Lucene search

K
openvasCopyright (c) 2011 Greenbone Networks GmbHOPENVAS:840636
HistoryMay 10, 2011 - 12:00 a.m.

Ubuntu Update for php5 USN-1126-2

2011-05-1000:00:00
Copyright (c) 2011 Greenbone Networks GmbH
plugins.openvas.org
29

0.13 Low

EPSS

Percentile

94.9%

Ubuntu Update for Linux kernel vulnerabilities USN-1126-2

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_1126_2.nasl 7964 2017-12-01 07:32:11Z santu $
#
# Ubuntu Update for php5 USN-1126-2
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "USN 1126-1 fixed several vulnerabilities in PHP. The fix for
  CVE-2010-4697 introduced an incorrect reference counting regression
  in the Zend engine that caused the PHP interpreter to segfault. This
  regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS.

  The fixes for CVE-2011-1072 and CVE-2011-1144 introduced a regression
  in the PEAR installer that prevented it from creating its cache
  directory and reporting errors correctly.
  
  We apologize for the inconvenience.
  
  Original advisory details:
  
  Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for
  PHP 5.3.5 allows local users to delete arbitrary files via a symlink
  attack on a directory under /var/lib/php5/. (CVE-2011-0441)
  
  Raphael Geisert and Dan Rosenberg discovered that the PEAR installer
  allows local users to overwrite arbitrary files via a symlink attack on
  the package.xml file, related to the (1) download_dir, (2) cache_dir,
  (3) tmp_dir, and (4) pear-build-download directories. (CVE-2011-1072,
  CVE-2011-1144)
  
  Ben Schmidt discovered that a use-after-free vulnerability in the PHP
  Zend engine could allow an attacker to cause a denial of service (heap
  memory corruption) or possibly execute arbitrary code. (CVE-2010-4697)
  
  Martin Barbella discovered a buffer overflow in the PHP GD extension
  that allows an attacker to cause a denial of service (application crash)
  via a large number of anti- aliasing steps in an argument to the
  imagepstext function. (CVE-2010-4698)
  
  It was discovered that PHP accepts the \0 character in a pathname,
  which might allow an attacker to bypass intended access restrictions
  by placing a safe file extension after this character. This issue
  is addressed in Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.
  (CVE-2006-7243)
  
  Maksymilian Arciemowicz discovered that the grapheme_extract function
  in the PHP Internationalization extension (Intl) for ICU allow
  an attacker to cause a denial of service (crash) via an invalid
  size argument, which triggers a NULL pointer dereference. This
  issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu
  11.04. (CVE-2011-0420)
  
  Maksymilian Arciemowicz discovered that the _zip_name_locate
  function in the PHP Zip extension does not properly handle a
  ZIPARCHIVE::FL_UNCHANGED argument, which might allow an attacker to
  cause a denial of service (NULL pointer dereference) via an empty
  ZIP archive. This issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu
  10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. ( ... 

  Description truncated, for more information please check the Reference URL";

tag_summary = "Ubuntu Update for Linux kernel vulnerabilities USN-1126-2";
tag_affected = "php5 on Ubuntu 11.04 ,
  Ubuntu 10.10 ,
  Ubuntu 10.04 LTS ,
  Ubuntu 9.10 ,
  Ubuntu 8.04 LTS ,
  Ubuntu 6.06 LTS";
tag_solution = "Please Install the Updated Packages.";


if(description)
{
  script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-1126-2/");
  script_id(840636);
  script_version("$Revision: 7964 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $");
  script_tag(name:"creation_date", value:"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_xref(name: "USN", value: "1126-2");
  script_cve_id("CVE-2010-4697", "CVE-2011-1072", "CVE-2011-1144", "CVE-2011-0441", "CVE-2010-4698", "CVE-2006-7243", "CVE-2011-0420", "CVE-2011-0421", "CVE-2011-0708", "CVE-2011-1092", "CVE-2011-1148", "CVE-2011-1153", "CVE-2011-1464", "CVE-2011-1466", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471");
  script_name("Ubuntu Update for php5 USN-1126-2");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-deb.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "UBUNTU10.10")
{

  if ((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.3.3-1ubuntu9.5", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php-pear", ver:"5.3.3-1ubuntu9.5", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5", ver:"5.3.3-1ubuntu9.5", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.3.3-1ubuntu9.5", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-cli", ver:"5.3.3-1ubuntu9.5", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-common", ver:"5.3.3-1ubuntu9.5", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU10.04 LTS")
{

  if ((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.3.2-1ubuntu4.9", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php-pear", ver:"5.3.2-1ubuntu4.9", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5", ver:"5.3.2-1ubuntu4.9", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.3.2-1ubuntu4.9", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-cli", ver:"5.3.2-1ubuntu4.9", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-common", ver:"5.3.2-1ubuntu4.9", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU9.10")
{

  if ((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.2.10.dfsg.1-2ubuntu6.10", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php-pear", ver:"5.2.10.dfsg.1-2ubuntu6.10", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5", ver:"5.2.10.dfsg.1-2ubuntu6.10", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.2.10.dfsg.1-2ubuntu6.10", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-cli", ver:"5.2.10.dfsg.1-2ubuntu6.10", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-common", ver:"5.2.10.dfsg.1-2ubuntu6.10", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU6.06 LTS")
{

  if ((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.1.2-1ubuntu3.24", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php-pear", ver:"5.1.2-1ubuntu3.24", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5", ver:"5.1.2-1ubuntu3.24", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.1.2-1ubuntu3.24", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-cli", ver:"5.1.2-1ubuntu3.24", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-common", ver:"5.1.2-1ubuntu3.24", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU11.04")
{

  if ((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.3.5-1ubuntu7.2", rls:"UBUNTU11.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php-pear", ver:"5.3.5-1ubuntu7.2", rls:"UBUNTU11.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5", ver:"5.3.5-1ubuntu7.2", rls:"UBUNTU11.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.3.5-1ubuntu7.2", rls:"UBUNTU11.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-cli", ver:"5.3.5-1ubuntu7.2", rls:"UBUNTU11.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-common", ver:"5.3.5-1ubuntu7.2", rls:"UBUNTU11.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU8.04 LTS")
{

  if ((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.2.4-2ubuntu5.17", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php-pear", ver:"5.2.4-2ubuntu5.17", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5", ver:"5.2.4-2ubuntu5.17", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.2.4-2ubuntu5.17", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-cli", ver:"5.2.4-2ubuntu5.17", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-common", ver:"5.2.4-2ubuntu5.17", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}