrated\nto the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any\nway? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x ->\nbuggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the\npassword database and change the '$2a' prefix of the affected users'\nhashes to '$2x'. They will be able to log in again but should change\ntheir password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set\nBLOWFISH_2a2x=no in /etc/default/passwd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=645140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=680833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=700876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4944.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libxcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libxcrypt-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pam-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pam-modules-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pwdutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pwdutils-plugin-audit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"glibc-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"glibc-devel-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"glibc-i18ndata-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"glibc-locale-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libxcrypt-3.0.3-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"nscd-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"pam-modules-11-1.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"pwdutils-3.2.8-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i686\", reference:\"glibc-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i686\", reference:\"glibc-devel-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-devel-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-i18ndata-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-locale-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libxcrypt-3.0.3-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libxcrypt-32bit-3.0.3-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"nscd-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"pam-modules-11-1.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"pam-modules-32bit-11-1.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"pwdutils-3.2.8-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-devel-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-html-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-i18ndata-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-info-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-locale-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"glibc-profile-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libxcrypt-3.0.3-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"nscd-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"pam-modules-11-1.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"pwdutils-3.2.8-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"pwdutils-plugin-audit-3.2.8-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-32bit-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libxcrypt-32bit-3.0.3-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"pam-modules-32bit-11-1.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-32bit-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.1-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libxcrypt-32bit-3.0.3-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"pam-modules-32bit-11-1.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:07", "description": "This update of yast2-core fixes security issues and a bug :\n\n - When setting a password for a user, use blowfish algorithm id 2y instead of 2a. (bnc#700876 / CVE-2011-2483)\n\n - Log YCP client arguments only with y2debug, not to reveal AutoYaST passwords. (bnc#492746)\n\n - ini-agent: Fixed a test failure 'wrong stderr for nonex' (bnc#706705)", "cvss3": {}, "published": "2011-09-01T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : yast2-core (SAT Patch Number 5078)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:yast2-core", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_YAST2-CORE-110830.NASL", "href": "https://www.tenable.com/plugins/nessus/56034", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56034);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"SuSE 11.1 Security Update : yast2-core (SAT Patch Number 5078)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of yast2-core fixes security issues and a bug :\n\n - When setting a password for a user, use blowfish\n algorithm id 2y instead of 2a. (bnc#700876 /\n CVE-2011-2483)\n\n - Log YCP client arguments only with y2debug, not to\n reveal AutoYaST passwords. (bnc#492746)\n\n - ini-agent: Fixed a test failure 'wrong stderr for nonex'\n (bnc#706705)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=492746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=700876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5078.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:yast2-core\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"yast2-core-2.17.35.3-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"yast2-core-2.17.35.3-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"yast2-core-2.17.35.3-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:20:08", "description": "From Red Hat Security Advisory 2011:1378 :\n\nUpdated postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system (DBMS).\n\nA signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'.\n\nThese updated postgresql84 packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : postgresql84 (ELSA-2011-1378)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:postgresql84", "p-cpe:/a:oracle:linux:postgresql84-contrib", "p-cpe:/a:oracle:linux:postgresql84-devel", "p-cpe:/a:oracle:linux:postgresql84-docs", "p-cpe:/a:oracle:linux:postgresql84-libs", "p-cpe:/a:oracle:linux:postgresql84-plperl", "p-cpe:/a:oracle:linux:postgresql84-plpython", "p-cpe:/a:oracle:linux:postgresql84-pltcl", "p-cpe:/a:oracle:linux:postgresql84-python", "p-cpe:/a:oracle:linux:postgresql84-server", "p-cpe:/a:oracle:linux:postgresql84-tcl", "p-cpe:/a:oracle:linux:postgresql84-test", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2011-1378.NASL", "href": "https://www.tenable.com/plugins/nessus/68371", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1378 and \n# Oracle Linux Security Advisory ELSA-2011-1378 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68371);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_bugtraq_id(49241);\n script_xref(name:\"RHSA\", value:\"2011:1378\");\n\n script_name(english:\"Oracle Linux 5 : postgresql84 (ELSA-2011-1378)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1378 :\n\nUpdated postgresql84 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nA signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to applications that store user\npasswords, hashed with Blowfish using the PostgreSQL crypt() function,\nin a back-end PostgreSQL database. Unsafe processing can be re-enabled\nfor specific passwords (allowing affected users to log in) by changing\ntheir hash prefix to '$2x$'.\n\nThese updated postgresql84 packages upgrade PostgreSQL to version\n8.4.9. Refer to the PostgreSQL Release Notes for a full list of\nchanges :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct this issue. If the postgresql service is running, it\nwill be automatically restarted after installing this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002408.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql84 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-contrib-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-devel-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-docs-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-libs-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-plperl-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-plpython-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-pltcl-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-python-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-server-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-tcl-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-test-8.4.9-1.el5_7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql84 / postgresql84-contrib / postgresql84-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:25:49", "description": "From Red Hat Security Advisory 2011:1377 :\n\nUpdated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system (DBMS).\n\nA signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'.\n\nFor Red Hat Enterprise Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nFor Red Hat Enterprise Linux 4 and 5, the updated postgresql packages contain a backported patch.\n\nAll PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 / 6 : postgresql (ELSA-2011-1377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:postgresql", "p-cpe:/a:oracle:linux:postgresql-contrib", "p-cpe:/a:oracle:linux:postgresql-devel", "p-cpe:/a:oracle:linux:postgresql-docs", "p-cpe:/a:oracle:linux:postgresql-jdbc", "p-cpe:/a:oracle:linux:postgresql-libs", "p-cpe:/a:oracle:linux:postgresql-pl", "p-cpe:/a:oracle:linux:postgresql-plperl", "p-cpe:/a:oracle:linux:postgresql-plpython", "p-cpe:/a:oracle:linux:postgresql-pltcl", "p-cpe:/a:oracle:linux:postgresql-python", "p-cpe:/a:oracle:linux:postgresql-server", "p-cpe:/a:oracle:linux:postgresql-tcl", "p-cpe:/a:oracle:linux:postgresql-test", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2011-1377.NASL", "href": "https://www.tenable.com/plugins/nessus/68370", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1377 and \n# Oracle Linux Security Advisory ELSA-2011-1377 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68370);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_bugtraq_id(49241);\n script_xref(name:\"RHSA\", value:\"2011:1377\");\n\n script_name(english:\"Oracle Linux 4 / 5 / 6 : postgresql (ELSA-2011-1377)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1377 :\n\nUpdated postgresql packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nA signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to applications that store user\npasswords, hashed with Blowfish using the PostgreSQL crypt() function,\nin a back-end PostgreSQL database. Unsafe processing can be re-enabled\nfor specific passwords (allowing affected users to log in) by changing\ntheir hash prefix to '$2x$'.\n\nFor Red Hat Enterprise Linux 6, the updated postgresql packages\nupgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release\nNotes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nFor Red Hat Enterprise Linux 4 and 5, the updated postgresql packages\ncontain a backported patch.\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct this issue. If the postgresql service is running, it\nwill be automatically restarted after installing this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002405.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002406.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002407.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-contrib-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-devel-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-docs-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-jdbc-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-libs-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-pl-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-python-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-server-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-tcl-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-test-7.4.30-3.el4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"postgresql-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-contrib-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-devel-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-docs-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-libs-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-pl-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-python-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-server-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-tcl-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-test-8.1.23-1.el5_7.2\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"postgresql-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"postgresql-contrib-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"postgresql-devel-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"postgresql-docs-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"postgresql-libs-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"postgresql-plperl-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"postgresql-plpython-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"postgresql-pltcl-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"postgresql-server-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"postgresql-test-8.4.9-1.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:33", "description": "This update of yast2-core fixes security issues, bugs, and adds a debugging feature.", "cvss3": {}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : yast2-core (ZYPP Patch Number 7726)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_YAST2-CORE-7726.NASL", "href": "https://www.tenable.com/plugins/nessus/57270", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57270);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"SuSE 10 Security Update : yast2-core (ZYPP Patch Number 7726)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of yast2-core fixes security issues, bugs, and adds a\ndebugging feature.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7726.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"yast2-core-2.13.48-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"yast2-core-2.13.48-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"yast2-core-devel-2.13.48-0.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:21", "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nA signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'.\n\nThese updated postgresql84 packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : postgresql84 on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111017_POSTGRESQL84_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61154", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61154);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"Scientific Linux Security Update : postgresql84 on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nA signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to applications that store user\npasswords, hashed with Blowfish using the PostgreSQL crypt() function,\nin a back-end PostgreSQL database. Unsafe processing can be re-enabled\nfor specific passwords (allowing affected users to log in) by changing\ntheir hash prefix to '$2x$'.\n\nThese updated postgresql84 packages upgrade PostgreSQL to version\n8.4.9. Refer to the PostgreSQL Release Notes for a full list of\nchanges :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct this issue. If the postgresql service is running, it\nwill be automatically restarted after installing this update.\"\n );\n # http://www.postgresql.org/docs/8.4/static/release.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/8.4/release.html\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=1453\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f78efe70\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-contrib-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-debuginfo-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-devel-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-docs-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-libs-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-plperl-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-plpython-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-pltcl-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-python-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-server-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-tcl-8.4.9-1.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-test-8.4.9-1.el5_7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:41", "description": "The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any way? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd", "cvss3": {}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : glibc (ZYPP Patch Number 7663) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2013-12-05T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GLIBC-7663.NASL", "href": "https://www.tenable.com/plugins/nessus/57202", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\n# @DEPRECATED@\n#\n# This script has been deprecated as it duplicates plugin #58576\n# (suse_glibc-blowfish-7663.nasl).\n#\n# Disabled on 2013/12/05.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57202);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/20 0:18:55\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"SuSE 10 Security Update : glibc (ZYPP Patch Number 7663) (deprecated)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The implementation of the blowfish based password hashing method had a\nbug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force\nmethods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing\nfunction (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After\ninstalling the update existing $2a hashes therefore no longer match\nhashes generated with the new, correct implementation if the password\ncontains 8bit characters. For system logins via PAM the pam_unix2\nmodule activates a compat mode and keeps processing existing $2a\nhashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously\nidentify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are\nadvised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords\nusing the blowfish hash do not have such a compat mode. That means\nusers with 8bit passwords that use such services will not be able to\nlog in anymore after the update. As workaround administrators may edit\nthe service's password database and change stored hashes from $2a to\n$2x. This will result in crypt() using the old algorithm. Users should\nbe required to change their passwords to make sure they are migrated\nto the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any\nway? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x ->\nbuggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the\npassword database and change the '$2a' prefix of the affected users'\nhashes to '$2x'. They will be able to log in again but should change\ntheir password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set\nBLOWFISH_2a2x=no in /etc/default/passwd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7663.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"The plugin duplicates #58576 (suse_glibc-blowfish-7663.nasl).\");\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif ( rpm_check( reference:\"glibc-2.4-31.93.1\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-2.4-31.93.1\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-html-2.4-31.93.1\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-i18ndata-2.4-31.93.1\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-info-2.4-31.93.1\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-2.4-31.93.1\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-profile-2.4-31.93.1\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-2.4-12.9.4\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-devel-2.4-12.9.4\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"nscd-2.4-31.93.1\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"pam-modules-10-2.17.4\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"pwdutils-3.0.7.1-17.36.2\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"pwdutils-plugin-audit-3.0.7.1-17.36.2\", release:\"SLES10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-2.4-31.93.1\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-2.4-31.93.1\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-html-2.4-31.93.1\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-i18ndata-2.4-31.93.1\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-info-2.4-31.93.1\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-2.4-31.93.1\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-2.4-12.9.4\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"nscd-2.4-31.93.1\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"pam-modules-10-2.17.4\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\nif ( rpm_check( reference:\"pwdutils-3.0.7.1-17.36.2\", release:\"SLED10\", cpu:\"i586\", sp: 4) ) flag ++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:45", "description": "The security update for CVE-2011-2483 broke changing blowfish passwords if compat mode was turned on (default). This update fixes the regression.", "cvss3": {}, "published": "2011-08-31T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : libxcrypt (SAT Patch Number 5041)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libxcrypt", "p-cpe:/a:novell:suse_linux:11:libxcrypt-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBXCRYPT-110824.NASL", "href": "https://www.tenable.com/plugins/nessus/56018", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56018);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"SuSE 11.1 Security Update : libxcrypt (SAT Patch Number 5041)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The security update for CVE-2011-2483 broke changing blowfish\npasswords if compat mode was turned on (default). This update fixes\nthe regression.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5041.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libxcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libxcrypt-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libxcrypt-3.0.3-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libxcrypt-3.0.3-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libxcrypt-32bit-3.0.3-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libxcrypt-3.0.3-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libxcrypt-32bit-3.0.3-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libxcrypt-32bit-3.0.3-0.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:23:41", "description": "A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'.", "cvss3": {}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : postgresql (ALAS-2011-12)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:postgresql", "p-cpe:/a:amazon:linux:postgresql-contrib", "p-cpe:/a:amazon:linux:postgresql-debuginfo", "p-cpe:/a:amazon:linux:postgresql-devel", "p-cpe:/a:amazon:linux:postgresql-docs", "p-cpe:/a:amazon:linux:postgresql-libs", "p-cpe:/a:amazon:linux:postgresql-plperl", "p-cpe:/a:amazon:linux:postgresql-plpython", "p-cpe:/a:amazon:linux:postgresql-pltcl", "p-cpe:/a:amazon:linux:postgresql-server", "p-cpe:/a:amazon:linux:postgresql-test", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2011-12.NASL", "href": "https://www.tenable.com/plugins/nessus/69571", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2011-12.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69571);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_xref(name:\"ALAS\", value:\"2011-12\");\n script_xref(name:\"RHSA\", value:\"2011:1377\");\n\n script_name(english:\"Amazon Linux AMI : postgresql (ALAS-2011-12)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to applications that store user\npasswords, hashed with Blowfish using the PostgreSQL crypt() function,\nin a back-end PostgreSQL database. Unsafe processing can be re-enabled\nfor specific passwords (allowing affected users to log in) by changing\ntheir hash prefix to '$2x$'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2011-12.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update postgresql' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-contrib-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-debuginfo-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-devel-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-docs-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-libs-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-plperl-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-plpython-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-pltcl-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-server-8.4.9-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql-test-8.4.9-1.13.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:52", "description": "The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force methods (CVE-2011-2483).\n\nSUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any way? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y\n\n-> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0 <username>\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : glibc (openSUSE-SU-2011:0921-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:glibc", "p-cpe:/a:novell:opensuse:glibc-32bit", "p-cpe:/a:novell:opensuse:glibc-devel", "p-cpe:/a:novell:opensuse:glibc-devel-32bit", "p-cpe:/a:novell:opensuse:glibc-html", "p-cpe:/a:novell:opensuse:glibc-i18ndata", "p-cpe:/a:novell:opensuse:glibc-info", "p-cpe:/a:novell:opensuse:glibc-locale", "p-cpe:/a:novell:opensuse:glibc-locale-32bit", "p-cpe:/a:novell:opensuse:glibc-obsolete", "p-cpe:/a:novell:opensuse:glibc-profile", "p-cpe:/a:novell:opensuse:glibc-profile-32bit", "p-cpe:/a:novell:opensuse:libxcrypt", "p-cpe:/a:novell:opensuse:libxcrypt-32bit", "p-cpe:/a:novell:opensuse:libxcrypt-devel", "p-cpe:/a:novell:opensuse:nscd", "p-cpe:/a:novell:opensuse:pam-modules", "p-cpe:/a:novell:opensuse:pam-modules-32bit", "p-cpe:/a:novell:opensuse:pwdutils", "p-cpe:/a:novell:opensuse:pwdutils-plugin-audit", "p-cpe:/a:novell:opensuse:pwdutils-rpasswd", "p-cpe:/a:novell:opensuse:pwdutils-rpasswd-32bit", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_GLIBC-110729.NASL", "href": "https://www.tenable.com/plugins/nessus/75519", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update glibc-4943.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75519);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"openSUSE Security Update : glibc (openSUSE-SU-2011:0921-1)\");\n script_summary(english:\"Check for the glibc-4943 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The implementation of the blowfish based password hashing method had a\nbug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force\nmethods (CVE-2011-2483).\n\nSUSE's crypt() implementation supports the blowfish password hashing\nfunction (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After\ninstalling the update existing $2a hashes therefore no longer match\nhashes generated with the new, correct implementation if the password\ncontains 8bit characters. For system logins via PAM the pam_unix2\nmodule activates a compat mode and keeps processing existing $2a\nhashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously\nidentify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are\nadvised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords\nusing the blowfish hash do not have such a compat mode. That means\nusers with 8bit passwords that use such services will not be able to\nlog in anymore after the update. As workaround administrators may edit\nthe service's password database and change stored hashes from $2a to\n$2x. This will result in crypt() using the old algorithm. Users should\nbe required to change their passwords to make sure they are migrated\nto the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any\nway? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by\ndefault: $2x -> buggy algorithm $2a -> buggy algorithm $2y\n\n-> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0 <username>\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the\npassword database and change the '$2a' prefix of the affected users'\nhashes to '$2x'. They will be able to log in again but should change\ntheir password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set\nBLOWFISH_2a2x=no in /etc/default/passwd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=700876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxcrypt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam-modules-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-plugin-audit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-rpasswd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pwdutils-rpasswd-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"glibc-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"glibc-devel-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"glibc-html-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"glibc-i18ndata-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"glibc-info-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"glibc-locale-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"glibc-obsolete-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"glibc-profile-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libxcrypt-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libxcrypt-devel-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"nscd-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"pam-modules-11.3-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"pwdutils-3.2.10-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"pwdutils-plugin-audit-3.2.10-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"pwdutils-rpasswd-3.2.10-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"glibc-32bit-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.2-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libxcrypt-32bit-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"pam-modules-32bit-11.3-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"pwdutils-rpasswd-32bit-3.2.10-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-32bit / glibc-devel / glibc-devel-32bit / glibc-html / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:26:03", "description": "- update to 5.0.26 [bnc#848594]\n\n - Added the .cf TLD server.\n\n - Updated the .bi TLD server.\n\n - Added a new ASN allocation.\n\n - includes changes from 5.0.25\n\n - Added the .ax, .bn, .iq, .pw and .rw TLD servers.\n\n - Updated one or more translations.\n\n - includes updates changes 5.0.24 :\n\n - Merged documentation fixes and the whois.conf(5) man page\n\n - Added a new ASN allocation.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.23\n\n - whois.nic.or.kr switched from EUC-KR to UTF-8.\n\n - includes changes from 5.0.22\n\n - Fixed cross-compiling\n\n - includes changes from 5.0.21\n\n - Fixed parsing of 6to4 addresses\n\n - Added the .xn--j1amh (.&Ntilde;&#131;&ETH;&ordm;&Ntilde;&#128;, Ukraine) TLD server.\n\n - Updated the .bi, .se and .vn TLD servers.\n\n - Removed whois.pandi.or.id from the list of servers which support the RIPE extensions, since it does not anymore and queries are broken.\n\n - Updated some disclaimer suppression strings.\n\n - Respect DEB_HOST_GNU_TYPE when selecting CC for cross-compiling.\n\n - includes changes form 5.0.20\n\n - Updated the .by, .ng, .om, .sm, .tn, .ug and .vn TLD servers.\n\n - Added the .bw, .td, .xn--mgb9awbf (&Oslash;&sup1;&Ugrave;&#133;&Oslash;&sect;&Ugrave;&#134 ;., Oman), .xn--mgberp4a5d4ar (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sup3;&Oslash;&sup 1;&Ugrave;&#136;&Oslash;&macr;&Ugrave;&#138;&Oslash;&cop y;, Saudi Arabia) and .xn--mgbx4cd0ab (&iuml;&raquo;&cent;&iuml;&raquo;&nbsp;&iuml;&raquo;&acu te;&iuml;&ordm;&acute;&iuml;&raquo;&sup3;&iuml;&ordm;&#1 41;., Malaysia) TLD servers.\n\n - Removed the .kp, .mc, .rw and .xn--mgba3a4f16a (&Oslash;&sect;&Ucirc;&#140;&Oslash;&plusmn;&Oslash;&sec t;&Ugrave;&#134;., Iran) TLD servers.\n\n - includes changes from 5.0.19\n\n - Added the .post TLD server.\n\n - Updated the .co.za SLD servers.\n\n - Added the .alt.za, .net.za and .web.za SLD servers.\n\n - whois.ua changed (?) the encoding to utf-8.\n\n - Fixed the parsing of 6to4 addresses like whois 2002:xxxx::.\n\n - includes changes from 5.0.18\n\n - Updated the .ae and .xn--mgbaam7a8h (.&Oslash;&sect;&Ugrave;&#133;&Oslash;&sect;&Oslash;&plu smn;&Oslash;&sect;&Oslash;&ordf;, United Arabs Emirates) TLDs.\n\n - Updated the server charset table for .fr and .it.\n\n - includes changes from whois 5.0.17\n\n - Updated the .bi, .fo, .gr and .gt TLD servers.\n\n - Removed support for recursion of .org queries, it has been a thick registry since 2005.\n\n - includes changes from 5.0.16\n\n - Added the .xn--80ao21a (.&Ograve;&#154;&ETH;&#144;&ETH;&#151;, Kazakhstan) TLD server.\n\n - Updated the .ec and .ee TLD servers.\n\n - Removed the .xn--mgbc0a9azcg (.&Oslash;&sect;&Ugrave;&#132;&Ugrave;&#133;&Oslash;&ord m;&Oslash;&plusmn;&Oslash;&uml;, Morocco) and .xn--mgberp4a5d4ar (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sup3;&Oslash;&sup 1;&Ugrave;&#136;&Oslash;&macr;&Ugrave;&#138;&Oslash;&cop y;, Saudi Arabia) TLD servers.\n\n - Added a new ASN allocation.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.15\n\n - Added the .xn--mgba3a4f16a (&Oslash;&sect;&Ucirc;&#140;&Oslash;&plusmn;&Oslash;&sec t;&Ugrave;&#134;., Iran) TLD server.\n\n - Updated the .pe TLD server, this time for real.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.14\n\n - Added the .sx TLD server.\n\n - Updated the .pe TLD server.\n\n - includes changes from 5.0.13\n\n - Updated the .hr TLD server.\n\n - Improved the package description\n\n - Updated the FSF address in licenses.\n\n - includes changes from 5.0.12\n\n - Recursion disabled when the query string contains spaces, because probably the query format will not be compatible with the referral server (e.g. whois to rwhois or ARIN to RIPE).\n\n - Add the '+' flag by default to queries to whois.arin.net if the argument looks like an IP address. Also add the 'a' and 'n' flags. No thanks to ARIN for breaking every whois client.\n\n - Added the .cv, .lk, .mq, .sy, .so, .biz.ua, .co.ua, .pp.ua, .qa, .xn--3e0b707e (.&iacute;&#149;&#156;&ecirc;&micro;&shy;, Korea), .xn--45brj9c (.&agrave;&brvbar;&shy;&agrave;&brvbar;&frac34;&agrave;& brvbar;&deg;&agrave;&brvbar;&curren;, India, Bengali), .xn--90a3ac (.&ETH;&iexcl;&ETH;&nbsp;&ETH;&#145;, Serbia), .xn--clchc0ea0b2g2a9gcd (.&agrave;&reg;&#154;&agrave;&reg;&iquest;&agrave;&reg;& #153;&agrave;&macr;&#141;&agrave;&reg;&#149;&agrave;&reg ;&ordf;&agrave;&macr;&#141;&agrave;&reg;&ordf;&agrave;&m acr;&#130;&agrave;&reg;&deg;&agrave;&macr;&#141;, Singapore, Tamil), .xn--fpcrj9c3d (.&agrave;&deg;&shy;&agrave;&deg;&frac34;&agrave;&deg;&d eg;&agrave;&deg;&curren;&agrave;&plusmn;&#141;, India, Telugu), .xn--fzc2c9e2c (.&agrave;&para;&frac12;&agrave;&para;&#130;&agrave;&par a;&#154;&agrave;&middot;&#143;, Sri Lanka, Sinhala), .xn--gecrj9c (.&agrave;&ordf;&shy;&agrave;&ordf;&frac34;&agrave;&ordf ;&deg;&agrave;&ordf;&curren;, India, Gujarati), .xn--h2brj9c (.&agrave;&curren;&shy;&agrave;&curren;&frac34;&agrave;& curren;&deg;&agrave;&curren;&curren;, India, Hindi), .xn--lgbbat1ad8j (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&not;&Oslash;&sup2 ;&Oslash;&sect;&Oslash;&brvbar;&Oslash;&plusmn;, Algeria), .xn--mgbayh7gpa (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sect;&Oslash;&plu smn;&Oslash;&macr;&Ugrave;&#134;, Jordan), .xn--mgbbh1a71e (.&Oslash;&uml;&Uacute;&frac34;&Oslash;&sect;&Oslash;&pl usmn;&Oslash;&ordf;, India, Urdu), .xn--mgbc0a9azcg (.&Oslash;&sect;&Ugrave;&#132;&Ugrave;&#133;&Oslash;&ord m;&Oslash;&plusmn;&Oslash;&uml;, Morocco), .xn--ogbpf8fl (.&Oslash;&sup3;&Ugrave;&#136;&Oslash;&plusmn;&Ugrave;&# 138;&Oslash;&copy;, Syria), .xn--s9brj9c (.&agrave;&uml;&shy;&agrave;&uml;&frac34;&agrave;&uml;&d eg;&agrave;&uml;&curren;, India, Punjabi), .xn--xkc2al3hye2a (.&agrave;&reg;&#135;&agrave;&reg;&sup2;&agrave;&reg;&#1 53;&agrave;&macr;&#141;&agrave;&reg;&#149;&agrave;&macr;\n &#136;, Sri Lanka, Tamil), .xn--wgbl6a (.&Ugrave;&#130;&Oslash;&middot;&Oslash;&plusmn;, Qatar), .xn--xkc2dl3a5ee0h (.&agrave;&reg;&#135;&agrave;&reg;&uml;&agrave;&macr;&#1 41;&agrave;&reg;&curren;&agrave;&reg;&iquest;&agrave;&re g;&macr;&agrave;&reg;&frac34;, India, Tamil), .xn--yfro4i67o (.&aelig;&#150;&deg;&aring;&#138;&nbsp;&aring;&#157;&iex cl;, Singapore, Chinese) and .xxx TLD servers. (Closes:\n #642424),\n\n - Added the .priv.at pseudo-SLD server.\n\n - Updated the .co, .gf, .gp, .kr, .li, .rs, .ru, .su, .sv, .ua and .xn--p1ai TLD servers. (Closes: #590425, #634830, #627478)\n\n - Added a new ASN allocation.\n\n - Fixed a typo and -t syntax in whois(1). (Closes:\n #614973, #632588)\n\n - Made whois return an error in some cases, code contributed by David Souther.\n\n - Split HAVE_LINUX_CRYPT_GENSALT from HAVE_XCRYPT to support SuSE, which has it builtin in the libc. Added untested support for Solaris' crypt_gensalt(3). This and the following changes have been contributed by Ludwig Nussel of SuSE.\n\n - mkpasswd: stop rejecting non-ASCII characters.\n\n - mkpasswd: added support for the 2y algorithm, which fixes CVE-2011-2483.\n\n - mkpasswd: raised the number of rounds for 2a/2y from 4 to 5, which is the current default.\n\n - mkpasswd: removed support for 2 and (SHA), which actually are not supported by FreeBSD and libxcrypt.\n\n - packaging changes\n\n - removed patches accepted upstream:\n whois-5.0.11-mkpasswd-support-Owl-patched-libcrypt.diff whois-5.0.11-mkpasswd-crypt_gensalt-might-change-the-pre fix.diff whois-5.0.11-mkpasswd-support-8bit-characters.diff whois-5.0.11-mkpasswd-add-support-for-the-new-2y-blowfis h-tag-CVE-2011-2483.diff whois-5.0.11-mkpasswd-set-default-blowfish-rounds-to-5.d iff whois-5.0.11-mkpasswd-remove-obsolete-settings.diff\n\n - removed patches no longer required:\n whois-5.0.11-mkpasswd-fix-compiler-warnings.diff\n\n - updated patches: whois-4.7.33-nb.patch to whois-5.0.25-nb.patch\n\n - verify source signatures\n\n - crypt_gensalt moved to separate library libowcrypt (fate#314945)\n\n - update to 5.0.26 [bnc#848594]\n\n - Added the .cf TLD server.\n\n - Updated the .bi TLD server.\n\n - Added a new ASN allocation.\n\n - includes changes from 5.0.25\n\n - Added the .ax, .bn, .iq, .pw and .rw TLD servers.\n\n - Updated one or more translations.\n\n - includes updates changes 5.0.24 :\n\n - Merged documentation fixes and the whois.conf(5) man page\n\n - Added a new ASN allocation.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.23\n\n - whois.nic.or.kr switched from EUC-KR to UTF-8.\n\n - includes changes from 5.0.22\n\n - Fixed cross-compiling\n\n - includes changes from 5.0.21\n\n - Fixed parsing of 6to4 addresses\n\n - Added the .xn--j1amh (.&Ntilde;&#131;&ETH;&ordm;&Ntilde;&#128;, Ukraine) TLD server.\n\n - Updated the .bi, .se and .vn TLD servers.\n\n - Removed whois.pandi.or.id from the list of servers which support the RIPE extensions, since it does not anymore and queries are broken.\n\n - Updated some disclaimer suppression strings.\n\n - Respect DEB_HOST_GNU_TYPE when selecting CC for cross-compiling.\n\n - includes changes form 5.0.20\n\n - Updated the .by, .ng, .om, .sm, .tn, .ug and .vn TLD servers.\n\n - Added the .bw, .td, .xn--mgb9awbf (&Oslash;&sup1;&Ugrave;&#133;&Oslash;&sect;&Ugrave;&#134 ;., Oman), .xn--mgberp4a5d4ar (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sup3;&Oslash;&sup 1;&Ugrave;&#136;&Oslash;&macr;&Ugrave;&#138;&Oslash;&cop y;, Saudi Arabia) and .xn--mgbx4cd0ab (&iuml;&raquo;&cent;&iuml;&raquo;&nbsp;&iuml;&raquo;&acu te;&iuml;&ordm;&acute;&iuml;&raquo;&sup3;&iuml;&ordm;&#1 41;., Malaysia) TLD servers.\n\n - Removed the .kp, .mc, .rw and .xn--mgba3a4f16a (&Oslash;&sect;&Ucirc;&#140;&Oslash;&plusmn;&Oslash;&sec t;&Ugrave;&#134;., Iran) TLD servers.\n\n - includes changes from 5.0.19\n\n - Added the .post TLD server.\n\n - Updated the .co.za SLD servers.\n\n - Added the .alt.za, .net.za and .web.za SLD servers.\n\n - whois.ua changed (?) the encoding to utf-8.\n\n - Fixed the parsing of 6to4 addresses like whois 2002:xxxx::.\n\n - includes changes from 5.0.18\n\n - Updated the .ae and .xn--mgbaam7a8h (.&Oslash;&sect;&Ugrave;&#133;&Oslash;&sect;&Oslash;&plu smn;&Oslash;&sect;&Oslash;&ordf;, United Arabs Emirates) TLDs.\n\n - Updated the server charset table for .fr and .it.\n\n - includes changes from whois 5.0.17\n\n - Updated the .bi, .fo, .gr and .gt TLD servers.\n\n - Removed support for recursion of .org queries, it has been a thick registry since 2005.\n\n - includes changes from 5.0.16\n\n - Added the .xn--80ao21a (.&Ograve;&#154;&ETH;&#144;&ETH;&#151;, Kazakhstan) TLD server.\n\n - Updated the .ec and .ee TLD servers.\n\n - Removed the .xn--mgbc0a9azcg (.&Oslash;&sect;&Ugrave;&#132;&Ugrave;&#133;&Oslash;&ord m;&Oslash;&plusmn;&Oslash;&uml;, Morocco) and .xn--mgberp4a5d4ar (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sup3;&Oslash;&sup 1;&Ugrave;&#136;&Oslash;&macr;&Ugrave;&#138;&Oslash;&cop y;, Saudi Arabia) TLD servers.\n\n - Added a new ASN allocation.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.15\n\n - Added the .xn--mgba3a4f16a (&Oslash;&sect;&Ucirc;&#140;&Oslash;&plusmn;&Oslash;&sec t;&Ugrave;&#134;., Iran) TLD server.\n\n - Updated the .pe TLD server, this time for real.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.14\n\n - Added the .sx TLD server.\n\n - Updated the .pe TLD server.\n\n - includes changes from 5.0.13\n\n - Updated the .hr TLD server.\n\n - Improved the package description\n\n - Updated the FSF address in licenses.\n\n - includes changes from 5.0.12\n\n - Recursion disabled when the query string contains spaces, because probably the query format will not be compatible with the referral server (e.g. whois to rwhois or ARIN to RIPE).\n\n - Add the '+' flag by default to queries to whois.arin.net if the argument looks like an IP address. Also add the 'a' and 'n' flags. No thanks to ARIN for breaking every whois client.\n\n - Added the .cv, .lk, .mq, .sy, .so, .biz.ua, .co.ua, .pp.ua, .qa, .xn--3e0b707e (.&iacute;&#149;&#156;&ecirc;&micro;&shy;, Korea), .xn--45brj9c (.&agrave;&brvbar;&shy;&agrave;&brvbar;&frac34;&agrave;& brvbar;&deg;&agrave;&brvbar;&curren;, India, Bengali), .xn--90a3ac (.&ETH;&iexcl;&ETH;&nbsp;&ETH;&#145;, Serbia), .xn--clchc0ea0b2g2a9gcd (.&agrave;&reg;&#154;&agrave;&reg;&iquest;&agrave;&reg;& #153;&agrave;&macr;&#141;&agrave;&reg;&#149;&agrave;&reg ;&ordf;&agrave;&macr;&#141;&agrave;&reg;&ordf;&agrave;&m acr;&#130;&agrave;&reg;&deg;&agrave;&macr;&#141;, Singapore, Tamil), .xn--fpcrj9c3d (.&agrave;&deg;&shy;&agrave;&deg;&frac34;&agrave;&deg;&d eg;&agrave;&deg;&curren;&agrave;&plusmn;&#141;, India, Telugu), .xn--fzc2c9e2c (.&agrave;&para;&frac12;&agrave;&para;&#130;&agrave;&par a;&#154;&agrave;&middot;&#143;, Sri Lanka, Sinhala), .xn--gecrj9c (.&agrave;&ordf;&shy;&agrave;&ordf;&frac34;&agrave;&ordf ;&deg;&agrave;&ordf;&curren;, India, Gujarati), .xn--h2brj9c (.&agrave;&curren;&shy;&agrave;&curren;&frac34;&agrave;& curren;&deg;&agrave;&curren;&curren;, India, Hindi), .xn--lgbbat1ad8j (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&not;&Oslash;&sup2 ;&Oslash;&sect;&Oslash;&brvbar;&Oslash;&plusmn;, Algeria), .xn--mgbayh7gpa (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sect;&Oslash;&plu smn;&Oslash;&macr;&Ugrave;&#134;, Jordan), .xn--mgbbh1a71e (.&Oslash;&uml;&Uacute;&frac34;&Oslash;&sect;&Oslash;&pl usmn;&Oslash;&ordf;, India, Urdu), .xn--mgbc0a9azcg (.&Oslash;&sect;&Ugrave;&#132;&Ugrave;&#133;&Oslash;&ord m;&Oslash;&plusmn;&Oslash;&uml;, Morocco), .xn--ogbpf8fl (.&Oslash;&sup3;&Ugrave;&#136;&Oslash;&plusmn;&Ugrave;&# 138;&Oslash;&copy;, Syria), .xn--s9brj9c (.&agrave;&uml;&shy;&agrave;&uml;&frac34;&agrave;&uml;&d eg;&agrave;&uml;&curren;, India, Punjabi), .xn--xkc2al3hye2a (.&agrave;&reg;&#135;&agrave;&reg;&sup2;&agrave;&reg;&#1 53;&agrave;&macr;&#141;&agrave;&reg;&#149;&agrave;&macr;\n &#136;, Sri Lanka, Tamil), .xn--wgbl6a (.&Ugrave;&#130;&Oslash;&middot;&Oslash;&plusmn;, Qatar), .xn--xkc2dl3a5ee0h (.&agrave;&reg;&#135;&agrave;&reg;&uml;&agrave;&macr;&#1 41;&agrave;&reg;&curren;&agrave;&reg;&iquest;&agrave;&re g;&macr;&agrave;&reg;&frac34;, India, Tamil), .xn--yfro4i67o (.&aelig;&#150;&deg;&aring;&#138;&nbsp;&aring;&#157;&iex cl;, Singapore, Chinese) and .xxx TLD servers. (Closes:\n #642424),\n\n - Added the .priv.at pseudo-SLD server.\n\n - Updated the .co, .gf, .gp, .kr, .li, .rs, .ru, .su, .sv, .ua and .xn--p1ai TLD servers. (Closes: #590425, #634830, #627478)\n\n - Added a new ASN allocation.\n\n - Fixed a typo and -t syntax in whois(1). (Closes:\n #614973, #632588)\n\n - Made whois return an error in some cases, code contributed by David Souther.\n\n - Split HAVE_LINUX_CRYPT_GENSALT from HAVE_XCRYPT to support SuSE, which has it builtin in the libc. Added untested support for Solaris' crypt_gensalt(3). This and the following changes have been contributed by Ludwig Nussel of SuSE.\n\n - mkpasswd: stop rejecting non-ASCII characters.\n\n - mkpasswd: added support for the 2y algorithm, which fixes CVE-2011-2483.\n\n - mkpasswd: raised the number of rounds for 2a/2y from 4 to 5, which is the current default.\n\n - mkpasswd: removed support for 2 and (SHA), which actually are not supported by FreeBSD and libxcrypt.\n\n - packaging changes\n\n - removed patches accepted upstream:\n whois-5.0.11-mkpasswd-support-Owl-patched-libcrypt.diff whois-5.0.11-mkpasswd-crypt_gensalt-might-change-the-pre fix.diff whois-5.0.11-mkpasswd-support-8bit-characters.diff whois-5.0.11-mkpasswd-add-support-for-the-new-2y-blowfis h-tag-CVE-2011-2483.diff whois-5.0.11-mkpasswd-set-default-blowfish-rounds-to-5.d iff whois-5.0.11-mkpasswd-remove-obsolete-settings.diff\n\n - removed patches no longer required:\n whois-5.0.11-mkpasswd-fix-compiler-warnings.diff\n\n - updated patches: whois-4.7.33-nb.patch to whois-5.0.25-nb.patch\n\n - verify source signatures\n\n - crypt_gensalt moved to separate library libowcrypt (fate#314945)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : whois (openSUSE-SU-2013:1670-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:whois", "p-cpe:/a:novell:opensuse:whois-debuginfo", "p-cpe:/a:novell:opensuse:whois-debugsource", "cpe:/o:novell:opensuse:12.2", "cpe:/o:novell:opensuse:12.3"], "id": "OPENSUSE-2013-849.NASL", "href": "https://www.tenable.com/plugins/nessus/75198", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-849.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75198);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"openSUSE Security Update : whois (openSUSE-SU-2013:1670-1)\");\n script_summary(english:\"Check for the openSUSE-2013-849 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to 5.0.26 [bnc#848594]\n\n - Added the .cf TLD server.\n\n - Updated the .bi TLD server.\n\n - Added a new ASN allocation.\n\n - includes changes from 5.0.25\n\n - Added the .ax, .bn, .iq, .pw and .rw TLD servers.\n\n - Updated one or more translations.\n\n - includes updates changes 5.0.24 :\n\n - Merged documentation fixes and the whois.conf(5) man\n page\n\n - Added a new ASN allocation.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.23\n\n - whois.nic.or.kr switched from EUC-KR to UTF-8.\n\n - includes changes from 5.0.22\n\n - Fixed cross-compiling\n\n - includes changes from 5.0.21\n\n - Fixed parsing of 6to4 addresses\n\n - Added the .xn--j1amh\n (.&Ntilde;&#131;&ETH;&ordm;&Ntilde;&#128;, Ukraine) TLD\n server.\n\n - Updated the .bi, .se and .vn TLD servers.\n\n - Removed whois.pandi.or.id from the list of servers which\n support the RIPE extensions, since it does not anymore\n and queries are broken.\n\n - Updated some disclaimer suppression strings.\n\n - Respect DEB_HOST_GNU_TYPE when selecting CC for\n cross-compiling.\n\n - includes changes form 5.0.20\n\n - Updated the .by, .ng, .om, .sm, .tn, .ug and .vn TLD\n servers.\n\n - Added the .bw, .td, .xn--mgb9awbf\n (&Oslash;&sup1;&Ugrave;&#133;&Oslash;&sect;&Ugrave;&#134\n ;., Oman), .xn--mgberp4a5d4ar\n (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sup3;&Oslash;&sup\n 1;&Ugrave;&#136;&Oslash;&macr;&Ugrave;&#138;&Oslash;&cop\n y;, Saudi Arabia) and .xn--mgbx4cd0ab\n (&iuml;&raquo;&cent;&iuml;&raquo;&nbsp;&iuml;&raquo;&acu\n te;&iuml;&ordm;&acute;&iuml;&raquo;&sup3;&iuml;&ordm;&#1\n 41;., Malaysia) TLD servers.\n\n - Removed the .kp, .mc, .rw and .xn--mgba3a4f16a\n (&Oslash;&sect;&Ucirc;&#140;&Oslash;&plusmn;&Oslash;&sec\n t;&Ugrave;&#134;., Iran) TLD servers.\n\n - includes changes from 5.0.19\n\n - Added the .post TLD server.\n\n - Updated the .co.za SLD servers.\n\n - Added the .alt.za, .net.za and .web.za SLD servers.\n\n - whois.ua changed (?) the encoding to utf-8.\n\n - Fixed the parsing of 6to4 addresses like whois\n 2002:xxxx::.\n\n - includes changes from 5.0.18\n\n - Updated the .ae and .xn--mgbaam7a8h\n (.&Oslash;&sect;&Ugrave;&#133;&Oslash;&sect;&Oslash;&plu\n smn;&Oslash;&sect;&Oslash;&ordf;, United Arabs Emirates)\n TLDs.\n\n - Updated the server charset table for .fr and .it.\n\n - includes changes from whois 5.0.17\n\n - Updated the .bi, .fo, .gr and .gt TLD servers.\n\n - Removed support for recursion of .org queries, it has\n been a thick registry since 2005.\n\n - includes changes from 5.0.16\n\n - Added the .xn--80ao21a\n (.&Ograve;&#154;&ETH;&#144;&ETH;&#151;, Kazakhstan) TLD\n server.\n\n - Updated the .ec and .ee TLD servers.\n\n - Removed the .xn--mgbc0a9azcg\n (.&Oslash;&sect;&Ugrave;&#132;&Ugrave;&#133;&Oslash;&ord\n m;&Oslash;&plusmn;&Oslash;&uml;, Morocco) and\n .xn--mgberp4a5d4ar\n (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sup3;&Oslash;&sup\n 1;&Ugrave;&#136;&Oslash;&macr;&Ugrave;&#138;&Oslash;&cop\n y;, Saudi Arabia) TLD servers.\n\n - Added a new ASN allocation.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.15\n\n - Added the .xn--mgba3a4f16a\n (&Oslash;&sect;&Ucirc;&#140;&Oslash;&plusmn;&Oslash;&sec\n t;&Ugrave;&#134;., Iran) TLD server.\n\n - Updated the .pe TLD server, this time for real.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.14\n\n - Added the .sx TLD server.\n\n - Updated the .pe TLD server.\n\n - includes changes from 5.0.13\n\n - Updated the .hr TLD server.\n\n - Improved the package description\n\n - Updated the FSF address in licenses.\n\n - includes changes from 5.0.12\n\n - Recursion disabled when the query string contains\n spaces, because probably the query format will not be\n compatible with the referral server (e.g. whois to\n rwhois or ARIN to RIPE).\n\n - Add the '+' flag by default to queries to whois.arin.net\n if the argument looks like an IP address. Also add the\n 'a' and 'n' flags. No thanks to ARIN for breaking every\n whois client.\n\n - Added the .cv, .lk, .mq, .sy, .so, .biz.ua, .co.ua,\n .pp.ua, .qa, .xn--3e0b707e\n (.&iacute;&#149;&#156;&ecirc;&micro;&shy;, Korea),\n .xn--45brj9c\n (.&agrave;&brvbar;&shy;&agrave;&brvbar;&frac34;&agrave;&\n brvbar;&deg;&agrave;&brvbar;&curren;, India, Bengali),\n .xn--90a3ac (.&ETH;&iexcl;&ETH;&nbsp;&ETH;&#145;,\n Serbia), .xn--clchc0ea0b2g2a9gcd\n (.&agrave;&reg;&#154;&agrave;&reg;&iquest;&agrave;&reg;&\n #153;&agrave;&macr;&#141;&agrave;&reg;&#149;&agrave;&reg\n ;&ordf;&agrave;&macr;&#141;&agrave;&reg;&ordf;&agrave;&m\n acr;&#130;&agrave;&reg;&deg;&agrave;&macr;&#141;,\n Singapore, Tamil), .xn--fpcrj9c3d\n (.&agrave;&deg;&shy;&agrave;&deg;&frac34;&agrave;&deg;&d\n eg;&agrave;&deg;&curren;&agrave;&plusmn;&#141;, India,\n Telugu), .xn--fzc2c9e2c\n (.&agrave;&para;&frac12;&agrave;&para;&#130;&agrave;&par\n a;&#154;&agrave;&middot;&#143;, Sri Lanka, Sinhala),\n .xn--gecrj9c\n (.&agrave;&ordf;&shy;&agrave;&ordf;&frac34;&agrave;&ordf\n ;&deg;&agrave;&ordf;&curren;, India, Gujarati),\n .xn--h2brj9c\n (.&agrave;&curren;&shy;&agrave;&curren;&frac34;&agrave;&\n curren;&deg;&agrave;&curren;&curren;, India, Hindi),\n .xn--lgbbat1ad8j\n (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&not;&Oslash;&sup2\n ;&Oslash;&sect;&Oslash;&brvbar;&Oslash;&plusmn;,\n Algeria), .xn--mgbayh7gpa\n (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sect;&Oslash;&plu\n smn;&Oslash;&macr;&Ugrave;&#134;, Jordan),\n .xn--mgbbh1a71e\n (.&Oslash;&uml;&Uacute;&frac34;&Oslash;&sect;&Oslash;&pl\n usmn;&Oslash;&ordf;, India, Urdu), .xn--mgbc0a9azcg\n (.&Oslash;&sect;&Ugrave;&#132;&Ugrave;&#133;&Oslash;&ord\n m;&Oslash;&plusmn;&Oslash;&uml;, Morocco), .xn--ogbpf8fl\n (.&Oslash;&sup3;&Ugrave;&#136;&Oslash;&plusmn;&Ugrave;&#\n 138;&Oslash;&copy;, Syria), .xn--s9brj9c\n (.&agrave;&uml;&shy;&agrave;&uml;&frac34;&agrave;&uml;&d\n eg;&agrave;&uml;&curren;, India, Punjabi),\n .xn--xkc2al3hye2a\n (.&agrave;&reg;&#135;&agrave;&reg;&sup2;&agrave;&reg;&#1\n 53;&agrave;&macr;&#141;&agrave;&reg;&#149;&agrave;&macr;\n &#136;, Sri Lanka, Tamil), .xn--wgbl6a\n (.&Ugrave;&#130;&Oslash;&middot;&Oslash;&plusmn;,\n Qatar), .xn--xkc2dl3a5ee0h\n (.&agrave;&reg;&#135;&agrave;&reg;&uml;&agrave;&macr;&#1\n 41;&agrave;&reg;&curren;&agrave;&reg;&iquest;&agrave;&re\n g;&macr;&agrave;&reg;&frac34;, India, Tamil),\n .xn--yfro4i67o\n (.&aelig;&#150;&deg;&aring;&#138;&nbsp;&aring;&#157;&iex\n cl;, Singapore, Chinese) and .xxx TLD servers. (Closes:\n #642424),\n\n - Added the .priv.at pseudo-SLD server.\n\n - Updated the .co, .gf, .gp, .kr, .li, .rs, .ru, .su, .sv,\n .ua and .xn--p1ai TLD servers. (Closes: #590425,\n #634830, #627478)\n\n - Added a new ASN allocation.\n\n - Fixed a typo and -t syntax in whois(1). (Closes:\n #614973, #632588)\n\n - Made whois return an error in some cases, code\n contributed by David Souther.\n\n - Split HAVE_LINUX_CRYPT_GENSALT from HAVE_XCRYPT to\n support SuSE, which has it builtin in the libc. Added\n untested support for Solaris' crypt_gensalt(3). This and\n the following changes have been contributed by Ludwig\n Nussel of SuSE.\n\n - mkpasswd: stop rejecting non-ASCII characters.\n\n - mkpasswd: added support for the 2y algorithm, which\n fixes CVE-2011-2483.\n\n - mkpasswd: raised the number of rounds for 2a/2y from 4\n to 5, which is the current default.\n\n - mkpasswd: removed support for 2 and (SHA), which\n actually are not supported by FreeBSD and libxcrypt.\n\n - packaging changes\n\n - removed patches accepted upstream:\n whois-5.0.11-mkpasswd-support-Owl-patched-libcrypt.diff\n whois-5.0.11-mkpasswd-crypt_gensalt-might-change-the-pre\n fix.diff\n whois-5.0.11-mkpasswd-support-8bit-characters.diff\n whois-5.0.11-mkpasswd-add-support-for-the-new-2y-blowfis\n h-tag-CVE-2011-2483.diff\n whois-5.0.11-mkpasswd-set-default-blowfish-rounds-to-5.d\n iff whois-5.0.11-mkpasswd-remove-obsolete-settings.diff\n\n - removed patches no longer required:\n whois-5.0.11-mkpasswd-fix-compiler-warnings.diff\n\n - updated patches: whois-4.7.33-nb.patch to\n whois-5.0.25-nb.patch\n\n - verify source signatures\n\n - crypt_gensalt moved to separate library libowcrypt\n (fate#314945)\n\n - update to 5.0.26 [bnc#848594]\n\n - Added the .cf TLD server.\n\n - Updated the .bi TLD server.\n\n - Added a new ASN allocation.\n\n - includes changes from 5.0.25\n\n - Added the .ax, .bn, .iq, .pw and .rw TLD servers.\n\n - Updated one or more translations.\n\n - includes updates changes 5.0.24 :\n\n - Merged documentation fixes and the whois.conf(5) man\n page\n\n - Added a new ASN allocation.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.23\n\n - whois.nic.or.kr switched from EUC-KR to UTF-8.\n\n - includes changes from 5.0.22\n\n - Fixed cross-compiling\n\n - includes changes from 5.0.21\n\n - Fixed parsing of 6to4 addresses\n\n - Added the .xn--j1amh\n (.&Ntilde;&#131;&ETH;&ordm;&Ntilde;&#128;, Ukraine) TLD\n server.\n\n - Updated the .bi, .se and .vn TLD servers.\n\n - Removed whois.pandi.or.id from the list of servers which\n support the RIPE extensions, since it does not anymore\n and queries are broken.\n\n - Updated some disclaimer suppression strings.\n\n - Respect DEB_HOST_GNU_TYPE when selecting CC for\n cross-compiling.\n\n - includes changes form 5.0.20\n\n - Updated the .by, .ng, .om, .sm, .tn, .ug and .vn TLD\n servers.\n\n - Added the .bw, .td, .xn--mgb9awbf\n (&Oslash;&sup1;&Ugrave;&#133;&Oslash;&sect;&Ugrave;&#134\n ;., Oman), .xn--mgberp4a5d4ar\n (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sup3;&Oslash;&sup\n 1;&Ugrave;&#136;&Oslash;&macr;&Ugrave;&#138;&Oslash;&cop\n y;, Saudi Arabia) and .xn--mgbx4cd0ab\n (&iuml;&raquo;&cent;&iuml;&raquo;&nbsp;&iuml;&raquo;&acu\n te;&iuml;&ordm;&acute;&iuml;&raquo;&sup3;&iuml;&ordm;&#1\n 41;., Malaysia) TLD servers.\n\n - Removed the .kp, .mc, .rw and .xn--mgba3a4f16a\n (&Oslash;&sect;&Ucirc;&#140;&Oslash;&plusmn;&Oslash;&sec\n t;&Ugrave;&#134;., Iran) TLD servers.\n\n - includes changes from 5.0.19\n\n - Added the .post TLD server.\n\n - Updated the .co.za SLD servers.\n\n - Added the .alt.za, .net.za and .web.za SLD servers.\n\n - whois.ua changed (?) the encoding to utf-8.\n\n - Fixed the parsing of 6to4 addresses like whois\n 2002:xxxx::.\n\n - includes changes from 5.0.18\n\n - Updated the .ae and .xn--mgbaam7a8h\n (.&Oslash;&sect;&Ugrave;&#133;&Oslash;&sect;&Oslash;&plu\n smn;&Oslash;&sect;&Oslash;&ordf;, United Arabs Emirates)\n TLDs.\n\n - Updated the server charset table for .fr and .it.\n\n - includes changes from whois 5.0.17\n\n - Updated the .bi, .fo, .gr and .gt TLD servers.\n\n - Removed support for recursion of .org queries, it has\n been a thick registry since 2005.\n\n - includes changes from 5.0.16\n\n - Added the .xn--80ao21a\n (.&Ograve;&#154;&ETH;&#144;&ETH;&#151;, Kazakhstan) TLD\n server.\n\n - Updated the .ec and .ee TLD servers.\n\n - Removed the .xn--mgbc0a9azcg\n (.&Oslash;&sect;&Ugrave;&#132;&Ugrave;&#133;&Oslash;&ord\n m;&Oslash;&plusmn;&Oslash;&uml;, Morocco) and\n .xn--mgberp4a5d4ar\n (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sup3;&Oslash;&sup\n 1;&Ugrave;&#136;&Oslash;&macr;&Ugrave;&#138;&Oslash;&cop\n y;, Saudi Arabia) TLD servers.\n\n - Added a new ASN allocation.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.15\n\n - Added the .xn--mgba3a4f16a\n (&Oslash;&sect;&Ucirc;&#140;&Oslash;&plusmn;&Oslash;&sec\n t;&Ugrave;&#134;., Iran) TLD server.\n\n - Updated the .pe TLD server, this time for real.\n\n - Updated one or more translations.\n\n - includes changes from 5.0.14\n\n - Added the .sx TLD server.\n\n - Updated the .pe TLD server.\n\n - includes changes from 5.0.13\n\n - Updated the .hr TLD server.\n\n - Improved the package description\n\n - Updated the FSF address in licenses.\n\n - includes changes from 5.0.12\n\n - Recursion disabled when the query string contains\n spaces, because probably the query format will not be\n compatible with the referral server (e.g. whois to\n rwhois or ARIN to RIPE).\n\n - Add the '+' flag by default to queries to whois.arin.net\n if the argument looks like an IP address. Also add the\n 'a' and 'n' flags. No thanks to ARIN for breaking every\n whois client.\n\n - Added the .cv, .lk, .mq, .sy, .so, .biz.ua, .co.ua,\n .pp.ua, .qa, .xn--3e0b707e\n (.&iacute;&#149;&#156;&ecirc;&micro;&shy;, Korea),\n .xn--45brj9c\n (.&agrave;&brvbar;&shy;&agrave;&brvbar;&frac34;&agrave;&\n brvbar;&deg;&agrave;&brvbar;&curren;, India, Bengali),\n .xn--90a3ac (.&ETH;&iexcl;&ETH;&nbsp;&ETH;&#145;,\n Serbia), .xn--clchc0ea0b2g2a9gcd\n (.&agrave;&reg;&#154;&agrave;&reg;&iquest;&agrave;&reg;&\n #153;&agrave;&macr;&#141;&agrave;&reg;&#149;&agrave;&reg\n ;&ordf;&agrave;&macr;&#141;&agrave;&reg;&ordf;&agrave;&m\n acr;&#130;&agrave;&reg;&deg;&agrave;&macr;&#141;,\n Singapore, Tamil), .xn--fpcrj9c3d\n (.&agrave;&deg;&shy;&agrave;&deg;&frac34;&agrave;&deg;&d\n eg;&agrave;&deg;&curren;&agrave;&plusmn;&#141;, India,\n Telugu), .xn--fzc2c9e2c\n (.&agrave;&para;&frac12;&agrave;&para;&#130;&agrave;&par\n a;&#154;&agrave;&middot;&#143;, Sri Lanka, Sinhala),\n .xn--gecrj9c\n (.&agrave;&ordf;&shy;&agrave;&ordf;&frac34;&agrave;&ordf\n ;&deg;&agrave;&ordf;&curren;, India, Gujarati),\n .xn--h2brj9c\n (.&agrave;&curren;&shy;&agrave;&curren;&frac34;&agrave;&\n curren;&deg;&agrave;&curren;&curren;, India, Hindi),\n .xn--lgbbat1ad8j\n (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&not;&Oslash;&sup2\n ;&Oslash;&sect;&Oslash;&brvbar;&Oslash;&plusmn;,\n Algeria), .xn--mgbayh7gpa\n (.&Oslash;&sect;&Ugrave;&#132;&Oslash;&sect;&Oslash;&plu\n smn;&Oslash;&macr;&Ugrave;&#134;, Jordan),\n .xn--mgbbh1a71e\n (.&Oslash;&uml;&Uacute;&frac34;&Oslash;&sect;&Oslash;&pl\n usmn;&Oslash;&ordf;, India, Urdu), .xn--mgbc0a9azcg\n (.&Oslash;&sect;&Ugrave;&#132;&Ugrave;&#133;&Oslash;&ord\n m;&Oslash;&plusmn;&Oslash;&uml;, Morocco), .xn--ogbpf8fl\n (.&Oslash;&sup3;&Ugrave;&#136;&Oslash;&plusmn;&Ugrave;&#\n 138;&Oslash;&copy;, Syria), .xn--s9brj9c\n (.&agrave;&uml;&shy;&agrave;&uml;&frac34;&agrave;&uml;&d\n eg;&agrave;&uml;&curren;, India, Punjabi),\n .xn--xkc2al3hye2a\n (.&agrave;&reg;&#135;&agrave;&reg;&sup2;&agrave;&reg;&#1\n 53;&agrave;&macr;&#141;&agrave;&reg;&#149;&agrave;&macr;\n &#136;, Sri Lanka, Tamil), .xn--wgbl6a\n (.&Ugrave;&#130;&Oslash;&middot;&Oslash;&plusmn;,\n Qatar), .xn--xkc2dl3a5ee0h\n (.&agrave;&reg;&#135;&agrave;&reg;&uml;&agrave;&macr;&#1\n 41;&agrave;&reg;&curren;&agrave;&reg;&iquest;&agrave;&re\n g;&macr;&agrave;&reg;&frac34;, India, Tamil),\n .xn--yfro4i67o\n (.&aelig;&#150;&deg;&aring;&#138;&nbsp;&aring;&#157;&iex\n cl;, Singapore, Chinese) and .xxx TLD servers. (Closes:\n #642424),\n\n - Added the .priv.at pseudo-SLD server.\n\n - Updated the .co, .gf, .gp, .kr, .li, .rs, .ru, .su, .sv,\n .ua and .xn--p1ai TLD servers. (Closes: #590425,\n #634830, #627478)\n\n - Added a new ASN allocation.\n\n - Fixed a typo and -t syntax in whois(1). (Closes:\n #614973, #632588)\n\n - Made whois return an error in some cases, code\n contributed by David Souther.\n\n - Split HAVE_LINUX_CRYPT_GENSALT from HAVE_XCRYPT to\n support SuSE, which has it builtin in the libc. Added\n untested support for Solaris' crypt_gensalt(3). This and\n the following changes have been contributed by Ludwig\n Nussel of SuSE.\n\n - mkpasswd: stop rejecting non-ASCII characters.\n\n - mkpasswd: added support for the 2y algorithm, which\n fixes CVE-2011-2483.\n\n - mkpasswd: raised the number of rounds for 2a/2y from 4\n to 5, which is the current default.\n\n - mkpasswd: removed support for 2 and (SHA), which\n actually are not supported by FreeBSD and libxcrypt.\n\n - packaging changes\n\n - removed patches accepted upstream:\n whois-5.0.11-mkpasswd-support-Owl-patched-libcrypt.diff\n whois-5.0.11-mkpasswd-crypt_gensalt-might-change-the-pre\n fix.diff\n whois-5.0.11-mkpasswd-support-8bit-characters.diff\n whois-5.0.11-mkpasswd-add-support-for-the-new-2y-blowfis\n h-tag-CVE-2011-2483.diff\n whois-5.0.11-mkpasswd-set-default-blowfish-rounds-to-5.d\n iff whois-5.0.11-mkpasswd-remove-obsolete-settings.diff\n\n - removed patches no longer required:\n whois-5.0.11-mkpasswd-fix-compiler-warnings.diff\n\n - updated patches: whois-4.7.33-nb.patch to\n whois-5.0.25-nb.patch\n\n - verify source signatures\n\n - crypt_gensalt moved to separate library libowcrypt\n (fate#314945)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=848594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-11/msg00025.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected whois packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:whois\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:whois-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:whois-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"whois-5.0.26-10.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"whois-debuginfo-5.0.26-10.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"whois-debugsource-5.0.26-10.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"whois-5.0.26-12.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"whois-debuginfo-5.0.26-12.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"whois-debugsource-5.0.26-12.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"whois / whois-debuginfo / whois-debugsource\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:07:06", "description": "This update of yast2-core fixes security issues, bugs, and adds a debugging feature.", "cvss3": {}, "published": "2011-10-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : yast2-core (ZYPP Patch Number 7725)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_YAST2-CORE-7725.NASL", "href": "https://www.tenable.com/plugins/nessus/56619", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56619);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"SuSE 10 Security Update : yast2-core (ZYPP Patch Number 7725)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of yast2-core fixes security issues, bugs, and adds a\ndebugging feature.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7725.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"yast2-core-2.13.48-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"yast2-core-devel-2.13.48-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:08", "description": "The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any way? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd", "cvss3": {}, "published": "2012-02-06T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : glibc (SAT Patch Number 4944) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2013-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:glibc", "p-cpe:/a:novell:suse_linux:11:glibc-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-devel", "p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-html", "p-cpe:/a:novell:suse_linux:11:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:11:glibc-info", "p-cpe:/a:novell:suse_linux:11:glibc-locale", "p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit", "p-cpe:/a:novell:suse_linux:11:glibc-profile", "p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit", "p-cpe:/a:novell:suse_linux:11:libxcrypt", "p-cpe:/a:novell:suse_linux:11:libxcrypt-32bit", "p-cpe:/a:novell:suse_linux:11:nscd", "p-cpe:/a:novell:suse_linux:11:pam-modules", "p-cpe:/a:novell:suse_linux:11:pam-modules-32bit", "p-cpe:/a:novell:suse_linux:11:pwdutils", "p-cpe:/a:novell:suse_linux:11:pwdutils-plugin-audit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_GLIBC-110729.NASL", "href": "https://www.tenable.com/plugins/nessus/55919", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\n# @DEPRECATED@\n#\n# This script has been deprecated as it has been replaced by\n# suse_11_glibc-blowfish-110729.nasl.\n#\n# Disabled on 2013/12/05.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55919);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/20 0:18:55\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"SuSE 11.1 Security Update : glibc (SAT Patch Number 4944) (deprecated)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The implementation of the blowfish based password hashing method had a\nbug affecting passwords that contain 8bit characters (e.g. umlauts).\nAffected passwords are potentially faster to crack via brute-force\nmethods. (CVE-2011-2483)\n\nSUSE's crypt() implementation supports the blowfish password hashing\nfunction (id $2a) and system logins by default also use this method.\nThis update eliminates the bug in the $2a implementation. After\ninstalling the update existing $2a hashes therefore no longer match\nhashes generated with the new, correct implementation if the password\ncontains 8bit characters. For system logins via PAM the pam_unix2\nmodule activates a compat mode and keeps processing existing $2a\nhashes with the old algorithm. This ensures no user gets locked out.\nNew passwords hashes are created with the id '$2y' to unambiguously\nidentify them as generated with the correct implementation.\n\nNote: To actually migrate hashes to the new algorithm all users are\nadvised to change passwords after the update.\n\nServices that do not use PAM but do use crypt() to store passwords\nusing the blowfish hash do not have such a compat mode. That means\nusers with 8bit passwords that use such services will not be able to\nlog in anymore after the update. As workaround administrators may edit\nthe service's password database and change stored hashes from $2a to\n$2x. This will result in crypt() using the old algorithm. Users should\nbe required to change their passwords to make sure they are migrated\nto the correct algorithm.\n\nFAQ :\n\nQ: I only use ASCII characters in passwords, am I a affected in any\nway? A: No.\n\nQ: What's the meaning of the ids before and after the update? A:\nBefore the update: $2a -> buggy algorithm\n\nAfter the update: $2x -> buggy algorithm $2a -> correct algorithm $2y\n-> correct algorithm\n\nSystem logins using PAM have a compat mode enabled by default: $2x ->\nbuggy algorithm $2a -> buggy algorithm $2y -> correct algorithm\n\nQ: How do I require users to change their password on next login? A:\nRun the following command as root for each user: chage -d 0\n\nQ: I run an application that has $2a hashes in it's password database.\nSome users complain that they can not log in anymore. A: Edit the\npassword database and change the '$2a' prefix of the affected users'\nhashes to '$2x'. They will be able to log in again but should change\ntheir password ASAP.\n\nQ: How do I turn off the compat mode for system logins? A: Set\nBLOWFISH_2a2x=no in /etc/default/passwd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=645140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=680833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=700876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2483.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4944.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libxcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libxcrypt-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pam-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pam-modules-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pwdutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pwdutils-plugin-audit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/06\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\n# Deprecated.\nexit(0, \"The plugin duplicates plugin #57839 (suse_11_glibc-blowfish-110729.nasl)\");\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\nflag = 0;\n\nif ( rpm_check( reference:\"glibc-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i686\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i686\") ) flag ++;\nif ( rpm_check( reference:\"glibc-html-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-i18ndata-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-info-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-profile-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-3.0.3-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"nscd-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"pam-modules-11-1.18.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"pwdutils-3.2.8-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"pwdutils-plugin-audit-3.2.8-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-32bit-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-32bit-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-html-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-i18ndata-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-info-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-32bit-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-profile-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-profile-32bit-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-3.0.3-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-32bit-3.0.3-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"nscd-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"pam-modules-11-1.18.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"pam-modules-32bit-11-1.18.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"pwdutils-3.2.8-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"pwdutils-plugin-audit-3.2.8-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-32bit-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-32bit-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-html-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-i18ndata-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-info-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-32bit-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-profile-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-profile-32bit-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-3.0.3-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-32bit-3.0.3-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"nscd-2.11.1-0.32.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"pam-modules-11-1.18.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"pam-modules-32bit-11-1.18.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"pwdutils-3.2.8-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"pwdutils-plugin-audit-3.2.8-0.4.1\", release:\"SLES11\", sp: 1, cpu:\"s390x\") ) flag ++;\nif ( rpm_check( reference:\"glibc-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"i686\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"i686\") ) flag ++;\nif ( rpm_check( reference:\"glibc-i18ndata-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-3.0.3-0.4.1\", release:\"SLED11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"nscd-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"pam-modules-11-1.18.1\", release:\"SLED11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"pwdutils-3.2.8-0.4.1\", release:\"SLED11\", sp: 1, cpu:\"i586\") ) flag ++;\nif ( rpm_check( reference:\"glibc-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-32bit-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-devel-32bit-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-i18ndata-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"glibc-locale-32bit-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-3.0.3-0.4.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"libxcrypt-32bit-3.0.3-0.4.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"nscd-2.11.1-0.32.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"pam-modules-11-1.18.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"pam-modules-32bit-11-1.18.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\nif ( rpm_check( reference:\"pwdutils-3.2.8-0.4.1\", release:\"SLED11\", sp: 1, cpu:\"x86_64\") ) flag ++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:36", "description": "Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system (DBMS).\n\nA signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'.\n\nFor Red Hat Enterprise Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nFor Red Hat Enterprise Linux 4 and 5, the updated postgresql packages contain a backported patch.\n\nAll PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.", "cvss3": {}, "published": "2011-10-18T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 / 6 : postgresql (RHSA-2011:1377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql-debuginfo", "p-cpe:/a:redhat:enterprise_linux:postgresql-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql-jdbc", "p-cpe:/a:redhat:enterprise_linux:postgresql-libs", "p-cpe:/a:redhat:enterprise_linux:postgresql-pl", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-python", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-tcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-1377.NASL", "href": "https://www.tenable.com/plugins/nessus/56533", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1377. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56533);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_bugtraq_id(49241);\n script_xref(name:\"RHSA\", value:\"2011:1377\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : postgresql (RHSA-2011:1377)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated postgresql packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nA signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to applications that store user\npasswords, hashed with Blowfish using the PostgreSQL crypt() function,\nin a back-end PostgreSQL database. Unsafe processing can be re-enabled\nfor specific passwords (allowing affected users to log in) by changing\ntheir hash prefix to '$2x$'.\n\nFor Red Hat Enterprise Linux 6, the updated postgresql packages\nupgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release\nNotes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nFor Red Hat Enterprise Linux 4 and 5, the updated postgresql packages\ncontain a backported patch.\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct this issue. If the postgresql service is running, it\nwill be automatically restarted after installing this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2483\"\n );\n # http://www.postgresql.org/docs/8.4/static/release.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/8.4/release.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1377\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1377\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-contrib-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-devel-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-docs-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-jdbc-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-libs-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-pl-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-python-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-server-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-tcl-7.4.30-3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-test-7.4.30-3.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-contrib-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-contrib-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-contrib-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"postgresql-devel-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-docs-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-docs-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-docs-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"postgresql-libs-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-pl-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-pl-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-pl-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-python-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-python-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-python-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-server-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-server-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-server-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-tcl-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-tcl-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-tcl-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-test-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-test-8.1.23-1.el5_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-test-8.1.23-1.el5_7.2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"postgresql-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-contrib-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-contrib-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-contrib-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"postgresql-debuginfo-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"postgresql-devel-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-docs-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-docs-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-docs-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"postgresql-libs-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-plperl-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-plperl-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-plperl-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-plpython-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-plpython-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-plpython-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-pltcl-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-pltcl-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-pltcl-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-server-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-server-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-server-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-test-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-test-8.4.9-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-test-8.4.9-1.el6_1.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:17", "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nA signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'.\n\nFor Scientific Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nFor Scientific Linux 4 and 5, the updated postgresql packages contain a backported patch.\n\nAll PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : postgresql on SL4.x, SL5.x, SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111017_POSTGRESQL_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61155", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61155);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"Scientific Linux Security Update : postgresql on SL4.x, SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nA signedness issue was found in the way the crypt() function in the\nPostgreSQL pgcrypto module handled 8-bit characters in passwords when\nusing Blowfish hashing. Up to three characters immediately preceding a\nnon-ASCII character (one with the high bit set) had no effect on the\nhash result, thus shortening the effective password length. This made\nbrute-force guessing more efficient as several different passwords\nwere hashed to the same value. (CVE-2011-2483)\n\nNote: Due to the CVE-2011-2483 fix, after installing this update some\nusers may not be able to log in to applications that store user\npasswords, hashed with Blowfish using the PostgreSQL crypt() function,\nin a back-end PostgreSQL database. Unsafe processing can be re-enabled\nfor specific passwords (allowing affected users to log in) by changing\ntheir hash prefix to '$2x$'.\n\nFor Scientific Linux 6, the updated postgresql packages upgrade\nPostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for\na full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release.html\n\nFor Scientific Linux 4 and 5, the updated postgresql packages contain\na backported patch.\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct this issue. If the postgresql service is running, it\nwill be automatically restarted after installing this update.\"\n );\n # http://www.postgresql.org/docs/8.4/static/release.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/8.4/release.html\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=1584\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?98aeaf38\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-contrib-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-debuginfo-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-devel-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-docs-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-jdbc-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-libs-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-pl-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-python-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-server-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-tcl-7.4.30-3.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-test-7.4.30-3.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"postgresql-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-contrib-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-debuginfo-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-devel-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-docs-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-libs-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-pl-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-python-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-server-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-tcl-8.1.23-1.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-test-8.1.23-1.el5_7.2\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"postgresql-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-contrib-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-debuginfo-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-devel-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-docs-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-libs-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-plperl-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-plpython-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-pltcl-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-server-8.4.9-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-test-8.4.9-1.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:20", "description": "A vulnerability was discovered and fixed in php-suhosin :\n\ncrypt_blowfish before 1.1, as used in suhosin does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483).\n\nThe updated packages have been patched to correct this issue.", "cvss3": {}, "published": "2011-11-29T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : php-suhosin (MDVSA-2011:180)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:php-suhosin", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2011-180.NASL", "href": "https://www.tenable.com/plugins/nessus/56968", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:180. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56968);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-2483\");\n script_bugtraq_id(49241);\n script_xref(name:\"MDVSA\", value:\"2011:180\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php-suhosin (MDVSA-2011:180)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and fixed in php-suhosin :\n\ncrypt_blowfish before 1.1, as used in suhosin does not properly handle\n8-bit characters, which makes it easier for context-dependent\nattackers to determine a cleartext password by leveraging knowledge of\na password hash (CVE-2011-2483).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php-suhosin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-suhosin-0.9.32.1-0.6mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"php-suhosin-0.9.32.1-9.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:50", "description": "The crypt(3) manpage was updated to also list the 2y prefix.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:man-pages", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_MAN-PAGES-110823.NASL", "href": "https://www.tenable.com/plugins/nessus/75642", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update man-pages-5032.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75642);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2483\");\n\n script_name(english:\"openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1)\");\n script_summary(english:\"Check for the man-pages-5032 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"The crypt(3) manpage was updated to also list the 2y prefix.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00044.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected man-pages package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:man-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"man-pages-3.25-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"man-pages\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:30:06", "description": "PHP has been cited with the following multiple vulnerabilities, which may be locally exploitable on some F5 products :\n\nCVE-2006-7243 PHP before 5.3.4 accepts the \\0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\\0.jpg at the end of the argument to the file_exists function.\n\nCVE-2007-3799 The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.\n\nCVE-2010-3710 Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string.\n\nCVE-2010-3870 The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.\n\nCVE-2010-4697 Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set,\n__get, __isset, and __unset methods on objects accessed by a reference.\n\nCVE-2011-1470 The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.\n\nCVE-2011-3182 PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function.\n\nCVE-2011-3267 PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors.\n\nCVE-2011-3268 Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483.\n\nCVE-2011-4566 Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.\n\nCVE-2012-0830 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.", "cvss3": {}, "published": "2014-10-10T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Multiple PHP vulnerabilities (K13519)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0207", "CVE-2006-7243", "CVE-2007-3799", "CVE-2010-3710", "CVE-2010-3870", "CVE-2010-4697", "CVE-2011-0708", "CVE-2011-1470", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3267", "CVE-2011-3268", "CVE-2011-4566", "CVE-2011-4885", "CVE-2012-0830"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL13519.NASL", "href": "https://www.tenable.com/plugins/nessus/78134", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K13519.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78134);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2006-0207\", \"CVE-2006-7243\", \"CVE-2007-3799\", \"CVE-2010-3710\", \"CVE-2010-3870\", \"CVE-2010-4697\", \"CVE-2011-0708\", \"CVE-2011-1470\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3267\", \"CVE-2011-3268\", \"CVE-2011-4566\", \"CVE-2011-4885\", \"CVE-2012-0830\");\n script_bugtraq_id(16220, 24268, 43926, 44605, 44951, 45952, 46365, 46969, 49241, 49249, 50907, 51193, 51830);\n\n script_name(english:\"F5 Networks BIG-IP : Multiple PHP vulnerabilities (K13519)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"PHP has been cited with the following multiple vulnerabilities, which\nmay be locally exploitable on some F5 products :\n\nCVE-2006-7243 PHP before 5.3.4 accepts the \\0 character in a pathname,\nwhich might allow context-dependent attackers to bypass intended\naccess restrictions by placing a safe file extension after this\ncharacter, as demonstrated by .php\\0.jpg at the end of the argument to\nthe file_exists function.\n\nCVE-2007-3799 The session_start function in ext/session in PHP 4.x up\nto 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert\narbitrary attributes into the session cookie via special characters in\na cookie that is obtained from (1) PATH_INFO, (2) the session_id\nfunction, and (3) the session_start function, which are not encoded or\nfiltered when the new session cookie is generated, a related issue to\nCVE-2006-0207.\n\nCVE-2010-3710 Stack consumption vulnerability in the filter_var\nfunction in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when\nFILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a\ndenial of service (memory consumption and application crash) via a\nlong e-mail address string.\n\nCVE-2010-3870 The utf8_decode function in PHP before 5.3.4 does not\nproperly handle non-shortest form UTF-8 encoding and ill-formed\nsubsequences in UTF-8 data, which makes it easier for remote attackers\nto bypass cross-site scripting (XSS) and SQL injection protection\nmechanisms via a crafted string.\n\nCVE-2010-4697 Use-after-free vulnerability in the Zend engine in PHP\nbefore 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent\nattackers to cause a denial of service (heap memory corruption) or\nhave unspecified other impact via vectors related to use of __set,\n__get, __isset, and __unset methods on objects accessed by a\nreference.\n\nCVE-2011-1470 The Zip extension in PHP before 5.3.6 allows\ncontext-dependent attackers to cause a denial of service (application\ncrash) via a ziparchive stream that is not properly handled by the\nstream_get_contents function.\n\nCVE-2011-3182 PHP before 5.3.7 does not properly check the return\nvalues of the malloc, calloc, and realloc library functions, which\nallows context-dependent attackers to cause a denial of service (NULL\npointer dereference and application crash) or trigger a buffer\noverflow by leveraging the ability to provide an arbitrary value for a\nfunction argument, related to (1) ext/curl/interface.c, (2)\next/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4)\next/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\next/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8)\next/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10)\nTSRM/tsrm_win32.c, and (11) the strtotime function.\n\nCVE-2011-3267 PHP before 5.3.7 does not properly implement the\nerror_log function, which allows context-dependent attackers to cause\na denial of service (application crash) via unspecified vectors.\n\nCVE-2011-3268 Buffer overflow in the crypt function in PHP before\n5.3.7 allows context-dependent attackers to have an unspecified impact\nvia a long salt argument, a different vulnerability than\nCVE-2011-2483.\n\nCVE-2011-4566 Integer overflow in the exif_process_IFD_TAG function in\nexif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms\nallows remote attackers to read the contents of arbitrary memory\nlocations or cause a denial of service via a crafted offset_val value\nin an EXIF header in a JPEG file, a different vulnerability than\nCVE-2011-0708.\n\nCVE-2012-0830 The php_register_variable_ex function in php_variables.c\nin PHP 5.3.9 allows remote attackers to execute arbitrary code via a\nrequest containing a large number of variables, related to improper\nhandling of array variables. NOTE: this vulnerability exists because\nof an incorrect fix for CVE-2011-4885.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K13519\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K13519.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K13519\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\",\"11.0.0-11.1.0\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"11.2.0-11.4.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\",\"11.0.0-11.1.0\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"11.2.0-11.4.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.2.0-11.4.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\",\"11.0.0-11.1.0\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.2.0-11.4.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\",\"11.0.0-11.1.0\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"11.2.0-11.4.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\",\"11.0.0-11.1.0\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"11.2.0-11.4.0\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\",\"11.0.0-11.1.0\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.2.0-11.4.0\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\",\"11.0.0-11.1.0\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.2.0-11.3.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:27", "description": "Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues :\n\n - CVE-2011-1072 It was discovered that insecure handling of temporary files in the PEAR installer could lead to denial of service.\n\n - CVE-2011-4153 Maksymilian Arciemowicz discovered that a NULL pointer dereference in the zend_strndup() function could lead to denial of service.\n\n - CVE-2012-0781 Maksymilian Arciemowicz discovered that a NULL pointer dereference in the tidy_diagnose() function could lead to denial of service.\n\n - CVE-2012-0788 It was discovered that missing checks in the handling of PDORow objects could lead to denial of service.\n\n - CVE-2012-0831 It was discovered that the magic_quotes_gpc setting could be disabled remotely.\n\nThis update also addresses PHP bugs, which are not treated as security issues in Debian (see README.Debian.security), but which were fixed nonetheless: CVE-2010-4697, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1467 CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1657, CVE-2011-3182 CVE-2011-3267", "cvss3": {}, "published": "2012-02-14T00:00:00", "type": "nessus", "title": "Debian DSA-2408-1 : php5 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4697", "CVE-2011-1072", "CVE-2011-1092", "CVE-2011-1148", "CVE-2011-1464", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1657", "CVE-2011-3182", "CVE-2011-3267", "CVE-2011-4153", "CVE-2012-0781", "CVE-2012-0788", "CVE-2012-0831"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:php5", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2408.NASL", "href": "https://www.tenable.com/plugins/nessus/57925", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2408. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57925);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-4697\", \"CVE-2011-1072\", \"CVE-2011-1092\", \"CVE-2011-1148\", \"CVE-2011-1464\", \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\", \"CVE-2011-1657\", \"CVE-2011-3182\", \"CVE-2011-3267\", \"CVE-2011-4153\", \"CVE-2012-0781\", \"CVE-2012-0788\", \"CVE-2012-0831\");\n script_bugtraq_id(46605, 51417, 51952, 51954);\n script_xref(name:\"DSA\", value:\"2408\");\n\n script_name(english:\"Debian DSA-2408-1 : php5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues :\n\n - CVE-2011-1072\n It was discovered that insecure handling of temporary\n files in the PEAR installer could lead to denial of\n service.\n\n - CVE-2011-4153\n Maksymilian Arciemowicz discovered that a NULL pointer\n dereference in the zend_strndup() function could lead to\n denial of service.\n\n - CVE-2012-0781\n Maksymilian Arciemowicz discovered that a NULL pointer\n dereference in the tidy_diagnose() function could lead\n to denial of service.\n\n - CVE-2012-0788\n It was discovered that missing checks in the handling of\n PDORow objects could lead to denial of service.\n\n - CVE-2012-0831\n It was discovered that the magic_quotes_gpc setting\n could be disabled remotely.\n\nThis update also addresses PHP bugs, which are not treated as security\nissues in Debian (see README.Debian.security), but which were fixed\nnonetheless: CVE-2010-4697, CVE-2011-1092, CVE-2011-1148,\nCVE-2011-1464, CVE-2011-1467 CVE-2011-1468, CVE-2011-1469,\nCVE-2011-1470, CVE-2011-1657, CVE-2011-3182 CVE-2011-3267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2408\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php5 packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze8.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php-pear\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cgi\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cli\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-common\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-curl\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dbg\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dev\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-enchant\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gd\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gmp\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-imap\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-interbase\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-intl\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-ldap\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mcrypt\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mysql\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-odbc\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pgsql\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pspell\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-recode\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-snmp\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sqlite\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sybase\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-tidy\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xmlrpc\", reference:\"5.3.3-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xsl\", reference:\"5.3.3-7+squeeze8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2017-07-24T12:55:32", "description": "Check for the Version of php", "cvss3": {}, "published": "2011-11-08T00:00:00", "type": "openvas", "title": "Mandriva Update for php MDVSA-2011:165 (php)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-1657", "CVE-2011-3268", "CVE-2011-3182", "CVE-2011-3267", "CVE-2011-2202"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:831484", "href": "http://plugins.openvas.org/nasl.php?oid=831484", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDVSA-2011:165 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been identified and fixed in php:\n\n Use-after-free vulnerability in the substr_replace function in PHP\n 5.3.6 and earlier allows context-dependent attackers to cause a\n denial of service (memory corruption) or possibly have unspecified\n other impact by using the same variable for multiple arguments\n (CVE-2011-1148).\n\n The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions\n in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers\n to cause a denial of service (application crash) via certain flags\n arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND\n (CVE-2011-1657).\n\n Stack-based buffer overflow in the socket_connect function in\n ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow\n context-dependent attackers to execute arbitrary code via a long\n pathname for a UNIX socket (CVE-2011-1938).\n\n The rfc1867_post_handler function in main/rfc1867.c in PHP before\n 5.3.7 does not properly restrict filenames in multipart/form-data\n POST requests, which allows remote attackers to conduct absolute\n path traversal attacks, and possibly create or overwrite arbitrary\n files, via a crafted upload request, related to a file path injection\n vulnerability. (CVE-2011-2202).\n\n crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain\n platforms, does not properly handle 8-bit characters, which makes\n it easier for context-dependent attackers to determine a cleartext\n password by leveraging knowledge of a password hash (CVE-2011-2483).\n\n PHP before 5.3.7 does not properly check the return values of\n the malloc, calloc, and realloc library functions, which allows\n context-dependent attackers to cause a denial of service (NULL\n pointer dereference and application crash) or trigger a buffer\n overflow by leveraging the ability to provide an arbitrary value\n for a function argument, related to (1) ext/curl/interface.c, (2)\n ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c,\n (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\n ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c,\n (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10)\n TSRM/tsrm_win32.c, and (11) the strtotime function (CVE-2011-3182).\n\n PHP before 5.3.7 does not properly implement the error_log function,\n which allows context-dependent attackers to cause a denial of service\n (application crash) via unspecified vectors (CVE-2011-3267).\n\n Buffer overflow in the crypt function in PHP before 5.3.7 allows\n context-dependent attackers to ...\n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-11/msg00003.php\");\n script_id(831484);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-08 19:08:19 +0530 (Tue, 08 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:165\");\n script_cve_id(\"CVE-2011-1148\", \"CVE-2011-1657\", \"CVE-2011-1938\", \"CVE-2011-2202\",\n \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3267\", \"CVE-2011-3268\");\n script_name(\"Mandriva Update for php MDVSA-2011:165 (php)\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_php\", rpm:\"apache-mod_php~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc\", rpm:\"php-apc~3.1.9~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-apc-admin\", rpm:\"php-apc-admin~3.1.9~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bz2\", rpm:\"php-bz2~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-calendar\", rpm:\"php-calendar~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ctype\", rpm:\"php-ctype~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-curl\", rpm:\"php-curl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-doc\", rpm:\"php-doc~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dom\", rpm:\"php-dom~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator-admin\", rpm:\"php-eaccelerator-admin~0.9.6.1~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-exif\", rpm:\"php-exif~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fileinfo\", rpm:\"php-fileinfo~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ftp\", rpm:\"php-ftp~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gearman\", rpm:\"php-gearman~0.7.0~0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gettext\", rpm:\"php-gettext~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gmp\", rpm:\"php-gmp~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-hash\", rpm:\"php-hash~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-iconv\", rpm:\"php-iconv~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-json\", rpm:\"php-json~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mailparse\", rpm:\"php-mailparse~2.1.5~8.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcal\", rpm:\"php-mcal~0.6~35.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mcrypt\", rpm:\"php-mcrypt~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mssql\", rpm:\"php-mssql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysqli\", rpm:\"php-mysqli~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-optimizer\", rpm:\"php-optimizer~0.1~0.alpha2.8.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pcntl\", rpm:\"php-pcntl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_dblib\", rpm:\"php-pdo_dblib~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_mysql\", rpm:\"php-pdo_mysql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_odbc\", rpm:\"php-pdo_odbc~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_pgsql\", rpm:\"php-pdo_pgsql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo_sqlite\", rpm:\"php-pdo_sqlite~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-phar\", rpm:\"php-phar~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pinba\", rpm:\"php-pinba~0.0.5~2.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-posix\", rpm:\"php-posix~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-readline\", rpm:\"php-readline~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sasl\", rpm:\"php-sasl~0.1.0~33.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-session\", rpm:\"php-session~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-shmop\", rpm:\"php-shmop~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sockets\", rpm:\"php-sockets~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sphinx\", rpm:\"php-sphinx~1.0.4~2.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite3\", rpm:\"php-sqlite3~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ssh2\", rpm:\"php-ssh2~0.11.2~0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-suhosin\", rpm:\"php-suhosin~0.9.32.1~0.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sybase_ct\", rpm:\"php-sybase_ct~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvmsg\", rpm:\"php-sysvmsg~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvsem\", rpm:\"php-sysvsem~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sysvshm\", rpm:\"php-sysvshm~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tclink\", rpm:\"php-tclink~3.4.5~7.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-timezonedb\", rpm:\"php-timezonedb~2011.14~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tokenizer\", rpm:\"php-tokenizer~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-translit\", rpm:\"php-translit~0.6.1~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-vld\", rpm:\"php-vld~0.10.1~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-wddx\", rpm:\"php-wddx~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xattr\", rpm:\"php-xattr~1.1.0~13.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xdebug\", rpm:\"php-xdebug~2.1.2~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlreader\", rpm:\"php-xmlreader~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlwriter\", rpm:\"php-xmlwriter~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xsl\", rpm:\"php-xsl~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zip\", rpm:\"php-zip~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.3.8~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:42", "description": "This host is running PHP and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2011-09-07T00:00:00", "type": "openvas", "title": "PHP Multiple Vulnerabilities - Sep11 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483", "CVE-2011-1657", "CVE-2011-3268", "CVE-2011-3182", "CVE-2011-3267"], "modified": "2018-10-20T00:00:00", "id": "OPENVAS:1361412562310802330", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802330", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln_win_sep11.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# PHP Multiple Vulnerabilities - Sep11 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802330\");\n script_version(\"$Revision: 11997 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:36:57 +0200 (Wed, 07 Sep 2011)\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-1657\", \"CVE-2011-3182\", \"CVE-2011-3267\",\n \"CVE-2011-3268\");\n script_bugtraq_id(49241, 49252);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"PHP Multiple Vulnerabilities - Sep11 (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"os_detection.nasl\", \"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/44874/\");\n script_xref(name:\"URL\", value:\"http://www.php.net/archive/2011.php#id2011-08-18-1\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attackers to execute arbitrary code,\n obtain sensitive information or cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"PHP version prior to 5.3.7 on Windows\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Improper handling of passwords with 8-bit characters by 'crypt_blowfish'\n function.\n\n - An error in 'ZipArchive::addGlob' and 'ZipArchive::addPattern' functions\n in ext/zip/php_zip.c file allows remote attackers to cause denial of\n service via certain flags arguments.\n\n - Improper validation of the return values of the malloc, calloc and realloc\n library functions.\n\n - Improper implementation of the error_log function.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.3.7 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is running PHP and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/downloads.php\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\n##To check PHP version prior to 5.3.7\nif(version_is_less(version:phpVer, test_version:\"5.3.7\")){\n report = report_fixed_ver(installed_version:phpVer, fixed_version:\"5.3.7\");\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-11T11:07:17", "description": "Check for the Version of php", "cvss3": {}, "published": "2012-03-19T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2011-11464", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:863788", "href": "http://plugins.openvas.org/nasl.php?oid=863788", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2011-11464\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\n easy for developers to write dynamically generated web pages. PHP also\n offers built-in database integration for several commercial and\n non-commercial database management systems, so writing a\n database-enabled webpage with PHP is fairly simple. The most common\n use of PHP coding is probably as a replacement for CGI scripts.\n\n The php package contains the module which adds support for the PHP\n language to Apache HTTP Server.\";\n\ntag_affected = \"php on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065674.html\");\n script_id(863788);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:15:57 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-11464\");\n script_name(\"Fedora Update for php FEDORA-2011-11464\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.8~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:24", "description": "Check for the Version of maniadrive", "cvss3": {}, "published": "2011-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for maniadrive FEDORA-2011-11537", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863527", "href": "http://plugins.openvas.org/nasl.php?oid=863527", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for maniadrive FEDORA-2011-11537\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"maniadrive on Fedora 14\";\ntag_insight = \"ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nervous\n gameplay (tracks almost never exceed one minute). Features: Complex car\n physics, Challenging &quot;story mode&quot;, LAN and Internet mode, Live scores,\n Track editor, Dedicated server with HTTP interface and More than 30 blocks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066103.html\");\n script_id(863527);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-11537\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_name(\"Fedora Update for maniadrive FEDORA-2011-11537\");\n\n script_summary(\"Check for the Version of maniadrive\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"maniadrive\", rpm:\"maniadrive~1.2~32.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:47", "description": "Check for the Version of php-eaccelerator", "cvss3": {}, "published": "2011-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for php-eaccelerator FEDORA-2011-11528", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863518", "href": "http://plugins.openvas.org/nasl.php?oid=863518", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-eaccelerator FEDORA-2011-11528\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"php-eaccelerator on Fedora 15\";\ntag_insight = \"eAccelerator is a further development of the MMCache PHP Accelerator &amp; Encoder.\n It increases performance of PHP scripts by caching them in compiled state, so\n that the overhead of compiling is almost completely eliminated.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066107.html\");\n script_id(863518);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-11528\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_name(\"Fedora Update for php-eaccelerator FEDORA-2011-11528\");\n\n script_summary(\"Check for the Version of php-eaccelerator\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~9.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:44", "description": "Check for the Version of maniadrive", "cvss3": {}, "published": "2011-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for maniadrive FEDORA-2011-11528", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863531", "href": "http://plugins.openvas.org/nasl.php?oid=863531", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for maniadrive FEDORA-2011-11528\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"maniadrive on Fedora 15\";\ntag_insight = \"ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nervous\n gameplay (tracks almost never exceed one minute). Features: Complex car\n physics, Challenging &quot;story mode&quot;, LAN and Internet mode, Live scores,\n Track editor, Dedicated server with HTTP interface and More than 30 blocks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066105.html\");\n script_id(863531);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-11528\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_name(\"Fedora Update for maniadrive FEDORA-2011-11528\");\n\n script_summary(\"Check for the Version of maniadrive\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"maniadrive\", rpm:\"maniadrive~1.2~32.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:23", "description": "Check for the Version of php-eaccelerator", "cvss3": {}, "published": "2011-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for php-eaccelerator FEDORA-2011-11537", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863523", "href": "http://plugins.openvas.org/nasl.php?oid=863523", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-eaccelerator FEDORA-2011-11537\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"php-eaccelerator on Fedora 14\";\ntag_insight = \"eAccelerator is a further development of the MMCache PHP Accelerator &amp; Encoder.\n It increases performance of PHP scripts by caching them in compiled state, so\n that the overhead of compiling is almost completely eliminated.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066104.html\");\n script_id(863523);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-20 15:38:54 +0200 (Tue, 20 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-11537\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_name(\"Fedora Update for php-eaccelerator FEDORA-2011-11537\");\n\n script_summary(\"Check for the Version of php-eaccelerator\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~9.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-03-19T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2011-11464", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863788", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863788", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2011-11464\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065674.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863788\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:15:57 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-11464\");\n script_name(\"Fedora Update for php FEDORA-2011-11464\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"php on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.8~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for maniadrive FEDORA-2011-11464", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863875", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863875", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for maniadrive FEDORA-2011-11464\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065675.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863875\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:27:25 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\",\n \"CVE-2011-3182\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-11464\");\n script_name(\"Fedora Update for maniadrive FEDORA-2011-11464\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'maniadrive'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"maniadrive on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"maniadrive\", rpm:\"maniadrive~1.2~32.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:58:05", "description": "Check for the Version of php-eaccelerator", "cvss3": {}, "published": "2012-03-19T00:00:00", "type": "openvas", "title": "Fedora Update for php-eaccelerator FEDORA-2011-11464", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:863794", "href": "http://plugins.openvas.org/nasl.php?oid=863794", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-eaccelerator FEDORA-2011-11464\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"php-eaccelerator on Fedora 16\";\ntag_insight = \"eAccelerator is a further development of the MMCache PHP Accelerator &amp; Encoder.\n It increases performance of PHP scripts by caching them in compiled state, so\n that the overhead of compiling is almost completely eliminated.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065673.html\");\n script_id(863794);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:16:35 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-2202\", \"CVE-2011-1938\", \"CVE-2011-1148\", \"CVE-2011-3182\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-11464\");\n script_name(\"Fedora Update for php-eaccelerator FEDORA-2011-11464\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php-eaccelerator\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-eaccelerator\", rpm:\"php-eaccelerator~0.9.6.1~9.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:52", "description": "Check for the Version of php", "cvss3": {}, "published": "2011-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2011-11528", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1148", "CVE-2011-1938", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-2202"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863520", "href": "http://plugins.openvas.org/nasl.php?oid=863520", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2011-11528\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\n easy for developers to write dynamically generated web pages. PHP also\n offers built-in database integration for several commercial and\n non-commercial database management systems, so writing a\n database-enabled webpage with PH