Mandriva Update for php-pear MDKSA-2007:110 (php-pear)
2009-04-09T00:00:00
ID OPENVAS:830027 Type openvas Reporter Copyright (C) 2009 Greenbone Networks GmbH Modified 2017-07-06T00:00:00
Description
Check for the Version of php-pear
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for php-pear MDKSA-2007:110 (php-pear)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "A security hole was discovered in all versions of the PEAR Installer
http://pear.php.net/PEAR
hole found to date in the PEAR Installer, and would allow a malicious
package to install files anywhere in the filesystem.
The vulnerability only affects users who are installing an
intentionally created package with a malicious intent. Because the
package is easily traced to its source, this is most likely to happen
if a hacker were to compromise a PEAR channel server and alter a
package to install a backdoor. In other words, it must be combined
with other exploits to be a problem.
Updated packages have been patched to prevent this issue.";
tag_affected = "php-pear on Mandriva Linux 2007.0,
Mandriva Linux 2007.0/X86_64,
Mandriva Linux 2007.1,
Mandriva Linux 2007.1/X86_64";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2007-06/msg00001.php");
script_id(830027);
script_version("$Revision: 6568 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $");
script_tag(name:"creation_date", value:"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_xref(name: "MDKSA", value: "2007:110");
script_cve_id("CVE-2007-2519");
script_name( "Mandriva Update for php-pear MDKSA-2007:110 (php-pear)");
script_summary("Check for the Version of php-pear");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_2007.1")
{
if ((res = isrpmvuln(pkg:"php-pear", rpm:"php-pear~5.2.1~2.1mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_2007.0")
{
if ((res = isrpmvuln(pkg:"php-pear", rpm:"php-pear~5.1.6~1.1mdv2007.0", rls:"MNDK_2007.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:830027", "type": "openvas", "bulletinFamily": "scanner", "title": "Mandriva Update for php-pear MDKSA-2007:110 (php-pear)", "description": "Check for the Version of php-pear", "published": "2009-04-09T00:00:00", "modified": "2017-07-06T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830027", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["2007:110", "http://lists.mandriva.com/security-announce/2007-06/msg00001.php"], "cvelist": ["CVE-2007-2519"], "lastseen": "2017-07-24T12:56:13", "viewCount": 2, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2017-07-24T12:56:13", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2519"]}, {"type": "openvas", "idList": ["OPENVAS:840071", "OPENVAS:1361412562310831508", "OPENVAS:831508", "OPENVAS:1361412562310830027"]}, {"type": "nessus", "idList": ["UBUNTU_USN-462-1.NASL", "MANDRAKE_MDKSA-2007-110.NASL", "MANDRIVA_MDVSA-2011-187.NASL"]}, {"type": "exploitdb", "idList": ["EDB-ID:30074"]}, {"type": "ubuntu", "idList": ["USN-462-1"]}, {"type": "suse", "idList": ["SUSE-SU-2013:1351-1"]}], "modified": "2017-07-24T12:56:13", "rev": 2}, "vulnersScore": 6.1}, "pluginID": "830027", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php-pear MDKSA-2007:110 (php-pear)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A security hole was discovered in all versions of the PEAR Installer\n http://pear.php.net/PEAR\n hole found to date in the PEAR Installer, and would allow a malicious\n package to install files anywhere in the filesystem.\n\n The vulnerability only affects users who are installing an\n intentionally created package with a malicious intent. Because the\n package is easily traced to its source, this is most likely to happen\n if a hacker were to compromise a PEAR channel server and alter a\n package to install a backdoor. In other words, it must be combined\n with other exploits to be a problem.\n \n Updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"php-pear on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-06/msg00001.php\");\n script_id(830027);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:110\");\n script_cve_id(\"CVE-2007-2519\");\n script_name( \"Mandriva Update for php-pear MDKSA-2007:110 (php-pear)\");\n\n script_summary(\"Check for the Version of php-pear\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~5.2.1~2.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~5.1.6~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Mandrake Local Security Checks"}
{"cve": [{"lastseen": "2020-10-03T11:45:51", "description": "Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.", "edition": 3, "cvss3": {}, "published": "2007-05-22T19:30:00", "title": "CVE-2007-2519", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2519"], "modified": "2017-07-29T01:31:00", "cpe": ["cpe:/a:php_group:pear:1.3b6", "cpe:/a:php_group:pear:1.4.2", "cpe:/a:php_group:pear:1.2b5", "cpe:/a:php_group:pear:1.0", "cpe:/a:php_group:pear:1.4.7", "cpe:/a:php_group:pear:1.3", "cpe:/a:php_group:pear:1.4.0a7", "cpe:/a:php_group:pear:1.4.0a2", "cpe:/a:php_group:pear:1.4.9", "cpe:/a:php_group:pear:1.4.0", "cpe:/a:php_group:pear:1.3b5", "cpe:/a:php_group:pear:1.4.0a11", "cpe:/a:php_group:pear:1.5.0", "cpe:/a:php_group:pear:1.2b2", "cpe:/a:php_group:pear:1.2b1", "cpe:/a:php_group:pear:1.4.0a8", "cpe:/a:php_group:pear:1.4.0rc1", "cpe:/a:php_group:pear:1.4.10rc1", "cpe:/a:php_group:pear:1.4.0rc2", "cpe:/a:php_group:pear:1.4.0b1", "cpe:/a:php_group:pear:1.4.0a10", "cpe:/a:php_group:pear:1.2b4", "cpe:/a:php_group:pear:1.3b3", "cpe:/a:php_group:pear:1.4.0a6", "cpe:/a:php_group:pear:1.3.3", "cpe:/a:php_group:pear:1.4.5", "cpe:/a:php_group:pear:1.4.11", "cpe:/a:php_group:pear:1.4.0a12", "cpe:/a:php_group:pear:1.3.4", "cpe:/a:php_group:pear:1.2.1", "cpe:/a:php_group:pear:1.3.1", "cpe:/a:php_group:pear:1.5.3", "cpe:/a:php_group:pear:1.3.5", "cpe:/a:php_group:pear:1.5.0rc1", "cpe:/a:php_group:pear:1.3b1", "cpe:/a:php_group:pear:1.5.2", "cpe:/a:php_group:pear:1.0.1", "cpe:/a:php_group:pear:1.5.1", "cpe:/a:php_group:pear:1.4.6", "cpe:/a:php_group:pear:1.4.4", "cpe:/a:php_group:pear:1.4.1", "cpe:/a:php_group:pear:1.4.3", "cpe:/a:php_group:pear:1.3b2", "cpe:/a:php_group:pear:1.4.0a3", "cpe:/a:php_group:pear:1.5.0a1", "cpe:/a:php_group:pear:1.3.3.1", "cpe:/a:php_group:pear:1.2", "cpe:/a:php_group:pear:1.4.0a1", "cpe:/a:php_group:pear:1.4.10", "cpe:/a:php_group:pear:1.4.0a5", "cpe:/a:php_group:pear:1.1", "cpe:/a:php_group:pear:1.3.6", "cpe:/a:php_group:pear:1.4.0a4", "cpe:/a:php_group:pear:1.4.0b2", "cpe:/a:php_group:pear:1.2b3", "cpe:/a:php_group:pear:1.5.0rc2", "cpe:/a:php_group:pear:1.4.0a9", "cpe:/a:php_group:pear:1.4.8", "cpe:/a:php_group:pear:1.5.0rc3"], "id": "CVE-2007-2519", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2519", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php_group:pear:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.3b1:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.0a4:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.0b2:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.3b2:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.0a10:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.5.0rc3:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.3b5:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.0a7:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.2b4:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.5.0rc1:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.10rc1:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.0a1:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.0a5:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.2b3:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.2b1:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.2b5:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.0rc1:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.5.0rc2:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.0a11:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.0a12:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.2b2:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.0a2:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.0a6:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.0a8:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.0b1:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.0a3:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.0a9:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.5.0a1:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.3b6:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.4.0rc2:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:pear:1.3b3:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-04-09T11:39:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2519"], "description": "Check for the Version of php-pear", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830027", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830027", "type": "openvas", "title": "Mandriva Update for php-pear MDKSA-2007:110 (php-pear)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php-pear MDKSA-2007:110 (php-pear)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A security hole was discovered in all versions of the PEAR Installer\n http://pear.php.net/PEAR\n hole found to date in the PEAR Installer, and would allow a malicious\n package to install files anywhere in the filesystem.\n\n The vulnerability only affects users who are installing an\n intentionally created package with a malicious intent. Because the\n package is easily traced to its source, this is most likely to happen\n if a hacker were to compromise a PEAR channel server and alter a\n package to install a backdoor. In other words, it must be combined\n with other exploits to be a problem.\n \n Updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"php-pear on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-06/msg00001.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830027\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:110\");\n script_cve_id(\"CVE-2007-2519\");\n script_name( \"Mandriva Update for php-pear MDKSA-2007:110 (php-pear)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of php-pear\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~5.2.1~2.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~5.1.6~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2519", "CVE-2011-1072"], "description": "Check for the Version of php-pear", "modified": "2017-07-06T00:00:00", "published": "2011-12-16T00:00:00", "id": "OPENVAS:831508", "href": "http://plugins.openvas.org/nasl.php?oid=831508", "type": "openvas", "title": "Mandriva Update for php-pear MDVSA-2011:187 (php-pear)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php-pear MDVSA-2011:187 (php-pear)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been discovered and corrected in php-pear:\n The installer in PEAR before 1.9.2 allows local users to overwrite\n arbitrary files via a symlink attack on the package.xml file,\n related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and\n (4) pear-build-download directories, a different vulnerability than\n CVE-2007-2519 (CVE-2011-1072).\n\n This advisory provides PEAR 1.9.4 which is not vulnerable to this\n issue.\n\n Additionally for Mandriva Enterprise Server 5 many new or updated\n PEAR packages is being provided with the latest versions of respective\n packages as well as mitigating various dependency issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php-pear on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-12/msg00012.php\");\n script_id(831508);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:14:24 +0530 (Fri, 16 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2011:187\");\n script_cve_id(\"CVE-2007-2519\", \"CVE-2011-1072\");\n script_name(\"Mandriva Update for php-pear MDVSA-2011:187 (php-pear)\");\n\n script_summary(\"Check for the Version of php-pear\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~1.9.4~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Auth\", rpm:\"php-pear-Auth~1.6.4~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Auth_RADIUS\", rpm:\"php-pear-Auth_RADIUS~1.0.7~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Auth_SASL\", rpm:\"php-pear-Auth_SASL~1.0.6~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Cache_Lite\", rpm:\"php-pear-Cache_Lite~1.7.12~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Console_ProgressBar\", rpm:\"php-pear-Console_ProgressBar~0.5.2beta~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Crypt_CHAP\", rpm:\"php-pear-Crypt_CHAP~1.5.0~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date\", rpm:\"php-pear-Date~1.5.0a2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays\", rpm:\"php-pear-Date_Holidays~0.21.5~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Austria\", rpm:\"php-pear-Date_Holidays_Austria~0.1.3~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Brazil\", rpm:\"php-pear-Date_Holidays_Brazil~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Denmark\", rpm:\"php-pear-Date_Holidays_Denmark~0.1.3~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Discordian\", rpm:\"php-pear-Date_Holidays_Discordian~0.1.1~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_EnglandWales\", rpm:\"php-pear-Date_Holidays_EnglandWales~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Germany\", rpm:\"php-pear-Date_Holidays_Germany~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Iceland\", rpm:\"php-pear-Date_Holidays_Iceland~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Italy\", rpm:\"php-pear-Date_Holidays_Italy~0.1.1~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Japan\", rpm:\"php-pear-Date_Holidays_Japan~0.1.1~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Netherlands\", rpm:\"php-pear-Date_Holidays_Netherlands~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Norway\", rpm:\"php-pear-Date_Holidays_Norway~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_PHPdotNet\", rpm:\"php-pear-Date_Holidays_PHPdotNet~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Romania\", rpm:\"php-pear-Date_Holidays_Romania~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Slovenia\", rpm:\"php-pear-Date_Holidays_Slovenia~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Sweden\", rpm:\"php-pear-Date_Holidays_Sweden~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Ukraine\", rpm:\"php-pear-Date_Holidays_Ukraine~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_UNO\", rpm:\"php-pear-Date_Holidays_UNO~0.1.3~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_USA\", rpm:\"php-pear-Date_Holidays_USA~0.1.1~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-DB\", rpm:\"php-pear-DB~1.7.14~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-DB_DataObject\", rpm:\"php-pear-DB_DataObject~1.9.6~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-File_Passwd\", rpm:\"php-pear-File_Passwd~1.1.7~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-File_SMBPasswd\", rpm:\"php-pear-File_SMBPasswd~1.0.3~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-HTTP_Client\", rpm:\"php-pear-HTTP_Client~1.2.1~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-HTTP_Request\", rpm:\"php-pear-HTTP_Request~1.4.4~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-HTTP_Request2\", rpm:\"php-pear-HTTP_Request2~2.0.0~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Image_GraphViz\", rpm:\"php-pear-Image_GraphViz~1.3.0~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Log\", rpm:\"php-pear-Log~1.12.7~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Mail\", rpm:\"php-pear-Mail~1.2.0~0.b1.0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Mail_Mime\", rpm:\"php-pear-Mail_Mime~1.8.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Mail_mimeDecode\", rpm:\"php-pear-Mail_mimeDecode~1.5.5~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Math_BigInteger\", rpm:\"php-pear-Math_BigInteger~1.0.0~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-MDB2\", rpm:\"php-pear-MDB2~2.5.0~0.0.b3.0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-MDB2_Driver_mysql\", rpm:\"php-pear-MDB2_Driver_mysql~1.5.0~0.0.b3.0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-MDB2_Driver_mysqli\", rpm:\"php-pear-MDB2_Driver_mysqli~1.5.0~0.0.b3.0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-MDB2_Driver_pgsql\", rpm:\"php-pear-MDB2_Driver_pgsql~1.5.0~0.0.b3.0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-MDB2_Driver_sqlite\", rpm:\"php-pear-MDB2_Driver_sqlite~1.5.0~0.0.b3.0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_DIME\", rpm:\"php-pear-Net_DIME~1.0.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_IDNA\", rpm:\"php-pear-Net_IDNA~0.8.1~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_IDNA2\", rpm:\"php-pear-Net_IDNA2~0.1.1~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_IPv4\", rpm:\"php-pear-Net_IPv4~1.3.4~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_LDAP2\", rpm:\"php-pear-Net_LDAP2~2.0.10~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_POP3\", rpm:\"php-pear-Net_POP3~1.3.8~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_SMTP\", rpm:\"php-pear-Net_SMTP~1.6.1~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_Socket\", rpm:\"php-pear-Net_Socket~1.0.10~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_URL2\", rpm:\"php-pear-Net_URL2~2.0.0~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_Vpopmaild\", rpm:\"php-pear-Net_Vpopmaild~0.3.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Numbers_Words\", rpm:\"php-pear-Numbers_Words~0.16.3~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-OLE\", rpm:\"php-pear-OLE~1.0.0~0.RC1.0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-PEAR_Command_Packaging\", rpm:\"php-pear-PEAR_Command_Packaging~0.2.0~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Spreadsheet_Excel_Writer\", rpm:\"php-pear-Spreadsheet_Excel_Writer~0.9.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-System_Command\", rpm:\"php-pear-System_Command~1.0.7~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Validate\", rpm:\"php-pear-Validate~0.8.4~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-XML_Parser\", rpm:\"php-pear-XML_Parser~1.3.4~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-XML_RPC2\", rpm:\"php-pear-XML_RPC2~1.1.1~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-XML_Serializer\", rpm:\"php-pear-XML_Serializer~0.20.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-XML_XSLT_Wrapper\", rpm:\"php-pear-XML_XSLT_Wrapper~0.2.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~1.9.4~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2519", "CVE-2011-1072"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-12-16T00:00:00", "id": "OPENVAS:1361412562310831508", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831508", "type": "openvas", "title": "Mandriva Update for php-pear MDVSA-2011:187 (php-pear)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php-pear MDVSA-2011:187 (php-pear)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-12/msg00012.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831508\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:14:24 +0530 (Fri, 16 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2011:187\");\n script_cve_id(\"CVE-2007-2519\", \"CVE-2011-1072\");\n script_name(\"Mandriva Update for php-pear MDVSA-2011:187 (php-pear)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php-pear'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1)\");\n script_tag(name:\"affected\", value:\"php-pear on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"A vulnerability has been discovered and corrected in php-pear:\n The installer in PEAR before 1.9.2 allows local users to overwrite\n arbitrary files via a symlink attack on the package.xml file,\n related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and\n (4) pear-build-download directories, a different vulnerability than\n CVE-2007-2519 (CVE-2011-1072).\n\n This advisory provides PEAR 1.9.4 which is not vulnerable to this\n issue.\n\n Additionally for Mandriva Enterprise Server 5 many new or updated\n PEAR packages is being provided with the latest versions of respective\n packages as well as mitigating various dependency issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~1.9.4~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Auth\", rpm:\"php-pear-Auth~1.6.4~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Auth_RADIUS\", rpm:\"php-pear-Auth_RADIUS~1.0.7~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Auth_SASL\", rpm:\"php-pear-Auth_SASL~1.0.6~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Cache_Lite\", rpm:\"php-pear-Cache_Lite~1.7.12~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Console_ProgressBar\", rpm:\"php-pear-Console_ProgressBar~0.5.2beta~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Crypt_CHAP\", rpm:\"php-pear-Crypt_CHAP~1.5.0~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date\", rpm:\"php-pear-Date~1.5.0a2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays\", rpm:\"php-pear-Date_Holidays~0.21.5~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Austria\", rpm:\"php-pear-Date_Holidays_Austria~0.1.3~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Brazil\", rpm:\"php-pear-Date_Holidays_Brazil~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Denmark\", rpm:\"php-pear-Date_Holidays_Denmark~0.1.3~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Discordian\", rpm:\"php-pear-Date_Holidays_Discordian~0.1.1~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_EnglandWales\", rpm:\"php-pear-Date_Holidays_EnglandWales~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Germany\", rpm:\"php-pear-Date_Holidays_Germany~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Iceland\", rpm:\"php-pear-Date_Holidays_Iceland~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Italy\", rpm:\"php-pear-Date_Holidays_Italy~0.1.1~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Japan\", rpm:\"php-pear-Date_Holidays_Japan~0.1.1~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Netherlands\", rpm:\"php-pear-Date_Holidays_Netherlands~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Norway\", rpm:\"php-pear-Date_Holidays_Norway~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_PHPdotNet\", rpm:\"php-pear-Date_Holidays_PHPdotNet~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Romania\", rpm:\"php-pear-Date_Holidays_Romania~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Slovenia\", rpm:\"php-pear-Date_Holidays_Slovenia~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Sweden\", rpm:\"php-pear-Date_Holidays_Sweden~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_Ukraine\", rpm:\"php-pear-Date_Holidays_Ukraine~0.1.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_UNO\", rpm:\"php-pear-Date_Holidays_UNO~0.1.3~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Date_Holidays_USA\", rpm:\"php-pear-Date_Holidays_USA~0.1.1~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-DB\", rpm:\"php-pear-DB~1.7.14~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-DB_DataObject\", rpm:\"php-pear-DB_DataObject~1.9.6~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-File_Passwd\", rpm:\"php-pear-File_Passwd~1.1.7~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-File_SMBPasswd\", rpm:\"php-pear-File_SMBPasswd~1.0.3~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-HTTP_Client\", rpm:\"php-pear-HTTP_Client~1.2.1~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-HTTP_Request\", rpm:\"php-pear-HTTP_Request~1.4.4~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-HTTP_Request2\", rpm:\"php-pear-HTTP_Request2~2.0.0~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Image_GraphViz\", rpm:\"php-pear-Image_GraphViz~1.3.0~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Log\", rpm:\"php-pear-Log~1.12.7~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Mail\", rpm:\"php-pear-Mail~1.2.0~0.b1.0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Mail_Mime\", rpm:\"php-pear-Mail_Mime~1.8.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Mail_mimeDecode\", rpm:\"php-pear-Mail_mimeDecode~1.5.5~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Math_BigInteger\", rpm:\"php-pear-Math_BigInteger~1.0.0~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-MDB2\", rpm:\"php-pear-MDB2~2.5.0~0.0.b3.0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-MDB2_Driver_mysql\", rpm:\"php-pear-MDB2_Driver_mysql~1.5.0~0.0.b3.0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-MDB2_Driver_mysqli\", rpm:\"php-pear-MDB2_Driver_mysqli~1.5.0~0.0.b3.0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-MDB2_Driver_pgsql\", rpm:\"php-pear-MDB2_Driver_pgsql~1.5.0~0.0.b3.0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-MDB2_Driver_sqlite\", rpm:\"php-pear-MDB2_Driver_sqlite~1.5.0~0.0.b3.0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_DIME\", rpm:\"php-pear-Net_DIME~1.0.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_IDNA\", rpm:\"php-pear-Net_IDNA~0.8.1~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_IDNA2\", rpm:\"php-pear-Net_IDNA2~0.1.1~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_IPv4\", rpm:\"php-pear-Net_IPv4~1.3.4~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_LDAP2\", rpm:\"php-pear-Net_LDAP2~2.0.10~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_POP3\", rpm:\"php-pear-Net_POP3~1.3.8~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_SMTP\", rpm:\"php-pear-Net_SMTP~1.6.1~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_Socket\", rpm:\"php-pear-Net_Socket~1.0.10~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_URL2\", rpm:\"php-pear-Net_URL2~2.0.0~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_Vpopmaild\", rpm:\"php-pear-Net_Vpopmaild~0.3.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Numbers_Words\", rpm:\"php-pear-Numbers_Words~0.16.3~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-OLE\", rpm:\"php-pear-OLE~1.0.0~0.RC1.0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-PEAR_Command_Packaging\", rpm:\"php-pear-PEAR_Command_Packaging~0.2.0~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Spreadsheet_Excel_Writer\", rpm:\"php-pear-Spreadsheet_Excel_Writer~0.9.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-System_Command\", rpm:\"php-pear-System_Command~1.0.7~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Validate\", rpm:\"php-pear-Validate~0.8.4~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-XML_Parser\", rpm:\"php-pear-XML_Parser~1.3.4~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-XML_RPC2\", rpm:\"php-pear-XML_RPC2~1.1.1~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-XML_Serializer\", rpm:\"php-pear-XML_Serializer~0.20.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-XML_XSLT_Wrapper\", rpm:\"php-pear-XML_XSLT_Wrapper~0.2.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~1.9.4~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:30:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2510", "CVE-2007-2509", "CVE-2007-2511", "CVE-2007-2519"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-462-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840071", "href": "http://plugins.openvas.org/nasl.php?oid=840071", "type": "openvas", "title": "Ubuntu Update for php5 vulnerabilities USN-462-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_462_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for php5 vulnerabilities USN-462-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw was discovered in the FTP command handler in PHP. Commands were\n not correctly filtered for control characters. An attacker could issue\n arbitrary FTP commands using specially crafted arguments. (CVE-2007-2509)\n\n Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler\n in PHP. Remote attackers could send a specially crafted SOAP request\n and execute arbitrary code with web server privileges. (CVE-2007-2510)\n \n Ilia Alshanetsky discovered a buffer overflow in the user filter factory\n in PHP. A local attacker could create a specially crafted script and\n execute arbitrary code with web server privileges. (CVE-2007-2511)\n \n Gregory Beaver discovered that the PEAR installer did not validate\n installation paths. If a user were tricked into installing a malicious\n PEAR package, an attacker could overwrite arbitrary files. (CVE-2007-2519)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-462-1\";\ntag_affected = \"php5 vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-462-1/\");\n script_id(840071);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"462-1\");\n script_cve_id(\"CVE-2007-2509\", \"CVE-2007-2510\", \"CVE-2007-2511\", \"CVE-2007-2519\");\n script_name( \"Ubuntu Update for php5 vulnerabilities USN-462-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.2.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysqli\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.1.2-1ubuntu3.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mhash\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-mysqli\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.1.6-1ubuntu2.5\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-03T11:42:27", "description": "PHP PEAR 1.5.3 INSTALL-AS Attribute Arbitrary File Overwrite Vulnerability. CVE-2007-2519. Remote exploit for linux platform", "published": "2007-05-07T00:00:00", "type": "exploitdb", "title": "PHP PEAR <= 1.5.3 INSTALL-AS Attribute Arbitrary File Overwrite Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-2519"], "modified": "2007-05-07T00:00:00", "id": "EDB-ID:30074", "href": "https://www.exploit-db.com/exploits/30074/", "sourceData": "source: http://www.securityfocus.com/bid/24111/info\r\n\r\nPEAR is prone to a vulnerability that lets attackers overwrite arbitrary files.\r\n\r\nAn attacker-supplied package may supply directory-traversal strings through the 'install-as' attribute to create and overwrite files in arbitrary locations.\r\n\r\nThis issue affects PEAR 1.0 to 1.5.3. \r\n\r\ncreate a file named \"INSTALL\" and save it in the current directory.\r\nSave the following XML as package.xml, and run \"pear install package.xml\"\r\n\r\nIf php_dir is /usr/local/lib/php The file \"INSTALL\" will be installed into\r\n/usr/local/test.php\r\n\r\n\r\n\r\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<package version=\"2.0\" xmlns=\"http://pear.php.net/dtd/package-2.0\"\r\nxmlns:tasks=\"http://pear.php.net/dtd/tasks-1.0\"\r\nxmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\r\nxsi:schemaLocation=\"http://pear.php.net/dtd/tasks-1.0\r\nhttp://pear.php.net/dtd/tasks-1.0.xsd\r\nhttp://pear.php.net/dtd/package-2.0\r\nhttp://pear.php.net/dtd/package-2.0.xsd\">\r\n <name>Test_Sec</name>\r\n <channel>pear.php.net</channel>\r\n <summary>Test security vulnerability</summary>\r\n <description>demonstrate install-as vulnerability\r\n </description>\r\n <lead>\r\n <name>Greg Beaver</name>\r\n <user>cellog</user>\r\n <email>cellog@php.net</email>\r\n <active>yes</active>\r\n </lead>\r\n <date>2007-03-05</date>\r\n <version>\r\n <release>1.6.0</release>\r\n <api>1.6.0</api>\r\n </version>\r\n <stability>\r\n <release>stable</release>\r\n <api>stable</api>\r\n </stability>\r\n <license uri=\"http://www.php.net/license\">PHP License</license>\r\n <notes>\r\n allow up to latest beta version [tias]\r\n </notes>\r\n <contents>\r\n <dir name=\"/\">\r\n <file name=\"INSTALL\" role=\"php\" />\r\n </dir> <!-- / -->\r\n </contents>\r\n <dependencies>\r\n <required>\r\n <php>\r\n <min>4.3.0</min>\r\n </php>\r\n <pearinstaller>\r\n <min>1.4.3</min>\r\n </pearinstaller>\r\n </required>\r\n </dependencies>\r\n <phprelease>\r\n <filelist>\r\n <install as=\"../../test.php\" name=\"INSTALL\" />\r\n </filelist>\r\n </phprelease>\r\n\r\n</package>\r\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/30074/"}], "nessus": [{"lastseen": "2021-01-07T11:51:43", "description": "A security hole was discovered in all versions of the PEAR Installer\n(http://pear.php.net/PEAR). The security hole is the most serious hole\nfound to date in the PEAR Installer, and would allow a malicious\npackage to install files anywhere in the filesystem.\n\nThe vulnerability only affects users who are installing an\nintentionally created package with a malicious intent. Because the\npackage is easily traced to its source, this is most likely to happen\nif a hacker were to compromise a PEAR channel server and alter a\npackage to install a backdoor. In other words, it must be combined\nwith other exploits to be a problem.\n\nUpdated packages have been patched to prevent this issue.", "edition": 24, "published": "2007-06-05T00:00:00", "title": "Mandrake Linux Security Advisory : php-pear (MDKSA-2007:110)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2519"], "modified": "2007-06-05T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2007", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:php-pear"], "id": "MANDRAKE_MDKSA-2007-110.NASL", "href": "https://www.tenable.com/plugins/nessus/25428", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:110. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25428);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-2519\");\n script_xref(name:\"MDKSA\", value:\"2007:110\");\n\n script_name(english:\"Mandrake Linux Security Advisory : php-pear (MDKSA-2007:110)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A security hole was discovered in all versions of the PEAR Installer\n(http://pear.php.net/PEAR). The security hole is the most serious hole\nfound to date in the PEAR Installer, and would allow a malicious\npackage to install files anywhere in the filesystem.\n\nThe vulnerability only affects users who are installing an\nintentionally created package with a malicious intent. Because the\npackage is easily traced to its source, this is most likely to happen\nif a hacker were to compromise a PEAR channel server and alter a\npackage to install a backdoor. In other words, it must be combined\nwith other exploits to be a problem.\n\nUpdated packages have been patched to prevent this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php-pear package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-pear-5.1.6-1.1mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-pear-5.2.1-2.1mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:53:32", "description": "A vulnerability has been discovered and corrected in php-pear :\n\nThe installer in PEAR before 1.9.2 allows local users to overwrite\narbitrary files via a symlink attack on the package.xml file, related\nto the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4)\npear-build-download directories, a different vulnerability than\nCVE-2007-2519 (CVE-2011-1072).\n\nThis advisory provides PEAR 1.9.4 which is not vulnerable to this\nissue.\n\nAdditionally for Mandriva Enterprise Server 5 many new or updated PEAR\npackages is being provided with the latest versions of respective\npackages as well as mitigating various dependency issues.", "edition": 25, "published": "2011-12-16T00:00:00", "title": "Mandriva Linux Security Advisory : php-pear (MDVSA-2011:187)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2519", "CVE-2011-1072"], "modified": "2011-12-16T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:php-pear"], "id": "MANDRIVA_MDVSA-2011-187.NASL", "href": "https://www.tenable.com/plugins/nessus/57319", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:187. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57319);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-1072\");\n script_bugtraq_id(46605);\n script_xref(name:\"MDVSA\", value:\"2011:187\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php-pear (MDVSA-2011:187)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in php-pear :\n\nThe installer in PEAR before 1.9.2 allows local users to overwrite\narbitrary files via a symlink attack on the package.xml file, related\nto the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4)\npear-build-download directories, a different vulnerability than\nCVE-2007-2519 (CVE-2011-1072).\n\nThis advisory provides PEAR 1.9.4 which is not vulnerable to this\nissue.\n\nAdditionally for Mandriva Enterprise Server 5 many new or updated PEAR\npackages is being provided with the latest versions of respective\npackages as well as mitigating various dependency issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php-pear package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-pear-1.9.4-0.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-20T15:43:55", "description": "A flaw was discovered in the FTP command handler in PHP. Commands were\nnot correctly filtered for control characters. An attacker could issue\narbitrary FTP commands using specially crafted arguments.\n(CVE-2007-2509)\n\nIlia Alshanetsky discovered a buffer overflow in the SOAP request\nhandler in PHP. Remote attackers could send a specially crafted SOAP\nrequest and execute arbitrary code with web server privileges.\n(CVE-2007-2510)\n\nIlia Alshanetsky discovered a buffer overflow in the user filter\nfactory in PHP. A local attacker could create a specially crafted\nscript and execute arbitrary code with web server privileges.\n(CVE-2007-2511)\n\nGregory Beaver discovered that the PEAR installer did not validate\ninstallation paths. If a user were tricked into installing a malicious\nPEAR package, an attacker could overwrite arbitrary files.\n(CVE-2007-2519).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2007-11-10T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 : php5 vulnerabilities (USN-462-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2510", "CVE-2007-2509", "CVE-2007-2511", "CVE-2007-2519"], "modified": "2007-11-10T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:php5-mhash", "p-cpe:/a:canonical:ubuntu_linux:php5-curl", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:php5-pspell", "p-cpe:/a:canonical:ubuntu_linux:php5-mysql", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-odbc", "p-cpe:/a:canonical:ubuntu_linux:php5-sqlite", "p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc", "p-cpe:/a:canonical:ubuntu_linux:php5-gd", "p-cpe:/a:canonical:ubuntu_linux:php5-xsl", "p-cpe:/a:canonical:ubuntu_linux:php5-sybase", "p-cpe:/a:canonical:ubuntu_linux:php5-dev", "p-cpe:/a:canonical:ubuntu_linux:php5-common", "p-cpe:/a:canonical:ubuntu_linux:php5-pgsql", "p-cpe:/a:canonical:ubuntu_linux:php5-mysqli", "p-cpe:/a:canonical:ubuntu_linux:php5-ldap", "p-cpe:/a:canonical:ubuntu_linux:php5-tidy", "p-cpe:/a:canonical:ubuntu_linux:php5-recode", "p-cpe:/a:canonical:ubuntu_linux:php5", "p-cpe:/a:canonical:ubuntu_linux:php5-snmp", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "p-cpe:/a:canonical:ubuntu_linux:php-pear"], "id": "UBUNTU_USN-462-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28062", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-462-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28062);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-2509\", \"CVE-2007-2510\", \"CVE-2007-2511\", \"CVE-2007-2519\");\n script_bugtraq_id(23813, 23818, 24034);\n script_xref(name:\"USN\", value:\"462-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 : php5 vulnerabilities (USN-462-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the FTP command handler in PHP. Commands were\nnot correctly filtered for control characters. An attacker could issue\narbitrary FTP commands using specially crafted arguments.\n(CVE-2007-2509)\n\nIlia Alshanetsky discovered a buffer overflow in the SOAP request\nhandler in PHP. Remote attackers could send a specially crafted SOAP\nrequest and execute arbitrary code with web server privileges.\n(CVE-2007-2510)\n\nIlia Alshanetsky discovered a buffer overflow in the user filter\nfactory in PHP. A local attacker could create a specially crafted\nscript and execute arbitrary code with web server privileges.\n(CVE-2007-2511)\n\nGregory Beaver discovered that the PEAR installer did not validate\ninstallation paths. If a user were tricked into installing a malicious\nPEAR package, an attacker could overwrite arbitrary files.\n(CVE-2007-2519).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/462-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php-pear\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cgi\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-cli\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-common\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-curl\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-dev\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-gd\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-ldap\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mhash\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysql\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-mysqli\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-odbc\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-pgsql\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-recode\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-snmp\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sqlite\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-sybase\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xmlrpc\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"php5-xsl\", pkgver:\"5.1.2-1ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php-pear\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-cgi\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-cli\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-common\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-curl\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-dev\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-gd\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-ldap\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-mhash\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-mysql\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-mysqli\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-odbc\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-pgsql\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-recode\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-snmp\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-sqlite\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-sybase\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-xmlrpc\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"php5-xsl\", pkgver:\"5.1.6-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php-pear\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-cgi\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-cli\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-common\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-curl\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-dev\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-gd\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-ldap\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-mhash\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-mysql\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-odbc\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-pgsql\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-pspell\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-recode\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-snmp\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-sqlite\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-sybase\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-tidy\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-xmlrpc\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"php5-xsl\", pkgver:\"5.2.1-0ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / php-pear / php5 / php5-cgi / php5-cli / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:22:26", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2510", "CVE-2007-2509", "CVE-2007-2511", "CVE-2007-2519"], "description": "A flaw was discovered in the FTP command handler in PHP. Commands were \nnot correctly filtered for control characters. An attacker could issue \narbitrary FTP commands using specially crafted arguments. (CVE-2007-2509)\n\nIlia Alshanetsky discovered a buffer overflow in the SOAP request handler \nin PHP. Remote attackers could send a specially crafted SOAP request \nand execute arbitrary code with web server privileges. (CVE-2007-2510)\n\nIlia Alshanetsky discovered a buffer overflow in the user filter factory \nin PHP. A local attacker could create a specially crafted script and \nexecute arbitrary code with web server privileges. (CVE-2007-2511)\n\nGregory Beaver discovered that the PEAR installer did not validate \ninstallation paths. If a user were tricked into installing a malicious \nPEAR package, an attacker could overwrite arbitrary files. (CVE-2007-2519)", "edition": 6, "modified": "2007-05-22T00:00:00", "published": "2007-05-22T00:00:00", "id": "USN-462-1", "href": "https://ubuntu.com/security/notices/USN-462-1", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:52:15", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2311", "CVE-2013-4113", "CVE-2012-2336", "CVE-2011-1466", "CVE-2012-0789", "CVE-2013-1643", "CVE-2012-2335", "CVE-2012-1823", "CVE-2011-4885", "CVE-2012-2688", "CVE-2011-1398", "CVE-2012-0788", "CVE-2012-0830", "CVE-2012-0781", "CVE-2011-0708", "CVE-2013-4635", "CVE-2011-4388", "CVE-2011-3182", "CVE-2012-4388", "CVE-2012-0057", "CVE-2012-1172", "CVE-2011-4566", "CVE-2007-2519", "CVE-2013-1635", "CVE-2011-2202", "CVE-2012-0831", "CVE-2011-1072", "CVE-2011-4153", "CVE-2012-0807", "CVE-2012-3365"], "description": "php5 has been updated to roll up all pending security fixes\n for Long Term Service Pack Support.\n\n The Following security issues have been fixed:\n\n *\n\n CVE-2013-4635: Integer overflow in the SdnToJewish\n function in jewish.c in the Calendar component in PHP\n allowed context-dependent attackers to cause a denial of\n service (application hang) via a large argument to the\n jdtojewish function.\n\n *\n\n CVE-2013-1635: ext/soap/soap.c in PHP did not\n validate the relationship between the soap.wsdl_cache_dir\n directive and the open_basedir directive, which allowed\n remote attackers to bypass intended access restrictions by\n triggering the creation of cached SOAP WSDL files in an\n arbitrary directory.\n\n *\n\n CVE-2013-1643: The SOAP parser in PHP allowed remote\n attackers to read arbitrary files via a SOAP WSDL file\n containing an XML external entity declaration in\n conjunction with an entity reference, related to an XML\n External Entity (XXE) issue in the soap_xmlParseFile and\n soap_xmlParseMemory functions.\n\n *\n\n CVE-2013-4113: ext/xml/xml.c in PHP before 5.3.27\n does not properly consider parsing depth, which allowed\n remote attackers to cause a denial of service (heap memory\n corruption) or possibly have unspecified other impact via a\n crafted document that is processed by the\n xml_parse_into_struct function.\n\n *\n\n CVE-2011-1398 / CVE-2012-4388: The sapi_header_op\n function in main/SAPI.c in PHP did not check for %0D\n sequences (aka carriage return characters), which allowed\n remote attackers to bypass an HTTP response-splitting\n protection mechanism via a crafted URL, related to improper\n interaction between the PHP header function and certain\n browsers, as demonstrated by Internet Explorer and Google\n Chrome.\n\n *\n\n CVE-2012-2688: An unspecified vulnerability in the\n _php_stream_scandir function in the stream implementation\n in PHP had unknown impact and remote attack vectors,\n related to an "overflow."\n\n *\n\n CVE-2012-3365: The SQLite functionality in PHP before\n 5.3.15 allowed remote attackers to bypass the open_basedir\n protection mechanism via unspecified vectors.\n\n *\n\n CVE-2012-1823: sapi/cgi/cgi_main.c in PHP, when\n configured as a CGI script (aka php-cgi), did not properly\n handle query strings that lack an = (equals sign)\n character, which allowed remote attackers to execute\n arbitrary code by placing command-line options in the query\n string, related to lack of skipping a certain php_getopt\n for the 'd' case.\n\n *\n\n CVE-2012-2335: php-wrapper.fcgi did not properly\n handle command-line arguments, which allowed remote\n attackers to bypass a protection mechanism in PHP and\n execute arbitrary code by leveraging improper interaction\n between the PHP sapi/cgi/cgi_main.c component and a query\n string beginning with a +- sequence.\n\n *\n\n CVE-2012-2336: sapi/cgi/cgi_main.c in PHP, when\n configured as a CGI script (aka php-cgi), did not properly\n handle query strings that lack an = (equals sign)\n character, which allowed remote attackers to cause a denial\n of service (resource consumption) by placing command-line\n options in the query string, related to lack of skipping a\n certain php_getopt for the 'T' case. NOTE: this\n vulnerability exists because of an incomplete fix for\n CVE-2012-1823.\n\n *\n\n CVE-2012-2311: sapi/cgi/cgi_main.c in PHP, when\n configured as a CGI script (aka php-cgi), does not properly\n handle query strings that contain a %3D sequence but no =\n (equals sign) character, which allows remote attackers to\n execute arbitrary code by placing command-line options in\n the query string, related to lack of skipping a certain\n php_getopt for the 'd' case. NOTE: this vulnerability\n exists because of an incomplete fix for CVE-2012-1823.\n\n *\n\n CVE-2012-1172: The file-upload implementation in\n rfc1867.c in PHP did not properly handle invalid [ (open\n square bracket) characters in name values, which makes it\n easier for remote attackers to cause a denial of service\n (malformed $_FILES indexes) or conduct directory traversal\n attacks during multi-file uploads by leveraging a script\n that lacks its own filename restrictions.\n\n *\n\n CVE-2012-0830: The php_register_variable_ex function\n in php_variables.c in PHP allowed remote attackers to\n execute arbitrary code via a request containing a large\n number of variables, related to improper handling of array\n variables. NOTE: this vulnerability exists because of an\n incorrect fix for CVE-2011-4885.\n\n *\n\n CVE-2012-0807: Stack-based buffer overflow in the\n suhosin_encrypt_single_cookie function in the transparent\n cookie-encryption feature in the Suhosin extension before\n 0.9.33 for PHP, when suhosin.cookie.encrypt and\n suhosin.multiheader are enabled, might have allowed remote\n attackers to execute arbitrary code via a long string that\n is used in a Set-Cookie HTTP header.\n\n *\n\n CVE-2012-0057: PHP had improper libxslt security\n settings, which allowed remote attackers to create\n arbitrary files via a crafted XSLT stylesheet that uses the\n libxslt output extension.\n\n *\n\n CVE-2012-0831: PHP did not properly perform a\n temporary change to the magic_quotes_gpc directive during\n the importing of environment variables, which made it\n easier for remote attackers to conduct SQL injection\n attacks via a crafted request, related to\n main/php_variables.c, sapi/cgi/cgi_main.c, and\n sapi/fpm/fpm/fpm_main.c.\n\n *\n\n CVE-2011-4153: PHP did not always check the return\n value of the zend_strndup function, which might have\n allowed remote attackers to cause a denial of service (NULL\n pointer dereference and application crash) via crafted\n input to an application that performs strndup operations on\n untrusted string data, as demonstrated by the define\n function in zend_builtin_functions.c, and unspecified\n functions in ext/soap/php_sdl.c, ext/standard/syslog.c,\n ext/standard/browscap.c, ext/oci8/oci8.c,\n ext/com_dotnet/com_typeinfo.c, and\n main/php_open_temporary_file.c.\n\n *\n\n CVE-2012-0781: The tidy_diagnose function in PHP\n might have allowed remote attackers to cause a denial of\n service (NULL pointer dereference and application crash)\n via crafted input to an application that attempts to\n perform Tidy::diagnose operations on invalid objects, a\n different vulnerability than CVE-2011-4153.\n\n *\n\n CVE-2012-0788: The PDORow implementation in PHP did\n not properly interact with the session feature, which\n allowed remote attackers to cause a denial of service\n (application crash) via a crafted application that uses a\n PDO driver for a fetch and then calls the session_start\n function, as demonstrated by a crash of the Apache HTTP\n Server.\n\n *\n\n CVE-2012-0789: Memory leak in the timezone\n functionality in PHP allowed remote attackers to cause a\n denial of service (memory consumption) by triggering many\n strtotime function calls, which were not properly handled\n by the php_date_parse_tzfile cache.\n\n *\n\n CVE-2011-4885: PHP computed hash values for form\n parameters without restricting the ability to trigger hash\n collisions predictably, which allowed remote attackers to\n cause a denial of service (CPU consumption) by sending many\n crafted parameters. We added a max_input_vars directive to\n prevent attacks based on hash collisions.\n\n *\n\n CVE-2011-4566: Integer overflow in the\n exif_process_IFD_TAG function in exif.c in the exif\n extension in PHP allowed remote attackers to read the\n contents of arbitrary memory locations or cause a denial of\n service via a crafted offset_val value in an EXIF header in\n a JPEG file, a different vulnerability than CVE-2011-0708.\n\n *\n\n CVE-2011-3182: PHP did not properly check the return\n values of the malloc, calloc, and realloc library\n functions, which allowed context-dependent attackers to\n cause a denial of service (NULL pointer dereference and\n application crash) or trigger a buffer overflow by\n leveraging the ability to provide an arbitrary value for a\n function argument, related to (1) ext/curl/interface.c, (2)\n ext/date/lib/parse_date.c, (3)\n ext/date/lib/parse_iso_intervals.c, (4)\n ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)\n ext/pdo_odbc/pdo_odbc.c, (7)\n ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c,\n (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c,\n and (11) the strtotime function.\n\n *\n\n CVE-2011-1466: Integer overflow in the SdnToJulian\n function in the Calendar extension in PHP allowed\n context-dependent attackers to cause a denial of service\n (application crash) via a large integer in the first\n argument to the cal_from_jd function.\n\n *\n\n CVE-2011-1072: The installer in PEAR allowed local\n users to overwrite arbitrary files via a symlink attack on\n the package.xml file, related to the (1) download_dir, (2)\n cache_dir, (3) tmp_dir, and (4) pear-build-download\n directories, a different vulnerability than CVE-2007-2519.\n\n *\n\n CVE-2011-2202: The rfc1867_post_handler function in\n main/rfc1867.c in PHP did not properly restrict filenames\n in multipart/form-data POST requests, which allowed remote\n attackers to conduct absolute path traversal attacks, and\n possibly create or overwrite arbitrary files, via a crafted\n upload request, related to a "file path injection\n vulnerability."\n\n Bugfixes:\n\n * fixed php bug #43200 (Interface implementation /\n inheritence not possible in abstract classes) [bnc#783239]\n * use FilesMatch with 'SetHandler' rather than\n 'AddHandler' [bnc#775852]\n * fixed unpredictable unpack()/pack() behaviour\n [bnc#753778]\n * memory corruption in parse_ini_string() [bnc#742806]\n * amend README.SUSE to discourage using apache module\n with apache2-worker [bnc#728671]\n * allow uploading files bigger than 2GB for 64bit\n systems [bnc#709549]\n", "edition": 1, "modified": "2013-08-16T21:04:11", "published": "2013-08-16T21:04:11", "id": "SUSE-SU-2013:1351-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00016.html", "title": "Security update for PHP5 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
